Bump lxml from 4.6.5 to 4.9.1 in /src/sonic-config-engine (#14011)

Why I did it
It is to fix the security alert CVE-2022-2309, see https://security-tracker.debian.org/tracker/CVE-2022-2309
The fix has already merged in master, See detail in PR #11366

How I did it
Upgrade version to 4.9.1

How to verify it

files/build/versions/dockers/docker-config-engine-bullseye-sonic/versions-py3

@@ -2,7 +2,7 @@ bitarray==1.5.3
 ijson==2.6.1
 ipaddress==1.0.23
 jsondiff==2.0.0
-lxml==4.6.5
+lxml==4.9.1
 natsort==6.2.1
 netaddr==0.8.0
 pyang==2.5.3

files/build/versions/dockers/docker-config-engine-bullseye/versions-py3

@@ -2,7 +2,7 @@ bitarray==1.5.3
 ijson==2.6.1
 ipaddress==1.0.23
 jsondiff==2.0.0
-lxml==4.6.5
+lxml==4.9.1
 natsort==6.2.1
 netaddr==0.8.0
 pyang==2.5.3

files/build/versions/dockers/docker-config-engine-buster-sonic/versions-py3

@@ -2,7 +2,7 @@ bitarray==1.5.3
 ijson==2.6.1
 ipaddress==1.0.23
 jsondiff==2.0.0
-lxml==4.6.5
+lxml==4.9.1
 natsort==6.2.1
 netaddr==0.8.0
 pyang==2.5.3

files/build/versions/dockers/docker-config-engine-buster/versions-py3

@@ -2,7 +2,7 @@ bitarray==1.5.3
 ijson==2.6.1
 ipaddress==1.0.23
 jsondiff==2.0.0
-lxml==4.6.5
+lxml==4.9.1
 natsort==6.2.1
 netaddr==0.8.0
 pyang==2.5.3

files/build/versions/host-image/versions-py3

@@ -28,7 +28,7 @@ jsonpatch==1.32
 jsonpointer==2.3
 jsonschema==2.6.0
 lazy-object-proxy==1.9.0
-lxml==4.6.5
+lxml==4.9.1
 m2crypto==0.38.0
 markupsafe==2.1.2
 natsort==6.2.1
@@ -68,4 +68,4 @@ watchdog==0.10.3
 wcwidth==0.2.6
 websocket-client==1.5.1
 www-authenticate==0.9.2
-xmltodict==0.12.0
+xmltodict==0.12.0

src/sonic-config-engine/setup.py

@@ -7,7 +7,7 @@ from setuptools import setup
 dependencies = [
     'bitarray==1.5.3',
     'ipaddress==1.0.23',
-    'lxml==4.6.5',
+    'lxml==4.9.1',
     'netaddr==0.8.0',
     'pyyaml==5.4.1',
     'sonic-py-common',