ocaml-dune: update to 3.24.0.
3.24.0 (2026-06-21)
-------------------
### Fixed
- Fix promotion failure when a target changes from a directory to a file
between builds, causing "Is a directory" errors.
(#14371, fixes #5647, fixes #6575, @Alizter)
- Make `dune build @doc` pick up an odoc installed via `dune tools install
odoc` even without `DUNE_CONFIG__LOCK_DEV_TOOL=enabled`, mirroring how
`dune fmt` consumes a locked ocamlformat (#14426, fixes #14235, @mt-caret)
- Reject `(package ...)` inside a named dependency binding
(`(deps (:name (package foo)))`). Previously this was silently accepted but
`%{name}` would resolve to an empty path list. (#14499, @Alizter)
[71 lines not shown]
dmarc-report-viewer: update to 2.5.2.
## [2.5.2] - 2026-07-04
* Fixed printing and PDF generation for reports (see also issue #89).
* Updated Cargo dependencies
restish: update to 2.3.0.
Restish 2.3.0 is a minor release for people building on top of
Restish as well as people using it directly from the terminal. It
promotes the core config and auth building blocks into public
packages, adds a custom embedded command surface for applications
that want a Restish-powered CLI, tightens auth header display
behavior, and expands the docs and blog around OpenAPI-driven
workflows.
restic: update to 0.19.1.
## Summary
* Fix #5234: Prevent mounting over the repository directory
* Fix #5667: Skip inaccessible `backup` source paths
* Fix #5722: Update `mount` latest symlink after snapshot reload
* Fix #21866: Hide `stats` progress bar in JSON mode
* Fix #21869: Restore old behavior of `snapshots --latest <n>` without `--group-by`
* Fix #21876: Show timezone location in `snapshots` output
* Fix #21879: Prevent crash in mountpoint validation if mountpoint is inaccessible
* Fix #21895: Remove read-only files via the SFTP backend on Windows servers
* Fix #21899: Make `backup` respect excludes for duplicate directory entries
py-setuptools: update to 83.0.0.
Features
Require Python 3.10 or later.
Bugfixes
MANIFEST.in matching (via FileList) is now insensitive to
Unicode normalization form. A pattern authored in one form
(e.g. NFC, as typically saved by editors) now matches a file
whose name is stored on disk in another (e.g. NFD, as produced
by macOS APFS/HFS+). Previously an exclude, global-exclude,
recursive-exclude, or prune rule could silently fail to drop
a non-ASCII-named file from the source distribution, publishing
it despite the exclusion -- see GHSA-h35f-9h28-mq5c.
Deprecations and Removals
[2 lines not shown]
jjui: update to 0.10.8.
0.10.8
A release with a new revision insertion workflow and fixes for
command error output and inline describe editing.
0.10.7
A release with a new diff range workflow, Lua workspace switching,
revset completion improvements, and several UI polish fixes.
yt-dlp: update to 2026.7.4.
Core changes
Always include warnings in debug output (#17059) by bashonly
Fix allow-unsafe-ext compat option (#16920) by bashonly
Raise minimum recommended Python version to 3.11 (#17034) by bashonly
Validate and escape values in --write-link output by bashonly
cookies: Use ' instead of " for SQL string quoting (#17078) by Grub4K
utils
Deprecate make_dir in favor of make_parent_dirs (#16931) by doe1080
HTTPHeaderDict: Fix __ior__ (#16930) by doe1080
parse_duration: Return int when appropriate (#13899) by doe1080
parse_resolution: Support fps suffixes (#17073) by doe1080
pkcs1pad: Fix invalid PKCS#1 v1.5 padding bytes (#17035) by doe1080
qualities: Avoid repeated index lookups (#17025) by doe1080
random_user_agent: Bump version range 143-149 => 144-150 (#17117) by bashonly, dlp-bot
Extractor changes
[72 lines not shown]
py-sphinx-argparse: update to 0.6.0.
Optional command index.
Optional :index-groups: field to the directive for an command-by-group index.
A sphinxarg_full_subcommand_name option to print fully-qualified sub-command headings. This option helps when more than one sub-command offers a create or list or other repeated sub-command.
Each command heading is a domain-specific link target. You can link to commands and sub-commands with the :ref: role, but this release adds support for the domain-specific role like :commands:command:`sample-directive-opts A` ``. The ``:commands:command: role supports linking from other projects through the intersphinx extension.
Changes
Previously, common headings such as Positional Arguments were subject to a process that made them unique by adding a _repeatX suffix to the HREF target. This release continues to support those HREF targets as secondary targets so that bookmarks continue to work. However, this release prefers using fully-qualified HREF targets like sample-directive-opts-positional-arguments as the primary HREF so that customers are less likely to witness the _repeatX link in URLs.
#32 Argparse commands are now part of a Sphinx domain
#72 Coloring in argparse output can be disabled (default)
#87 The :filename: input is now resolved only to the conf.py directory (srcdir in Sphinx)
[2 lines not shown]
py-dulwich: updated to 1.2.8
1.2.8 2026-07-05
* Enumerate the objects to push before the HTTP ``git-receive-pack``
request body starts streaming. ``generate_pack_data`` previously ran
lazily inside the body generator, after the header pkt-lines were
already on the wire, so on large repositories the request stalled
mid-body while objects were counted and servers such as GitHub aborted
the push with a timeout / "broken pipe".
* Support ``http.postBuffer``.
* SECURITY: Canonicalize file modes to ``0o644``/``0o755`` before ``chmod``
on checkout and patch apply, matching git. An untrusted tree entry or
patch ``new file mode`` could otherwise set setuid/setgid/sticky or
world-writable bits on a materialized file. (netliomax25-code)
* SECURITY(GHSA-8w8g-wq8h-fq33): Write files through ``build_file_from_blob``
[102 lines not shown]
cargo-nextest: updated to 0.9.140
0.9.140
Added
A new cargo nextest help <topic> subcommand renders reference documentation directly in the terminal. The available topics are:
filterset (alias filtersets): the filterset DSL reference
repo-config: the repository configuration reference
user-config: the user configuration reference
cargo nextest help lists the available topics.
Changed
The glibc requirement for pre-built aarch64-unknown-linux-gnu and riscv64-unknown-linux-gnu builds has been lowered to glibc 2.27.
riscv64-unknown-linux-gnu now uses rustls + aws-lc-rs rather than OpenSSL.
py-project-metadata: update to 0.12.1.
0.12.1
Fixes:
Collect a config error instead of raising a raw TypeError when project.dynamic contains a non-string (unhashable) entry with all_errors=True.
0.12.0
Features:
Support PEP 808 (partially dynamic project metadata) (METADATA 2.6).
Add support for Python 3.15.
Warn (PEP 685) when an extra name in project.optional-dependencies is not a valid name. The extra is still emitted, only a ConfigurationWarning is produced.
Fixes:
Error on an unset dynamic version instead of silently writing Version: 0.0.0. If "version" is declared in project.dynamic but never assigned by the build backend, writing the metadata now raises a ConfigurationError (Field "project.version" missing), restoring the 0.8.x behavior that regressed in the 0.9 rewrite.
[20 lines not shown]
py-numpy: update to 2.5.1.
The NumPy 2.5.1 is a patch release that fixes bugs discovered after the 2.5.0
release. The most noticeable is the fix is to the numpy datetime cython API
which should allow downstream to support NumPy versions older than 2.5.
Preparation for Python 3.15 continues along with typing improvements.