p5-YAML-Syck: update to 1.45.
1.45 Apr 23 2026
[Bug Fixes]
- Fix: use syck_base64_free() to fix Windows "Free to wrong pool" crash
in base64 encode/decode buffers; also plugs a memory leak (PR #189)
- Fix: clear type tag on blessed scalar alias early-return so the stale
tag no longer leaks onto the next emitted item (GH #193, PR #194)
- Fix: negative float#base60 values produce wrong results; strip sign
before accumulating and avoid negative zero for portable
stringification (PR #191)
- Fix: prevent memory leaks when Load/LoadJSON croak on parse errors
(PR #192)
[Maintenance]
- Test: add coverage for SortKeys and JSON MaxDepth (PR #188)
- Test: add error handling coverage for LoadFile/DumpFile (PR #190)
- Update README
[149 lines not shown]
p5-libwww: update to 6.83.
6.83 2026-05-12 11:41:48Z
- LWP::UserAgent now strips Authorization and Proxy-Authorization headers
on cross-origin redirects (a different scheme, host, or port) to prevent
credential leakage to the redirect target. Same-origin redirects retain
credentials. Opt out with allow_credentialed_redirects => 1.
CVE-2026-8368 reported by Kai Zen; PoC and initial patch by Stig
Palmquist.
- LWP::UserAgent now refuses https to http redirects by default to prevent
leaking remaining request headers and bodies over plaintext. Opt in with
allow_downgrade => 1. Related hardening alongside CVE-2026-8368; PoC by
Stig Palmquist.
graphics/lcms2: Update to 2.19.1
This is a bugfix release.
Note that one can use cmake, but upstream has not yet declared that to
be the official build system, so decline to switch. (As usual, the
autoconf build works fine.)
py-mypy: updated to 2.1.0
2.1
librt.vecs: Fast Growable Array Type for Mypyc
librt.random: Fast Pseudo-Random Number Generation
Mypyc Improvements
Fixes to Crashes
Changes to Messages
Other Notable Fixes and Improvements
- Rely on typeshed stubs for `slice` typing
- Improve negative narrowing for membership checks on tuples
- Narrow match captures based on previous cases
- Fix nondeterminism in overload resolution
- Respect file config comments for stale modules
- Fix JSON output mode for syntax errors in parallel mode
- Fix type variable with values as a supertype
- Add support for configuring `--num-workers` with an environment variable
- Respect JSON output mode for syntax errors
- Analyze `TypedDict` decorators
py-ast-serialize: added version 0.3.0
This is a fast Python extension for parsing Python files and serializing the
AST using the native binary format used by mypy. This will eventually replace
the current mypy parser, which uses the Python stdlib ast module for parsing.
py-tempora: updated to 5.9.0
v5.9.0
Features
- Schedule.PeriodicCommand objects now retain custom attributes across 'next' instances.
- DelayedCommand now renders the target and execution time in __str__.
py-reportlab: updated to 4.5.0
CHANGES 4.5.0 27/02/2026
* shapes.py fix Group.asDrawing
* fix __rl_get_module__ for Python 3.15
* moved extformat.py elsewhere
* added combineTransforms
* improve colors.cssParse suggested by moritz dot schreiber at tu-ilmenau dot de
* change None to mean no-draw in acroform.py: Cozmin Velciu cozmin dot velciu at gmail dot com
* extend allowTableBoundsErrors scope: James Beith james dot beith at kraken dot tec