dasel: update to 3.11.1.
## [v3.11.1] - 2026-06-20
### Security
- Fixed stack overflow (unrecoverable `fatal error`) in the JSON and XML readers when parsing deeply nested input ([GHSA-cqxr-jxr2-85pq](https://github.com/TomWright/dasel/security/advisories/GHSA-cqxr-jxr2-85pq)). Both readers now enforce a 10,000-level nesting depth limit and return a clean error (`ErrJSONMaxDepthExceeded` / `ErrXMLMaxDepthExceeded`) instead of crashing the process.
py-pyrate-limiter: update to 4.4.0.
[4.4.0]
Bug-fix, scalability, and internal-refactor release. No public API changes (the new AbstractBucket.is_async attribute is additive).
Fixed
InMemoryBucket: guard the internal item list with a lock so the background Leaker thread can no longer race put/peek/leak. This was a data race in the default configuration (in-memory bucket + scheduled leak). MultiprocessBucket aliases this lock to its shared cross-process lock. (#302)
PostgresClock: when the DB time query fails, fall back to local wall-clock epoch time instead of monotonic time. The monotonic fallback was ~5 orders of magnitude smaller than the stored epoch-ms timestamps and would corrupt every window comparison and leak bound. (#302)
Leaker: make the background sync-leak worker restartable. Re-registering a bucket after every bucket had been disposed previously raised RuntimeError: threads can only be started once. (#302)
Keep Limiter picklable after the InMemoryBucket lock addition. (#302)
Performance & Scalability
Limiter: release the limiter lock during the synchronous blocking wait, so a long wait on one key no longer serializes acquisitions for every other key sharing the limiter. (#304)
RedisBucket: batch weighted ZADDs in bounded chunks inside the atomic Lua script, lowering latency for high-weight puts. (#284)
Internal / Refactor
[57 lines not shown]
v0.43.2
Fix: autocomplete Esc handler
Esc now closes the autocomplete popup without leaving Insert mode:
First Esc closes the popup (or the preview panel, if it's open) and keeps you in Insert mode.
Press Esc again to leave Insert mode, as before.
py-google-auth: update to 2.55.0.
2.55.0 (2026-06-15)
Features
make RAB feature production ready (#17390) (af193931e4e38c4b59751edb8e915ae3388b8524)
Bug Fixes
run async background boundary refresh on detached session (#17441) (56cbea8509c66889485b43f2d98d60210eae81bc)
2.54.0 (2026-06-11)
Features
implement regional access boundary support for standalone JWT and async service accounts (#17025) (35af6168c19dd6f114dd67a8bfdcd0ff8fe3bdf9)
Bug Fixes
[4 lines not shown]
py-Glances: update to 4.5.5.
=============
Version 4.5.5
=============
Bugs corrected:
* /api/4/containers stays ~4-5s with ~60 Docker containers #3559
* Crash when using --sparkline #3547
* VMs section does not show LOAD 1/5/15min values #3535
* Fix AMD GPU detection for multi-digit DRM card numbers #3578
* Keep auto_unit within limits, so columns stay aligned #3558
* Rest status check shouldn't require auth #3544
* Logging configuration to use boolean value #3536
* Fix filesystem aliases for mixed-case mount points #3532
* Regression in Disk I/O reporting #3546
Enhancements:
[25 lines not shown]
www/litehtml: Update v0.10
What's Changed
Refactoring for zero warnings by @tordex in #288
Add specifying a working directory for tests by @u-235 in #289
Linux container: added support for borders style by @tordex in #290
Fixed: Negative top margin changes block height #284 by @tordex in #292
Fix windows build issues. by @tordex in #294
fix min/max compilation errors on Windows by @stasoid in #299
-Wpedantic in g++ makes lots of warnings by @m32 in #300
Common cairo container by @tordex in #302
flex: bug in processing box-sizing in flex items (#295) by @tordex in #303
Support standard HTML character encodings by @stasoid in #305
Implement "prescan the byte stream to determine its encoding" by @stasoid in #307
Gradients support by @tordex in #312
Fix: one brake tag is 'eaten' in line with double break by @tordex in #313
Support for default value of the var() function. by @tordex in #316
container_cairo_pango: select font from list of available fonts by @tordex in #317
[39 lines not shown]
openexr: update to 3.4.13.
## Version 3.4.13 (June 19, 2026)
Patch release that addresses several bugs and security
vulnerabilities.
* :bug: Fix a regression introduced in v3.4.11 in decoding of DWAA compression
* :bug: Fix to handling deep images and very large images with the OpenEXRUtil library
* :bug: Fix initiliazation issue in B44A decoding
* :bug: Validate HTJ2K chunk header length before decode
* :hammer_and_wrench: Fix when building statically and using the vendored OpenJPH library
For the python module:
* :snake: :sparkles: Support NumPy scalar values Box2i and V2f tuple bindings
This release addresses the following security vulnerabilities:
[82 lines not shown]