Bug fixes for new major lxml version. New "maximum entity amplification" security in lxml breaks the NLM articleset 2.0 DTD parsing, and therefore breaks any scrapemed parsing with DTD validation turned on. Made dependencies stricter to prevent this.