ov: update to 0.54.0.
ov v0.54.0 focuses on making style inspection and suppression easier to use, while tightening sidebar rendering and improving runtime stability.
Style suppression is now much more practical
You can now suppress styles individually instead of falling back to a fully plain view.
This is especially useful when using ov with tools that emit ANSI styling, such as bat.
Added selective style suppression.
Added numbered style selection with comma and range syntax.
Added commands for toggling all styles more easily.
Improved style-related help and on-screen guidance.
New style list in the sidebar
The sidebar can now display a style list, making it easier to inspect available styles and choose what to suppress.
Added styles as a sidebar mode.
[10 lines not shown]
dmarc-report-viewer: update to 2.6.0.
## [2.6.0] - 2026-07-08
* Security: Limit maximum uncompressed file size to prevent unbounded memory use (remote DoS).
* Security: Hardened basic auth username and password checks against timing attacks.
* Security: Restrict Whois referral following to avoid non-default Whois ports to limit SSRF.
* Security: Fixed panic in decoding code for mail subjects (remote DoS).
* Fix: Made duplicate check for reports more robust (was more a theoretical issue).
* Fix: Prevent possible subtraction underflow in uptime calculations.
* Feature: Added printing and saving as PDF button to reports UI.
* Feature: Support of optional IMAP sub-folders with configurable depth (see issue #84).
* Feature: Extend DNS client to be able to deal with compressed pointers in responses.
* Updated Cargo dependencies
sem: update to 0.21.0.
## [0.21.0] - 2026-07-10
### Added
- **Cloud-enabled `sem diff` now creates an immutable, owner-private hosted review URL.** Snapshot uploads include changed-entity caller/callee relations and truthful Git provenance: branch, scope, base/head refs, and available SHAs. Working-tree reviews explicitly report `HEAD → WORKTREE` rather than implying that uncommitted changes exist on GitHub.
- **GitHub login can now be exchanged for a revocable CLI session.** Raw GitHub credentials are not persisted as sem credentials, and the CLI session resolves to the same stable principal used by web reviews.
### Fixed
- **Hosted-review upload failures are visible without breaking the local diff.** `sem diff` still exits successfully with its complete local result, while stderr explains that the private review could not be uploaded.
- **Transitional cloud repository states refresh immediately.** `sem whoami` no longer leaves a repository stuck at a cached `pending` state after cloud indexing has completed.
- **`sem diff` now collapses contiguous line chunks on unsupported files into one summary line.** When a file has no grammar, sem falls back to fixed 20-line chunks, so deleting or adding one previously printed a wall of `⊖ chunk lines 1-20 [deleted]` / `21-40` / `41-60` … lines that ate context for no information. Contiguous chunks of the same change type now consolidate to a single line, e.g. `⊖ 13 chunks lines 1-246 [deleted]`. Verbose mode (`-v`) is unchanged, since it still prints per-chunk content. Thanks @graipher for the report (#466).
### Performance
- **`sem context` now answers from an indexed point query instead of loading the whole graph, so it scales to millions of entities.** It previously hydrated every entity (plus decompressed bodies) just to answer about one, so on a 2.3M-entity repo each call took ~15s. The SQLite cache is already normalized and indexed, so when the git oracle proves the cache fresh (no filesystem walk) `sem context` now builds only the k-hop neighbourhood around the target straight from the store: batched `IN (...)` edge queries, bodies fetched per hop, stopping once there is enough content to cover the token budget so a hub entity's fan-out does not explode the fetch. It reuses the existing packer on that subgraph, so output is byte-for-byte identical to the full-graph path, and falls back to the full load whenever the oracle declines. On the Linux kernel (2.31M entities) `sem context` drops from ~15s to 0.44s per call; on Kubernetes (520k) from ~5s to ~1.2s.
- **Default (`All`-mode) `sem impact` now answers from the indexed cache too, instead of hydrating the whole graph.** A full cache stored entities and edges but not test flags, so All/Tests-mode impact (which includes the "covered by N tests" answer) fell through to a full-graph load — ~3.5s on Kubernetes, ~10.7s for an unbounded `--depth 0`, even for a tiny blast radius. The full save now records test flags (shared with the topology save) behind a metadata marker, so the existing point-query path can serve All-mode impact straight from indexed edge queries. Output is identical to the full-load path — verified byte-for-byte against it, including the tests field. On Kubernetes (520k entities) default `sem impact` drops from **~3.5s to 0.04s**, and `--depth 0` from **~10.7s to 0.04s**. Caches built before the marker still take the full path, so nothing regresses.
[206 lines not shown]
tree-sitter: update to 0.26.11.
What's Changed
fix(deps): zig manifest for wasmtime is missing windows hashes by @tree-sitter-ci-bot[bot] in #5720
fix(xtask): eliminate silent errors in zig fetch by @WillLillis in #5724
fix(query): short-circuit longest-match dedup for disjoint states by @tree-sitter-ci-bot[bot] in #5726
fix(query): various anchor fixes by @tree-sitter-ci-bot[bot] in #5727
Fix C++ compilation errors in array macros. by @tree-sitter-ci-bot[bot] in #5735
fix(rust): address new clippy lints by @WillLillis in #5743
fix(generate): strip non-ASCII case folds by @tree-sitter-ci-bot[bot] in #5744
fix(ci): re-set executable permission on release artifacts before zipping by @clason in #5746
release v0.26.11 by @clason in #5748
libpsl: update to 0.23.0.
12.07.2026 Release V0.23.0
* Using libidn as runtime requires explicit config
* Properly handle leading dot in domains (see also https://curl.se/docs/CVE-2026-8924.html)
* Cleanups to configure.ac
* Add test coverage report link to README.md
* Simplify license headers to reduce maintenance overhead in the long run
gopls: update to 0.23.0.
Configuration changes
The errorsastype analyzer added in the previous release (which
detects shadowing mistakes using errors.AsType) was renamed to
errorsastypeshadow to avoid an unfortunate conflict with a modernizer
of the same name, which suggests fixes to replace calls to errors.As
by AsType.
As part of an ongoing effort to revamp the gopls CLI (which is not
a supported stable interface) to make it more useful and efficient
for both humans and agents, several obsolete subcommands (gopls
fix, gopls inspect, and gopls bug) have been removed. Users should
use gopls codeaction instead of gopls fix, and gopls remote instead
of gopls inspect. The main serve command continues to work as
expected.
The importsSource setting has been removed (commit 289728936).
[62 lines not shown]
fzf: update to 0.74.0.
0.74.0
------
_Release highlights: https://junegunn.github.io/fzf/releases/0.74.0/_
- On tmux 3.7 or above, `--popup` starts fzf in a floating pane instead of a popup (#4850)
- Unlike a popup, a floating pane is not modal; you can switch to other panes and windows while fzf is running, move and resize the pane with the mouse, zoom it to fullscreen, and use copy-mode in it
- A floating pane always has a native border, which is what makes the pane movable and resizable, so `border-native` is implied
- A popup is used instead when a border style is explicitly specified with `--border`, so that the fzf-drawn border is the only border shown (`none` and `line` are treated as no border)
```sh
fzf --popup --border
```
- `--border-label` is set as the title of the floating pane, and is displayed on the border if `pane-border-status` is enabled in tmux
```sh
fzf --popup --border-label ' fzf '
```
- On Zellij, `--popup` uses the native border by default, consistent with tmux, so that the pane can be moved and resized with the mouse; fzf draws its own border when a border style is explicitly specified with `--border`
- `--border-label` is set as the name of the pane, displayed on the native border
[33 lines not shown]
enchant2: update to 2.8.19.
2.8.19 (July 7, 2026)
---------------------
This release adds a provider for WinSpell: Windows users can now use the
native system spelling checker via Enchant. Many thanks to Moritz Mechelk
for working on this, and the HexChat authors whose code he used.
The change in the previous release to update the tests and require the use
of C++20 have been reverted. I had not realised how old some systems were
that people are still packaging up-to-date Enchant on! We’re back to
requiring C++11.
samurai: update to 1.3.
New features
Add graph subtool.
Add -l, build scheduling based on load-average (disabled by default).
Print exit status of failed commands.
Forward interrupting signals SIGTERM, SIGINT, SIGHUP, and SIGQUIT to child processess.
Minor compatibility fixes
Allow stray indented, but otherwise empty lines.
Add micro version number to --version output.
Handle escaped newlines in depfiles.
Bug fixes
Fix NULL dereference during dry run with phony edges (#66).
Fix NULL dereference when rule has empty rspfile, rspfile_content, or command (#67, #68).
[9 lines not shown]