Please upgrade bundled Expat to 2.6.2 (e.g. for the fix to CVE-2024-28757)

[hartwork]

Bug report

Bug description:

Hi! 👋

Please upgrade bundled Expat to 2.6.2 (e.g. for the fix to CVE-2024-28757).

• GitHub release: https://github.com/libexpat/libexpat/releases/tag/R_2_6_2
• Change log: https://github.com/libexpat/libexpat/blob/R_2_6_2/expat/Changes

The CPython issue for previous 2.6.0 was #115399 and the related merged main pull request was #115431, in case you want to have a look. Comment #115431 (comment) could be of help by raising confidence in the bump pull request when going forward.

Thanks in advance!

CPython versions tested on:

3.8, 3.9, 3.10, 3.11, 3.12, 3.13, CPython main branch

Operating systems tested on:

Linux, macOS, Windows, Other

Linked PRs

• gh-116741: Upgrade libexpat to 2.6.2 #117296
• [3.12] gh-116741: Upgrade libexpat to 2.6.2 (GH-117296) #118166
• [3.11] gh-116741: Upgrade libexpat to 2.6.2 (GH-117296) #118185
• [3.10] gh-116741: Upgrade libexpat to 2.6.2 (GH-117296) #118186
• [3.9] gh-116741: Upgrade libexpat to 2.6.2 (GH-117296) #118187
• [3.8] gh-116741: Upgrade libexpat to 2.6.2 (GH-117296) #118188

[hartwork]

@sethmlarson any chance we could team up on this once more?

[sethmlarson]

@hartwork Sorry for not replying, I was gone for the past 2 weeks on vacation. Here's a PR upgrading 2.6.2, please take a look.

[hartwork]

@sethmlarson looks good, thank you! 👍