py-django-polymorphic: updated to 4.3.0
4.3.0
Support Q expressions that contain subquery expressions
Make related polymorphic object manager selection more robust to multiple inheritance scenarios.
Caching in inheritance accessor functions
update changelog
Multi-database support in inheritance accessors.
Include get_child_inlines() hook in stacked inline admin forms.
upgrade uv lockfile
fix docs errors
Resolve primary key name correctly.
Misc test fixes
remove dead code
bump version
py-exifread: updated to 3.5.1
3.5.1 — 2025-08-23
* Don't raise exception from decode_maker_note() if strict==False
3.5.0 — 2025-08-23
* Add support for JPEG XL
* Add Image SubIFDs decoding and Nikon Z 9 sample
* Make it easier to add new file types to testing
Update shells/bash to 5.3.9
One new (upstream) patch added. Fixes a SIGSEGV if a SIGINT is received
during a reverse i-search (readline issue - to the embedded readline).
py-acme py-certbot*: updated to 5.2.2
5.2.2
Fixed a regression that caused certbot to crash if multiple --webroot-path
values were set on the command line.
py-matplotlib: updated to 3.10.8
3.10.8
This is a bugfix release in the 3.10.x series.
The primary highlights of this release are:
Properly allow freethreaded mode in the MacOS backend
Better error handling for MacOS backend
libjpeg-turbo: updated to 3.1.3
3.1.3
Significant changes relative to 3.1.2:
1. Hardened the TurboJPEG API against hypothetical applications that may
erroneously call `tj*Compress*()` or `tj*Transform()` with a reused JPEG
destination buffer pointer while specifying a destination buffer size of 0.
2. Hardened the TurboJPEG API against hypothetical applications that may
erroneously set `TJPARAM_LOSSLESS` or `TJPARAM_COLORSPACE` prior to calling
`tj3EncodeYUV*8()` or `tj3CompressFromYUV*8()`. `tj3EncodeYUV*8()` and
`tj3CompressFromYUV*8()` now ignore `TJPARAM_LOSSLESS` and
`TJPARAM_COLORSPACE`.
3. Hardened the TurboJPEG Java API against hypothetical applications that may
erroneously pass huge X or Y offsets to one of the compression, YUV encoding,
decompression, or YUV decoding methods, leading to signed integer overflow in
[11 lines not shown]
www/chromium: update to 143.0.7499.40
* 143.0.7499.40
This update includes 13 security fixes. Below, we highlight fixes
that were contributed by external researchers. Please see the
Chrome Security Page for more information.
[$11000][456547591] High CVE-2025-13630: Type Confusion in V8.
Reported by Shreyas Penkar (@streypaws) on 2025-10-31
[$3000][448113221] High CVE-2025-13631: Inappropriate implementation
in Google Updater. Reported by Jota Domingos on 2025-09-29
[TBD][439058242] High CVE-2025-13632: Inappropriate implementation
in DevTools. Reported by Leandro Teles on 2025-08-16
[N/A][458082926] High CVE-2025-13633: Use after free in Digital
Credentials. Reported by Chrome on 2025-11-05
[TBD][429140219] Medium CVE-2025-13634: Inappropriate implementation
in Downloads. Reported by Eric Lawrence of Microsoft on 2025-07-02
[N/A][457818670] Medium CVE-2025-13720: Bad cast in Loader.
Reported by Chrome on 2025-11-04
[14 lines not shown]