py-poetry-core: update to 2.4.1.
2.4.1 - 2026-05-09
Changed
Re-allow installer==0.7.0 (#10887).
Fixed
Fix an issue where poetry update <package> failed when <package> was a transitive dependency (#10885).
py-more-itertools: update to 11.1.0.
Changes:
numeric_range was updated to fix its handling of empty ranges (thanks to rhettinger)
peekable was updated to fix typing issues (thanks to DORI2001, powellnorma, Pandede, m9810223, and rhettinger)
islice_extended was optimized for memory usage and speed (thanks to ben42code, rhettinger, and pochmann)
serialize now supports the generator methods throw, send, and close (thanks to rhettinger)
seekable now supports implements __getitem__ for cached elements (thanks to SAY-5, jenstroeger, and JamesParrott)
rio: fix pre-configure for wgpu-28.x vendor crates
Update vendor crate version strings from wgpu-25.0.2/wgpu-core-25.0.2/
wgpu-core-deps-windows-linux-android-25.0.0 to the versions actually
bundled with rio-0.4.5 (wgpu-28.0.0, wgpu-core-28.0.1,
wgpu-core-deps-windows-linux-android-28.0.0).
Also update the sed patterns to match the wgpu-28 source layout:
- vulkan/gles anchor on freebsd (wgpu-28 already added FreeBSD) rather
than android (wgpu-25)
- gles Emscripten anchor is unchanged
- wgpu-core-deps target cfg includes freebsd in the existing list
Fix a make(1) quoting bug: the AWK pattern used a bare $, which make
expanded as an empty variable; change to 422 so make passes a literal $
to the shell and awk sees the correct end-of-line anchor.
Verified: clean pkgsrc build of rio-0.4.5 completes without errors on
NetBSD-current amd64.
py-idna: update to 3.16.
## 3.16 (2026-05-22)
- Add a command-line interface (`python -m idna`, also available as
the `idna` script). Encodes or decodes one or more domains supplied
as arguments or on standard input, with options to select A-label
or U-label output and control error handling.
- Raise the minimum supported Python version to 3.9
- Various code quality improvements
py-icalendar: update to 7.1.2.
7.1.2 (2026-05-22)
Bug fixes
Replaced the recursive Component.__repr__ implementation with an iterative stack-based walk so that deeply nested calendars no longer raise RecursionError when formatted via repr(), str(), or f-strings. The output format is unchanged for normally-shaped calendars. @gistrec (Issue #1370)
Documentation
Update maintenance documentation. Fix the version switcher on "stable" on Read the Docs. @stevepiercy (Issue #1352)
7.1.1 (2026-05-18)
New features
Created an ical_value property for the vPeriod component. @ZairKSM (Issue #876)
Created a ical_value() property for the vWeekday component, mirroring the existing pattern on vBoolean. @mvanhorn (Issue #1360)
[21 lines not shown]
py-genshi: update to 0.7.11.
Version 0.7.11
https://github.com/edgewall/genshi/releases/tag/0.7.11
(May 17 2026, from branches/stable/0.7.x)
* Replace use of `pkg_resources` with `importlib.resources` (or `importlib_resources` for Python < 3.9)
(#97 by Colin Watson)
* Update CI release workflow to use Ubuntu 22.04. (#96 by Simon Cross)
py-aiodns: update to 4.0.4.
4.0.4
=====
- Raise ``DNSError(ARES_ENODATA)`` from ``query()`` when the answer section has no records of the requested qtype, restoring the pycares 4.x NODATA contract and avoiding ``AttributeError`` for CNAME/SOA/PTR callers (#254).
- Add the missing ``build-backend`` entry to ``pyproject.toml`` so PEP 517 builds from the sdist work without falling back to the deprecated legacy setuptools backend (#252).
py-JWT: update to 2.13.0.
v2.13.0
-------
Security
~~~~~~~~
- Reject JWK JSON documents passed as raw HMAC secrets in
``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that
the existing PEM/SSH guard did not cover. Reported by @aradona91 in
`GHSA-xgmm-8j9v-c9wx <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx>`__.
- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during
verification so the caller's ``algorithms=[...]`` allow-list cannot be
bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported
by @sushi-gif in `GHSA-jq35-7prp-9v3f <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f>`__.
- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-
influenced URIs cannot read local files or reach unintended schemes via
urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported
[31 lines not shown]
rio: fix NetBSD build and runtime; terminal now working
Four changes to make rio-0.4.5 fully functional on NetBSD:
1. teletypewriter patch: set B38400 baud rate in create_termp() BSD termios
branch. c_ispeed/c_ospeed=0 (B0) caused NetBSD tty.c to send SIGHUP to
the PTY session leader immediately on tcsetattr, killing the shell.
2. wgpu pre-configure patches: wgpu and wgpu-core hard-code platform
allowlists (Windows/Linux/Android/Apple) for their Vulkan and GLES
backends via cfg_aliases in build.rs. The pre-configure Makefile target
patches four vendor files at build time to include NetBSD:
- wgpu/build.rs: add netbsd to vulkan and gles cfg conditions
- wgpu-core/build.rs: add netbsd to windows_linux_android alias
- wgpu-core/Cargo.toml: extend target dep cfg + activate wgpu-hal
gles/vulkan features directly so the feature chain reaches wgpu-hal
- wgpu-core-deps-windows-linux-android/Cargo.toml: make wgpu-hal an
unconditional dependency (removes the Windows/Linux/Android restriction)
Cargo vendor checksums are cleared (files:{}) for each modified crate
[11 lines not shown]
dasel: update to 3.11.0.
## [v3.11.0] - 2026-05-19
### Added
- Support for newline-delimited JSON (NDJSON) input. Multiple JSON values in a single input are now parsed as a multi-document branch, matching the existing YAML multi-document behaviour.
### Fixed
- Strip leading "v" from version output for consistency across build methods (Docker vs Homebrew).
libical4: update to 4.0.1.
## [4.0.1] - 2026-05-14
- Increase the ICAL_LIMIT_RRULE_SEARCH limit from 100 to 500.
- Fix an unsafe exec() in the `vzic` tool when compiled with the CREATE_SYMLINK option.
