Replace xml.etree with defusedxml
to fix the issue of:
Using xml.etree.ElementTree.parse to parse untrusted XML data is known
to be vulnerable to XML attacks. Replace xml.etree.ElementTree.parse with
its defusedxml equivalent function or make sure defusedxml.defuse_stdlib()
is called.
FIXES: #62