py-uv py-uv-build: updated to 0.11.25
0.11.25
Security
This release updates our tar library, astral-tokio-tar, to v0.6.3, which includes over 20 changes that harden our tar handling against parser differentials. uv may reject source distributions with malformed or ambiguous content that were previously accepted.
See the upstream commits for a full list of changes.
Enhancements
Add a full "lockfile" to tool receipts
Allow scoped overrides to add dependencies
Avoid writing redundant lockfile markers with tool.uv.environments
Factor supported environments out of lockfile markers
Recommend our own build backend in the build frontend
Reject wheels with multiple .dist-info directories
Simplify dependency markers under parent reachability
[17 lines not shown]
postgresql-timescaledb: updated to 2.28.1
2.28.1
This release contains performance improvements and bug fixes since the 2.28.0 release. We recommend that you upgrade at the next available opportunity.
2.28.0
Highlighted features in TimescaleDB v2.28.0
Faster first() and last() queries on compressed data. TimescaleDB derives first(value, time) and last(value, time) aggregates straight from the columnstore's batch metadata, skipping batch decompression entirely. For the "latest reading per series" lookups that time-series workloads run constantly, that means meaningfully faster recency queries with no changes to your SQL queries.
Lighter, less disruptive continuous aggregate refreshes. refresh_continuous_aggregate() can now run incrementally in batches — the same behavior refresh policies already use — enabling breaking large manual refreshes into smaller chunks (tunable via buckets_per_batch, max_batches_per_execution, and refresh_newest_first) instead of one heavy operation. Refreshes also now take a lighter lock while processing the invalidation log, so they no longer block unrelated concurrent operations on the same continuous aggregate, improving behavior for concurrent workloads.
Vectorized execution now covers CASE expressions. TimescaleDB's columnar executor can now evaluate CASE ... WHEN expressions directly on compressed data, so queries using conditional logic stay on the fast vectorized path instead of falling back to slower row-by-row decompression. This speeds up a common pattern — conditional aggregations and computed columns over compressed history — with no query changes needed.
Add new aggregations to a continuous aggregate without rebuilding it. You can now run ALTER MATERIALIZED VIEW <cagg> ADD COLUMN <name> <type> GENERATED ALWAYS AS (<aggregate>) STORED to add a new computed aggregate to an existing continuous aggregate in place — no more dropping and recreating the whole aggregate just to track one more metric. New data populates the column going forward, letting your rollups evolve alongside your application. (Existing rows start as NULL; a forced refresh backfills them when you need historical values.)
icinga2: updated to 2.16.2
2.16.2 (2026-06-29)
This release fixes some critical security vulnerabilities in Icinga 2. Users are advised to upgrade immediately, as two
of them allow an unauthenticated attacker to take over or crash the Icinga 2 process over the network. The other
security fixes only affect authenticated API users.
In addition, a new permission named `filter-expression` is introduced, which allows specifying if individual API users
are allowed to use DSL filter expressions in API queries. This allows further restricting some API users that don't need
this capability, for example, those only submitting individual check results. Due to the incompatibility of this change,
enforcement of this permission is opt-in until v2.17; see the
[upgrading docs](https://icinga.com/docs/icinga-2/latest/doc/16-upgrading-icinga-2/#upgrading-to-2-16-2) for details.
* Verify that certificate update requests come from an authorized endpoint ([GHSA-vj39-ww8j-vvx5](https://github.com/Icinga/icinga2/security/advisories/GHSA-vj39-ww8j-vvx5))
* Fix stack overflow due to deeply nested data structures ([GHSA-wh38-wg57-5w7g](https://github.com/Icinga/icinga2/security/advisories/GHSA-wh38-wg57-5w7g))
* Prevent arbitrary config injection on object creation via the API ([GHSA-jgqj-x5j9-vgcm](https://github.com/Icinga/icinga2/security/advisories/GHSA-jgqj-x5j9-vgcm))
* Fix that `/v1/config/files` could send uninitialized memory in case of file I/O errors
* Add `filter-expression` permission to make it possible to prevent API users from using DSL filter expressions
* Windows: Update bundled OpenSSL to v3.5.7
Update to version 9.2.0747.
Changes:
- patch 9.2.0747: cscope: connection leak when growing the array fails
- patch 9.2.0746: NULL pointer dereference in gui_photon
- patch 9.2.0745: Crash with truncated spellfile
- patch 9.2.0744: popup_atcursor() closes immediately on white space
- runtime(odin): Update indent script, add indent tests
- CI: MS-Windows: Run gvim/vim tests in parallel
- patch 9.2.0743: string macros silently accept a size of the wrong type
- runtime(vim): Fix heredoc triggering misidentifcation of Vim9 script
- patch 9.2.0742: filetype: SSH keys and related filetypes not recognized
- runtime(css): add more missing CSS properties
- patch 9.2.0741: complete_check() does not return TRUE for mapped input
- patch 9.2.0740: GTK4: scrollbar wrongly displayed
- patch 9.2.0739: completion: 'autocompletedelay' blocks the main loop and drops autocommands
- runtime: guard recommended style settings consistently
- patch 9.2.0738: ml_recover() may write beyond block buffer
- CI: Bump actions/checkout in the github-actions group across 1 directory
[35 lines not shown]
resterm: Update to version 0.44.4
v0.44.4
What's Changed
Refreshed status bar icons - replaced the editor icon, which rendered as broken on some fonts.
Status hints now clear when an action is confirmed or focus changes, instead of staying as stale text.
games/Zork-III: import Zork-III-1.0
Zork III: The Dungeon Master
This is Zork, the famous text adventure game from 1977.
Through a number of subsidiaries, it is now owned by Microsoft and
they have chosen to re-release it under the MIT license.
This package is the third installment of the multi-part version,
which was released in 1982.
games/Zork-II: import Zork-II-1.0
Zork II: The Wizard of Frobozz
This is Zork, the famous text adventure game from 1977.
Through a number of subsidiaries, it is now owned by Microsoft and
they have chosen to re-release it under the MIT license.
This package is the second installment of the multi-part version,
which was released in 1981.
games/Zork-I: import Zork-I-1.0
Zork I: The Great Underground Empire
This is Zork, the famous text adventure game from 1977.
Through a number of subsidiaries, it is now owned by Microsoft and
they have chosen to re-release it under the MIT license.
This package is the first installment of the multi-part version,
which was released in 1980.
py-protego: updated to 0.6.2
0.6.2 (2026-06-25)
- Fixed a ReDoS (regular expression denial of service) vulnerability: URL
patterns from ``robots.txt`` ``Allow`` and ``Disallow`` directives were
compiled into regular expressions, where multiple ``*`` wildcards could
cause exponential backtracking. A server could exploit this to cause denial
of service by serving a crafted ``robots.txt`` file. Wildcard matching is
now performed without regular expressions. Please, see the
`CVE-2026-55520`_ and `GHSA-wjmf-p669-5m5p`_ security advisories for more
information.
0.6.1 (2026-06-11)
- Fixed parsing of ``Request-rate`` values where the seconds field has no
time-unit suffix (e.g. ``1/60`` instead of ``1/60s``). Previously the last
digit of the number was silently dropped.
psmisc: updated to 23.7
Changes in 23.7
* build-sys: Make disable-statx work
* fuser: Fallback to stat() if no statx() Debian 1030747
* fuser: silently ignore EACCES when scanning proc directories
* killall: small formatting fixes Debian
* pstree: Do not assume root PID
* pslog: include config.h
* misc: Update gettext to 0.21
py-pandas: updated to 3.0.4
3.0.4
Fixed regressions
Fixed a performance regression in Series.searchsorted() and Index.searchsorted() with the string dtype, where a full O(n) NA scan made the operation much slower than the binary search itself (GH 65837)
Fixed a regression in isin() raising an error when checking for pd.NA with ArrowDtype, which also affected DataFrame.drop() with ArrowDtype-backed indexes (GH 63304)
Fixed a regression in arithmetic operations involving StringDtype and custom Python objects incorrectly raising instead of returning object-dtype results (GH 64107)
Fixed a regression in localizing timestamps beyond the year 2100 when using zoneinfo timezones (GH 65733)
Fixed a regression in setting into a DataFrame with MultiIndex columns and mixed-dtype level silently doing nothing (GH 65118)
Bug fixes
Fixed a bug in DataFrame.iloc() silently ignoring the assignment when setting values with an unordered or duplicated column indexer on a DataFrame whose values are referenced by another object (GH 65446)
Fixed a bug in DataFrame.to_sql() and read_sql_table() when using an ADBC engine where table and schema names were not quoted as SQL identifiers, causing failures for identifiers containing spaces or reserved words, and making it vulnerable to SQL injection (GH 65065)
Fixed a bug in Series.str.__getitem__() raising AttributeError when underlying array is ArrowExtensionArray (GH 65112)
Fixed a bug in Series.str.match() and Index.str.match() with PyArrow-backed string dtypes where a leading ^ only anchored the first branch of an alternation pattern (e.g. r"^foo|bar") (GH 66069)
Fixed a bug in eval() not honoring Copy-on-Write with the Python engine when columns were reused in the expression, causing unexpected mutation of the original DataFrame (GH 65664)
Fixed a bug in arithmetic adding or subtracting a non-tick DateOffset (e.g. offsets.MonthEnd, offsets.QuarterEnd) to datetime data that could cause a segmentation fault when another thread was running concurrently, e.g. under pytest-xdist (GH 66031)
py-scikit-build: updated to 0.19.1
Scikit-build 0.19.1
This is a patch release to add support for Visual Studio 2026.
Features
* Support Visual Studio 18 2026 in :pr:`1186`
Bug fixes
* Correctness bugs found in code review in :pr:`1191`
* Resolve Visual Studio generator environments lazily in :pr:`1193`
Testing
* Add windows-latest job for Visual Studio 2026 in :pr:`1194`
* Convert decorator into fixture in :pr:`1175`
[12 lines not shown]
py-django-treebeard: updated to 5.3.0
5.3.0
Added support for loading data for many-to-many relationships with load_bulk(). These were previously exported when using dump_bulk(), but were not handled when loading the same data.
Fixed an exception arising when running delete() operations on querysets that had a prefetch.
Added a warning when the default manager for a model extending a Treebeard Node class does not subclass the corresponding Treebeard model manager. This will raise an error in the next major release of Treebeard.
