Log Message:
Update to lua-expat-1.5.1:

Added option "allowDTD" to the threat protection parser.
Add configuration for Billion Laughs Attack prevention.
Expose Expat compile time constants (lxp._EXPAT_FEATURES), see Expat documentation.
Fix bad buffer size calculation in threat parser
Improved Lua version support (5.1 - 5.4)
Fix memory leak when callbacks reference a parser object
Expose Expat library version (lxp._EXPAT_VERSION)
Added 'lxp.totable' module (thanks Tomás Guisasola Gorham)
Fix integers being returned as floats on Lua 5.3+ (thanks Kim Alvefur)
Fix XmlDecl callback can also return 'nil' for 'standalone'
Many documentation updates
Added triplet namespace setting (returnnstriplet)
Added EntityDecl handler
Added AttlistDecl handler
Added ElementDecl handler
Added SkippedEntity handler
Added EndDoctypeDecl handler
More tests and new test setup; Busted, LuaCheck, Github actions
Improved finishing, multiple nil-calls no longer throw errors
Fix 'lxp.lom' to properly handle input as function, table, or file
Added option for namespace aware parsing to the 'lxp.lom' module
Repository moved to lunarmodules
Added threat protection parser (protects against excessively large inputs), with \ 
options for the 'lxp.lom' and 'lxp.totable' to use it.
support for the XmlDecl handler
add parser:getcurrentbytecount() (XML_GetCurrentByteCount)
ability to disable CharacterData merging