resterm: Update to 0.46.2
v0.46.2
What' New
When the update check finds a newer version, the version section of the status bar shows both your current version and the latest one, joined by a "?" icon. Example: ? v0.46.1 ? v0.46.2
Increased startup latency animation to 1s.
v0.46.1
This release rebuilds how resterm updates itself. Downloads are now verified end to end against checksums served by the GitHub release API, the new binary has to prove it is the right release before it replaces the current one.
Verified self-updates
resterm --update now verifies every download against the sha256 digest the GitHub release API publishes for each asset. There is no separate checksum file to fetch anymore - the expected hash arrives with the release metadata and the downloaded binary must match it exactly.
Verification is mandatory. A missing digest, a size mismatch or a checksum mismatch aborts the update and leaves the current install untouched.
As a final check, the downloaded binary is executed with --version and must report the release it claims to be before it is moved into place.
The new binary is staged next to the current one and swapped in with an atomic rename. On Windows the update now installs in place instead of waiting for a restart: the previous executable stays beside the new one as resterm.exe.old and is cleaned up by the next update once no process is still running it.
Safer installs
install.sh and install.ps1 verify the downloaded binary against the release API digest before installing and refuse to install when the checksum does not match.
[4 lines not shown]
py-tzdata: updated to 2026.3
2026.3
Briefly:
Alberta moved to permanent -06 on 2026-06-18. Morocco moves to permanent +00 on
2026-09-20. More integer overflow bugs have been fixed in zic.
py-discid: updated to 1.4.2
Changes in 1.4.2 (2026-07-10):
* Provide Python wheel on PyPI.
* Removed remaining Python 2 specific code from ``util.py``.
cargo-deny: updated to 0.20.2
0.20.2
Fixed
- fixed snapshot filenames on Windows which caused the release binary publish to fail...again.
0.20.1
Fixed
- fixed snapshot filenames on Windows which caused the release binary publish to fail.
0.20.0
Changed
- refactored the CLI, moving some duplicated options/flags into the root and removing several deprecated options/flags/values. See the PR for a full list of changes.
Added
- resolved 873 by adding a new [`bans.std-replacements`](https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html#the-std-replacements-field-optional) lint which checks the graph for crates.io sourced crates that have been partially or fully replaced in `std` and/or `core`.
Fixed
- resolved 765 by respecting non-default build script paths in manifests.
- resolved 874 by cleaning up the CLI, deduplicating some options/flags that caused bug in the `list` subcommand.
py-cffi: updated to 2.1.0
2.1.0
Added the cffi-gen-src command-line tool (also invocable as python -m cffi.gen_src), which generates CFFI C extension source code, so that a build backend such as meson-python can build the extension. See Generating C Sources for CFFI Extensions for details. Integrated from the cffi-buildtool project by Rose Davidson.
Added support for arm64 iOS wheels.
Dropped support for Python 3.9.
Added support for Python 3.15 and support for C extensions generated by CFFI to target the new abi3t free-threaded ABI.
Avoid crashes inside of __delitem__.
Avoid “string too big” error under MSVC.
Fix mingw builds.
py-build: updated to 1.5.1
1.5.1 (2026-07-09)
Features
- Add ``--report=PATH`` to write a machine-readable JSON report of built artifacts; ``--metadata`` now also accepts
``.whl`` files - by :user:`gaborbernat` (:issue:`198`)
- The ``srcdir`` argument now accepts ``.tar.gz`` source distributions, extracting and building from them - by
:user:`gaborbernat` (:issue:`311`)
- The "Unmet dependencies" error from ``--no-isolation`` builds now shows the wanted version, found version, and
interpreter - by :user:`gaborbernat` (:issue:`504`)
- Add ``--sdist-extract-dir`` to extract the intermediate sdist into a persistent directory, enabling compiler cache reuse
across rebuilds - by :user:`gaborbernat` (:issue:`614`)
- Add ``--env-dir`` to place the isolated build environment at a fixed path, enabling compiler cache reuse across builds -
by :user:`gaborbernat` (:issue:`655`)
- Print a summary of resolved dependency versions (``name==version``) after installing them in isolated builds - by
:user:`gaborbernat` (:issue:`959`)
- On build failure, print a tip pointing to ``--env-dir`` and ``--sdist-extract-dir`` for debugging and link to the "Debug
[26 lines not shown]
memcached: updated to 1.6.45
1.6.45
Fixes
proxy: extra warning for user config error
proto: convert more strto calls
proto: meta preparse F flag fix
proxy: fix res:line() returning wrong response
proxy: fix overread of spaces for large gets
ascii: safely convert flag args to numerics
ascii: fix unlocked refcount-- on error path
proxy: key filter null byte written to wrong place
proxy: fix detail len clamp in request logging
proxy: enforce minimum rate limit
ascii: fix refcount leak on ms parse error
proxy: reserve enough log space for proxy BE_EVENT
network: fix segfault on OOM during net read
[16 lines not shown]
rclone: updated to 1.74.4
1.74.4
Bug Fixes
accounting
Fix goroutine leak in ResetCounters (Nick Craig-Wood)
Fix goroutine leak in NewStatsGroup for zero-transfer rc jobs (Sanjays2402)
archive extract: Fix path traversal letting archives escape the destination CVE-2026-59732 (Nick Craig-Wood)
build
Fix multiple CVEs by upgrading to go1.26.5 (Nick Craig-Wood)
CVE-2026-39822: os: Root escape via symlink plus trailing slash
CVE-2026-42505: crypto/tls: Encrypted Client Hello privacy leak
Update golang.org/x/image to v0.43.0 to fix image decoding vulnerabilities (Nick Craig-Wood)
CVE-2026-46604: panic decoding a TIFF image with an out-of-bounds strip offset
CVE-2026-46602: unbounded memory use from lack of a limit on TIFF tile sizes
CVE-2026-46601: panic on a WEBP VP8 alpha channel size mismatch
CVE-2026-33813: panic decoding a large WEBP image on 32-bit platforms
cmd/mount2
[43 lines not shown]
py-django5: updated to 5.2.16
Django 5.2.16 fixes three security issues with severity “low” in 5.2.15.
CVE-2026-48588: Potential exposure of private data via cached Set-Cookie response
CVE-2026-53877: Heap buffer over-read in GDALRaster
CVE-2026-53878: Header injection possibility since DomainNameValidator accepted newlines in input
py-django: updated to 6.0.7
6.0.7
Django 6.0.7 fixes three security issues with severity “low” and one bug in 6.0.6.
CVE-2026-48588: Potential exposure of private data via cached Set-Cookie response
CVE-2026-53877: Heap buffer over-read in GDALRaster
CVE-2026-53878: Header injection possibility since DomainNameValidator accepted newlines in input
Bugfixes
Fixed a regression in Django 6.0 where the PBKDF2 and MD5 password hashers
raised UnicodeDecodeError for bytes passwords that were not valid UTF-8.
Passwords supplied as str or as UTF-8 bytes are unaffected
py-stone: updated to 3.4.0
3.4.0
Breaking changes
Requires Python 3.11 or later. Python 2.7 and 3.5–3.10 are no longer supported
The six dependency has been removed; Stone is now pure Python 3
Highlights
Python 3 modernization — dropped six, removed Python 2 compatibility shims, fixed datetime.utcnow() deprecations, and set python_requires>=3.11 with CI coverage through Python 3.14
Output manifest mode — generate and validate a manifest of generated output paths, with outputs kept under the output root.
Recursive spec directories — spec directory arguments can now be expanded recursively.
Reproducible Obj-C output — Obj-C backend output is now stabilized/deterministic
Fixes
Fixed invalid except [list] syntax in HashRedactor that raised TypeError on redaction
py-peewee: updated to 4.1.2
4.1.2
* Ensure quotes escaped in SQLite introspection methods, thanks @greymoth-jp
for reporting and the initial patch.
* Allow TimestampField to accept an iso-formatted str.
* Add key-existence predicates (`has_key`, `has_keys`, `has_any_keys`) to the
core `JSONField` on SQLite, implemented with `json_type()`.
* Add containment predicates (`contains`, `contained_by`) to the core
`JSONField` on SQLite via a registered `_pw_json_contains` UDF that emulates
Postgres' `@>` semantics (structural, level-aligned). The core `JSONField`
now has full predicate parity across SQLite, Postgres, and MySQL/MariaDB.
netcdf: updated to 4.10.1
4.10.1 - July 6, 2026
* Fixed outstanding CVE issues.
* Added new functions `nc_set_meta_block_size()` and `nc_get_meta_block_size()`, to allow for runtime modification of downstream `libhdf5` block size.
* Use TARGETS to install plugins
* Have hdf4 tests include MFHDF_H_INCLUDE_DIR
* Testing a fix for libhdf4 + jpeg + cmake
* add big-endian CI run and fix endian issues in test and hdf5var.c
* documentation fixes
* Fix tst_h_files4.c compatibility with HDF5 API version defaulting
* Updated nc-config.cmake.in to extend functionality of --libs-ac-syntax
* Updated the man pages
* CI fix
* fix cmode bug
* CI: Switch from miniconda to micromamba
* fix docs in libhdf4, libhdf5, and libsrcp
* documentation fixes for liblib and examples
[35 lines not shown]
update transmission (and -gtk, and -qt, and -common) to 4.1.3
Fixed a CORS bug that leaked the anti-CSRF nonce. (#8938)
Fixed a use-after-free bug in peer code. (#8921)
Fixed build error when compiling with fmt 12.2.0. (#8942)
Fixed a 4.1.2 build error in tests. (#8881)