textproc/xan: update to 0.60.0
Breaking
Renaming xan from --path to --root.
Renaming xan separate -T/--txt to -L/--lines.
Features
Adding xan count -c/--check-alignment & -H/--human-readable.
Adding xan sort -e -z/--compress.
Adding xan sample -g -S/--sorted.
Adding xan from -f=(json|ndjson) --model.
Adding xan cat rows -I/--intersection & -U/--union.
Adding xan top -g -S/--sorted.
Adding the sort, dedup, flatten & flat_map moonblade function.
Adding support for list & map columns when using xan from -f=parquet.
Fixes
[16 lines not shown]
misc/tui-journal: update to 0.17.0
Added
Provide Linux ARM64 release binaries
Changed
Return focus to the entries list when pressing Escape in the editor's normal mode
Improve JSON backend performance when assigning entry IDs and priorities
Rename misspelled theme cursor keys while retaining compatibility with existing themes
Use unique temporary files when opening entries in an external editor
Add operation and path context to backend I/O errors
Increase the minimum supported Rust version to 1.92.0
Switch release automation to tag-based releases and remove Aeruginous changelog tooling
Stop publishing Intel macOS release binaries
Fixed
Preserve an entry's original ID when undoing its deletion
net/xfr: update to 0.9.21
What's Changed
fix(tcp): resume partial regular writes and zero-copy sends from correct offset by @lance0 in #113
fix(server): clean up active test entry and metrics on abort/cancel/error by @lance0 in #114
fix(server,stats,diff): aggregate final TCP info, round RTT averages, flag zero-baseline regressions by @lance0 in #115
fix(output,ci,install): harden output and release paths by @lance0 in #116
fix(auth,serve,cli): LAN-158 + LAN-171 security hardening by @lance0 in #117
fix(protocol,probe,net): LAN-167 + LAN-168 protocol/probe validation by @lance0 in #118
fix(tui,config,main): LAN-163 + LAN-173 TUI/preset polish by @lance0 in #119
fix(misc): LAN-172 low-risk cleanups batch by @lance0 in #120
fix(protocol,tcp): harden version and receive teardown by @lance0 in #121
chore(tests): clean stale rate-limit timeout comment by @lance0 in #122
Bump actions/checkout from 6 to 7 by @dependabot[bot] in #109
Bump actions/cache from 5 to 6 by @dependabot[bot] in #111
Bump the rust-dependencies group across 1 directory with 6 updates by @dependabot[bot] in #112
fix: address post-release review regressions by @lance0 in #123
fix: LAN-161 pause channel closure busy-loop and unawaited QUIC tasks by @lance0 in #124
[7 lines not shown]
net/ttl: update to 0.21.0
v0.21.0
What's Changed
ci: harden workflow coverage and automation by @lance0 in #120
feat(update): allow disabling the update check (#110) by @lance0 in #122
v0.20.2
What's Changed
Bump docker/setup-buildx-action from 3 to 4 by @dependabot[bot] in #86
Bump docker/metadata-action from 5 to 6 by @dependabot[bot] in #87
Bump docker/setup-qemu-action from 3 to 4 by @dependabot[bot] in #88
Bump docker/login-action from 3 to 4 by @dependabot[bot] in #89
Bump docker/build-push-action from 6 to 7 by @dependabot[bot] in #90
fix: PMTUD correlation, lock ordering, and enrichment dedup by @lance0 in #104
fix: harden unsafe socket code against alignment UB and bad cmsg by @lance0 in #102
fix: harden CLI validation against panics and port overflow by @lance0 in #99
[17 lines not shown]
net/piratebay: update to 0.4.1
v0.4.1
No Changelog provided.
v0.4.0
What's Changed
feat: add ratatui TUI with search, categories, download and magnet copy by @tsirysndr in #21
v0.3.0
What's Changed
feat: add pure-rust torrent download with streaming by @tsirysndr in #18
shells/oh-my-posh: update to 29.27.0
v29.27.0
Bug Fixes
ci: refresh APM lockfile on Linux (31761a7)
project: resolve TargetFramework from Directory.Build.props (24d1dff), closes #7670
Features
shell: ass yash support (7ca3e94), closes #7121
transient: add .Interrupted template property and --interrupted flag (8a60d99)
transient: support right-aligned template (367ec83), closes #4822
v29.26.1
Bug Fixes
init: recover when the init script is held open on Windows (d193f44), closes #7654
segment: skip fallback_template when a timeout kills the segment (25367ea), closes #7542
[7 lines not shown]
sysutils/lstr: update to 0.3.0
[0.3.0] - 2026-07-12
Added
Added comprehensive sorting options for both classic and interactive modes:
--sort <TYPE>: Sort by name (default), size, modified time, or extension
--dirs-first: Sort directories before files
--case-sensitive: Use case-sensitive sorting with specific order (numbers → uppercase → lowercase)
--natural-sort: Version-aware sorting (file1 < file2 < file10)
--reverse: Reverse any sort order
--dotfiles-first: Priority ordering (dotfolders → folders → dotfiles → files)
Added comprehensive examples directory (examples/sample-directory/) with various file types, nested structures, and test scenarios for validating lstr functionality including icons, gitignore behavior, and tree display.
Added interactive search functionality in TUI mode:
Press / to enter search mode with real-time filename filtering
Case-insensitive substring matching filters files as you type
Press Esc to exit search and restore full file list
[58 lines not shown]
devel/garden: update to 2.6.1
Released 2026-07-12
Development:
- The subprocess dependency was upgraded to v1.0.
- The strum and strum_macros dependencies were upgraded to v0.28.
ansible-core: updated to 2.21.2
2.21.2
Minor Changes
- ansible-test - Added a timeout callback that dumps thread stacks when the test execution deadline defined by ``ansible-test env --timeout`` is approaching.
- parallel fact gathering - the async wrapper now considers the timeout when determining whether to kill the process running the module. Previously, a 5 second sleep occurred twice before checking if the job had remaining time.
Bugfixes
- encrypt - fix bcrypt salt string formatting on musl libc by ensuring it is always zero-padded to 2 digits (https://github.com/ansible/ansible/issues/87180).
- parallel fact gathering - fix hang caused by corrupt async job files.
p5-Crypt-OpenSSL-X509: update to 2.1.3.
## 2.1.3 2026-07-12
- Fixed CVE-2026-58102: heap out-of-bounds read in `hv_exts()`.
The function allocated a fixed 128-byte buffer for an extension's
OID string but used `OBJ_obj2txt()`'s return value (the full required
length, not the number of bytes actually written) as the key length
passed to `hv_store()`. A certificate with an extension whose OID
stringifies to more than 128 bytes caused a heap over-read. Fixed
with a two-phase `OBJ_obj2txt()` call (probe the required length,
allocate exactly, then format) and by using `strlen(key)` rather
than the `OBJ_obj2txt()` return value for the `hv_store()` key
length. This is a **security fix; update is strongly recommended**
- Fixed CVE-2026-58101: NULL-pointer dereference in several
`Crypt::OpenSSL::X509::Extension` helpers. `X509V3_EXT_d2i()`
returns `NULL` when an extension's DER payload fails to parse, and
the `AUTHORITY_KEYID` `keyid` field is legitimately `NULL` for
[103 lines not shown]
py-anyio: updated to 4.14.2
4.14.2
- Changed ``ByteReceiveStream.receive()`` implementations to raise a ``ValueError`` when
``max_bytes`` is not a positive integer
- Fixed ``CapacityLimiter.total_tokens`` rejecting ``float("inf")`` when the limiter was
instantiated outside of an event loop. The adapter setter checked for infinity by
identity (``value is math.inf``), so only the exact ``math.inf`` singleton was accepted,
while every backend setter (using ``math.isinf()``) accepts any positive infinity
- Fixed ``to_process.run_sync()`` deadlocking when the worker function writes enough data
to ``sys.stderr`` to fill the (undrained) pipe buffer. The worker process now redirects
``sys.stderr`` to ``os.devnull`` as well, matching the documented behavior
- Fixed ``TLSStream.wrap()`` matching an internationalized (unicode) host name against
the peer certificate using IDNA 2003 (via the standard library) instead of IDNA 2008,
which could cause the host name to be matched against the wrong certificate
- Fixed ``anyio.open_process()`` (and ``run_process()``) ignoring the ``extra_groups``
argument, as it mistakenly passed the value of the ``group`` argument instead
- Fixed ``CapacityLimiter.acquire_nowait()`` and
[10 lines not shown]
py-django-formtools: updated to 2.7
2.7.0 (2026-07-09)
- Fixed a regression in 2.6.x with ``get_form_list()`` caching not allowing
``form_list`` mutations.
- Dropped support for Python < 3.10 and Django < 5.2
py-django-stubs-ext: updated to 6.0.6
6.0.6
Fix task decorator typing for takes_context=True
Improve database backend typing
Fix only pk validation for abstract models
Make validators consistent
Allow aggregate filters to use expressions
Typecheck save()/asave() update_fields against model fields
py-django-polymorphic: updated to 4.11.6
4.11.6
Bump the gha-updates group with 6 updates
Bump starlette from 1.2.1 to 1.3.1
Bump cryptography from 48.0.0 to 48.0.1
Bump the gha-updates group with 6 updates
fix: KeyError when accessing fields deferred by base manager