enchant2: update to 2.8.15.
2.8.15 (February 13, 2026)
--------------------------
This release fixes two bugs related to personal word lists.
First, removing a word that happens to be at the end of a personal word list
file has not worked since 2.7.0.
Secondly, the way that personal word lists are merged with the current
session has been changed so that personal word list words now appear in
suggestions with providers that support adding words to the current session
(Aspell and Hunspell). This previously worked, but hadn’t since at least
2.8.2. Thanks to the users and maintainers of jinx (spelling package for
Emacs that uses Enchant) for reporting and helping reproduce this bug.
A little code clean-up was also done.
catch2: updated to 3.13.0
3.13.0
Fixes
* `--benchmark-samples 0` no longer hard crashes
* The CLI validation fails instead.
* Fixed warning suppression macros being doubly defined when using Clang on Windows
Improvements
* Suppressed static analysis 26426 diagnostic for MSVC
* Renamed the internal deprecation macro from `DEPRECATED` to `CATCH_DEPRECATED` to avoid conflicts
* Added `UNSCOPED_CAPTURE` macro
* Added `ConcatGenerator` to combine multiple separate generator into one
* The short form is `cat`
* Generators can now jump forward to nth element efficiently
* Custom generators that can jump forward efficiently should override `skipToNthElementImpl`
* Generators can declare themselves infinite
* The generator base defaults to declaring itself finite for backwards compatibility
[6 lines not shown]
glib2 glib2-tools gdbus-codegen: updated to 2.86.4
Overview of changes in GLib 2.86.4, 2026-02-13
* Fix several security vulnerabilities of varying severity (see below for
details)
* Bugs fixed:
- glib-compile-resources: Incorrect compiler detection on Windows when
building GTK causes a DoS (L. E. Segovia)
- Iterating over a short (preallocated) GVariant bytestring invalidly
refs a NULL GBytes (Christian Hergert)
- (CVE-2026-1484) (YWH-PGM9867-168) Integer Overflow -> Buffer Underflow
on Glib through glib/gbase64.c via g_base64_encode_close() leads to OOB
Write (Marco Trevisan)
- (CVE-2026-1485) (#YWH-PGM9867-169) Buffer underflow on Glib through
gio/gcontenttype-fdo.c via parse_header() lead to OOB Read/Write (Marco
Trevisan)
- (CVE-2026-1489) (#YWH-PGM9867-171) Integer Overflow on Glib through
[16 lines not shown]
gyb: update to 1.95
Changes from 1.90:
GYB 1.95
always retry certain API operations that seemed to occasionally fail.
Reduce the number of SSL certificate authorities GYB trusts to the minimal set Google uses.
Fix --tls-min-version and --tls-max-version so they actually work.
GYB 1.94
Reduce both GYB binary file size and startup performance significantly by removing hundreds of unnecessary JSON files.
Optimize GYB usage and retrieval of Google API Discovery files
GYB 1.93
Fix Linux legacy binary to properly rename the staticx binary. Fixes #514.
[9 lines not shown]
py-asdf_astropy: updated to 0.10.0
0.10.0 (2026-02-13)
- Add support for astronomy-1.2.0 manifest
- Add TETE and TEME coordinate frames
- Fix magunit serialization to match unit
gam: update to 7.34.02
Changes from 7.33.02:
Updated GAM to prevent errors like the following:
ERROR: Unable to find the server at oauth2.googleapis.com
ERROR: Unable to find the server at gmail.googleapis.com
7.34.01
Updated gam create|update adminrole to handle the following errors:
ERROR: 400: invalid - Invalid Role privileges
ERROR: 400: required - Required parameter: [resource.privileges[n].service_id]
7.34.00
Added variable csv_output_header_required to gam.cfg that is a comma separated list of <Strings> that are required to be in the list of column headers in the CSV file written by a gam print command. This will typically be used to specify headers that are required in subsequent commands that process the CSV file even if the API didn't return any data for those columns.
[12 lines not shown]
py-asdf-standard: updated to 1.5.0
1.5.0 (2026-02-05)
- Add missing transform-1.0.0 and domain-1.0.0 schemas.
These are only used by legacy schemas and are not to be
used for new schemas. See asdf-transform-schemas for
newer versions of these schemas
- Support setting ASDF_UNSTABLE_CORE_SCHEMAS environment variable
to enable support for upcoming (currently unstable) versions of
core schemas. Be warned that writing files with unstable/development
versions of core schemas is not recommended as these schemas
may change during development
- Drop support for Python 3.9
py-octoprint: updated to 1.11.6
1.11.6
Security fixes
Timing Side-Channel in API Key Authentication, severity Moderate (6.0): OctoPrint versions up to and including 1.11.5 are affected by a (theoretical) timing attack vulnerability that allows API key extraction over the network.
Due to using character based comparison that short-circuits on the first mismatched character during API key validation, rather than a cryptographical method with static runtime regardless of the point of mismatch, an attacker with network based access to an affected OctoPrint could extract API keys valid on the instance by measuring the response times of the denied access responses and guess an API key character by character.
The likelihood of this attack actually working is highly dependent on the network's latency, noise and similar parameters. An actual proof of concept was not achieved so far. Still, as always administrators are advised to not expose their OctoPrint instance on hostile networks, especially not on the public internet!
See also the GitHub Security Advisory and CVE-2026-23892
Features & improvements
Achievements Plugin
Support resetting the yearly stats & display the status of the current year.
[15 lines not shown]
py-typeguard: updated to 4.5.0
4.5.0 (2026-02-15)
- Restored the ``check_argument_types()`` and ``check_return_type()`` functions that
were dropped in v3.0.0, for users who want more fine-grained control over run-time
type checking
- Added support for ``extra_items`` in ``TypedDict``, allowing users to specify
the types for the values of "leftover" keys in a typed dict (keys that weren't
explicitly defined in the ``TypedDict`` subclass)
- Fixed ``NameError`` when evaluating forward references on Python 3.14
- Fixed protocol check incorrectly rejecting inherited classmethods and staticmethods
- Fixed missing ``TypeCheckError`` when checking ``TypedDict`` with ``Required[...]``
annotations
- Fixed type aliases (e.g. ``type Foo = list[int]``) not being resolved during type
checking
- Fixed type-checked assignments to a single tuple target (e.g. ``x, = ("foo",)``)
falsely raising ``TypeCheckedError``