py-testfixtures: updated to 12.0.0
12.0.0 (23 May 2026)
.. warning:: Breaking changes:
- Comparers have moved from :mod:`!testfixtures.comparison` to :mod:`testfixtures.comparers`.
- :func:`!django_compare` has been removed, :func:`compare` now works with Django models.
- Refactoring of :class:`LogCapture` to introduce support for :doc:`loguru <loguru>`,
:doc:`structlog <structlog>` and similar support for :doc:`twisted <twisted>` by way of the new
:class:`~testfixtures.logcapture.CaptureSource` architecture.
- :func:`compare` now supports per-type ``ignore_eq``.
- :func:`compare` now supports both :doc:`polars <polars>` and :doc:`pandas <pandas>` dataframes.
- :func:`compare` now provides better feedback when objects being compared raised exceptipns in
their :any:`str` or :any:`repr`.
[3 lines not shown]
rio: replace PKGMESSAGE with files/README.NetBSD
PKGMESSAGE is reserved for critical warnings; operational notes
belong in a README file installed under share/doc/<pkg>/.
- Remove PKGMESSAGE
- Add files/README.NetBSD with terminal-type, shell, and theme notes
- Install it to share/doc/rio/ via do-install
- Add share/doc/rio to INSTALLATION_DIRS and PLIST
py-checkdmarc: updated to 5.16.2
5.16.2
BIMI: forbidden x/y attributes on the root <svg> element are now actually rejected. get_svg_metadata was reading the wrong xmltodict keys, so the existing rejection in check_svg_requirements never fired on real SVGs. The metadata also lost the y value to a typo that clobbered metadata["x"].
DNSSEC: narrowed three broad except Exception clauses to specific exception types (dns.exception.DNSException, OSError, EOFError) so programming errors propagate instead of being silently swallowed.
5.16.1
Simplify the warning emitted for pct/rf/ri to just "Support for the {tag} tag was removed in RFC 9989".
5.16.0
Rename DMARCbis references to RFC 9989
In compliance with RFC 9989, treat a DMARC p tag as p=none, instead of requiring it
Instead, a warning is raised that older versions of DMARC require it
DMARC: the pct, rf, and ri tags are removed in RFC 9989. They are no longer implicitly added to parsed results, are no longer strictly validated (invalid values that previously raised now just warn), and explicit use emits a "removed in RFC 9989" warning. Pre-9989 readers may still honor them, so the value is left intact for those consumers.
DMARC: unknown tags are now ignored with a warning instead of raising InvalidDMARCTag, per RFC 9989 ("Unknown tags MUST be ignored").
DMARC: the order constraint that p must immediately follow v is now a warning rather than a hard syntax error. RFC 9989 permits any tag ordering after v; older RFC 7489 readers may still expect p second.
[3 lines not shown]
aarch64: mi pmap: save a PTE software bit when doing modify emulation.
Use only OS_MODEMUL and release OS_MODIFIED. A mapping is deemed modified
if it is marked RW and OS_MODEMUL which only ever happens via emulation.
mi pmap: pmap_clear_attribute should check cached value of the attribute
The pmap_clear_attribute implementation used by the MI pmap should
check the cached valued of the attribute as well as any value held
in the PTE(s).
Some emulation implementations require this as some operations, e.g
changing page mappings to RO, can lose PTE attribute information.
py-soupsieve: updated to 2.8.4
2.8.4
- **FIX**: Fix another inefficient attribute pattern
- **FIX**: Limit total number of selectors processed in a pattern to prevent massive selector requests
py-sqlalchemy: updated to 2.0.50
2.0.50
orm
[orm] [bug]
Fixed issue where using joinedload() with PropComparator.of_type() targeting a joined-table subclass combined with PropComparator.and_() referencing a column on that subclass would generate invalid SQL, where the subclass column was not adapted to the subquery alias. Pull request courtesy Joaquin Hui Gomez.
[orm] [bug]
Fixed issue where the presence of a SessionEvents.do_orm_execute() event hook would cause internal execution options such as yield_per and loader-specific state from the first orm_pre_session_exec pass to leak into the second pass, leading to errors when using relationship loaders such as selectinload() and immediateload(). The execution options passed to the second compilation pass are now based on the original options plus only the explicit updates made via ORMExecuteState.update_execution_options() within the event hook.
[orm] [bug]
Fixed issue where using with_polymorphic() on a leaf class (a subclass with no further descendants) or a non-inherited class would fail with an AttributeError when used in an ORM statement, due to configure_mappers() not being triggered implicitly. The fix ensures that AliasedInsp participates in the _post_inspect hook, triggering mapper configuration during ORM statement compilation.
sql
[34 lines not shown]
py-test-rerunfailures: updated to 16.3
16.3 (2026-05-22)
Features
- Add ``--reruns-mode`` option (``strict`` or ``append``). With ``append``,
marker reruns and the global ``--reruns`` / ``reruns`` ini setting are summed
instead of the marker taking strict priority. Default is ``strict`` so
existing behaviour is unchanged.
- Add ``--rerun-show-tracebacks`` option to display tracebacks from failed
attempts that were retried, including tests that eventually passed. The
rerun summary section is emitted automatically when the flag is set, so
``-rR`` is no longer required to see the tracebacks.
py-snowballstemmer: updated to 3.1.0
Snowball 3.1.0 (2026-05-22)
Compiler changes
* Bug fixes:
+ Fix segmentation fault if -syntax is used on a program with no code.
+ Fix segmentation fault on some assignment syntax errors.
+ Fix bug introduced in v3.0.0 with conversion of `among` starter. If there
were any commands after the among in the same command list then the among
itself would get lost. Not triggered by any current algorithms.
+ Clear name field when removing dead assignments. This is visible in the
syntax tree shown when command line option -syntax is used, but probably
doesn't affect anything otherwise.
[160 lines not shown]
rclone: updated to 1.74.2
1.74.2 - 2026-05-22
- Bug Fixes
- build
- Update golang.org/x/net to v0.55.0 to address:
- CVE-2026-42506: html: incorrect handling of namespaced elements in foreign content
- CVE-2026-39821: idna: failure to reject ASCII-only Punycode-encoded labels
- CVE-2026-42502: html: incorrect handling of HTML elements in foreign content
- CVE-2026-25680: html: denial of service when parsing arbitrary HTML
- CVE-2026-25681: html: incorrect handling of character references in DOCTYPE nodes
- CVE-2026-27136: html: duplicate attributes can cause XSS
- Update golang.org/x/crypto to v0.52.0 to address:
- CVE-2026-46598: ssh/agent: pathological inputs can lead to client panic
- CVE-2026-46597: ssh: byte arithmetic causes underflow and panic
- CVE-2026-39828: ssh: bypass of certificate restrictions
- CVE-2026-39835: ssh: server panic during CheckHostKey/Authenticate
- CVE-2026-39833: ssh/agent: key constraints not enforced
[31 lines not shown]
rio: add PKGMESSAGE; declare ncurses DEPENDS
PKGMESSAGE covers three user-visible gotchas: base-system programs
need TERM=xterm-256color (libterminfo reads only the CDB, not
TERMINFO_DIRS), shell detection from /etc/passwd, and theme placement.
DEPENDS on ncurses is now explicit: do-install calls
${LOCALBASE}/bin/tic which requires ncurses to be installed, and the
installed terminfo is only useful to ncurses-linked programs anyway.
gicv3_its: Fix ITT sizing.
The ITT being allocated did not match the size specified on the MAPD
command. This could cause hardware to read past the end of the ITT.
The old code used a fixed offset mapping scheme to assign eventIDs (the
eventID was derived from the LPI INTID). This scheme is wasteful and
doesn't scale well as the ITT is essentially an array of ITEs starting
with eventID 0. This change introduces per-deviceID namespaces for
eventIDs and allocates them starting with 0. A fixed number of eventIDs is
made available for each deviceID (MAXCPUS * 2). On a platform with an ITE
size of 8 bytes, this allows the ITT to fit in a single page.
The ITT is sized larger than the initial request as multiple requestors
could potentially share the same deviceID (this is the case for legacy PCI
devices behind a PCIe-to-PCI bridge).
The size parameter of the MAPD command now matches the allocated ITT.
Tested on QEMU KVM Virtual Machine and Ampere eMAG (Lenovo HR330A).
rio: fix shell detection, terminfo, man pages, options framework
- patch-teletypewriter_src_unix_mod.rs: add NetBSD shell override so rio
starts the shell from /etc/passwd rather than inheriting $SHELL=/bin/ksh
from the display manager; also fix use-spawn on NetBSD so --login arg
is passed (patch-rio-backend_src_config_defaults.rs)
- patch-misc_rio.terminfo: remove the "rio" entry; ncurses already ships
share/terminfo/r/rio, compiling it here caused a pkg_add PLIST conflict;
tic now produces only rio+base and xterm-rio (unique to this package)
- options.mk: new file; add "man" option (on by default) to build rio.1,
rio.5, rio-bindings.5 from scdoc source in extra/man/
- Makefile: INSTALLATION_DIRS+= (not =) so options.mk additions are kept;
add man/man1 and man/man5 dirs via options.mk; run tic for terminfo;
conditional scdoc installs guarded by !empty(PKG_OPTIONS:Mman)
- PLIST: use ${PLIST.man} token for conditional man page entries;
track share/terminfo/r/rio+base and share/terminfo/x/xterm-rio only
- patch-misc_rio.desktop: set TERMINFO_DIRS=@PREFIX@/share/terminfo and
EGL_LOG_LEVEL=fatal in Exec lines; PREFIX substituted via SUBST block
- distinfo: regenerate for all new and updated patches
