rumdl: update to 0.2.0.
Added
lsp: improve link completion ranking, ignores, and absolute paths (0ac911e)
flavor: add support for MyST (Markedly Structured Text) (#637) (3455840)
Fixed
md007: close ordered-ancestor exemption leak across deeper nested quotes (0fa6180)
md007: flag misindented top-level unordered list items (f277892)
md007: apply ordered-ancestor exemption only to genuinely nested sublists (#638) (4c96cf7)
md013: reflow list-item prose in normalize mode without false length warnings (#639) (0816967)
cross-file: honor inline-disable and per-file-ignores on lint-cache fast path (05c77e4)
rrdtool: update to 1.10.2.
RRDtool 1.10.2 - 2026-05-19
Bugfixes
The Linux .deb packages were missing the Lua language binding @oetiker
The Python binding is now installed with pip into a consistent, distribution-independent location @oetiker
Features
RPM releases now ship matching debuginfo and debugsource packages @oetiker
RRDtool 1.10.1 - 2026-05-19
Bugfixes
Modernize obsolete autoconf macros so configure regenerates cleanly with current autotools @oetiker
[34 lines not shown]
py-poetry-core: update to 2.4.1.
2.4.1 - 2026-05-09
Changed
Re-allow installer==0.7.0 (#10887).
Fixed
Fix an issue where poetry update <package> failed when <package> was a transitive dependency (#10885).
py-more-itertools: update to 11.1.0.
Changes:
numeric_range was updated to fix its handling of empty ranges (thanks to rhettinger)
peekable was updated to fix typing issues (thanks to DORI2001, powellnorma, Pandede, m9810223, and rhettinger)
islice_extended was optimized for memory usage and speed (thanks to ben42code, rhettinger, and pochmann)
serialize now supports the generator methods throw, send, and close (thanks to rhettinger)
seekable now supports implements __getitem__ for cached elements (thanks to SAY-5, jenstroeger, and JamesParrott)
py-idna: update to 3.16.
## 3.16 (2026-05-22)
- Add a command-line interface (`python -m idna`, also available as
the `idna` script). Encodes or decodes one or more domains supplied
as arguments or on standard input, with options to select A-label
or U-label output and control error handling.
- Raise the minimum supported Python version to 3.9
- Various code quality improvements
py-icalendar: update to 7.1.2.
7.1.2 (2026-05-22)
Bug fixes
Replaced the recursive Component.__repr__ implementation with an iterative stack-based walk so that deeply nested calendars no longer raise RecursionError when formatted via repr(), str(), or f-strings. The output format is unchanged for normally-shaped calendars. @gistrec (Issue #1370)
Documentation
Update maintenance documentation. Fix the version switcher on "stable" on Read the Docs. @stevepiercy (Issue #1352)
7.1.1 (2026-05-18)
New features
Created an ical_value property for the vPeriod component. @ZairKSM (Issue #876)
Created a ical_value() property for the vWeekday component, mirroring the existing pattern on vBoolean. @mvanhorn (Issue #1360)
[21 lines not shown]
py-genshi: update to 0.7.11.
Version 0.7.11
https://github.com/edgewall/genshi/releases/tag/0.7.11
(May 17 2026, from branches/stable/0.7.x)
* Replace use of `pkg_resources` with `importlib.resources` (or `importlib_resources` for Python < 3.9)
(#97 by Colin Watson)
* Update CI release workflow to use Ubuntu 22.04. (#96 by Simon Cross)
py-aiodns: update to 4.0.4.
4.0.4
=====
- Raise ``DNSError(ARES_ENODATA)`` from ``query()`` when the answer section has no records of the requested qtype, restoring the pycares 4.x NODATA contract and avoiding ``AttributeError`` for CNAME/SOA/PTR callers (#254).
- Add the missing ``build-backend`` entry to ``pyproject.toml`` so PEP 517 builds from the sdist work without falling back to the deprecated legacy setuptools backend (#252).
py-JWT: update to 2.13.0.
v2.13.0
-------
Security
~~~~~~~~
- Reject JWK JSON documents passed as raw HMAC secrets in
``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that
the existing PEM/SSH guard did not cover. Reported by @aradona91 in
`GHSA-xgmm-8j9v-c9wx <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx>`__.
- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during
verification so the caller's ``algorithms=[...]`` allow-list cannot be
bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported
by @sushi-gif in `GHSA-jq35-7prp-9v3f <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f>`__.
- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-
influenced URIs cannot read local files or reach unintended schemes via
urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported
[31 lines not shown]
dasel: update to 3.11.0.
## [v3.11.0] - 2026-05-19
### Added
- Support for newline-delimited JSON (NDJSON) input. Multiple JSON values in a single input are now parsed as a multi-document branch, matching the existing YAML multi-document behaviour.
### Fixed
- Strip leading "v" from version output for consistency across build methods (Docker vs Homebrew).
