python314 py314-html-docs: updated to 3.14.2
Python 3.14.2
Security
gh-142145: Remove quadratic behavior in xml.minidom node ID cache clearing.
gh-119452: Fix a potential memory denial of service in the http.server module. When a malicious user is connected to the CGI server on Windows, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes.
Library
gh-140797: Revert changes to the undocumented re.Scanner class. Capturing groups are still allowed for backward compatibility, although using them can lead to incorrect result. They will be forbidden in future Python versions.
gh-142206: The resource tracker in the multiprocessing module now uses the original communication protocol, as in Python 3.14.0 and below, by default. This avoids issues with upgrading Python while it is running. (Note that such ‘in-place’ upgrades are not tested.) The tracker remains compatible with subprocesses that use new protocol (that is, subprocesses using Python 3.13.10, 3.14.1 and 3.15).
gh-142214: Fix two regressions in dataclasses in Python 3.14.1 related to annotations.
An exception is no longer raised if slots=True is used and the __init__ method does not have an __annotate__ attribute (likely because init=False was used).
An exception is no longer raised if annotations are requested on the __init__ method and one of the fields is not present in the class annotations. This can occur in certain dynamic scenarios.
[6 lines not shown]
python313 py313-html-docs: updated to 3.13.11
Python 3.13.11
Security
gh-142145: Remove quadratic behavior in xml.minidom node ID cache clearing.
gh-119451: Fix a potential memory denial of service in the http.client module. When connecting to a malicious server, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes.
gh-119452: Fix a potential memory denial of service in the http.server module. When a malicious user is connected to the CGI server on Windows, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes.
Library
gh-140797: Revert changes to the undocumented re.Scanner class. Capturing groups are still allowed for backward compatibility, although using them can lead to incorrect result. They will be forbidden in future Python versions.
gh-142206: The resource tracker in the multiprocessing module now uses the original communication protocol, as in Python 3.14.0 and below, by default. This avoids issues with upgrading Python while it is running. (Note that such ‘in-place’ upgrades are not tested.) The tracker remains compatible with subprocesses that use new protocol (that is, subprocesses using Python 3.13.10, 3.14.1 and 3.15).
Core and Builtins
gh-142218: Fix crash when inserting into a split table dictionary with a non str key that matches an existing key.
py-django-allauth: updated to 65.13.1
65.13.1
Note worthy changes
- Django 6.0 is now officially supported.
Fixes
- Internal imports related to headless token strategies were causing (harmless)
deprecation warnings, fixed.
- Pending social signups stored in the session by allauth versions prior to
65.5.0 are not resumable by newer versions. This could cause 500s while
upgrading, fixed.
- Headless: the reauthentication-required response in the OpenAPI specification
was wrongly nested and did not match the actual implementation, fixed.
ansible-lint: updated to 25.12.1
25.12.1
Features
feat(action): Allow users to override python_version
Fixes
fix: avoid stacktrace when ansible syntax check does not return filename
fix: change setup-python action to specific commit
fix: autofix comments missing space after hash
Maintenance
chore(deps): update all dependencies
chore: pre-commit autoupdate
chore: adopt pytest>=9.0.0 config
chore(deps): update all dependencies
ansible-core: updated to 2.20.1
v2.20.1
Bugfixes
- Fix ``AnsibleModule.human_to_bytes()``, which was never adjusted after the standalone ``human_to_bytes()`` got a new parameter ``default_unit`` (https://github.com/ansible/ansible/pull/85259).
- Variable loading now uses file source instead of variables when invalidly formmated vars file is loaded.
- ansible-test - The runtime-metadata sanity test now ignores pre-release and build identifiers in collection versions. This prevents errors if a tombstone version is ``X.0.0``, while the collection's version is ``X.0.0-prerelease`` (https://github.com/ansible/ansible/issues/85193)."
- display - Fix ``getuser`` fallback error handling on Python 3.13 and later. (https://github.com/ansible/ansible/issues/86142)
- first_found - Correct the "Include tasks only if one of the files exists, otherwise skip" example.
- get_url - fix regex for GNU Digest line which is used in comparing checksums (https://github.com/ansible/ansible/issues/86132).
- local connection - Fix ``getuser`` fallback error handling on Python 3.13 and later.
v2.20.0
Major Changes
- ansible - Add support for Python 3.14.
[2 lines not shown]
x11/lxqt-notificationd: update to 2.3.1
lxqt-notificationd-2.3.1 / 2025-12-04
======================================
* Fixed an old bug that interfered with the time-out after the cursor left the notification window.
net/powerdns-recursor: Update to version 5.3.3
Provided by Marcin Gondek in wip.
5.3.3
Released: 8th of December 2025
Bug Fixes
Fix PowerDNS Security Advisory 2025-08: Insufficient validation of incoming notifies over TCP can lead to a denial of service in Recursor.
References: pull request 16618
5.3.2
Released: Never released publicly
musescore: update to 4.6.4
Changes in 4.6.4
Online sounds
Various optimisations and improved messaging for online sounds (Windows and macOS only)
Playback
VSTs now receive playback time position (enables synced video playback with the score)
Notated tempo BPM values are converted to playback speeds with greater precision
We've switched back to ALSA as the audio server on Linux (PipeWire is still available via Preferences)
Engraving
Slurs from grace notes to tied non-grace notes now stop at the first note of the tie
Parentheses around noteheads no longer touch ledger lines below the staff
Restored the ability to create frames with negative margins (not recommended)
Fixed display of invisible multimeasure rest numbers
[52 lines not shown]
