www/ruby-rack: update to 3.2.5
3.2.5 (2026-02-16)
Security
* CVE-2026-25500 XSS injection via malicious filename in Rack::Directory.
* CVE-2026-22860 Directory traversal via root prefix bypass in
Rack::Directory.
Fixed
* Fix Rack::MockResponse#body when the body is a Proc. (#2420, #2423,
@tavianator, @ioquatix)
ham/hamlib: Update to 4.7.0
Version 4.7.0
* 2026-02-15
* Revamp Kenwood voice memory handler - Fixes TS-890S & TS-990S (n3gb)
* libusb is now detected using the pkg-config facility.
* Some internal functions change names to avoid conflicts with apps.
* POSIX threads are required to build and run Hamlib. Note that it was
actually the case for 4.6.x, but now the configuration step will
fail instead of the compilation. (n3gb)
* Functions rig_get_conf, rot_get_conf, amp_get_conf deprecated;
use *_get_conf2() instead. Also rig_set_trn and rig_get_trn deprecated.
* Reduce/repair excess output from cppcheck.sh - mostly cosmetic changes (WIP)
Output from `wc -l cppcheck.log` - 4.6.2: 981 now: 581
* Remove dead getopt code. GitHub PR #1709. (TNX Daniele Forsi)
* Move rig_cache to separate(calloc) storage. Prepare for other moves.
Issue #1420
* Many fixes for SWIG binding generation and improved Python support
and testing. (TNX Daniele Forsi).
[21 lines not shown]
zint: update to 2.16.0.
Switch to qt6 by default.
Version 2.16.0 (2025-12-19)
===========================
**Incompatible changes**
------------------------
- In `UNICODE_MODE`, ECI 899 Binary input now interpreted as UTF-8 (previously
treated as-is, i.e. as binary bytes - this now requires `DATA_MODE`)
- Buffer length of member `errtxt` in `zint_symbol` extended 100 -> 160
(client buffers may need checking/extending)
- New `content_segs` & `content_seg_count` fields in `zint_symbol` for use with
new output option `BARCODE_CONTENT_SEGS`
- Symbol structure members `option_1`, `option_2` and `option_3` now updated
after `ZBarcode_Encode()` and variants are called, and there are three new
methods in the Qt Backend to access to them
- New Qt Backend method `isBindable()` for new flag `ZINT_CAP_BINDABLE`
[177 lines not shown]
py-gunicorn: updated to 25.1.0
25.1.0 - 2026-02-13
New Features
- **Control Interface (gunicornc)**: Add interactive control interface for managing
running Gunicorn instances, similar to birdc for BIRD routing daemon
- Unix socket-based communication with JSON protocol
- Interactive mode with readline support and command history
- Commands: `show all/workers/dirty/config/stats/listeners`
- Worker management: `worker add/remove/kill`, `dirty add/remove`
- Server control: `reload`, `reopen`, `shutdown`
- New settings: `--control-socket`, `--control-socket-mode`, `--no-control-socket`
- New CLI tool: `gunicornc` for connecting to control socket
- See [Control Interface Guide](guides/gunicornc.md) for details
- **Dirty Stash**: Add global shared state between workers via `dirty.stash`
- In-memory key-value store accessible by all workers
[22 lines not shown]
slumber: update to 5.0.0.
[5.0.0] - 2026-02-14
5.0 is a huge release that focuses on two main areas:
A major refactor of the TUI includes:
A new layout with a collapsible sidebar to speed up navigation
Query/export command history navigation (similar to shell history)
QoL improvements such as selecting list items by click
CLI commands have been reorganized to be more consistent and discoverable
pgpdump: updated to 0.37
0.37 2027/02/12
Fix incorrect TAG_NUM macro causing out-of-bounds access.
Fix C23 compatibility.
Use Automake to run tests, and other test improvements.
Use Automake, and other build improvements.
*.c and *.h is now in src/.
0.36 2024/01/29
Skipping file to process when first/CTB is zero
Inserting "memset" for ELLIP_CURVES
0.35 2022/02/28
Adding BrainPool-384/512 curve definitions.
[6 lines not shown]
rumdl: update to 0.1.21.
## [0.1.21] - 2026-02-14
### Added
- **CLI**: New `full` output format with ruff-style source line display showing
offending lines with caret underlines
([#425](https://github.com/rvben/rumdl/issues/425))
- **GitHub Action**: Add generic `args` input for passing extra CLI flags like
`--output-format json`
([#406](https://github.com/rvben/rumdl/issues/406))
- **MD060**: `loose-last-column` now caps last column width at header text width —
body cells shorter than header are padded, longer cells extend beyond
([#424](https://github.com/rvben/rumdl/issues/424))
### Changed
- **CLI**: `--output-format` help text now documents all available formats with
[177 lines not shown]
py-django4: updated to 4.2.28
Django 4.2.28 fixes three security issues with severity “high”, two security issues with severity “moderate”, and one security issue with severity “low” in 4.2.27.
CVE-2025-13473: Username enumeration through timing difference in mod_wsgi authentication handler
The django.contrib.auth.handlers.modwsgi.check_password() function for authentication via mod_wsgi allowed remote attackers to enumerate users via a timing attack.
This issue has severity “low” according to the Django security policy.
CVE-2025-14550: Potential denial-of-service vulnerability via repeated headers when using ASGI
When receiving duplicates of a single header, ASGIRequest allowed a remote attacker to cause a potential denial-of-service via a specifically created request with multiple duplicate headers. The vulnerability resulted from repeated string concatenation while combining repeated headers, which produced super-linear computation resulting in service degradation or outage.
This issue has severity “moderate” according to the Django security policy.
CVE-2026-1207: Potential SQL injection via raster lookups on PostGIS
Raster lookups on GIS fields (only implemented on PostGIS) were subject to SQL injection if untrusted data was used as a band index.
[20 lines not shown]
py-django: updated to 5.2.11
5.2.11
Django 5.2.11 fixes three security issues with severity “high”, two security issues with severity “moderate”, and one security issue with severity “low” in 5.2.10.
CVE-2025-13473: Username enumeration through timing difference in mod_wsgi authentication handler
The django.contrib.auth.handlers.modwsgi.check_password() function for authentication via mod_wsgi allowed remote attackers to enumerate users via a timing attack.
This issue has severity “low” according to the Django security policy.
CVE-2025-14550: Potential denial-of-service vulnerability via repeated headers when using ASGI
When receiving duplicates of a single header, ASGIRequest allowed a remote attacker to cause a potential denial-of-service via a specifically created request with multiple duplicate headers. The vulnerability resulted from repeated string concatenation while combining repeated headers, which produced super-linear computation resulting in service degradation or outage.
This issue has severity “moderate” according to the Django security policy.
CVE-2026-1207: Potential SQL injection via raster lookups on PostGIS
[22 lines not shown]
py-apache-libcloud: updated to 3.9.0
Changes in Apache Libcloud 3.9.0
Common
- Support for Python 3.9 which is EOL has been removed.
If you still want to use Libcloud with Python 3.9, you should use an older
release which still supports Python 3.9.
- Indicate we also support Python 3.12 (non beta) and Python 3.13.
- Support for Python 3.8 which is EOL has been removed.
If you still want to use Libcloud with Python 3.8, you should use an older
release which still supports Python 3.8.
- Support for Python 3.7 which is EOL has been removed.
[18 lines not shown]
py-rdflib: updated to 7.6.0
7.6.0
This release introduces a new major feature: GraphDB integration via the Python
GraphDB Client. Users can now manage GraphDB instances and perform
administrative tasks directly from Python. As GraphDB also supports the RDF4J
REST API, users may utilize the recently released RDF4J Client and Store with
GraphDB instances. For more details, see the new RDFLib GraphDB documentation
under the extras section of the RDFLib documentation.
This release also includes a number of fixes to Graph.cbd() and Turtle-related
serializers. Thanks to @mgberg and @lisat-dstg, the affected code is now more
standards-compliant.
At the request of users, the recently introduced CLI tool sq has been renamed
to sparqlquery to avoid conflicts with existing well-known packages.
Other maintenance tasks include updating all CI actions to the latest versions
[2 lines not shown]
ocaml-dune: update to 3.21.1.
Fixed
Fix build issues on NetBSD and OpenBSD via update of vendored ocaml-lmdb
(#13074, @Alizter)
Fix melange.emit not respecting the package mask via -p <PKG> (#13522,
@anmonteiro)
Changed
Stop starting RPC server with $ dune promote (#13428, @rgrinberg)
