py-owslib: updated to 0.36.0
0.36.0
1013 fix csapi failing tests
Remove legacy setuptools.command.text
remove comments from xml, because it may fail parsing it
Fix FutureWarning when truth-testing XML element
docs: update WMS example
capture dct:spatial as bbox, if it contains a box
use only pyproject configuration
delegate HTTP 401 and 403 to Python requests
Update dev setup docs to pyproject.toml
Handle WFS version mismatch
py-cbor2: updated to 6.1.2
6.1.2
- Fixed incorrect tracking of string references for definite-length text strings of length greater
than 65536
- Fixed ``cbor2.load()`` crash caused by incorrect handling
of internal read buffer extension during stream deserialization.
py-aiohttp: updated to 3.14.1
3.14.1 (2026-06-07)
Bug fixes
- Fixed a race condition in :py:class:`~aiohttp.TCPConnector` where closing the connector while a DNS resolution was in-flight could raise :py:exc:`AttributeError` instead of :py:exc:`~aiohttp.ClientConnectionError` -- by :user:`goingforstudying-ctrl`.
- Fixed ``CancelledError`` not closing a connection -- by :user:`aiolibsbot`.
- Tightened up some websocket parser checks -- by :user:`Dreamsorcerer`.
- Fixed :class:`~aiohttp.CookieJar` dropping the host-only flag of cookies when persisted with :meth:`~aiohttp.CookieJar.save` and reloaded with :meth:`~aiohttp.CookieJar.load`, so a cookie set without a ``Domain`` attribute is again scoped to the exact host that set it after a reload; the absolute expiration deadline is now persisted as well, so a reloaded cookie keeps its original lifetime instead of being rescheduled from the load time. :meth:`~aiohttp.CookieJar.load` now replaces the jar contents rather than merging onto prior state, and loaded cookies pass through the same acceptance rules as :meth:`~aiohttp.CookieJar.update_cookies`, so a cookie for an IP-address host is dropped when loaded into a jar created without ``unsafe=True`` -- by :user:`bdraco`.
- Scoped :class:`~aiohttp.DigestAuthMiddleware` credentials to the origin of the first request it handles, so a redirect to a different origin no longer triggers a digest response computed from the configured credentials; a challenge from another origin is only answered when that origin falls within a protection space advertised by the anchor origin through the RFC 7616 ``domain`` directive -- by :user:`bdraco`.
- Fixed the C HTTP parser not enforcing ``max_line_size`` on a request target or response reason phrase that is split across multiple reads; each fragment was checked on its own, so an accumulated line could exceed the limit without raising ``LineTooLong``. The accumulated length is now checked, matching the pure-Python parser -- by :user:`bdraco`.
- Changed :class:`~aiohttp.TCPConnector` to reject legacy non-canonical numeric IPv4 host forms such as ``2130706433``, ``017700000001`` and ``127.1`` with :exc:`~aiohttp.InvalidUrlClientError`; only canonical dotted-quad IPv4 literals are now treated as IP address literals, while every other host is sent through the configured resolver -- by :user:`bdraco`.
[10 lines not shown]
py-jupyter_server: updated to 2.19.0
2.19.0
Enhancements made
- Return `unresolved` stanza when kernel scope is unavailable for `resolvePath` (instead of failing with 404)
Bugs fixed
- Recreate notary store on failure to prevent save deadlock and data loss
Maintenance and upkeep improvements
- Restore the test skip marks with updated compatibility reason
- Drop Python 3.9
- Bump minimatch from 3.1.2 to 3.1.5
py-jupyter_client: updated to 8.9.0
8.9.0
Enhancements made
- Add ZMQ Curve for transport encryption
Maintenance and upkeep improvements
- Temporarily pin Python to 3.14 in pre-releases test
- CI: fix testing of nbconvert
- Update pre-commit, and fix issues
- Remove `3.14t` testing until `msgpack` supports it
- Log environment information for docs build on CI, update comment on workaround
Documentation improvements
- Update status terminology from 'abort' to 'aborted'
- Added documentation for the handshake pattern
ov: update to 0.53.0.
What's Changed
Add support for ctrl+a and ctrl+e in input.go by @noborus in #1056
Generating YAML files from code, in order to improve the maintainability of the configuration. by @noborus in #1066
feat: add generate-config output for default/less templates by @noborus in #1067
fix: show line numbers in filtered documents by @noborus in #1068
fix(filter): apply filter state before async dispatch by @noborus in #1074
Upgrade tcell/v3 to v3.4.0 by @noborus in #1075
Stop displaying messages that could cause a deadlock by @noborus in #1077
Enhance incremental input for search, filter, and multicolor features by @noborus in #1079
moor: update to 2.14.0.
Wrap text at PAGER_WRAP_COLUMNS if set Latest
Improve file format detection by checking file contents if the file extension didn't help
Fix a crash when switching between files
py-ecdsa: updated to 0.19.2
0.19.2
Bug fixes:
Fix CVE-2026-33936, a DER parsing issue in remove_octet_string(),
remove_constructed(), and remove_implitic() where a truncated buffer
wasn't detected. This can lead to high level functions, like
SigningKey.from_der() to raise unexpected exceptions.
(Mohamed Abdelaal (0xmrma))
Maintenance:
Update CI to use newer version of Ubuntu.
0.19.1
[21 lines not shown]
ada-adasat26: add new package version 26.0.0
In fact, there are no changes compared to version 25.2,
the package is needed for unification with the rest of the packages
in the version line.
py-uv py-uv-build: updated to 0.11.19
0.11.19
Python
Add CPython 3.15.0b2
Enhancements
Always compute SHA256 for remote distributions
Add PyEmscripten platform (PEP 783)
Add Pyodide 2025 target triple
Preview features
Make preview features for commands have names that aren't ambiguous with the command
Respect --isolated in uv check
[4 lines not shown]
rsync: update to 3.4.4.
# NEWS for rsync 3.4.4 (8 Jun 2026)
## Changes in this version:
This is a conservative point release that backports regression fixes
on top of 3.4.3. No new features are included.
### BUG FIXES:
- Honour a relative alt-basis directory (e.g. `--link-dest=../sibling`,
`--copy-dest`, `--compare-dest`) on a daemon receiver running with
`use chroot = no`. Such a path is re-anchored at the module root but
was then rejected by the receiver's secure open; it now works where
kernel-enforced confinement is available. See the PORTABILITY note
below for the platform limitation. Fixes #915.
- sender: open a module-root-absolute path for a `path = /` module so a
[49 lines not shown]
