py-zope.interface: updated to 8.5
8.5 (2026-05-26)
- Build and upload free-threaded (``cp314t``, ``cp315t``) wheels for all
platforms.
Expand CI testing for free-threaded Python 3.14t from Linux-only to all
platforms (macOS, Windows), and add 3.15t CI.
- Replace all remaining ``PyDict_GetItem()`` calls in the C extension with
exception-safe alternatives (``PyDict_Contains``, ``PyDict_GetItemWithError``).
``PyDict_GetItem`` silently swallows exceptions from ``__hash__``/``__eq__``,
causing ``isOrExtends()`` to return ``False`` instead of raising ``TypeError``
for unhashable objects. Also use ``PyType_GetDict()`` on Python 3.13+ for
free-threading safety when accessing the type dict.
samba4: updated to 4.24.3
4.24.3
This is a security release in order to address the following defects:
o CVE-2026-1933: Missing access checks on reparse point operations
On a share marked "read only = yes" and
on file handles opened R/O users can set
or delete the reparse point xattrs on files
that the user has write-access in the file
system for.
https://www.samba.org/samba/security/CVE-2026-1933.html
o CVE-2026-2340: WORM vfs module does not block overwrites
[51 lines not shown]
py-urwid: updated to 4.0.1
Urwid 4.0.1
Bug fixes 🕷
* fix three return type annotations
* Web display: use secure random session identifiers
Other Changes
* Add SECURITY.md
py-flask-security: updated to 5.8.1
Version 5.8.1
Fixes
- (:issue:`1222`) Fix for GHSA-w2j7-f3c6-g8cw - Possible open-redirect with ALLOW_SUBDOMAIN option.
- (:issue:`1215`) Fix for GHSA-97r5-pg8x-p63p - Possible oauth bypass in /verify
Version 5.8.0
Features & Improvements
- (:pr:`1170`) Add API :py:meth:`.UserMixin.check_tf_required` to allow applications to control which users
require two-factor authentication.
- (:issue:`1178`) Add Cache-Control headers.
- (:issue:`1165`) Add support for using Social Login (OAuth) for verification.
- (:issue:`1188`) Add tracking of failed authentication attempts via :py:meth:`.UserMixin.track_failed_authn`
and signal :py:data:`user_failed_authn`
- (:issue:`1192`) Add API for application to decide if a particular user account is locked.
[13 lines not shown]
lazygit: updated to 0.62.0
0.62.0
Enhancements
Retry on ref lock errors during fetch/pull
Preserve whitespace when remembering commit message
Define PR colors as hex colors to make them the same as GitHub's
Revamp keybinding mechanism to support richer keybindings (e.g. ctrl-alt-shift-x )
Platform-specific edit bindings for move-by-word and backspace-word
Change canonical keybinding syntax (<ctrl+a> instead of <c-a>)
Use more widely-supported Unicode symbols for the commit graph
Show push URLs for remotes that have any
Support GitHub Enterprise for the Pull Requests feature
Allow keybindings to configure more than one key
Add <alt+up>/<alt+down> as alternate keybindings for moving commits up/down
Add support for git flow using the git-flow-next tool
[10 lines not shown]
nushell: updated to 0.113.0
0.113.0
This release adds fast in-memory indexing and search via idx, stream inspection
without collection via peek, structured verbose output for file operations, and
a more concise default output mode for from md.
py-kubernetes: updated to 36.0.1
36.0.1
Kubernetes API Version: v1.36.1
Bug or Regression
- Fix `load_incluster_config()` and `load_kube_config()` (sync and async, with a static token) so requests carry an `Authorization` header on `kubernetes-client/python` v36+. Without this fix, in-cluster pods upgrading to v36 silently send unauthenticated requests and the apiserver rejects them as `system:anonymous`.
Deprecation
- Support new exec v5 websocket subprotocol
py-coverage: updated to 7.14.1
7.14.1
- Fix: the HTML report used typographic niceties to make file paths more
readable by adding a small amount of space around slashes. Those spaces
interfered with searching the page for file paths of interest. Now the report
uses CSS to accomplish the same visual tweak so that searches with slashes
work correctly. Closes `issue 2170`_.
- `Add a 3.16 PyPI classifier <hugo-316_>`_ since we test on the 3.16 main
branch.
libavif: updated to 1.4.2
1.4.2 - 2026-05-26
Added since 1.4.1
* Add --jobs flag to avifgainmaputil to use multiple worker threads when
reading/writing AVIF files.
Changed since 1.4.1
* Require C11 for compilation. Public headers will remain C99.
* Add --jobs flag to avifgainmaputil and enable auto tiling.
* Use AOM_TUNE_IQ for layered image inter-frame encoding.
* Update aom.cmd/LocalAom.cmake: v3.14.1
* Update LocalAvm.cmake: research-v15.0.0
* Update libjpeg.cmd/LocalJpeg.cmake: 3.1.4.1
* Update libxml2.cmd/LocalLibXml2.cmake: v2.15.3
* Update libyuv.cmd/LocalLibyuv.cmake: 644251f25 (1924)
[11 lines not shown]
cargo-nextest: updated to 0.9.137
0.9.137
Changed
CLI --help descriptions, configuration-reference docs, and JSON schema descriptions now use consistent language and voice.
Fixed
Filterset expressions like not(test(foo)), all()and(test(foo)), and all()or(test(foo)), where not, and, or or is immediately followed by an opening parenthesis, now parse correctly. Previously, a separating space was required.
py-typer: updated to 0.26.1
0.26.1
Fixes
Ensure that an envvar set for typer.Option works as expected.
0.26.0
Breaking Changes
Vendor Click and streamline Typer's functionality and code base.
Typer no longer depends on Click as a third party dependency, it vendors (includes the source code of) Click.
This simplifies the work done by both Click and Typer teams.
It allows Typer to evolve independently, and enables several new planned features.
It will solve several dependency conflict situations for projects that use some packages that depend on Click and some that depend on Typer.
This also means that Click-specific functionality is no longer supported, like extracting the Click app and adding Click-specific plug-ins, or customizing the field types with Click-specific types.
You can read more about it in the docs for Vendored Click.
[8 lines not shown]
time/R-RcppCCTZ) Updated 0.2.13 to 0.2.14
(pkgsrc)
- Fix build against R 4.6.0
- USE_TOOLS+= gmake only for ifne in patch-src_Makevars
(upstream)
News for Package 'RcppCCTZ'
Changes in version 0.2.14 (2026-01-08):
* Synchronized with upstream CCTZ (Dirk in #46).
* Explicitly enumerate files to be compiled in 'src/Makevars*'
(Dirk in #47)
py-certipy: add version 0.2.3
Certipy was made to simplify the certificate creation process. To that end,
Certipy exposes methods for creating and managing certificate authorities,
certificates, signing and building trust bundles. Behind the scenes Certipy:
* Manages records of all certificates it creates
* External certs can be imported and managed by Certipy
* Maintains signing hierarchy
* Persists certificates to files with appropriate permissions
