py-hpack: updated to 4.2.0
4.2.0 (2026-06-22)
**API Changes (Backward Incompatible)**
- Support for Python 3.9 has been removed.
- Support for PyPy 3.9 has been removed.
**API Changes (Backward Compatible)**
- Support for Python 3.14 has been added.
**Bugfixes**
- Headers marked as `sensitive` will no longer log their value at DEBUG level. Instead a placeholder value of `SENSITIVE_REDACTED` is logged.
- Fixed perfect match missed for headers with empty values.
- Restricted variable integer decoding to uint32 to prevent run-away computation. With thanks to `Hiroki Nishino`_.
p5-List-SomeUtils-XS: update to 0.59.
0.59 2026-06-22
- Fix a heap buffer overflow in the pairwise function when it would return a very large list. Fixed
by Paul Johnson.
expat: update to 2.8.2.
Release 2.8.2 Thu June 25 2026
Security fixes:
#1246 CVE-2026-50219 -- Disallow calls to functions
`XML_GetBuffer`, `XML_Parse`, `XML_ParseBuffer`,
`XML_ParserFree`, `XML_ParserReset` to guard e.g.
Expat bindings from memory corruption;
this CPython issue is related:
https://github.com/python/cpython/issues/146169
#1267 CVE-2026-56131 -- Protect XML_ResumeParser from being called
from a handler, plugging a hole in the fix
to CVE-2026-50219
#1272 CVE-2026-56132 -- Fix out-of-bound scaffolding index store
in `doProlog`
#1229 #1232 CVE-2026-56403 -- Integer overflow in `storeAtts`
#1249 CVE-2026-56404 -- Integer overflow in `addBinding`
#1251 CVE-2026-56405 -- Integer overflow in `getAttributeId`
#1255 CVE-2026-56406 -- Integer overflow in `XML_ParseBuffer`
[70 lines not shown]
nono: update to 1.8.1.
1.8.1 (2026/06/25)
vm(Update): "Rewrite whole SSG(YM2149). Implement envelope and noise."
vm(Fix): "Fix some tone pitches on SSG(YM2149)."
vm(New): "Support SSG(YM2149) even on LUNA-88K."
vm(Fix): "Fix an issue where the time display would become incorrect after 115 days since ver 1.8.0."
host(New): "Add PulseAudio to host sound driver. It can be enabled by configure --enable-pulseaudio."
host(Update): "Sound latency may be improved."
GUI(Update): "Show spectrum analyzer on the sound monitor."
resterm: Update to v0.44.2
v0.44.2
Dedicated test results block in the status bar
Script/assertion test results now render as their
own segment in the status bar instead of being appended
to the response status text.
New status bar block - test outcomes (@assert and script tests)
get a dedicated, separately styled segment in the left status sections,
colored by level (pass = success, fail = warn, error = error).
The main response status (e.g. 200 OK (200)) stays the same but is no
longer suffixed with - X 1 test(s) failed.
Summaries - the block shows V tests passed, X N test(s) failed (with correct singular/plural) or ! test error.
HTTP and gRPC - the test block is populated for both HTTP and gRPC responses.
Header icon - the test error icon in the response header changed from /!\ to !
powerdns: Update to 5.1.2
Released: 25th of June 2026
This is release 5.1.2 of the Authoritative Server. It contains a security fix only.
Please review the Upgrade Notes before upgrading from versions < 5.1.x.
Bug Fixes
Fix PowerDNS Security Advisory 2026-07 for PowerDNS Authoritative Server
dnsdist: Update to 2.0.7
Released: 25th of June 2026
Bug Fixes
CVE-2026-42005: An attacker can send a web request that causes unlimited memory allocation in the internal web server,
leading to a denial of service. The internal web server is disabled by default.
CVE-2026-40210: An out-of-bounds read might happen when SetMacAddrAction is used,
potentially resulting in uninitialized memory being sent over the network or a crash.
CVE-2026-40209: An attacker might be able to cause outgoing TCP connections to backend to be
stuck until a timeout occurs instead of being released immediately by sending IXFR queries.
This could be used to cause a denial of service if there is a limit to the number of
concurrent connections to this backend, or if the process runs out of file descriptors.
CVE-2026-42004: An attacker can send a crafted EDNS OPT record that will be ignored by
DNSdist�s filtering rules, but will be rewritten as a valid OPT record when EDNS Client
Subnet is inserted, causing the backend to see the EDNS option(s) that DNSdist did not filter.
[11 lines not shown]
textproc/rucola: update to 0.10.0
Release Notes
Added a diary option by GitHub user robin-thoene
Added a configuration option to enable the daily diary.
Added a keybinding that creates a diary note and opens it in the editor or display screen.
Added a configuration option to determine the format of the title of the diary note.
Added a configuration option to set the initial content of the diary note.
Added an option to copy (i.e. duplicate) notes in the select and display screen
If a note is copied and its filename contains a valid date string (e.g. %F), it will be replaced by chrono during the copy.
Otherwise, copy_ will be prepended to the new file name.
This can be used to create templates for e.g. monthly or weekly notes and quickly copy them, in addition to the daily note system outlined above.
py-sybil: updated to 10.1.0
10.1.0 (13 Jun 2026)
- Ignore trailing whitespace in doctest output by default, see
:data:`~sybil.evaluators.doctest.KEEP_TRAILING_WHITESPACE` if you need whitespace sensitivity.
- Make :func:`~sybil.testing.run_pytest` runs immune to ambient color environment variables.
py-vcs-versioning: updated to 2.2.0
2.2.0 (2026-06-24)
Added
- Restore Python 3.8 and 3.9 support, re-enabling use as a build dependency for projects like scikit-build that still support these versions.
Miscellaneous
- Move PKG-INFO discovery tests to setuptools-scm where the entry points are registered.
