www/chromium: update to 143.0.7499.192
* 143.0.7499.192
This update includes 1 security fix.
Below, we highlight fixes that were contributed by external researchers.
Please see the Chrome Security Page for more information.
[TBD][463155954] High CVE-2026-0628: Insufficient policy enforcement
in WebView tag. Reported by Gal Weizman on 2025-11-23
* HID support on NetBSD
net/netatalk4 -- Update to v4.4.0
XXX The html+javascript developer documentation should be split out
into a separate netatalk-doc package.
From upstream's ChangeLog:
In this release, we introduce sophisticated directory cache
optimization which drastically reduces file system I/O by properly
using the pre-existing caching architecture. The default behavior is
largely unchanged.
Newly introduced afp.conf options:
dircache validation freq
dircache metadata window
dircache metadata threshold
dircache files
[46 lines not shown]
libtasn1: update to 4.21.0.
# Noteworthy changes in release 4.21.0 (2026-01-08) [stable]
- Undocumented asn1Decoding --debug flag removed, thanks to Andrew Hamilton.
- Code coverage for src/ went from 35% to 82%, thanks to Andrew Hamilton.
- Fix of ASN.1 typo in manual, thanks to Masatake YAMATO.
- NEWS renamed to NEWS.md and uses markdown syntax.
- Update gnulib files and various build/maintenance fixes.
- Fix for vulnerability CVE-2025-13151 Stack-based buffer overflow
py-maturin: updated to 1.11.2
1.11.2
* Fix failed release
1.11.1
* Fix compiled artifacts being excluded by source path matching
* Better error reporting for missing interpreters
* Ignore unreadable excluded directories
1.11.0 - Yanked
Note: This release was yanked to a regression: https://github.com/PyO3/maturin/issues/2909
* Refactor `ModuleWriter` to be easier to implement and use
* Add Android cross compilation support, fix wheel tags for Android
* Update generate-ci to macos-15-intel and add windows arm support
* Deprecate 'upload' and 'publish' CLI commands
py-scrapy: updated to 2.14.0
Scrapy 2.14.0 (2026-01-05)
Highlights:
- More coroutine-based replacements for Deferred-based APIs
- The default priority queue is now ``DownloaderAwarePriorityQueue``
- Dropped support for Python 3.9 and PyPy 3.10
- Improved and documented the API for custom download handlers
py-gwcs: updated to 0.26.1
0.26.1 (2025-11-19)
- Fix an indexing bug in ``spectroscopy.SellmeierZemax`` where the output ``n`` for array-type wavelength
inputs had the correct shape, but had the same value for all elements.
- Deprecate the private ``_toindex`` function in favor of a public ``to_index`` function.
0.26.0 (2025-09-18)
- Fix the computation of ``lon_pole`` for Zenitahl projections and declination of +/-90 deg.
- Enable ``inputs_mapping`` in ``selector.LabelMapperArray``.
- Deprecate ``with_units`` argument in favor of the high level Shared API.
libsodium: updated to 1.0.21
* Version 1.0.21-stable
- Export missing crypto_ipcrypt_nd_keygen() helper function.
- Fixed compilation with GCC on aarch64.
* Version 1.0.21
This point release includes all the changes from 1.0.20-stable, which
include a security fix for the `crypto_core_ed25519_is_valid_point()`
function, as well as two new sets of functions:
- The new `crypto_ipcrypt_*` functions implement mechanisms for securely
encrypting and anonymizing IP addresses as specified in https://ipcrypt-std.github.io
- The `sodium_bin2ip` and `sodium_ip2bin` helper functions have been added
to complement the `crypto_ipcrypt_*` functions and easily convert addresses
between bytes and strings.
- XOF: the `crypto_xof_shake*` and `crypto_xof_turboshake*` functions
are standard extendable output functions. From input of any length, they can
derive output of any length with the same properties as hash functions. These
primitives are required by many post-quantum mechanisms, but can also be used
[2 lines not shown]
py-json5: updated to 0.13.0
0.13.0
No code changes.
Add Python 3.14 to supported version, project config, dependencies
Update dependencies to latest stuff < 2025-12-01
This relaxes the versions specified in pyproject.toml to just use 'newer than' rather than exact matches.
Sets 'uv.tool.exclude-newer' in pyproject.toml to tell uv not to look at packages published within the past 30 days; this will hopefully help prevent dependencies on compromised projects.
Switch to using dependency-groups for 'dev' group.
