py-vulture: updated to 2.16
2.16 (2026-03-25)
Fix false positives for dead code after while loops (Jendrik Seipp).
Use ty instead of pytype for testing type annotations (Jendrik Seipp).
py-pybind11: updated to 3.0.3
3.0.3
Bug fixes:
Fixed TSS key exhaustion in implicitly_convertible() when many implicit conversions are registered across large module sets.
Fixed heap-buffer-overflow in pythonbuf with undersized buffers by enforcing a minimum buffer size.
Fixed virtual-inheritance pointer offset crashes when dispatching inherited methods through virtual bases.
Fixed free(): invalid pointer crashes during interpreter shutdown with py::enum_<> by duplicating late-added def_property_static argument strings.
Fixed function_record heap-type deallocation to call PyObject_Free() and decref the type.
Hardened PYBIND11_MODULE_PYINIT and get_internals() against module-initialization crashes.
Fixed static_pointer_cast build failure with virtual inheritance in holder_caster_foreign_helpers.h.
Fixed ambiguous factory template specialization that caused compilation failures with nvcc + GCC 14.
Fixed crash in def_readwrite for non-smart-holder properties of smart-holder classes.
Fixed memory leak for py::dynamic_attr() objects on Python 3.13+ by clearing managed __dict__ contents during deallocation.
Fixed binding of noexcept and ref-qualified (&, &&) methods inherited from unregistered base classes.
Internal:
[8 lines not shown]
libfyaml: try to fix 32-bit build & bump
The prior update is very broken on 32 bit targets.
This patchset rolls up the 32-bit fixes that looked
most relevant in the upstream repo committed after the release.
lazygit: updated to 0.60.0
0.60.0
Enhancements
Rename "Copy commit hash to clipboard" to mention it's an abbreviated hash
Hide the "Fetching..." status of the auto-fetch when bottom line is hidden
Allow removing lines from patch directly
Filter file views rather than search
Show branch name and detached HEAD in worktrees tab
Add backward cycling support for log view (using <shift>-a on status page)
Show worktree name next to branch in branches list
Fixes
Fix matching of lazygit-edit URLs without line numbers
Fix 5302: Create .git/info directory before writing exclude file
Fix off-by-one error when calculating popup panel dimensions
[19 lines not shown]
graphviz: updated to 14.1.4
14.1.4 – 2026-03-20
Changed
Enable ascii plugin to be built using autotools.
Fixed
Processing concentrate=true graphs no longer crashes Graphviz. Processing of
concentrate=true graphs still often errors out.
gdk-pixbuf2: updated to 2.44.6
2.44.6
- build: Add a legacy_xpm option to build the old xpm loader
- xpm: Rename the old xpm loader to legacy-xpm, and use it
for gdk_pixbuf_new_from_xpm_data if it is available.
Note that the old loader will only be used for this purpose.
xpm files still get loaded with glycin
- jpeg: Reject data with an unsupported number of components
- Update contribution guidelines
- glycin: Fix an issue with looping animations
- Do not accidentally query loaders from the host
py-aiohttp: updated to 3.13.5
3.13.5 (2026-03-31)
Bug fixes
- Skipped the duplicate singleton header check in lax mode (the default for response
parsing). In strict mode (request parsing, or ``-X dev``), all RFC 9110 singletons
are still enforced
openvpn: updated to 2.7.1
2.7.1
Antonio Quartulli (1):
options: drop useless init_gc param for init_options()
Arne Schwabe (12):
Change stream_buf_read_setup_dowork parameter to struct steam_buf
DCO Linux: Fix setting DCO ifmode failing on big endian archs
Merge stream_buf_get_next and stream_buf_set_next
AWS-LC: Add missing return and cast in ssl_tls1_PRF
GHA: Install aws-lc under /opt/aws-lc
Show version and double check we use the right TLS library in Github Actions
Remove unnecessary OpenSSL init and cleanup commands in unit tests
GHA: Cache built crypto libraries
Use openssl_err_t typedef to deal with difference between TLS libraries
Do not support tls_ctx_set_cert_profile on AWS-LC
Use const specifices in extract_x509_field_ssl
[43 lines not shown]
tex-transparent{,-doc}: update to 1.6
* Fix clash with pgfutil-common #3
* Update test for PDF management
* adapt to l3kernel changes (l3opacity is now included)
xz: update to 5.8.3.
5.8.3 (2026-03-31)
IMPORTANT: This includes a fix for CVE-2026-34743 which affects all
XZ Utils versions since 5.0.0. No new 5.2.x, 5.4.x, or 5.6.x
releases will be made, but the fix is in the v5.2, v5.4, and v5.6
branches in the xz Git repository.
* liblzma:
- Fix a buffer overflow in lzma_index_append(): If
lzma_index_decoder() was used to decode an Index that
contained no Records, the resulting lzma_index was left in
a state where where a subsequent lzma_index_append() would
allocate too little memory, and a buffer overflow would occur.
The lzma_index functions are rarely used by applications
directly. In the few applications that do use these functions,
[35 lines not shown]
