py-xmltodict: updated to 0.15.1
0.15.1
Security: Further harden XML injection prevention during unparse (follow-up to v0.15.0). In addition to '<'/'>' rejection, now also reject element and attribute names (including @xmlns prefixes) that:
start with '?' or '!'
contain '/' or any whitespace
contain quotes (' or ") or '='
are non-strings (names must be str; no coercion)
arm-none-eabi-gdb: Add an option to use Python scripts
This option has been added because building this package on Linux
picked up the endemic system Python causing the PLIST to be
wrong.
Adding a Python option seemed more well-good mannered than simply
turning off GDB Python support on all platforms.
Update the arm-none-eabi and riscv64-none-elf toolchains.
These toolchains have been updated to
binutils-2.45
gcc-14.3.0
gdb-16.3
newlib-4.5.0.20241231
from
binutils-2.32
gcc-8.3.0
gdb-7.10
newlib-3.1.0 (4.4.0.20231231 for riscv64)
This affects
cross/arm-none-eabi-binutils
[9 lines not shown]
geography/proj-doc: Update to 9.6 and rototill
Upstream changed how they distribute doc bits (but the docs are
similar to how they were). Adapt, fetching a pdf with a bizarre URL,
and make multiple accomodations for pkgsrc not being happy about not
extracting a tarball. In the end this is simple; just fetch a pdf
from an odd URL and put it in share/doc, but there are a lot of
don't-do-that lines.
chat/toot: update to 0.50.1
# upstream changes (since 0.49.0)
* Fix urwidgets vendoring issue (#543)
* Add `toot timelines favourites` for showing your favourited (boosted)
statuses (thanks @kensanata)
* Add `toot polls show` for displaying a single poll by its ID
* Add `toot polls vote` for voting on a poll
* Improved poll visuals
hashcat: updated to 7.1.2
Welcome to the hashcat v7.1.2 release!
This hotfix restores backward compatibility in machine-readable status view
mode, which was broken in v7.1.0 and affected third-party overlays such as the
Hashtopolis agent. It also fixes issues in the Argon2 libraries when used in
multi-hash modes. If you are using hashcat v7.1.0+ with LUKS2 or KeePass KDBX4,
updating is strongly recommended.
The release also introduces a new assimilation bridge plugin, the Rust bridge.
Just like the Python bridge plugin, which lets you write hash-mode extensions
in Python instead of C, you can now do the same in Rust. This is a valuable
community contribution that will be covered in more detail in the next release
notes. The feature is already fully functional and ready for early adoption,
with initial documentation available in hashcat-rust-plugin-requirements.md.
For the full list of changes, please see docs/changes.txt.
www/chromium: update to 140.0.7339.80
* 140.0.7339.80
This update includes 6 security fixes.
Below, we highlight fixes that were contributed by external researchers.
Please see the Chrome Security Page for more information.
[NA][434513380] High CVE-2025-9864: Use after free in V8.
Reported by Pavel Kuzmin of Yandex Security Team on 2025-07-28
[$5000][437147699] Medium CVE-2025-9865: Inappropriate implementation in
Toolbar. Reported by Khalil Zhani on 2025-08-07
[$4000][379337758] Medium CVE-2025-9866: Inappropriate implementation in
Extensions. Reported by NDevTK on 2024-11-16
[$1000][415496161] Medium CVE-2025-9867: Inappropriate implementation in
Downloads. Reported by Farras Givari on 2025-05-04
devel/lazygit: update to 0.55.0
What's Changed
Enhancements 🔥
Allow filtering the keybindings menu by keybinding by @stefanhaller in #4821
Add support for suspending LazyGit with Ctrl+Z on Unix systems by @cowboy8625 in #4757
Add "CopyToClipboard" command to ConfirmationController by @kyu08 in #4810
Add a user config for using git's external diff command for paging by @stefanhaller in #4832
Log the hash of dropped stashes by @stefanhaller in #4850
Fixes 🔧
Fix right-alignment of divergence from base branch for branch checked out in a worktree by @stefanhaller in #4824
Support Azure DevOps vs-ssh.visualstudio.com SSH remotes as hosting provider by @Kahitar in #4822
Improve display of "esc" keybinding in the keybindings status bar by @stefanhaller in #4819
Use external diff command in stashes panel by @stefanhaller in #4836
Remove the git.paging.useConfig option by @stefanhaller in #4837
Don't auto-forward branches that are checked out in another worktree by @stefanhaller in #4833
[20 lines not shown]
devel/mise: update to 2025.9.6
2025.9.6 - 2025-09-08
🚀 Features
(backend) add Backend trait methods for metadata fetching by @jdx in #6228
(core) implement metadata fetching for Node.js and Bun by @jdx in #6230
(mise-test-tool) add release scripts for automated GitHub releases by @jdx in bd0eadd
(platform) implement platform parsing and CLI integration by @jdx in #6227
migrate tools from ubi to github backend which work by @jdx in #6232
🐛 Bug Fixes
(task) use terminal width instead of hardcoded 60-char limit for task display by @jdx in #6218
(task) use terminal width instead of hardcoded 60-char limit for task display by @jdx in #6220
nix flake build failure on macOS by @okuuva in #6223
only use multi-version syntax in mise.lock by @jdx in #6224
🧪 Testing
[8 lines not shown]