py-numpy: update to 2.5.0.
Numpy 2.5.0 is a transitional release. It drops support for Python 3.11,
marking the end of distutils, and expires a large number of deprecations made
in the 2.0.x release. It also improves free threading and brings sorting into
compliance with the array-api standard with the addition of descending sorts.
There is also a fair amount of preparation for Python 3.15, which will be
supported starting with the first rc.
Highlights
Distutils has been removed.
Many expired deprecations.
Many new deprecations.
Many static typing improvements.
Improved support for free threading.
Support for descending sorts.
www/ruby-selenium-webdriver: udpate to 4.45.0
4.45.0
* Support CDP versions: v147, v148, v149
* deprecate curb http client support (#17443)
* move Ruby bindings to use typescript get attribute atom (#17524)
* Move atoms to use the typescript versions (#17532)
* deprecate Chromium Profile classes (#17557)
* update bazel test tags (#17558)
* separate concerns between Service, DriverFinder, and Options (#17564)
* fix using environment variables to set drivers (#17571)
* create more obvious test guard keywords as aliases (#17636)
www/ruby-sass-embedded: update to 1.101.0
1.101.0 (2026-06-11)
* Update bufbuild/buf-action
* Check for dart support without requiring json
* Mark ext as private in yard
* Improve backtrace for custom function and importer errors
* Pretty Uri (#381)
* Update rubocop requirement from ~> 1.86.0 to ~> 1.87.0 (#382)
* Update rubocop-rspec requirement from ~> 3.9.0 to ~> 3.10.1 (#383)
* Bump sass from 1.100.0 to 1.101.0 in /ext/sass (#384)
py-structlog: updated to 26.1.0
26.1.0
Removed
- Python 3.8 and 3.9 support.
Deprecated
- Support for *better-exceptions* is deprecated and will be removed within a year.
Use our Rich integration or copy-paste the [one line of code you need](https://github.com/hynek/structlog/blob/2c059a0dc029d9370e1e4a6e9683063205bbb68f/src/structlog/dev.py#L488-L498).
Added
- Python 3.15 support.
- `structlog.dev.rich_monochrome_traceback` for Rich-based monochrome exception rendering and add support for it throughout `structlog.dev.ConsoleRenderer` when the user asks for no colors.
[20 lines not shown]
www/ruby-faraday: update to 2.14.3
1.10.6 (2026-06-24)
What's Changed
* See if tests pass against Ruby 3.3 by @jturel in #1677
* Backport GHSA-98m9-hrrm-r99r fix to 1.x: add param_depth_limit to
NestedParamsEncoder by @iMacTia with @Copilot in #1681
New Contributors
* @jturel made their first contribution in #1677
py-txaio: updated to 26.6.1
26.6.1
**Fix**
* Logging at ``warn`` level on the asyncio backend no longer triggers a ``DeprecationWarning`` from the standard library: ``txaio`` now dispatches the ``warn`` level to ``logging.Logger.warning`` instead of the deprecated ``.warn`` alias
**Other**
* Preserve verified artifact chain-of-custody in the release pipeline, aligning txaio with the rest of the WAMP group. The wheel, source distribution and documentation are now built **once** in the ``main`` workflow and uploaded with ``upload-artifact-verified``; the ``release`` workflow ``download-artifact-verified``\s those exact, checksum-verified artifacts (by ``main`` run id) and publishes them, instead of rebuilding from source. This guarantees that what is tested is what is shipped
* Auto-publish a GitHub Discussions announcement for nightly and stable releases: a new ``release-post-comment.yml`` workflow runs after the ``release`` workflow, finds the freshly-created GitHub Release and posts its notes into the Discussions ``ci-cd`` category. The category is resolved by name (case-insensitive), so no repo-specific category id is hard-coded. Requires GitHub Discussions enabled on the repository with a ``ci-cd`` category
* Align artifact handling with the rest of the WAMP group: CI now uploads build, coverage and documentation artifacts via the shared ``upload-artifact-verified`` action (SHA256 chain-of-custody), and the release workflow validates the exact PyPI payload — the universal ``py3-none-any`` wheel plus the source distribution — with the shared, fail-closed ``check-release-fileset`` action before publishing
* Remove three permanently-skipped legacy tests that exercised the ``@asyncio.coroutine`` decorator. That decorator was removed in Python 3.11 (txaio's minimum supported version), so the tests could no longer run on any supported interpreter and only emitted skips
* Bumped the shared ``wamp-ai`` and ``wamp-cicd`` Git submodules to match the rest of the WAMP project group (zlmdb / autobahn-python 26.6.1) for the coordinated release. The ``wamp-cicd`` bump picks up the GHSA-6658 shell-injection hardening in the shared ``identifiers.yml`` reusable workflow (untrusted GitHub event fields are now passed via ``env:`` as quoted data with a fail-closed branch-name allowlist)
* Declare the ``ty`` type checker in the ``dev`` extra and run it from the project venv (dropping the separate global ``uv tool install ty`` step), so local and CI resolve the same latest ``ty``. Fixed a newly-reported ``ty`` ``invalid-argument-type`` diagnostic in ``tx.py`` (the Twisted ``ILogObserver`` is provided via ``zope.interface`` ``@provider``, which static checkers cannot follow) with a localized ``cast`` rather than a blanket rule ignore. Excluded the ``.ai`` / ``.cicd`` submodules from ``ruff`` (they carry their own linting/CI)
www/ruby-crass: update to 1.0.7
1.0.7 (2026-06-25)
Security
* High: Fixed a denial of service vulnerability in which a large numeric
exponent could consume disproportionate CPU and memory before the value
was clamped. Exponents are now bounded before 10**exponent is computed.
(GHSA-6wmf-3r64-vcwv)
* Moderate: Fixed a scenario in which deeply nested simple blocks or
functions could exhaust the Ruby stack and raise SystemStackError, or
could result in excessive memory usage. Parser nesting is now limited to
a configurable maximum depth via a new option (:maximum_depth, with a
conservative default of 25). Constructs nested more deeply are discarded
as an :error node with the value "maximum-depth-exceeded".
(GHSA-6jxj-px6v-747w)
[8 lines not shown]
py-braintree: updated to 4.45.0
4.45.0
Deprecate debug_id on PayPalAccount, LocalPayment, and SepaDirectDebitAccount transaction detail objects
Add account_reference_number_type to sender and receiver in transfer on Transaction
Add CannotCloneThirdPartyCofNetworkTokenTransaction (915274) transaction validation error code
www/ruby-aws-sdk-s3: update to 1.226.0
1.226.0 (2026-06-16)
* Feature - Added support for annotations. You can now attach up to 1000
annotations (up to 1 MB each) directly to objects and create, retrieve,
list, and delete them using new annotation APIs. Also added support for
configuring an annotation table in S3 Metadata.
* Feature - Multipart copies now support tags_directive,
annotations_directive, and metadata_directive options for controlling
which source properties are copied to the destination.
* Issue - Fix error when performing cross-region multipart copies with
copy_source_region.
1.225.1 (2026-06-10)
* Issue - Fix download_file single-request mode not writing to a temporary
file when given a String/Pathname destination.
gpgme: updated to 2.1.1
Noteworthy changes in version 2.1.1 (2026-06-25)
* gpgme_op_export now also returns operational errors.
* w32: Improve debug output in spawn and selection functions.
* w32: Improve serialization between reader and writer threads.
* w32: Add CRLF handling for armored output in gpgme-json.
www/ruby-aws-sdk-core: update to 3.252.0
3.252.0 (2026-06-10)
* Feature - Updated Aws::Signin::Client with the latest API changes.
* Feature - AWS Sign-In now allows customers to control access to the AWS
Management Console using resource-based policies. With this release
customers can restrict console access based on network perimeters such as
VPC IDs, VPC endpoints, and IP addresses.
