nasm: updated to 3.0.2
3.02
Fix build problems on C23 compilers using a pre-C23 version of <stdbool.h> which defines bool as a macro in violation of the C23 specification.
The immediate form of the JMPE instruction (opcode 0F B8) has been changed to an absolute address, as in the Itanium Architecture Software Developer's Manual, version 2.3, Volume 4, page 4:249. Hopefully this won't break whatever virtual environments use JMPE, but it is the closest thing there is to an official specification for this opcode.
Being an absolute address, treat it equivalent to a FAR jump and do not default to 64 bits in 64-bit mode.
That JMPE has apparently been wrong all these years is probably as good of a hint as any how much it has been actually used, but it does have the possibility of breaking virtual environments. In that case, please file a bug report to https://bugs.nasm.us with details about the virtual environment, and we will figure out a suitable solution.
Various build fixes. Fix the documentation not building on MacOS because of the cp utility lacking -u there. Also fix not building generally due to wrong link formatting. Another fix was a typo in compiler.h related to a C++ check.
Corrections to assembling encodings:
Fix CMP allowing LOCK which is illegal.
Correct multiple AVX512 instructions such as VCVTSD2SI, VCVTSD2USI, VCVTSS2SI, VCVTSS2USI, VCVTTSD2SI, VCVTTSD2USI, VCVTTSS2SI, VCVTTSS2USI, VGETEXPSH, VGETMANTSH, MOVDDUP, VMOVDDUP.
[56 lines not shown]
enchant2: update to 2.8.18.
2.8.18 (July 4, 2026)
---------------------
This release fixes compatibility with the latest Vala compiler, version
0.56.19. The problem was Enchant’s fault; the change in behaviour by valac,
of returning different values for some return types when a method
precondition failed, was fine. The Enchant code was allowing these checks to
fail rather than validating arguments. Manual validation has been added for
most arguments, except the “self” argument for “method calls”, which is
usually the argument in first position, e.g. the EnchantBroker pointer
argument to all enchant_broker_* APIs. Applications can call
`g_log_set_always_fatal(G_LOG_LEVEL_CRITICAL)` or equivalent to make these
tests cause an assertion failure; otherwise, critical errors will be logged,
and in some cases a different value will be returned by the API from that
previously returned. I have not changed the major version of the library,
since the return code in such cases was always undocumented: the APIs
require non-NULL pointers.
[24 lines not shown]
mozilla-rootcerts: update to 1.1.20260611.
Add Cybertrust Japan SecureSign Root CA16. r=bwilson
Remove Email Trust bit from TrustAsia Global Root CA G3 and G4. r=bwilson
Remove Entrust Root Certification Authority. r=bwilson
Remove SecureSign Root CA12. r=bwilson
py-requests-cache: updated to 1.3.3
1.3.3
Fix SQLite vacuum() not freeing disk space
Fix DynamoDB item enumeration when the table exceeds 1MB
Fix Redis ttl_offset for items that should have no expiry
Fix error when receiving an empty Expires header value
py-json5: updated to 0.15.0
0.15.0 (2026-06-19)
Fix 113, where parsing of signed hexadecimal literals such as -0x1f and +0xff was raising a ValueError instead of being allowed.
Fix 111, with a slight docstring typo fix/improvement.
upgraded package dependences to their "latest" versions (without changing any direct dependencies and not pulling in anything newer than 30 days old). This resolves some potential security issues in a dev environment that Dependabot was warning about; no effect on the production code since the production library has no dependencies.
py-cbor2: updated to 6.1.3
6.1.3 (2026-07-04)
- Fixed the decoder registering 6-byte strings in the string reference namespace at indices
65536–4294967295 where the encoder does not, desynchronising the namespace and resolving later
string references to the wrong value
- Fixed the IPv4/IPv6 network decoders (tags 52 and 54) silently truncating an address byte string
that is longer than the address size instead of rejecting it as malformed
- Fixed quadratic decoding time for indefinite-length and large definite-length byte and text
strings, caused by concatenating each chunk onto the accumulated result with ``+`` instead of
building the result once
- Fixed ``datetime_as_timestamp`` encoding whole-second datetimes before 1970 or after 2106 as
floats instead of integers, because the timestamp was narrowed through an unsigned 32-bit integer
- Fixed the encoder measuring text strings by code point count instead of UTF-8 byte length when
deciding whether to add them to the string reference namespace, desynchronising it from the
decoder (which counts bytes) and corrupting later string references for non-ASCII strings
- Fixed the decoder rejecting scoped IPv6 addresses (tag 54) with a ``CBORDecodeError`` reading
``invalid types in input array``; the encoder emits them as ``[address, null, zone id]`` but the
[2 lines not shown]
sysutils/zoxide: update to 0.10.0
Added
import now supports fetching entries from atuin.
import now auto-detects database files.
import now skips directories matching $_ZO_EXCLUDE_DIRS.
POSIX: support for non-Cygwin Windows environments (e.g. Busybox).
Fish: Space-Tab completions now display and run the selected command.
Bash/POSIX/Zsh: z now honors $CDPATH.
Bash: don't add to the database when history is disabled (set +o history).
Nushell: export commands so the init script can be imported with use.
Support for RISC-V (riscv64) Linux.
Changed
import now takes a subcommand instead of the --from flag.
Fixed
[12 lines not shown]
gatus: Add version 5.36.0
Gatus is a developer-oriented health dashboard that gives you the
ability to monitor your services using HTTP, ICMP, TCP, and even DNS
queries as well as evaluate the result of said queries by using a list
of conditions on values like the status code, the response time, the
certificate expiration, the body and many others. The icing on top is
that each of these health checks can be paired with alerting via
Slack, Teams, PagerDuty, Discord, Twilio and many more.
libtorrent rtorrent: updated to 0.16.16
0.16.16
Includes new proxy support, using network.proxy.global.set and
network.proxy.http.set, with http://, socks5:// and socks5h:// support. Other
libcurl-supported protocols work http.