NetBSD/pkgsrc JyHOEMpdoc CHANGES-2026

   Updated devel/mimalloc, devel/py-dash
VersionDeltaFile
1.900+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc kJQKHdmdevel/py-dash distinfo Makefile

   py-dash: updated to 8.0.6

   v8.0.6 (2026-01-17)
   - Prevent access to object paths containing ``__globals__`` or ``__builtins__`` in ``invoke(). Attempting to access these keys will raise a ``KeyError``.
VersionDeltaFile
1.15+4-4devel/py-dash/distinfo
1.19+2-3devel/py-dash/Makefile
+6-72 files

NetBSD/pkgsrc nMnjYpBdevel/mimalloc distinfo Makefile, devel/mimalloc/patches patch-src_options.c

   mimalloc: updated to 3.2.8

   3.2.8
   important bug fixes

   3.2.7
   various bug fixes and performance improvements
VersionDeltaFile
1.1+18-0devel/mimalloc/patches/patch-src_options.c
1.10+5-4devel/mimalloc/distinfo
1.14+2-2devel/mimalloc/Makefile
1.8+2-2devel/mimalloc/PLIST
+27-84 files

NetBSD/pkgsrc eFjhQ88doc CHANGES-2026

   Updated lang/python313, lang/py313-html-docs
VersionDeltaFile
1.899+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc NS9jF4Llang/py313-html-docs distinfo PLIST, lang/python313 PLIST distinfo

   python313 py313-html-docs: updated to 3.13.12

   Python 3.13.12 final

   Windows
   gh-128067: Fix a bug in PyREPL on Windows where output without a trailing newline was overwritten by the next prompt.
   Tools/Demos
   gh-142095: Make gdb ‘py-bt’ command use frame from thread local state when available. Patch by Sam Gross and Victor Stinner.
   Tests
   gh-144415: The Android testbed now distinguishes between stdout/stderr messages which were triggered by a newline, and those triggered by a manual call to flush. This fixes logging of progress indicators and similar content.
   gh-65784: Add support for parametrized resource wantobjects in regrtests, which allows to run Tkinter tests with the specified value of tkinter.wantobjects, for example -u wantobjects=0.
   gh-143553: Add support for parametrized resources, such as -u xpickle=2.7.
   gh-142836: Accommodated Solaris in test_pdb.test_script_target_anonymous_pipe.
   gh-129401: Fix a flaky test in test_repr_rlock that checks the representation of multiprocessing.RLock.
   bpo-31391: Forward-port test_xpickle from Python 2 to Python 3 and add the resource back to test’s command line.
   Security
   gh-144125: BytesGenerator will now refuse to serialize (write) headers that are unsafely folded or delimited; see verify_generated_headers. (Contributed by Bas Bloemsaat and Petr Viktorin in gh-121650).
   gh-143935: Fixed a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs.
   gh-143925: Reject control characters in data: URL media types.

    [96 lines not shown]
VersionDeltaFile
1.12+17-1lang/python313/PLIST
1.19+4-4lang/python313/distinfo
1.13+4-4lang/py313-html-docs/distinfo
1.8+3-3lang/py313-html-docs/PLIST
1.13+2-2lang/python313/dist.mk
1.13+2-2lang/py313-html-docs/Makefile
+32-161 files not shown
+33-187 files

NetBSD/pkgsrc tpQQzxmdoc CHANGES-2026

   doc: Added net/xfr version 0.3.0
VersionDeltaFile
1.898+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc jsRorKJnet Makefile

   net/Makefile: + xfr
VersionDeltaFile
1.1624+2-1net/Makefile
+2-11 files

NetBSD/pkgsrc XTS85I4net/xfr distinfo cargo-depends.mk, net/xfr/patches patch-.._vendor_nix-0.29.0_src_net_if__.rs

   net/xfr: import xfr-0.3.0

   Packaged for wip by pin@

   A fast, modern network bandwidth testing tool with TUI. Built in Rust as an
   iperf replacement.

   Features:
    - Live TUI with real-time throughput graphs and per-stream stats
    - Server dashboard - xfr serve --tui for monitoring active tests
    - Multi-client server - handle multiple simultaneous tests
    - TCP and UDP with configurable bitrate and parallel streams
    - Bidirectional testing - measure upload and download simultaneously
    - Multiple output formats - plain text, JSON, JSON streaming, CSV
    - Result comparison - xfr diff to detect performance regressions
    - LAN discovery - find xfr servers with mDNS (xfr discover)
    - Prometheus metrics - export stats for monitoring dashboards
    - Config file - save defaults in ~/.config/xfr/config.toml
    - Environment variables - XFR_PORT, XFR_DURATION overrides
VersionDeltaFile
1.1+1,146-0net/xfr/distinfo
1.1+382-0net/xfr/cargo-depends.mk
1.1+26-0net/xfr/Makefile
1.1+16-0net/xfr/patches/patch-.._vendor_nix-0.29.0_src_net_if__.rs
1.1+15-0net/xfr/DESCR
1.1+4-0net/xfr/PLIST
+1,589-06 files

NetBSD/pkgsrc KDU2nqTdoc CHANGES-2026

   Updated textproc/py-orjson, devel/py-pooch
VersionDeltaFile
1.897+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc M2r0x7tdevel/py-pooch distinfo Makefile

   py-pooch: updated to 1.9.0

   1.9.0

   Breaking changes:

   Drop support for Python 3.7 and 3.8.

   Bug fixes:

   Explicitly pass filter to TarFile.extractall on Python >=3.12. Pass a filter="data" argument to TarFile.extractall to prevent dangerous security issues. The filter argument was added in Python 3.12, so only pass it on versions greater or equal than that. This change matches the default behaviour that will take place since Python 3.14.
   Fix TQDM usage. Newer versions of tqdm behave differently at a terminal vs in a jupyter notebook. Import from tqdm.auto instead so that the downloader looks right in either a notebook or the terminal.
   Fix bug in file hashing on FIPS enabled system. Set userforsecurity=False on hashlib hashing algorithms to make FIPS enabled systems happy.

   New features:

   Set User-Agent in requests headers for DOI downloaders. Pass a custom User-Agent when making requests through DOI downloaders in order to bypass limit rates imposed by services like Zenodo to block abusive requests. The can now filter requests coming from Pooch from the rest. Add a global REQUESTS_HEADERS variable that is used by the doi_to_url function (which requires to make a request to doi.org to figure out the service provider). Add a new headers argument to the DOIDownloader to specifically pass requests headers. By default it'll use the Pooch's default user agent.
   Extend support for Python 3.13 and Python 3.14.
   Provide more descriptive errors when DOI request fails. Raise the requests response to provide more informative errors when the status code is between 400 and 600.
VersionDeltaFile
1.7+4-4devel/py-pooch/distinfo
1.10+2-3devel/py-pooch/Makefile
1.7+4-1devel/py-pooch/PLIST
+10-83 files

NetBSD/pkgsrc xe3Bq33textproc/py-orjson distinfo cargo-depends.mk

   py-orjson: updated to 3.11.7

   3.11.7

   Use a faster library to serialize float. Users with byte-exact regression
   tests should note positive exponents are now written using a +, e.g.,
   1.2e+30 instead of 1.2e30. Both formats are spec-compliant.
   ABI compatibility with CPython 3.15 alpha 5 free-threading.
VersionDeltaFile
1.22+34-34textproc/py-orjson/distinfo
1.17+10-10textproc/py-orjson/cargo-depends.mk
1.26+2-2textproc/py-orjson/Makefile
+46-463 files

NetBSD/pkgsrc K2o8cJWdoc CHANGES-2026

   Updated www/py-asgiref, devel/py-queuelib
VersionDeltaFile
1.896+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc 3BSo0OQdevel/py-queuelib distinfo Makefile

   py-queuelib: updated to 1.9.0

   Version 1.9.0

   * Added support for Python 3.14
   * Removed support for Python 3.9 and PyPy 3.10
   * Improved linting and CI configuration
VersionDeltaFile
1.9+4-4devel/py-queuelib/distinfo
1.10+2-2devel/py-queuelib/Makefile
+6-62 files

NetBSD/pkgsrc fvKN3Lcwww/py-asgiref distinfo Makefile

   py-asgiref: updated to 3.11.1

   3.11.1 (2026-02-03)

   * SECURITY FIX CVE-2025-14550: There was a potential DoS vector for users of
     the ``asgiref.wsgi.WsgiToAsgi`` adapter. Malicious requests, including an unreasonably
     large number of values for the same header, could lead to resource exhaustion
     when building the WSGI environment.

     To mitigate this, the algorithm is changed to be more efficient, and
     ``WsgiToAsgi`` gains a new optional ``duplicate_header_limit`` parameter,
     which defaults to 100. This specifies the number of times a single header may
     be repeated before the request is rejected as malformed.

     You may override ``duplicate_header_limit`` when configuring your application::

         application = WsgiToAsgi(wsgi_app, duplicate_header_limit=200)

     Set ``duplicate_header_limit=None`` if you wish to disable this check.

    [3 lines not shown]
VersionDeltaFile
1.38+4-4www/py-asgiref/distinfo
1.41+2-2www/py-asgiref/Makefile
+6-62 files

NetBSD/pkgsrc KzWS3TDdoc CHANGES-2026

   Updated devel/py-proto-plus, misc/py-tqdm
VersionDeltaFile
1.895+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc LV5M9Uumisc/py-tqdm distinfo Makefile

   py-tqdm: updated to 4.67.3

   4.67.3
   fix py3.7 dependencies
VersionDeltaFile
1.47+4-4misc/py-tqdm/distinfo
1.55+2-2misc/py-tqdm/Makefile
+6-62 files

NetBSD/pkgsrc ANqEe93devel/py-proto-plus distinfo Makefile

   py-proto-plus: updated to 1.27.1

   1.27.1

   Bug Fixes

   remove float_precision for protobuf 7
VersionDeltaFile
1.10+4-4devel/py-proto-plus/distinfo
1.12+2-2devel/py-proto-plus/Makefile
+6-62 files

NetBSD/pkgsrc AlfD2cedoc CHANGES-2026

   Updated security/py-acme, security/py-certbot*
VersionDeltaFile
1.894+18-1doc/CHANGES-2026
+18-11 files

NetBSD/pkgsrc xDHozqGsecurity/py-acme distinfo

   py-acme py-certbot*: updated to 5.3.0

   5.3.0

   Added

   A new command line flag, --ip-address, has been added. This requests certificates with IP address SANs when using the standalone or manual plugin. Note that for Let's Encrypt's implementation of IP address certificates, you'll also need to pass --preferred-profile shortlived.

   Changed

   Deploy directory hooks are now also run when using certbot certonly or certbot run to get a new cert. This change was made for pre and post directory hooks in our 3.2.0 release so this change unifies Certbot's behavior here.
   A few largely unused functions/types have been deprecated in our effort to remove our pyOpenSSL dependency:
   * Deprecated: certbot.crypto_util.get_sans_from_cert
   * Deprecated: certbot.crypto_util.get_names_from_cert
   * Deprecated: certbot.crypto_util.get_names_from_req
   * Deprecated: certbot.crypto_util.import_csr_file (and replaced by certbot.crypto_util.read_csr_file)
   * Deprecated: acme.crypto_util.Format
   achallenges.KeyAuthorizationAnnotatedChallenge, achallenges.DNS, and achallenges.Other have a new field identifier, of type acme.messages.Identifier. This should be used in place of the domain field, which is now deprecated both as an attribute and during object creation.
   Authenticator.get_chall_pref's argument has been renamed from domain to identifier, and can now receive string-formatted IP addresses in addition to domain names.

    [6 lines not shown]
VersionDeltaFile
1.73+4-4security/py-acme/distinfo
+4-41 files

NetBSD/pkgsrc hdEU1OIsecurity/py-certbot-apache distinfo, security/py-certbot-dns-cloudflare distinfo

   py-acme
VersionDeltaFile
1.68+4-4security/py-certbot-dns-dnsimple/distinfo
1.73+4-4security/py-certbot-apache/distinfo
1.16+4-4security/py-certbot-dns-cloudflare/distinfo
1.61+4-4security/py-certbot-dns-digitalocean/distinfo
1.68+4-4security/py-certbot-dns-dnsmadeeasy/distinfo
1.68+4-4security/py-certbot-dns-gehirn/distinfo
+24-2412 files not shown
+70-7018 files

NetBSD/pkgsrc cxGE5yWdoc CHANGES-2026

   Updated lang/nodejs, archivers/zlib-ng
VersionDeltaFile
1.893+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc CsGWmqJarchivers/zlib-ng distinfo Makefile

   zlib-ng: updated to 2.3.3

   2.3.3

   Bug fixes

   Make deflate output deterministic if stream is reused after deflateReset
   minigzip: Fix integer overflow in gz_compress_mmap
   Use GCC's may_alias attribute for access to buffers in crc32_chorba
   Fix false-positive infinite loop warning detected by GCC-14 static analyzer
   Fix warning for potentially uninitialized local variable ft used.

   Tests

   Fixed casting warning in benchmark_uncompress on MSVC
VersionDeltaFile
1.11+4-4archivers/zlib-ng/distinfo
1.12+2-2archivers/zlib-ng/Makefile
+6-62 files

NetBSD/pkgsrc CcB97Whlang/nodejs PLIST distinfo

   nodejs: updated to 25.6.0

   25.6.0 (Current)

   Notable Changes

   - (SEMVER-MINOR) async_hooks: add trackPromises option to createHook() (Joyee Cheung)
   - (SEMVER-MINOR) net: add setTOS and getTOS to Socket (Amol Yadav)
   - (SEMVER-MINOR) src: add initial support for ESM in embedder API (Joyee Cheung)
   - src: improve TextEncoder encode performance with simdutf (Mert Can Altin)
   - (SEMVER-MINOR) stream: add bytes() method to node:stream/consumers (wantaek)
   - (SEMVER-MINOR) test_runner: add env option to run function (Ethan Arrowood)
   - url: update Ada to v3.4.2 and support Unicode 17 (Yagiz Nizipli)
VersionDeltaFile
1.95+13-32lang/nodejs/PLIST
1.311+4-4lang/nodejs/distinfo
1.341+2-3lang/nodejs/Makefile
+19-393 files

NetBSD/pkgsrc SNymKYhshells/rssh Makefile

   rssh: switch to sourceforge, other site is dead
VersionDeltaFile
1.21+2-2shells/rssh/Makefile
+2-21 files

NetBSD/pkgsrc FwycfWEnet/rp-pppoe Makefile

   rp-pppoe: comment out dead site
VersionDeltaFile
1.44+3-3net/rp-pppoe/Makefile
+3-31 files

NetBSD/pkgsrc 8ZGwn5Jgames/robotfindskitten Makefile

   robotfindskitten: switch to https
VersionDeltaFile
1.7+3-4games/robotfindskitten/Makefile
+3-41 files

NetBSD/pkgsrc 6vl3Ni2devel/librlog Makefile

   librlog: comment out dead site
VersionDeltaFile
1.8+3-4devel/librlog/Makefile
+3-41 files

NetBSD/pkgsrc feJqQaslang/forth-retro Makefile

   forth-retro: comment out dead site
VersionDeltaFile
1.4+3-3lang/forth-retro/Makefile
+3-31 files

NetBSD/pkgsrc 6auMUO1devel/Renaissance Makefile

   Renaissance: comment out dead site

   XXX: project has no updates since 2008, remove?
VersionDeltaFile
1.53+3-3devel/Renaissance/Makefile
+3-31 files

NetBSD/pkgsrc YJBUUzPdoc CHANGES-2026 TODO

   doc: Updated security/gnupg2 to 2.5.17
VersionDeltaFile
1.892+2-1doc/CHANGES-2026
1.26759+1-2doc/TODO
+3-32 files