py-braintree: updated to 4.43.0
4.43.0
Add Local Payment Context support with LocalPaymentContextGateway.create and LocalPaymentContextGateway.find methods
Add support for MBWAY and CRYPTO payment types
Add acquirerReferenceNumber to transaction search object
Add international_phone to Customer in Transaction
Deprecate merchant create functionality
Remove account_funding_transaction from the Transaction request
Add api_request_key (idempotency) support for Transaction.sale(), Transaction.credit(), Transaction.submit_for_settlement(), Transaction.submit_for_partial_settlement(), Transaction.void(), and Transaction.refund()
Add surchargeAmount to transaction object
Add max_connection_idle_seconds for request configuration
Add support for apple pay card verifications
gpgme: updated to 2.1.0
Noteworthy changes in version 2.1.0 (2026-05-18)
* New flags "is_de_vs" and "beta_compliance" for encryption results.
* New decryption flag GPGME_DECRYPT_SESSION_HASH and new field
session_hash in gpgme_decrypt_result_t. For details see the gpg
option --show-session-key.
* Setting of attributes for CMS signatures is now supported via
gpgme_sig_notation_add.
* New context flag "export-filter".
* Extend the internal gpgsm_assuan_simple_command to consume all
received lines. This fixes a possible lockup introduced by the
fix for T7759.
[19 lines not shown]
py-django-cms: updated to 5.0.7
5.0.7
docs: Remove reference to page_moved signal which is never called
fix: Keep GET params when toggling structure mode
fix: slug and overwrite_url caching failed in read-only change_views
fix: Add missing pin icon for external placeholders
fix: Chunk size was missing for plugin queryset.iterator()
fix: Proxy models of CMSPlugin were not downcasted correctly
fix: Inline editing could circumvent permissions
fix: Fallback languages rendered empty (when not redirecting)
fix: DiffDOM sometimes left garbled head section
fix: Add page_title parameter to cms.api.create_page function
fix: XSS vulnerability in validator error message
fix: Deleting a non-local plugin did not refresh the screen
fix: Compatibility shim for Page.objects.order_by used non-existing fields
fix: Convert value to string in ApplicationConfigSelect.
fix: Migrations with a custom user model caused a Programming error
[4 lines not shown]
py-django-formtools: updated to 2.6.1
2.6.1 (2026-05-16)
- Add missing .mo files for translations updated in 2.6
- Add support for Django 6.0
2.6 (2026-05-16)
- Fix form validation in default templates
- Exclude tests from wheels
- Improved performance when using condition_dict
- Dropped support for Python < 3.9 and Django < 4.2
- Added support for Django 5.1/5.2
- Updated translations
py-django-modelcluster: updated to 6.5
6.5 (01.05.2026)
* Preliminary Django 6.1 support (Sage Abdullah)
* Implement `none` method on FakeQuerySet (Victor Miti)
* Fix: Recursively copy child relations on `copy_cluster`, `copy_all_child_relations` and `copy_child_relation` (Jakub Musil, Matt Westcott)
* Fix: Fix behavior of ParentalManyToManyFields and `prefetch_related()` supplied with a lookup queryset (Bernhard Bliem)
* Fix: Prevent `ClusterForm` creating duplicates when unsaved child objects exist on both initial instance and form data (Alex Tomkins)
* Maintenance: Migrate setup.py to pyproject.toml (Storm Heg)
* Maintenance: Add tooling for linting / formatting (Storm Heg)
* Maintenance: Set up nightly testing against Django main branch (Storm Heg)
* Maintenance: Set up PyPI trusted publishing (Storm Heg)
py-django-import-export: updated to 4.4.1
4.4.1
- Refactor lookup value retrieval in Field and CachedForeignKeyWidget
- Fix CachedForeignKeyWidget type mismatch on non-string lookup fields
py-django-polymorphic: updated to 4.11.3
4.11.3
Bump requests from 2.32.5 to 2.33.0
Bump cryptography from 46.0.5 to 46.0.6
Bump pygments from 2.19.2 to 2.20.0
Bump pytest from 9.0.2 to 9.0.3
Bump cryptography from 46.0.6 to 46.0.7
Bump the gha-updates group with 7 updates
jazzband -> django-commons updates
🤖 Update Code of Conduct 🤖
upgrade lock file, upgrade type checking, cut release for django-commons
move codecov from token to oidc
fix release workflow
py-setuptools-gettext: updated to 0.1.18
0.1.18
Add support for locale/<code>/LC_MESSAGES/<domain>.po layout
Allow configuring the msgfmt compiler in pyproject.toml
Include .po files in sdist and run build_mo via python -m build
py-greenlet: updated to 3.5.0
3.5.0
- Remove the ``atexit`` callback. This callback caused greenlet APIs
to become unavailable far too soon during interpreter shutdown. Now
they remain available while all ``atexit`` callbacks run. Sometime
after ``Py_IsFinalizing`` becomes true, they may begin misbehaving.
Because the order in which C extensions are finalized is undefined,
C extensions that are sensitive to this need to check the results of
that function before invoking greenlet APIs. As a convenience,
``PyGreenlet_GetCurrent`` sets an exception and returns ``NULL``
when this happens (and ``greenlet.getcurrent`` begins returning
``None``); other greenlet C API functions have undefined behaviour.
Methods invoked directly on pre-existing ``greenlet.greenlet``
objects will continue to function at least until the greenlet C
extension has been garbage collected and finalized.
py-bitstring: updated to 4.4.0
4.4.0
This version adds a new optional Rust-based backend. This is turned off by default so
shouldn't affect users. The new backend uses the `tibs` library, which is
by the same author as `bitstring` and should allow some nice optimisations as
the whole stack can work together.
py-tibs: added version 0.7.0
tibs is a simple but powerful Python library for creating, interpreting and
manipulating binary data. It is 100% written in Rust to give it excellent
performance, and is from the same author as the bitstring library.
py-hypothesis: updated to 6.152.9
6.152.9
This release substantially improves our internal distribution for
generating integers. This release has the most visible effect on
"integers()", but may incidentally improve other strategies which draw
integers internally.
Our integers distribution had two problems. First, it had jagged
discontinuities at certain values where we switched sampling
approaches. Second, it used a different distribution for bounded and
unbounded ranges, which resulted in "st.integers()" and
"st.integers(-264, 264)" producing very different distributions
despite being semantically similar.
We now use a smooth distribution for both "st.integers()" and
"st.integers(a, b)", which fixes both of these issues. This should
substantially improve our testing power in certain cases.
[4 lines not shown]
py-twisted: updated to 26.4.0
Twisted 26.4.0 (2026-05-11)
This is the last release with support for Python 3.9.
No changes since 26.4.0rc2.
Security
- twisted.names was fix for Denial of Service (DoS) attack via resource exhaustion during DNS name decompression.
Reported and fixed by Tomas Illuminati Balbin CVE-2026-42304
Features
- twisted.internet.ssl.CertificateOptions has a new constructor argument, contextForServerName, which takes a callback that will get invoked when a client sends a server name indication, with the sent servername, and returns a new OpenSSL.SSL.Context that the connection will switch to.
- twisted.internet.endpoints.serverFromString now supports the `tls` endpoint
type, which allows you to do `twist web
--listen=tls:.../certbot-dir/config/live` pointed at a certbot live
configuration directory and have your certbot certificates automatically
[27 lines not shown]
py-libusb1: updated to 3.4.0
3.4.0
Resolve a python 3.14 deprecation warning about packed ctypes structs.
Bundle libusb1 dll 1.0.29 in Windows wheels.
Fix a licence inconsistency: the old pypi classifier was refering to the LGPL2+ instead of the LGPL2.1+
