py-project-metadata: update to 0.12.1.
0.12.1
Fixes:
Collect a config error instead of raising a raw TypeError when project.dynamic contains a non-string (unhashable) entry with all_errors=True.
0.12.0
Features:
Support PEP 808 (partially dynamic project metadata) (METADATA 2.6).
Add support for Python 3.15.
Warn (PEP 685) when an extra name in project.optional-dependencies is not a valid name. The extra is still emitted, only a ConfigurationWarning is produced.
Fixes:
Error on an unset dynamic version instead of silently writing Version: 0.0.0. If "version" is declared in project.dynamic but never assigned by the build backend, writing the metadata now raises a ConfigurationError (Field "project.version" missing), restoring the 0.8.x behavior that regressed in the 0.9 rewrite.
[20 lines not shown]
py-numpy: update to 2.5.1.
The NumPy 2.5.1 is a patch release that fixes bugs discovered after the 2.5.0
release. The most noticeable is the fix is to the numpy datetime cython API
which should allow downstream to support NumPy versions older than 2.5.
Preparation for Python 3.15 continues along with typing improvements.
py-last: update to 7.1.0.
Changed
Replace HTTPX with HTTPX2 (#536) @hugovk
Remove legacy Python 2 code (#524) @hugovk
Fixed
Fix AuthenticatedUser.get_name returning empty string (#528) @tonybolivar
Fix Country and Tag equality raising AttributeError (#531) @tonybolivar
Fix User.get_recent_tracks docstring and limit type annotation (#521) @RodrigoAroeira
Fix cache miss on requests with username param (#532) @tonybolivar
Return empty result instead of IndexError on empty search (#530) @tonybolivar
www/py-httpx2: import py-httpx2-2.5.0
HTTPX2 is a fully featured HTTP client library for Python. It
includes an integrated command line client, has support for both
HTTP/1.1 and HTTP/2, and provides both sync and async APIs.
www/py-httpcore2: import py-httpcore2-2.5.0
The HTTP Core package provides a minimal low-level HTTP client,
which does one thing only. Sending HTTP requests.
It does not provide any high level model abstractions over the API,
does not handle redirects, multipart uploads, building authentication
headers, transparent HTTP caching, URL parsing, session cookie
handling, content or charset decoding, handling JSON, environment
based configuration defaults, or any of that Jazz.
py-filelock: update to 3.29.5.
serialise read/write release rollback against a concurrent acquire by @dxbjavid in #563
🔒 fix(soft_rw): refresh held marker through the verified fd by @dxbjavid in #565
only unlink the writer marker on release if it is still ours by @dxbjavid in #566
don't follow symlinks in raise_on_not_writable_file by @dxbjavid in #567
don't complete a writer acquire on a peer's reclaimed marker by @dxbjavid in #571
use a private break name in break_lock_file by @dxbjavid in #576
Keep Unix lock files after release by @itscloud0 in #577
test: fix Windows type check broken by #577 by @gaborbernat in #580
roll back a read acquire's open transaction when its SELECT fails by @dxbjavid in #575
lifetime: reject negative, non-numeric, and bool values at the setter by @HrachShah in #573
tree-sitter: update to 0.26.10.
fix(lib): update doc comment for ts_parser_parse by @WillLillis in #5642
fix(lib): use correct TREE_SITTER_HIDE_SYMBOLS macro name in alloc.h by @tree-sitter-ci-bot[bot] in #5643
fix(cli): improve soundness of cst range calculation by @WillLillis in #5650
fix(lib): Consider subtree lookahead bytes when determining whether the parser can reuse a node. by @tree-sitter-ci-bot[bot] in #5656
fix(cli): display warning to user if parser test corpus dir isn't found by @tree-sitter-ci-bot[bot] in #5669
fix: add DESCRIPTION to grammar Makefile template by @WillLillis in #5672
fix(cli): infinite loop in highlight test by @WillLillis in #5674
fix(lib): address strict aliasing violations in TreeCursor type by @WillLillis in #5693
build(deps): bump wasmtime-c-api to v36.0.12 by @clason in #5709
fix(dsl): forbid invalid field names by @WillLillis in #5710
Fix issues with queries matching a parent node with anchored children (siblings) by @tree-sitter-ci-bot[bot] in #5712
test(query): regression test for anchored siblings inside a parent by @tree-sitter-ci-bot[bot] in #5716
release v0.26.10 by @WillLillis in #5717
libxmlb: update to 0.3.28.
Version 0.3.28
~~~~~~~~~~~~~~
Released: 2026-06-30
New Features:
- Automatically add system locales when using native-langs (Richard Hughes)
- Lower the Meson and GLib deps for RHEL-8 (Richard Hughes)
Bugfixes:
- Lazy clear opcode tokens for a ~2% speedup (Richard Hughes)
- Speed up negative queries by 11% by defer creating the results objects (Richard Hughes)
- Speed up predicates with no bindings by 9% (Richard Hughes)
- Speed up the no-results query by 2.5% by using a constant error (Richard Hughes)
jansson: update to 2.15.1.
Version 2.15.1
==============
Released 2026-06-30
* Fixes:
- Include the object key or array index in unpack type mismatch error
messages (@cwalther in #731)
- Reject negative string length in the `json_pack` `s#` and `+#` formats
(@akheron in #740)
- Limit recursion depth in dump, equal and deep copy to prevent stack
overflow (@akheron in #741)
* Build:
- Only export symbols starting with `json_` and `jansson_` from the CMake
[6 lines not shown]
Generate hashes for bootable images in gzimg directory.
At one point this should probably be unified at least a bit with the hash
generation of regular sets, so that there is a single place that defines
the types of hashes generated for sets and gzimg.
iconv VIQR: Fix use-after-free during destruction.
PR lib/59019: various iconv issues
Prompted by investigating:
PR lib/60413: iconv_samples test crashes on sparc*
Fixed in FreeBSD back in 2022, and I confirmed -Wuse-after-free catches
this for us too, but we're not using it -- maybe we should:
commit 8f27c9d14a559f33aa7fc3245f841f7ce52fadd5
Author: John Baldwin <jhb at FreeBSD.org>
Date: Mon Oct 3 16:10:43 2022 -0700
libiconv VIQR: Fix a use after free.
Use TAILQ_FOREACH_SAFE to walk to list of children mnemonics to
free
[5 lines not shown]