py-hypothesis: updated to 6.155.7
6.155.7 - 2026-06-21
This patch fixes a thread-safety bug where concurrent use of the same strategy instance could error in rare cases.
6.155.6 - 2026-06-19
This patch replaces some internal %-style string formatting with f-strings. There is no user-visible change.
6.155.5 - 2026-06-18
dates() now raises InvalidArgument if a datetime is passed as min_value or max_value. Because datetime is a subclass of date, such bounds were previously accepted and then failed with a confusing TypeError while generating examples.
6.155.4 - 2026-06-18
This patch removes a stray print() which fired whenever a dates() filter was rewritten.
py-setuptools_scm: updated to 10.2.0
10.2.0 (2026-06-24)
Added
- Restore Python 3.8 and 3.9 support, re-enabling use as a build dependency for projects like scikit-build that still support these versions.
Miscellaneous
- Move PKG-INFO discovery tests from vcs-versioning to setuptools-scm where the entry points are registered.
py-mutagen: updated to 1.48.1
1.48.1 - 2026-06-25
* Revert: ``ID3: Fix saving ID3v2 comment fields from COMM:desc:lang tags``
to fix duplicated COMM frames in some cases.
Update nsd to version 4.14.3.
Pkgsrc changes:
* Checksum changes.
Upstream changes:
4.14.3
================
FEATURES:
BUG FIXES:
- Fix for CVE-2026-12244: A specially crafted SVCB RR can cause a heap
overflow of up to 65509 attacker controlled bytes.
Thanks to Qifan Zhang, Palo Alto Networks for the report
https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12244.txt
- Fix for CVE-2026-12245: If NSD is configured with DNS over TLS, a
client that performs a TLS action, closing the connection early,
causes a crash and restart of the server process. An attacker can
keep all children in a crash-restart loop denying DoT service.
[12 lines not shown]
www/resterm: Update to v0.44.1
v0.44.1
Better error diagnostics
RTS expression errors now show exactly where they happened in the file.
This also covers @for-each and {{= }} templates which previously reported errors without a location.
error[script]: undefined name "missing"
--> requests.http:14:21
14 | # @for-each item in missing.value
Modal error handling
API errors, such as 4xx and 5xx responses and failed requests no longer open a popup which was unneccecery
since error rapporting already shows up in the response tab. A duplicate statusline error message was also removed.
Internal
RTS engine was refactored so the TUI, CLI and headless modes now share one execution path instead of keeping separate copies.
py-redis: updated to 8.0.1
8.0.1
Bug Fixes
Fix Unix socket maintenance notification handling and tests
Fix async cluster node connection release on write errors
Fixed async MultiDBClient with underlying RedisCluster
Fix hiredis readiness checks for high file descriptors
fix(search): parse RESP3 FT.SEARCH responses with bytes-typed keys
Fixing pubsub's listen method to be blocking.
fix(asyncio): release pooled connection when Pipeline.reset() is cancelled
Avoid per-check fd allocation in hiredis _socket_can_read() — use poll() instead of a per-call selector
py-anyio: updated to 4.14.1
4.14.1
Fixed teardown of higher-scoped async fixtures failing on asyncio with RuntimeError: Attempted to exit cancel scope in a different task than it was entered in when an async test raise an outcome exception (e.g., pytest.skip(), pytest.xfail(), or pytest.fail())
Fixed CapacityLimiter.total_tokens rejecting a value of 0 when the limiter was instantiated outside of an event loop, contradicting the documented behavior of allowing 0 total tokens
py-ruff: update to 0.15.19.
Preview features
Support human-readable names when hovering suppression comments and in code actions (#26114)
Bug fixes
Fall back to default settings when editor-only settings are invalid (#26244)
Fix panic when inserting text at a notebook cell boundary (#26111)
Rule changes
[pylint] Update fix suggestions for __floor__, __trunc__, __length_hint__, and __matmul__ variants (PLC2801) (#26239)
Performance
Avoid allocating when parsing single string literals (#26200)
Avoid reallocating singleton call arguments (#26223)
[14 lines not shown]
stellarium: updated to 26.2
26.2
The major changes of this version:
- Added new sky culture
- Added new plugin: Planes
- Many improvements in plugins
- Many improvements in Core and GUI
- Many updates in sky cultures
curl: update to 8.21.0.
Lots of security fixes.
Changes:
curl: named globs in output filename for upload glob references
HTTP/3: add proxy CONNECT and MASQUE CONNECT-UDP support (ngtcp2 QUIC)
http2: remove stream dependency tracking
lib: drop support for CURLAUTH_DIGEST_IE
libssh: add support for SHA256 host public keys
tool_urlglob: add named globs
Bugfixes:
_ENVIRONMENT.md. Windows does case insensitive env variables
_URL.md: remove the zone-id mention
AmigaOS: curl_setup.h avoid explicit_bzero with clib2
AmigaOS: fix build fallouts, re-add to CI
[270 lines not shown]
