py-poetry-core: update to 2.4.1.
2.4.1 - 2026-05-09
Changed
Re-allow installer==0.7.0 (#10887).
Fixed
Fix an issue where poetry update <package> failed when <package> was a transitive dependency (#10885).
py-more-itertools: update to 11.1.0.
Changes:
numeric_range was updated to fix its handling of empty ranges (thanks to rhettinger)
peekable was updated to fix typing issues (thanks to DORI2001, powellnorma, Pandede, m9810223, and rhettinger)
islice_extended was optimized for memory usage and speed (thanks to ben42code, rhettinger, and pochmann)
serialize now supports the generator methods throw, send, and close (thanks to rhettinger)
seekable now supports implements __getitem__ for cached elements (thanks to SAY-5, jenstroeger, and JamesParrott)
py-idna: update to 3.16.
## 3.16 (2026-05-22)
- Add a command-line interface (`python -m idna`, also available as
the `idna` script). Encodes or decodes one or more domains supplied
as arguments or on standard input, with options to select A-label
or U-label output and control error handling.
- Raise the minimum supported Python version to 3.9
- Various code quality improvements
py-icalendar: update to 7.1.2.
7.1.2 (2026-05-22)
Bug fixes
Replaced the recursive Component.__repr__ implementation with an iterative stack-based walk so that deeply nested calendars no longer raise RecursionError when formatted via repr(), str(), or f-strings. The output format is unchanged for normally-shaped calendars. @gistrec (Issue #1370)
Documentation
Update maintenance documentation. Fix the version switcher on "stable" on Read the Docs. @stevepiercy (Issue #1352)
7.1.1 (2026-05-18)
New features
Created an ical_value property for the vPeriod component. @ZairKSM (Issue #876)
Created a ical_value() property for the vWeekday component, mirroring the existing pattern on vBoolean. @mvanhorn (Issue #1360)
[21 lines not shown]
py-genshi: update to 0.7.11.
Version 0.7.11
https://github.com/edgewall/genshi/releases/tag/0.7.11
(May 17 2026, from branches/stable/0.7.x)
* Replace use of `pkg_resources` with `importlib.resources` (or `importlib_resources` for Python < 3.9)
(#97 by Colin Watson)
* Update CI release workflow to use Ubuntu 22.04. (#96 by Simon Cross)
py-aiodns: update to 4.0.4.
4.0.4
=====
- Raise ``DNSError(ARES_ENODATA)`` from ``query()`` when the answer section has no records of the requested qtype, restoring the pycares 4.x NODATA contract and avoiding ``AttributeError`` for CNAME/SOA/PTR callers (#254).
- Add the missing ``build-backend`` entry to ``pyproject.toml`` so PEP 517 builds from the sdist work without falling back to the deprecated legacy setuptools backend (#252).
py-JWT: update to 2.13.0.
v2.13.0
-------
Security
~~~~~~~~
- Reject JWK JSON documents passed as raw HMAC secrets in
``HMACAlgorithm.prepare_key`` to close an algorithm-confusion gap that
the existing PEM/SSH guard did not cover. Reported by @aradona91 in
`GHSA-xgmm-8j9v-c9wx <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx>`__.
- Bind the JWT header ``alg`` to ``PyJWK.algorithm_name`` during
verification so the caller's ``algorithms=[...]`` allow-list cannot be
bypassed when decoding with a ``PyJWK`` / ``PyJWKClient`` key. Reported
by @sushi-gif in `GHSA-jq35-7prp-9v3f <https://github.com/jpadilla/pyjwt/security/advisories/GHSA-jq35-7prp-9v3f>`__.
- Reject non-``http(s)`` URI schemes in ``PyJWKClient`` so attacker-
influenced URIs cannot read local files or reach unintended schemes via
urllib's default ``file://`` / ``ftp://`` / ``data:`` handlers. Reported
[31 lines not shown]
dasel: update to 3.11.0.
## [v3.11.0] - 2026-05-19
### Added
- Support for newline-delimited JSON (NDJSON) input. Multiple JSON values in a single input are now parsed as a multi-document branch, matching the existing YAML multi-document behaviour.
### Fixed
- Strip leading "v" from version output for consistency across build methods (Docker vs Homebrew).
libical4: update to 4.0.1.
## [4.0.1] - 2026-05-14
- Increase the ICAL_LIMIT_RRULE_SEARCH limit from 100 to 500.
- Fix an unsafe exec() in the `vzic` tool when compiled with the CREATE_SYMLINK option.
libxmlb: update to 0.3.27.
Version 0.3.27
~~~~~~~~~~~~~~
Released: 2026-05-18
New Features:
- Bump the required version of GLib to 2.68 (Richard Hughes)
Bugfixes:
- Do not construct an invalid silo when processing more than 30 attrs (Richard Hughes)
- Fix NULL pointer dereference when searching with NULL needle (Richard Hughes)
- Fix potential use-after-free when building the in() haystack (Richard Hughes)
- Fix stem() type-checking the wrong stack position (Richard Hughes)
- Handle NULL string opcodes in more functions (Richard Hughes)
- Limit operator recursion depth in xb_machine_parse_section (Richard Hughes)
- Limit the number of predicates and OR branches in each section (Richard Hughes)
- Prevent an infinite loop when parsing a corrupt silo (Richard Hughes)
- Reject XML with more than 65535 unique element names (Richard Hughes)
fzf: update to 0.73.0.
Nushell integration via fzf --nushell and the installer (#4630) (@sim590)
New --preview-window=next position that places the preview adjacent to the input section, on the list side: above the input in the default layout, below it in --layout=reverse (#4798)
Timer-driven every(N) event for --bind, where N is seconds
Added $FZF_IDLE_TIME (whole seconds) and $FZF_IDLE_TIME_MS (milliseconds), holding the elapsed time since the last user activity
Pair with every(N) to build idle-based behavior such as auto-accept or auto-quit (#1211)
# Live process list; --track --id-nth 2 keeps the cursor on the same PID across reloads
fzf --header-lines 1 --track --id-nth 2 --bind 'start,every(2):reload-sync:ps -ef'
# Auto-accept after 10 seconds of inactivity, with a countdown in the footer after 5s
fzf --bind 'every(1):bg-transform:
if [[ $FZF_IDLE_TIME -lt 5 ]]; then echo change-footer:
elif [[ $FZF_IDLE_TIME -lt 10 ]]; then echo "change-footer:auto-accept in $((10 - FZF_IDLE_TIME))s"
else echo accept
fi'
[9 lines not shown]