buf: updated to 1.70.0
1.70.0 - 2026-05-25
- Add LSP completion for `buf.gen.yaml`, `buf.yaml`, and `buf.policy.yaml` files.
- Fix LSP `textDocument/documentSymbol` marking every symbol as deprecated.
- Add error for when a dependency is added to `buf.yaml` and is missing from `buf.lock`.
- Update the `PROTOVALIDATE` lint rule support checking `NaN` in `const`, `in`, `not_in`,
`gt`, `gte`, `lt` and `lte` rules for `float` and `double` fields.
- Update the `PROTOVALIDATE` lint rule support to check `(buf.validate.message).oneof` rules
and make sure they are well-formed and valid.
vaultwarden: updated to 1.36.0
1.36.0
Security Fixes
This release contains security fixes for the following advisories. We strongly advice to update as soon as possible.
SSO Login CSRF
GHSA-pfp2-jhgq-6hg5
GHSA-w6h6-8r66-hcv7
User/Organization Enumeration
GHSA-hxqh-ff5p-wfr3
SSO existing-user binding
GHSA-j4j8-gpvj-7fqr
GHSA-6x5c-84vm-5j56
SSRF via Icon Endpoint
GHSA-72vh-x5jq-m82g
Some crate's updated and other minor security enhancements
[29 lines not shown]
py-cbor2: updated to 6.1.1
**6.1.1** (2026-05-14)
- Fixed ``cbor2.load()`` returning corrupted data for payloads exceeding 4096 bytes
**6.1.0** (2026-05-12)
- Added the ``allow_duplicate_keys`` parameter to :class:`CBORDecoder`, :func:`load` and
:func:`loads` (default: ``True``). When set to ``False``, a :exc:`CBORDecodeError` is raised
upon encountering a duplicate key within the same map.
- Added support for decoding from any object supporting the buffer API (e.g. ``memoryview`` or
``bytearray``) in addition to ``bytes``
- Fixed compatibility issues with 32-bit systems
(math/R-RcppArmadillo) Updated 14.2.3.1 to 15.2.6.1
(pkgsrc)
- Fix build against R 4.6.0
by adding patch for /usr/lib/execinfo for "backtrace_symbols"
- configure claims gcc-7.5 is too old
(upstream)
News for Package 'RcppArmadillo'
Changes in RcppArmadillo version 15.2.6-1 (2026-04-20):
* Upgraded to Armadillo release 15.2.6 (Medium Roast Deluxe)
* Ensure internally computed tolerances are not 'NaN'
* The 'rmultinom' deploys 'Kahan summation' as R-devel does
now.
Changes in RcppArmadillo version 15.2.5-1 [github-only] (2026-04-18):
[149 lines not shown]
gupnp: updated to 1.6.10
1.6.10 (stable)
Require GSSDP >= 1.6.5
- Context: Reuse allocated TCP socket from GSSDP Client
for web server
- Context: Do not leak GError in ACL handler
- Fix IPv6 host header validation
gssdp: updated to 1.6.5
1.6.5 (stabe)
- Block corresponding TCP socket when allocating UDP socket
1.6.4 (stable)
- Fix build path leaking into code
- Fix issues with Since: and Deprecated: declarations in documentation
1.6.3 (stable)
- Do not crash if socket receive fails
- Do not leak local address in SocketSource
py-mdit-py-plugins: updated to 0.6.1
0.6.1 - 2026-05-13
- FIX: Nested field lists incorrectly nesting inside parent containers
Field lists inside list items (or other indented containers) would recursively nest each field inside the previous one, instead of being siblings.
0.6.0 - 2026-05-07
- NEW: Add GFM autolink and composite GFM plugins
The `gfm_autolink` plugin implements [GFM autolink literals](https://github.github.com/gfm/#autolinks-extension-),
auto-linking URLs and email addresses without requiring angle brackets:
```markdown
Visit www.example.com or contact user at example.com
```
[15 lines not shown]
py-sphinxcontrib-phpdomain: updated to 0.15.2
0.15.2
* Removed usage of `pkg_resources` and converted to an implicit namespace package.
* Fixed build warnings related to license metadata.
0.15.1
* Tagged the wrong branch for 0.15.0
* Fixed missing build dep
0.15.0
* Expand compatibled version range for sphinx 9.x
py-sphinxcontrib-httpdomain: updated to 2.0.0
2.0.0
Breaking changes
Dropped support for Python 3.9 and older.
Switched to implicit (native) namespace for sphinxcontrib.
Major changes
Added support for Python 3.10 up to 3.14.
Adjusted a unit test regular expression for :file:`bottle_test.py`.
Use MDN documentation for information about HTTP status codes instead of w3.org.
Added :addtoc: option for http directives to register HTTP API endpoints and display them in the page-level table of contents.
Internal
Added Dependabot configuration.
[16 lines not shown]
py-uvicorn: updated to 0.48.0
0.48.0
Changed
Default ssl_ciphers to None and use OpenSSL defaults
Fixed
Ignore duplicate forwarding headers in ProxyHeadersMiddleware
py-httptools: updated to 0.8.0
0.8.0
Add http-parser and llhttp licenses into the wheels
Mark cython module as free-threading compatible
Fix all typing issues
Bump llhttp to 9.4.1
Security: fix URL truncation issue
Allow building with latest setuptools
py-poetry: updated to 2.4.1
2.4.1
Changed
Re-allow installer==0.7.0
Fixed
Fix an issue where poetry update <package> failed when <package> was a transitive dependency
2.4.0
Added
Add solver.min-release-age setting to require package releases to be a certain number of days old before they are considered during dependency resolution
Add solver.min-release-age-exclude to exclude selected packages from age filtering
Add solver.min-release-age-exclude-source to exclude all packages from selected package indexes from age filtering
[31 lines not shown]
py-uv py-uv-build: updated to 0.11.16
0.11.16
Enhancements
Add support for direct archive dependencies in Git
Adjust hint rendering
Preview features
uv audit: specialize malformed OSV error
Reject locked malware installations
Configuration
Allow disabling reading the system config with UV_NO_SYSTEM_CONFIG
Bug fixes
[10 lines not shown]
py-tibs: updated to 0.8.0
0.8.0
Backwardly incompatible changes
* Renamed the constructor keyword from `endianness` to `byte_order` for
`from_u`, `from_i` and `from_f`. The `Endianness` enum is unchanged.
Added
* Added the `MutableView` class. Views from `Mutibs` are now live mutable
views, so interpreted writes through `m.le`, `m.lsb0`, selected fields, or
explicit mutable views update the original `Mutibs`.
* Added fixed-width write methods and settable interpretation properties:
`write_u`, `write_i`, `write_f`, `write_bin`, `write_oct`, `write_hex` and
`write_bytes`, plus settable `.u`, `.i`, `.f`, `.bin`, `.oct`, `.hex` and
`.bytes` properties where mutation is supported.
* Added labelled field helpers. `Tibs.field(a, b)` and `Mutibs.field(a, b)`
[14 lines not shown]
