www/freenginx-devel: update from 1.29.4 to 1.29.5
Also, update third-party modules:
- ngx_http_redis
- njs
- spnego
- vts
to their recent versions.
Sponsored by: tipi.work
<ChangeLog>
*) Feature: optimized SSL_sendfile() usage on FreeBSD.
Thanks to Gleb Smirnoff.
*) Bugfix: upstream servers were not marked as failed after a response
with status code 500, 502, 503, 504, or 429 if the code was listed in
[11 lines not shown]
devel/cocogitto: update to 7.0.0
Features
5b3fbaa - (changelog) add support for GitHub specificgit trailers in changelog - @oknozor
94bbd56 - (verify) Add stdin support via --file - (#515) - Sangeeth Sudheer, Cursor, @oknozor
BREAKING b72dc7f - implement package resolver for monorepo - @oknozor
5d41a77 - use dependency resolver for workspace dep resolution - @oknozor
c39d205 - add cocogitto dependency resolver - @oknozor
460d1ff - make the repository a workspace - @oknozor
4ec1940 - Update name of cog.toml field - Jonathan Andrew
ac98431 - Consolidate pre-release CLI options - Jonathan Andrew
5391ec1 - Allow pre_pattern to be specified in cog.toml - Jonathan Andrew
a172168 - Add --auto-pre and --pre-pattern flags - Jonathan Andrew
fd4451e - Auto-increment pre-releases - Jonathan Andrew
Bug Fixes
11d0e05 - (commit) respect EDITOR variable with spaces on Windows - Ku6epXBOCTuK
[60 lines not shown]
textproc/rumdl: update to 0.1.38
## [0.1.38] - 2026-03-04
### Fixed
- **MD013**: Fixed reflow corrupting code blocks inside MkDocs admonitions
within list items — closing fences were merged with subsequent paragraph
text ([#485](https://github.com/rvben/rumdl/issues/485), reported by @sisp)
## [0.1.37] - 2026-03-04
### Fixed
- **MD013**: Resolve false positive for MkDocs 2-space list continuation
indents when using `semantic-line-breaks` reflow mode. Continuation lines
at the minimum indent were incorrectly flagged as needing reflow
([#484](https://github.com/rvben/rumdl/issues/484))
- **MD013**: Detect actual indent of text content for reflow output instead
[91 lines not shown]
py-pyspnego: updated to 0.12.1
0.12.1 - 2026-03-03
* Fix NTLM challenge parser when the `TargetInfo` contains extra data for `Single_Host_Data`
* Windows 11 24H2 is sending at least 80 bytes and as we don't use this data we don't care if it doesn't fit a specific size
rust: Improve RUST_TYPE documentation.
Include a note about RUSTUP_HOME which will need to be set if using rustup,
due to pkgsrc changing the HOME environment variable during build.
py-markdown2: updated to 2.5.5
2.5.5
Fix middle-word-em interfering with strongs
Fix code friendly extra stopping other syntax being processed
Fix a number of em/strong issues
Fix a number of safemode issues
Rewrite emphasis and strong processing to be more GFM compliant
Fix nested footnote references
Forbid square brackets in reference link IDs
py-uv py-uv-build: updated to 0.10.8
0.10.8
Python
Add CPython 3.10.20
Add CPython 3.11.15
Add CPython 3.12.13
Enhancements
Add Docker images based on Docker Hardened Images
Add resolver hint when --exclude-newer filters out all versions of a package
Configure a real retry minimum delay of 1s
Expand uv_build direct build compatibility
Fetch CPython from an Astral mirror by default
Download uv releases from an Astral mirror in installers by default
Add SBOM attestations to Docker images
[20 lines not shown]
nodejs: updated to 25.8.0
25.8.0
Notable Changes
- build, doc: use new api doc tooling (flakey5)
- (SEMVER-MINOR) sqlite: add limits property to DatabaseSync (Mert Can Altin)
- (SEMVER-MINOR) src: add C++ support for diagnostics channels (RafaelGSS)
- (SEMVER-MINOR) src,permission: add --permission-audit (RafaelGSS)
- (SEMVER-MINOR) test_runner: expose worker ID for concurrent test execution (Ali Hassan)
python310 py310-html-docs: updated to 3.10.20
Python 3.10.20
Security
gh-144125: BytesGenerator will now refuse to serialize (write) headers that are unsafely folded or delimited; see verify_generated_headers. (Contributed by Bas Bloemsaat and Petr Viktorin in gh-121650).
gh-143935: Fixed a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs.
gh-143925: Reject control characters in data: URL media types.
gh-143919: Reject control characters in http.cookies.Morsel fields and values.
gh-143916: Reject C0 control characters within wsgiref.headers.Headers fields, values, and parameters.
gh-142145: Remove quadratic behavior in xml.minidom node ID cache clearing. In order to do this without breaking existing users, we also add the ownerDocument attribute to xml.dom.minidom elements and attributes created by directly instantiating the Element or Attr class. Note that this way of creating nodes is not supported; creator functions like xml.dom.Document.documentElement() should be used instead.
gh-137836: Add support of the “plaintext” element, RAWTEXT elements “xmp”, “iframe”, “noembed” and “noframes”, and optionally RAWTEXT element “noscript” in html.parser.HTMLParser.
gh-136063: email.message: ensure linear complexity for legacy HTTP parameters parsing. Patch by Bénédikt Tran.
gh-136065: Fix quadratic complexity in os.path.expandvars().
gh-119451: Fix a potential memory denial of service in the http.client module. When connecting to a malicious server, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes.
gh-119452: Fix a potential memory denial of service in the http.server module. When a malicious user is connected to the CGI server on Windows, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes.
gh-119342: Fix a potential memory denial of service in the plistlib module. When reading a Plist file received from untrusted source, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes.
[10 lines not shown]
