py-tenacity: updated to 9.1.3
9.1.3
Apply formatting to num seconds in before_sleep_log
Support Python 3.14
Typing: Accept non-standard logger in helpers logging something
feat(wait): add wait_exception strategy
docs: fix syntax error in wait_chain docstring example
chore: drop Python 3.9 support (EOL)
Support async sleep for sync fn-to-retry
py-limits: updated to 5.8.0
v5.8.0
* Bug Fix
* Allow explicit keyword arguments for storage options for
username & password for storages that support it.
* Allow explicitly specifying `startup_nodes` through keyword
arguments for all redis cluster storages.
* Support IPv6 addresses in cluster locators in storage uri
v5.7.0
* Compatibility
* Relax extras constraints for redis (<8)
yaml-cpp: updated to 0.9.0
0.9.0
Assorted bugfixes, including:
Increase minimum required CMake version to 3.5, update Googletest to 1.13
Bazel module builds
node/convert: Enable the template specialization for std::string_view properly when the library is compiled by MSVC on Windows
CMake: Allow to disable uninstall
Update cmakelists to use system googletest if available
Fix indentation of empty flow sequences
Add option YAML_ENABLE_PIC
fix: use C locale by default
Use FetchContent_MakeAvailable
fix: parse files with '\r' symbols as line ending correctly
fix(src): avoid possible infinite loop in LoadAll()
missing keys should throw InvalidNode, not BadConversion
fix: prettier floating point numbers
Optimization of merge memories
sdl12-compat: updated to 1.2.74
1.2.74
This is a stable bugfix release, with the following changes:
Fixed crash on Windows introduced in the last release
Fixed transition from intro video to main menu in Sid Meier's Alpha Centauri
raqm: updated to 0.10.4
Overview of changes leading to 0.10.4
Add build option to skip tests.
Add dependency override for use as a subproject.
Fix tests when b_ndebug=true.
Build, CI and documentation updates.
cargo-audit: updated to 0.22.1
cargo-audit 0.22.1
Release Apple Silicon cargo-audit binary
cargo-audit: Put a newline character at the end of json reports
cargo-audit: disable colors by default if stdout it not a terminal
Upgrade the Shibboleth SP software to version 3.5.2.
The Shibboleth release notes, edited to remove references to specific package systems, are as follows:
==============================================================================
3.5.2 (December 16, 2025)
This is a patch release to work around an apparent bug causing instability in the libmemcached library when using the memcache storage feature with keys containing whitespace. There are no other code changes in this release, so those not using the memcache feature (which is rarely part of most modern packages) are not impacted.
3.5.1 (September 3, 2025)
This is a patch release to address a security vulnerability [https://shibboleth.net/community/advisories/secadv_20250903.txt] in the ODBC storage plugin/extension. There are no other intended changes apart from versioning in logs, but an issue that has arisen pertains to how to container deployments.
If your container design does not rely on either systemd or init.d to launch shibd, then your container is responsible for ensuring that certain runtime directories are created. For an RPM install, this is now documented at RPMInstall [https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065335566] in the After Installation section.
If you install the SP from source without including any systemd dependencies, then at present you would need to manually create /var/run/shibboleth in your container prior to running shibd.
3.5.0.2 (March 18, 2025)
This is a service release that corrects an oversight that caused the updated OpenSAML library to log the older version when initializing. It is cosmetic/clarifying only and does not otherwise change the fix so updating from 3.5.0.1 is purely optional.
==============================================================================
chat/ejabberd: Make epmd listen only on localhost
The default is *, so set it to 127.0.0.1, aligned with security for
single-host setups. Theoretical users with multiple hosts are weclome
to send patches to make this configurable, or, better yet, fix
upstream via a config file.
py-dash: updated to 8.0.6
v8.0.6 (2026-01-17)
- Prevent access to object paths containing ``__globals__`` or ``__builtins__`` in ``invoke(). Attempting to access these keys will raise a ``KeyError``.
python313 py313-html-docs: updated to 3.13.12
Python 3.13.12 final
Windows
gh-128067: Fix a bug in PyREPL on Windows where output without a trailing newline was overwritten by the next prompt.
Tools/Demos
gh-142095: Make gdb ‘py-bt’ command use frame from thread local state when available. Patch by Sam Gross and Victor Stinner.
Tests
gh-144415: The Android testbed now distinguishes between stdout/stderr messages which were triggered by a newline, and those triggered by a manual call to flush. This fixes logging of progress indicators and similar content.
gh-65784: Add support for parametrized resource wantobjects in regrtests, which allows to run Tkinter tests with the specified value of tkinter.wantobjects, for example -u wantobjects=0.
gh-143553: Add support for parametrized resources, such as -u xpickle=2.7.
gh-142836: Accommodated Solaris in test_pdb.test_script_target_anonymous_pipe.
gh-129401: Fix a flaky test in test_repr_rlock that checks the representation of multiprocessing.RLock.
bpo-31391: Forward-port test_xpickle from Python 2 to Python 3 and add the resource back to test’s command line.
Security
gh-144125: BytesGenerator will now refuse to serialize (write) headers that are unsafely folded or delimited; see verify_generated_headers. (Contributed by Bas Bloemsaat and Petr Viktorin in gh-121650).
gh-143935: Fixed a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs.
gh-143925: Reject control characters in data: URL media types.
[96 lines not shown]
net/xfr: import xfr-0.3.0
Packaged for wip by pin@
A fast, modern network bandwidth testing tool with TUI. Built in Rust as an
iperf replacement.
Features:
- Live TUI with real-time throughput graphs and per-stream stats
- Server dashboard - xfr serve --tui for monitoring active tests
- Multi-client server - handle multiple simultaneous tests
- TCP and UDP with configurable bitrate and parallel streams
- Bidirectional testing - measure upload and download simultaneously
- Multiple output formats - plain text, JSON, JSON streaming, CSV
- Result comparison - xfr diff to detect performance regressions
- LAN discovery - find xfr servers with mDNS (xfr discover)
- Prometheus metrics - export stats for monitoring dashboards
- Config file - save defaults in ~/.config/xfr/config.toml
- Environment variables - XFR_PORT, XFR_DURATION overrides
py-pooch: updated to 1.9.0
1.9.0
Breaking changes:
Drop support for Python 3.7 and 3.8.
Bug fixes:
Explicitly pass filter to TarFile.extractall on Python >=3.12. Pass a filter="data" argument to TarFile.extractall to prevent dangerous security issues. The filter argument was added in Python 3.12, so only pass it on versions greater or equal than that. This change matches the default behaviour that will take place since Python 3.14.
Fix TQDM usage. Newer versions of tqdm behave differently at a terminal vs in a jupyter notebook. Import from tqdm.auto instead so that the downloader looks right in either a notebook or the terminal.
Fix bug in file hashing on FIPS enabled system. Set userforsecurity=False on hashlib hashing algorithms to make FIPS enabled systems happy.
New features:
Set User-Agent in requests headers for DOI downloaders. Pass a custom User-Agent when making requests through DOI downloaders in order to bypass limit rates imposed by services like Zenodo to block abusive requests. The can now filter requests coming from Pooch from the rest. Add a global REQUESTS_HEADERS variable that is used by the doi_to_url function (which requires to make a request to doi.org to figure out the service provider). Add a new headers argument to the DOIDownloader to specifically pass requests headers. By default it'll use the Pooch's default user agent.
Extend support for Python 3.13 and Python 3.14.
Provide more descriptive errors when DOI request fails. Raise the requests response to provide more informative errors when the status code is between 400 and 600.
py-orjson: updated to 3.11.7
3.11.7
Use a faster library to serialize float. Users with byte-exact regression
tests should note positive exponents are now written using a +, e.g.,
1.2e+30 instead of 1.2e30. Both formats are spec-compliant.
ABI compatibility with CPython 3.15 alpha 5 free-threading.
