py-scrapy: updated to 2.14.2
Scrapy 2.14.2 (2026-03-12)
Security bug fixes
- Values from the ``Referrer-Policy`` header of HTTP responses are no longer
executed as Python callables. See the `cwxj-rr6w-m6w7`_ security advisory
for details.
.. _cwxj-rr6w-m6w7: https://github.com/scrapy/scrapy/security/advisories/GHSA-cwxj-rr6w-m6w7
- In line with the `standard
<https://fetch.spec.whatwg.org/#http-redirect-fetch>`__, 301 redirects of
``POST`` requests are converted into ``GET`` requests.
Converting to a ``GET`` request implies not only a method change, but also
omitting the body and ``Content-*`` headers in the redirect request. On
cross-origin redirects (for example, cross-domain redirects), this is
[48 lines not shown]
py-blessed: updated to 1.33.0
1.33
* bugfix: :class:`blessed.line_editor.LineEditor` exceed limit when using Yank (Ctrl+Y).
* bugfix: :meth:`~.Terminal.async_inkey` no longer raises NotImplementedError on Windows.
1.32
* bugfix: :meth:`~.Terminal.get_kitty_keyboard_state` should not check for
:attr:`~.Terminal.does_styling` as a requirement.
* bugfix: :meth:`~.Terminal.get_fgcolor` and :meth:`~.Terminal.get_bgcolor` now
return "no support" value, ``(-1, -1, -1)`` when :attr:`~.Terminal.does_styling` is False.
* introduced: :meth:`~.Terminal.does_kitty_clipboard`,
:meth:`~.Terminal.does_kitty_pointer_shapes`, and :meth:`~.Terminal.does_text_sizing`
* introduced: :meth:`~.DecModeResponse.to_dict` and ``DecPrivateMode.BRACKETED_PASTE_MIME``
constant (mode 5522).
1.31
* bugfix: :meth:`~.cbreak` and :meth:`~.raw` should use ``TCSADRAIN`` to preserve keystrokes
buffered during mode switches, previously ``TCSAFLUSH`` was used which discarded unread input,
[14 lines not shown]
py-JWT: updated to 2.12.0
v2.12.0 <https://github.com/jpadilla/pyjwt/compare/2.11.0...2.12.0>`__
Fixed
- Annotate PyJWKSet.keys for pyright
- Close ``HTTPError`` response to prevent ``ResourceWarning`` on Python 3.14
- Do not keep ``algorithms`` dict in PyJWK instances
- Validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11.
- Use PyJWK algorithm when encoding without explicit algorithm
Added
- Docs: Add ``PyJWKClient`` API reference and document the two-tier caching system (JWK Set cache and signing key LRU cache).
pkgtools/depgraph: update to 20260312, fixing a tyop I made in a regexp which
made GNU sed unhappy (but which BSD sed was happy with). Thanks to Mark
Davies for pointing it out. Tested on a ubuntu VM from September 2025 I found
lurking...
www/typo3-13: update to 13.4.27
13.4.27 (2026-03-10)
This version is a bugfix and maintenance release. For more information,
please refer: <https://get.typo3.org/release-notes/13.4.27>.
www/php-ja-wordpress: update to 6.9.2
6.9.2 (2026-03-10)
This is a security release that features several fixes.
* A Blind SSRF issue reported by sibwtf, and subsequently by several other
researchers while the fix was being worked on
* A PoP-chain weakness in the HTML API and Block Registry reported by Phat
RiO
* A regex DoS weakness in numeric character references reported by Dennis
Snell of the WordPress Security Team
* A stored XSS in nav menus reported by Phill Savage
* An AJAX query-attachments authorization bypass reported by Vitaly
Simonovich
[12 lines not shown]
www/wordpress: update to 6.9.2
6.9.2 (2026-03-10)
This is a security release that features several fixes.
* A Blind SSRF issue reported by sibwtf, and subsequently by several other
researchers while the fix was being worked on
* A PoP-chain weakness in the HTML API and Block Registry reported by Phat
RiO
* A regex DoS weakness in numeric character references reported by Dennis
Snell of the WordPress Security Team
* A stored XSS in nav menus reported by Phill Savage
* An AJAX query-attachments authorization bypass reported by Vitaly
Simonovich
[12 lines not shown]
