Update lxml to 4.6.5

[pyup-bot]

This PR updates lxml from 4.6.2 to 4.6.5.

Changelog

4.6.5

==================

Bugs fixed
----------

* A vulnerability (GHSL-2021-1038) in the HTML cleaner allowed sneaking script
content through SVG images.

* A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed sneaking script
content through CSS imports and other crafted constructs.

4.6.4

==================

Features added
--------------

* GH317: A new property ``system_url`` was added to DTD entities.
Patch by Thirdegree.

* GH314: The ``STATIC_*`` variables in ``setup.py`` can now be passed via env vars.
Patch by Isaac Jurado.

4.6.3

==================

Bugs fixed
----------

* A vulnerability (CVE-2021-28957) was discovered in the HTML Cleaner by Kevin Chung,
which allowed JavaScript to pass through.  The cleaner now removes the HTML5
``formaction`` attribute.

Links

• PyPI: https://pypi.org/project/lxml
• Changelog: https://pyup.io/changelogs/lxml/
• Homepage: https://lxml.de/

[codecov]

Codecov Report

Merging #230 (18e842e) into master (a2f0d23) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master     #230   +/-   ##
=======================================
  Coverage   98.06%   98.06%           
=======================================
  Files          27       27           
  Lines        1293     1293           
=======================================
  Hits         1268     1268           
  Misses         25       25           

[pyup-bot]

Closing this in favor of #231