www/chromium: update to 149.0.7827.114
* 149.0.7827.114
This update includes 28 security fixes. Below, we highlight fixes
that were contributed by external researchers.
Please see the Chrome Security Page for more information.
* 149.0.7827.102
This update includes 74 security fixes. Below, we highlight fixes
that were contributed by external researchers.
Please see the Chrome Security Page for more information.
esbuild: update to 0.28.1
- Disallow \ in local development server HTTP requests (GHSA-g7r4-m6w7-qqqr)
- Add integrity checks to the Deno API (GHSA-gv7w-rqvm-qjhr)
- Avoid inlining using and await using declarations (#4482)
- Fix module evaluation when an error is thrown (#4461, #4467)
- Fix some edge cases around the new operator (#4477)
- Fix renaming of nested var declarations (#4471)
- Emit var instead of const for certain TypeScript-only constructs for ES5 (#4448)
py-python-discovery: updated to 1.4.2
Bug fixes - 1.4.2
- Stop executable symlink resolution once the stdlib landmark is reachable and keep macOS framework builds untouched,
matching ``getpath`` - Homebrew interpreters no longer get version-pinned ``Cellar`` paths recorded and stable
aliases such as Debian's ``/usr/bin/python3`` are preserved
Bug fixes - 1.4.1
- Resolve executable-only symlinks when computing ``system_executable``, mirroring CPython's ``getpath.realpath``
(python/cpython115237): a symlink to the interpreter binary now resolves to the real interpreter, while a fully
symlinked interpreter tree is kept as-is
py-starlette: updated to 1.3.1
1.3.1 (June 12, 2026)
Fixed
* Enforce `max_fields` and `max_part_size` in `FormParser`
* Enforce `FormParser` limits in parser callbacks
1.3.0 (June 11, 2026)
Added
* Add `httpx2` to the `full` extra
* Annotate the `URLPath` `protocol` parameter with `Literal`
py-pdf: updated to 6.13.2
6.13.2, 2026-06-10
Security (SEC)
- Detect multi-hop cyclic /Pages trees in _flatten to prevent SIGSEGV
Robustness (ROB)
- Fix UnboundLocalError in _read_standard_xref_table on a malformed entry
- Raise PdfStreamError on non-hexadecimal bytes in hex readers
helm: updated to 4.2.1
4.2.1
Notable Changes
Fixed data race detected by -race flag when concurrent goroutines (upgrade + rollback, install + uninstall) both call GetWaiterWithOptions on the same FailingKubeClient instance
Fixed helm command success messages writing to stderr instead of stdout. Now correctly outputing to stdout
Fixed Helm 4 emitting "unable to find exact version" when using version range constraints
Fixed a race condition in WaitForDelete where the status observer canceled the watch too early, causing intermittent failures when running a full test suite
Bumped golang.org/x/net to v0.55.0 to address GO-2026-5026
Fixed SDK errors by upgrading dependencies: cli-utils 1.2.1, controller-runtime 0.24.1 and k8s 1.36.1
Dependency updates
restic: updated to 0.19.0
Restic 0.19.0 (2026-06-09)
The following sections list the changes in restic 0.19.0 relevant to
restic users. The changes are ordered by importance.
Summary
* Fix: Support serving a `restic mount` of a Windows system via Samba
* Fix: Use mode 0700 for repository directories created over SFTP
* Fix: Exit with code 3 when some `backup` source paths do not exist
* Fix: Error out when environment variables hold invalid values
* Fix: Return exit code 3 when failing to remove snapshots
* Fix: Exit with code 130 on SIGINT
* Fix: Reject impossible `find` time bounds immediately
* Fix: Make `find --pack` list blobs for tree packs
* Fix: Allow `rclone` and `sftp` backends when running in background
* Fix: Correctly restore ACL inheritance state on Windows
[32 lines not shown]
fast_float: updated to 8.2.9
8.2.9
Remove an else if statement that is always false
Remove an unreachable return statement
Fix compile error with gcc 9: use of [[unlikely]]
reject non-digit wide code units in uint8/uint16 integer fast path
fluidsynth: updated to 2.5.5
2.5.5
Fix a build issue on BigEndian architectures
Adjust the log level for unimplemented OSAL functions in release builds
pound: update to 4.23
Addresses PR pkg/60114 from Eirik Øverby.
Version 4.23, 2026-05-26
* Important bugfix
A bug in "SendFile" allowed for reading files outside of the
configured directory. This is fixed.
* Compilation
The early pthread_cancel probe hack is no longer used. Consequently, the
"--disable-pthread-cancel-probe" configure option is gone.
* Handling of errors during service selection
In previous versions, if service selection failed due to an error
[547 lines not shown]
(math/R-RPostgreSQL) Updated 0.7.7 to 0.7.8
(from ChangeLog)
2025-03-28 Tomoaki NISHIYAMA <tomoaki at sci.u-toyama.ac.jp>
* Makevars.win rely on pkgconfig to find libpq on windows envirionment.
* Drop PQprint and related routines from the attached libpq library.
2024-09-30 Tomoaki NISHIYAMA <tomoaki at sci.u-toyama.ac.jp>
* Simplify tests
2024-09-24 Tomoaki NISHIYAMA <tomoaki at sci.u-toyama.ac.jp>
* Update DESCRIPTION
2024-09-22 Tomoaki NISHIYAMA <tomoaki at sci.u-toyama.ac.jp>
* Update DESCRIPTION
(math/R-MatrixModels) Updated 0.5.3 to 0.5.4
2024-08-14 Martin Maechler <maechler at stat.math.ethz.ch>
* DESCRIPTION (Version): 0.5-4 ; use `Authors at R`
* man/*.Rd: fix some `\link{.}` with `[Matrix..]`
