py-paramiko: updated to 5.0.0
5.0.0
[Feature]: Added a new, optional file_format keyword argument to PKey.write_private_key and PKey.write_private_key_file to allow writing out OpenSSH-style private key files in addition to the legacy PEM format.
Warning
While the default format remains PEM in Paramiko 5, future major releases are likely to change that default to the OpenSSH format. We recommend updating any key-writing code you have to be explicit now, to insulate yourself from such an update.
[Bug]: Added a password kwarg to PKey.from_type_string so it can handle encrypted keys like most other PKey constructors already could.
[Bug]: Fix Ed25519Key’s internals such that it no longer throws AttributeError during calls to __repr__ when only partly initialized. This isn’t a normal runtime problem (it only happens inside error handling for fatal errors like “not a valid private key”) but was perennially complicating test failure diagnosis and similar scenarios.
[Support]: Removed the demos/ folder; they’ve become too big a support burden and we’ve wanted to remove them for years.
Users who enjoyed the client-side demos should look at our wrapper library, Fabric.
We suspect the most-used demo was demos/demo-server.py and may consider adding a variant of it to the actual Python package in future.
[Support]: Renamed PKey.from_path’s passphrase argument to password so it’s consistent with all the other methods of instantiating PKey objects.
[24 lines not shown]
fabric: updated to 3.2.3
3.2.2
[Bug]: fabric.runners.Remote failed to properly deregister its SIGWINCH signal handler on shutdown; in rare situations this could cause tracebacks when the Python process receives SIGWINCH while no remote session is active. This has been fixed.
[Bug] 2204: The signal handling functionality added in Fabric 2.6 caused unrecoverable tracebacks when invoked from inside a thread (such as the use of fabric.group.ThreadingGroup) under certain interpreter versions. This has been fixed by simply refusing to register signal handlers when not in the main thread. Thanks to Francesco Giordano and others for the reports.
py-bumpver: updated to 2026.1132
2026.1132
- Add `allowed_branches` config option to restrict which branches can be released from. Accepts a comma-separated list of glob patterns (e.g. `master,main,release-*`). Empty (the default) allows any branch.
py-cython: updated to 3.2.5
3.2.5 (2026-05-23)
Bugs fixed
* A compile failure was fixed when using the walrus operator inside of try-except.
* Expressions with side-effects as object argument to ``isinstance()`` could get
evaluated multiple times, e.g. when they use the walrus operator.
* Several problems generating the shared utility module were resolved, including
a performance regression with memory views.
* Some GC and refcounting issues were resolved for Cython functions in the Limited API.
* Refcounting errors and error handling issues were resolved in some rare error handling cases.
* Using ``cython.pymutex`` in an extension type with ``cdef`` methods generated
invalid C code missing the required ``PyMutex`` declarations.
* Calling ``.get_frame()`` on Cython coroutines could crash in freethreading Python.
* The vectorcall protocol was not used correctly in ``.throw()`` of Cython coroutines
when raising the exception only by type (without value or traceback).
* A problem with cpdef enums in the Limited API of Python 3.11+ was resolved.
[20 lines not shown]
adguardhome: updated to 0.107.76
0.107.76
Changed
Duration values in YAML configuration file now support d (days) units and has been updated.
NOTE: Any rollback to version below the v0.107.76 should convert the values back to hours.
Fixed
DNS caching with disabled DNSSEC
Update devel/objfw to 1.5.4
ObjFW 1.5.3 -> ObjFW 1.5.4, 2026-05-23
* Fixes a buffer overflow caused by integer promotion rules in
OFBMPImageFormatHandler and OFQOIImageFormatHandler.
geography/proj: Force use of pkgsrc nlohmann-json
Upstream has a very outdated vendored copy. Add a build define to ask
for it to be used as a dependency ("external" in upstream parlance).
Add a command to remove the vendored copy, to guard against accidental
use. Leave it commented out because of upstream problems (with
links).
Rototill the comments surrounding build and test depends.
Despite the diff size, this change should have effect on the resulting
binary.
www/anubis: Update to 1.25.0
Changelog:
1.25.0:
Add iplist2rule tool that lets admins turn an IP address blocklist into an Anubis ruleset.
Add Polish locale (#1292)
Fix honeypot and imprint links missing BASE_PREFIX when deployed behind a path prefix (#1402)
Add ANEXIA Sponsor logo to docs (#1409)
Improve idle performance in memory storage
Add HAProxy Configurations to Docs (#1424)
What's Changed
build(deps): bump the github-actions group with 4 updates by @dependabot[bot] in #1355
feat(localization): add Polish language translation by @btomaev in #1363
docs(known-instances): Alphabetical order + Add Valve Corporation by @p0008874 in #1352
test: basic nginx smoke test by @Xe in #1365
build(deps): bump the github-actions group with 3 updates by @dependabot[bot] in #1369
build(deps-dev): bump esbuild from 0.27.1 to 0.27.2 in the npm group by @dependabot[bot] in #1368
[31 lines not shown]
py-pdf: updated to 6.12.1
6.12.1
Security (SEC)
- Limit input size and element count for XMP metadata
Robustness (ROB)
- Prevent cyclic parent hierarchies for inherited dictionaries
- Deal with invalid first code in LZW decoder
