py-test-order: updated to 1.5.0
1.5.0
Adds option to abort tests after a failed ordering.
New features
* added option `--fail-all-on-failed-ordering` to abort the whole test run
without executing any tests if some tests could not be ordered
Fixes
- transitive relative chains are resolved as a single globally consistent order
py-test: updated to 9.1.1
pytest 9.1.1 (2026-06-19)
Bug fixes
* Fixed a logic bug in pytest.RaisesGroup which would might cause it to display incorrect “It matches FooError() which was paired with BarError” messages.
* Fixed a regression in pytest 9.1.0 which caused overriding a parametrized fixture with an indirect @pytest.mark.parametrize to fail with “duplicate parametrization of ‘<fixture name>’”.
* Fixed list-item typing errors from mypy in @pytest.mark.parametrize argvalues parameter.
* Fixed a regression in pytest 9.1.0 where conftest.py files located in <invocation dir>/test* were no longer loaded as initial conftests when invoked without arguments. This could cause certain hooks (like pytest_addoption) in these files to not fire.
py-setuptools_scm: updated to 10.1.2
10.1.2 (2026-06-22)
Fixed
- Fix DeprecationWarning leak by threading VcsEnvironment through VersionInferenceConfig and using env.make_reader() in _should_write_to_source.
10.1.1 (2026-06-22)
Fixed
- Update CI to use PyPy 3.11 as cryptography has no PyPy 3.10 build available
10.1.0 (2026-06-22)
Added
- Add backward-compatible shims in ``setuptools_scm.git``, ``setuptools_scm.hg``, ``setuptools_scm.hg_git``, and ``setuptools_scm.scm_workdir`` so that external code calling ``get_scm_version(config)`` or ``run_describe(config)`` with an explicit ``Configuration`` continues to work. The shim automatically wires ``_config`` and ``VcsEnvironment`` onto the workdir.
[16 lines not shown]
py-vcs-versioning: updated to 2.1.0
2.1.0 (2026-06-22)
Added
- Add `VcsEnvironment.build_config_from_pyproject`, `build_config_from_data`, and `pyproject_tool_names` methods for canonical env-first configuration creation.
Fixed
- Fix DeprecationWarning leak in pretend API by ensuring all public APIs attach VcsEnvironment to Configuration before accessing env-dependent properties.
- Fix fallback discovery so an unprocessed `.git_archival.txt` no longer shadows a valid `PKG-INFO` in PyPI sdists.
2.0.1 (2026-06-22)
Fixed
- Update CI to use PyPy 3.11 as cryptography has no PyPy 3.10 build available
[30 lines not shown]
py-mutagen: updated to 1.48.0
1.48.0 - 2026-06-22
* Drop Support for Python 3.7, 3.8 and 3.9
* ID3: Add ``salt`` attribute to APIC frames to allow multiple APIC frames with
identical descriptions
* ID3: Preserve order of APIC frames relative to each other when saving
* ID3: Fix reading/writing v1.0 and v1.1 comment/track fields
* ID3: Fix saving ID3v2 comment fields from ``COMM:desc:lang`` tags
* ID3: Consider size of extended header when reading ID3 data
* EasyID3: Fix handling of ``albumartistsort`` as ``TSO2`` with ``TXXX:ALBUMARTISTSORT``
fallback for reading
* MP3: do not fail on non-ASCII lame header version flags
* OggOpus: Provide a bitrate property
* MP4: Fall back to parsing length from ``mvhd`` if there is no ``trak`` info
* MP4: Fix chapter timestamp parsing
* OGG: Fix saving files with trailing null bytes
* mid3v2: Fix ``--list-frames-v2.2`` option
[6 lines not shown]
py-wrapt: updated to 2.2.2
2.2.2
Bugs Fixed
When @wrapt.lru_cache was applied to an instance method that was overridden in a subclass, and the subclass method called the base class method via super(), a RecursionError was raised instead of the base class method being invoked. The per-instance cache for each method was stored as an attribute on the instance whose name was derived only from the method __name__, so the base and derived methods shared a single cache slot. The subclass cache was therefore found again when the base method was reached through super(), re-entering the subclass body and recursing without end. The cache attribute name now incorporates a unique identifier for each decorated method so that a base method and a method that overrides it use distinct per-instance caches.
When @wrapt.lru_cache was applied to a method of a class deriving from wrapt.ObjectProxy, the per-instance cache was stored on the wrapped object rather than on the proxy. This is because the proxy __setattr__ forwards attribute assignment to the wrapped object for any name that is not a recognised proxy attribute, and the cache attribute name was not one. Storing the cache on the wrapped object had several consequences: the wrapped object was polluted with cache attributes it never defined; the cache held a reference back to the proxy through the bound method it wrapped, so a wrapped object that outlived the proxy kept the proxy alive and prevented its collection; wrapping an object that does not accept arbitrary attributes, such as one using __slots__, caused the first cached call to fail with an AttributeError; and two proxies sharing a single wrapped object shared one cache and could return results computed for the wrong proxy. The cache attribute is now stored on the proxy itself using the proxy __self_setattr__ method when the instance is a wrapt object proxy, falling back to setattr for ordinary instances.
py-greenlet: updated to 3.5.2
3.5.2
- The minimum supported version of Python 3.15 is now 3.15b2.
- Fix some garbage-collection related crashes on free-threaded Python
3.15.
- Improve garbage collection of greenlets. This mostly applies to
Python 3.15.
py-coverage: updated to 7.14.3
7.14.3 — 2026-06-22
- Fix: the default ``...`` exclusion rule now also matches function bodies
whose closing return-type bracket is on its own line (for example, after a
long ``-> dict[ ... ]`` annotation that a formatter has split over multiple
lines). Closes `issue 2185`_, thanks `Mengjia Shang <pull 2196_>`_.
- Fix: On 3.13t, we incorrectly issued ``Couldn't import C tracer`` errors.
We can't import the C tracer because in 7.14.2 we stopped shipping compiled
wheels for 3.13t. Thanks, `Hugo van Kemenade <pull 2203_>`_.
wg(4): Drop KASSERT on result of crypto_scalarmult.
The result of this check is not relevant to security of the protocol,
either for static peer identity keys or for ephemeral handshake keys.
See comments for details.
We can't simply write
(void)crypto_scalarmult(...);
because the function was tagged with warn_unused_result. And
apparently libsodium may leave the output uninitialized if the check
fails. So just yield zero instead of stack garbage / UB -- stack
garbage is probably actually fine since it is immediately hashed into
something that won't match anything so downstream logic will just drop
it, but UB might invite nefarious compilers to cause trouble.
PR security/60106: wg(4) should properly handle invalid or insecure
ephemeral Curve25119 public keys
Update to version 9.2.0707.
Changes:
- patch 9.2.0707: completion: popup misplaced when text before it is concealed
- runtime(doc): document Solaris as supported OS
- runtime(dtrace): handle DTrace probe highlighting before action blocks
- patch 9.2.0706: tests: test_terminal3 may fail when $SHELL is zsh
- runtime(beancount): Add support for non-ASCII account names
- patch 9.2.0705: :delete # silently fails to update "# and clobbers "0
- patch 9.2.0704: GTK4: not handling mouse events
- patch 9.2.0703: session file does not store relative Vim9 autoload imports
- patch 9.2.0702: :windo and :tabdo create an extra window with 'winfixbuf'
- runtime(fennel): Update Last Update header
- runtime(fennel): add more ";" comment leaders to 'comments'
- patch 9.2.0701: tests: test_terminal.vim does not wait for job to finish
- patch 9.2.0700: configure: -lrt requirement for timer_create not detected
- nsis: Remove NSIS Installer Code
- patch 9.2.0699: [security]: possible code execution with python complete
- patch 9.2.0698: [security]: Out-of-bounds write with soundfold()
[122 lines not shown]
wg(4): Add a test case for too many allowed IP address ranges.
PR kern/60232: kernel panic when adding a wireguard peer with too
many allowed IP addresses
wg(4): Add test case for bad ephemeral handshake public keys.
wg(4) should not crash on an assertion if they appear on the network;
it should just gracefully drop them as forgeries, if a MITM attempted
to send them without knowledge of a peer's public key, or accept
them, if a peer legitimately sent them, since that peer could just as
well simply forward the plaintext of the session on to the NSA.
PR kern/60106: wg(4) should properly handle invalid or insecure
ephemeral Curve25119 public keys
wg(4): Add test case for bad peer public keys.
wg(4) should not crash on an assertion if they are used -- it should
just gracefully accept them, with degraded security, since a peer
that maliciously provides an invalid public key is no worse than a
peer that voluntarily exposes all its plaintext anyway.
PR kern/60106: wg(4) should properly handle invalid or insecure
ephemeral Curve25119 public keys
