lxml should be removed from use-defused-xml

**Describe the bug**
defusedxml.lxml [was only ever an example](https://github.com/tiran/defusedxml#defusedxmllxml) and [is deprecated](https://github.com/tiran/defusedxml/issues/38). 

Ideally there should instead be a rule [checking that entity resolution is disabled](https://lxml.de/FAQ.html#how-do-i-use-lxml-safely-as-a-web-service-endpoint), and possibly [other lxml-related issues](https://github.com/tiran/defusedxml#xpath) though the latter may alresady exist.

**To Reproduce**
Run semgrep on a codebase with lxml, it tells you to remove lxml.

**Expected behavior**
It shouldn't do that.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

lxml should be removed from use-defused-xml #1086

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

lxml should be removed from use-defused-xml #1086

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions