doc: Updated www/p5-libwww to 6.79

(wiz)

p5-libwww: update to 6.79.

6.79      2025-06-27 22:43:32Z
    - Remove example references to malicious domain (GH#476) (Devin Dooley)
    - Documentation updates for mirror (GH#470) (Julien Fiegehenn)
    - Allow underscores in headers not to be removed in lwp-request (GH#443)
      (@JohnHughesAtlantech and Olaf Alders)

(wiz)

p5-Specio: update to 0.51.

0.51    2025-06-19

- Made it possible to force Specio to only use pure Perl dependencies by setting the
  SPECIO_IMPLEMENTATION environment variable to "PP". Requested by @arodland (Andrew Rodland). GH
  #23.

(wiz)

p5-Module-Signature: update to 0.93.

0.93 -- Fri Jun 27 16:38:26 ADT 2025

* Fixes Issue #44 - cpansign script not installed with version 0.92

0.92 -- Wed Jun 25 14:29:30 ADT 2025

* Release 0.91-TRIAL as production release.  Includes:
* Add SECURITY.md policy
* move to three-arg open
* Remove spaces from eol
* Change build process to Dist::Zilla

0.91 -- Tue Jun 24 12:18:51 ADT 2025

* Add SECURITY.md policy
* move to three-arg open
* Remove spaces from eol
* Change build process to Dist::Zilla

(wiz)

p5-IO-Socket-SSL: update to 2.094.

2.094 2025/06/18
- fixed memory leak introduced in 2.092
2.093 2025/06/17
- Another rework for one-sided SSL shutdown, to a) implement a useful and secure
  behavior and b) without affecting existing applications. 2.092 had still
  unwanted side effects
2.092 2025/06/16
- rework implementation and behavior for one-sided SSL shutdown. Implementation
  in 2.091 lead to some problems with Net::FTP and others.

(wiz)

lang/gcc14-gnat-libs: exclude u unnecessary buildlinks

(dkazankov)

py-ruff: update to 0.12.1.

0.12.1

Preview features

    [flake8-errmsg] Extend EM101 to support byte strings (#18867)
    [flake8-use-pathlib] Add autofix for PTH202 (#18763)
    [pygrep-hooks] Add AsyncMock methods to invalid-mock-access (PGH005) (#18547)
    [pylint] Ignore __init__.py files in (PLC0414) (#18400)
    [ruff] Trigger RUF037 for empty string and byte strings (#18862)
    [formatter] Fix missing blank lines before decorated classes in .pyi files (#18888)

Bug fixes

    Avoid generating diagnostics with per-file ignores (#18801)
    Handle parenthesized arguments in remove_argument (#18805)
    [flake8-logging] Avoid false positive for exc_info=True outside logger.exception (LOG014) (#18737)
    [flake8-pytest-style] Enforce pytest import for decorators (#18779)
    [flake8-pytest-style] Mark autofix for PT001 and PT023 as unsafe if there's comments in the decorator (#18792)
    [flake8-pytest-style] PT001/PT023 fix makes syntax error on parenthesized decorator (#18782)
    [flake8-raise] Make fix unsafe if it deletes comments (RSE102) (#18788)
    [flake8-simplify] Fix SIM911 autofix creating a syntax error (#18793)
    [flake8-simplify] Fix false negatives for shadowed bindings (SIM910, SIM911) (#18794)
    [flake8-simplify] Preserve original behavior for except () and bare except (SIM105) (#18213)
    [flake8-pyi] Fix PYI041's fix causing TypeError with None | None | ... (#18637)
    [perflint] Fix PERF101 autofix creating a syntax error and mark autofix as unsafe if there are comments in the list call expr (#18803)
    [perflint] Fix false negative in PERF401 (#18866)
    [pylint] Avoid flattening nested min/max when outer call has single argument (PLW3301) (#16885)
    [pylint] Fix PLC2801 autofix creating a syntax error (#18857)
    [pylint] Mark PLE0241 autofix as unsafe if there's comments in the base classes (#18832)
    [pylint] Suppress PLE2510/PLE2512/PLE2513/PLE2514/PLE2515 autofix if the text contains an odd number of backslashes (#18856)
    [refurb] Detect more exotic float literals in FURB164 (#18925)
    [refurb] Fix FURB163 autofix creating a syntax error for yield expressions (#18756)
    [refurb] Mark FURB129 autofix as unsafe if there's comments in the readlines call (#18858)
    [ruff] Fix false positives and negatives in RUF010 (#18690)
    Fix casing of analyze.direction variant names (#18892)

Rule changes

    Fix f-string interpolation escaping in generated fixes (#18882)
    [flake8-return] Mark RET501 fix unsafe if comments are inside (#18780)
    [flake8-async] Fix detection for large integer sleep durations in ASYNC116 rule (#18767)
    [flake8-async] Mark autofix for ASYNC115 as unsafe if the call expression contains comments (#18753)
    [flake8-bugbear] Mark autofix for B004 as unsafe if the hasattr call expr contains comments (#18755)
    [flake8-comprehension] Mark autofix for C420 as unsafe if there's comments inside the dict comprehension (#18768)
    [flake8-comprehensions] Handle template strings for comprehension fixes (#18710)
    [flake8-future-annotations] Add autofix (FA100) (#18903)
    [pyflakes] Mark F504/F522/F523 autofix as unsafe if there's a call with side effect (#18839)
    [pylint] Allow fix with comments and document performance implications (PLW3301) (#18936)
    [pylint] Detect more exotic NaN literals in PLW0177 (#18630)
    [pylint] Fix PLC1802 autofix creating a syntax error and mark autofix as unsafe if there's comments in the len call (#18836)
    [pyupgrade] Extend version detection to include sys.version_info.major (UP036) (#18633)
    [ruff] Add lint rule RUF064 for calling chmod with non-octal integers (#18541)
    [ruff] Added cls.__dict__.get('__annotations__') check (RUF063) (#18233)
    [ruff] Frozen dataclass default should be valid (RUF009) (#18735)

Server

    Consider virtual path for various server actions (#18910)

Documentation

    Add fix safety sections (#18940,#18841,#18802,#18837,#18800,#18415,#18853,#18842)
    Use updated pre-commit id (#18718)
    [perflint] Small docs improvement to PERF401 (#18786)
    [pyupgrade]: Use super(), not __super__ in error messages (UP008) (#18743)
    [flake8-pie] Small docs fix to PIE794 (#18829)
    [flake8-pyi] Correct collections-named-tuple example to use PascalCase assignment (#16884)
    [flake8-pie] Add note on type checking benefits to unnecessary-dict-kwargs (PIE804) (#18666)
    [pycodestyle] Clarify PEP 8 relationship to whitespace-around-operator rules (#18870)

Other changes

    Disallow newlines in format specifiers of single quoted f- or t-strings (#18708)
    [flake8-logging] Add fix safety section to LOG002 (#18840)
    [pyupgrade] Add fix safety section to UP010 (#18838)

0.12.0

Release Notes

Check out the blog post for a migration guide and overview of the changes!
Breaking changes

    Detection of more syntax errors

    Ruff now detects version-related syntax errors, such as the use of the match
    statement on Python versions before 3.10, and syntax errors emitted by
    CPython's compiler, such as irrefutable match patterns before the final
    case arm.

    New default Python version handling for syntax errors

    Ruff will default to the latest supported Python version (3.13) when
    checking for the version-related syntax errors mentioned above to prevent
    false positives in projects without a Python version configured. The default
    in all other cases, like applying lint rules, is unchanged and remains at the
    minimum supported Python version (3.9).

    Updated f-string formatting

    Ruff now formats multi-line f-strings with format specifiers to avoid adding a
    line break after the format specifier. This addresses a change to the Python
    grammar in version 3.13.4 that made such a line break a syntax error.

    rust-toolchain.toml is no longer included in source distributions

    The rust-toolchain.toml is used to specify a higher Rust version than Ruff's
    minimum supported Rust version (MSRV) for development and building release
    artifacts. However, when present in source distributions, it would also cause
    downstream package maintainers to pull in the same Rust toolchain, even if
    their available toolchain was MSRV-compatible.

Removed Rules

The following rules have been removed:

    suspicious-xmle-tree-usage (S320)

Deprecated Rules

The following rules have been deprecated:

    pandas-df-variable-name

Stabilization

The following rules have been stabilized and are no longer in preview:

    for-loop-writes (FURB122)
    check-and-remove-from-set (FURB132)
    verbose-decimal-constructor (FURB157)
    fromisoformat-replace-z (FURB162)
    int-on-sliced-str (FURB166)
    exc-info-outside-except-handler (LOG014)
    import-outside-top-level (PLC0415)
    unnecessary-dict-index-lookup (PLR1733)
    nan-comparison (PLW0177)
    eq-without-hash (PLW1641)
    pytest-parameter-with-default-argument (PT028)
    pytest-warns-too-broad (PT030)
    pytest-warns-with-multiple-statements (PT031)
    invalid-formatter-suppression-comment (RUF028)
    dataclass-enum (RUF049)
    class-with-mixed-type-vars (RUF053)
    unnecessary-round (RUF057)
    starmap-zip (RUF058)
    non-pep604-annotation-optional (UP045)
    non-pep695-generic-class (UP046)
    non-pep695-generic-function (UP047)
    private-type-parameter (UP049)

The following behaviors have been stabilized:

    collection-literal-concatenation (RUF005) now recognizes slices, in
    addition to list literals and variables.
    The fix for readlines-in-for (FURB129) is now marked as always safe.
    if-else-block-instead-of-if-exp (SIM108) will now further simplify
    expressions to use or instead of an if expression, where possible.
    unused-noqa (RUF100) now checks for file-level noqa comments as well
    as inline comments.
    subprocess-without-shell-equals-true (S603) now accepts literal strings,
    as well as lists and tuples of literal strings, as trusted input.
    boolean-type-hint-positional-argument (FBT001) now applies to types that
    include bool, like bool | int or typing.Optional[bool], in addition to
    plain bool annotations.
    non-pep604-annotation-union (UP007) has now been split into two rules.
    UP007 now applies only to typing.Union, while
    non-pep604-annotation-optional (UP045) checks for use of
    typing.Optional. UP045 has also been stabilized in this release, but you
    may need to update existing include, ignore, or noqa settings to
    accommodate this change.

Preview features

    [ruff] Check for non-context-manager use of pytest.raises, pytest.warns, and pytest.deprecated_call (RUF061) (#17368)
    [syntax-errors] Raise unsupported syntax error for template strings prior to Python 3.14 (#18664)

Bug fixes

    Add syntax error when conversion flag does not immediately follow exclamation mark (#18706)
    Add trailing space around readlines (#18542)
    Fix \r and \r\n handling in t- and f-string debug texts (#18673)
    Hug closing } when f-string expression has a format specifier (#18704)
    [flake8-pyi] Avoid syntax error in the case of starred and keyword arguments (PYI059) (#18611)
    [flake8-return] Fix RET504 autofix generating a syntax error (#18428)
    [pep8-naming] Suppress fix for N804 and N805 if the recommended name is already used (#18472)
    [pycodestyle] Avoid causing a syntax error in expressions spanning multiple lines (E731) (#18479)
    [pyupgrade] Suppress UP008 if super is shadowed (#18688)
    [refurb] Parenthesize lambda and ternary expressions (FURB122, FURB142) (#18592)
    [ruff] Handle extra arguments to deque (RUF037) (#18614)
    [ruff] Preserve parentheses around deque in fix for unnecessary-empty-iterable-within-deque-call (RUF037) (#18598)
    [ruff] Validate arguments before offering a fix (RUF056) (#18631)
    [ruff] Skip fix for RUF059 if dummy name is already bound (#18509)
    [pylint] Fix PLW0128 to check assignment targets in square brackets and after asterisks (#18665)

Rule changes

    Fix false positive on mutations in return statements (B909) (#18408)
    Treat ty: comments as pragma comments (#18532)
    [flake8-pyi] Apply custom-typevar-for-self to string annotations (PYI019) (#18311)
    [pyupgrade] Don't offer a fix for Optional[None] (UP007, UP045) (#18545)
    [pyupgrade] Fix super(__class__, self) detection (UP008) (#18478)
    [refurb] Make the fix for FURB163 unsafe for log2, log10, *args, and deleted comments (#18645)

Server

    Support cancellation requests (#18627)

Documentation

    Drop confusing second * from glob pattern example for per-file-target-version (#18709)
    Update Neovim configuration examples (#18491)
    [pylint] De-emphasize __hash__ = Parent.__hash__ (PLW1641) ([#18613](https...

(wiz)

doc: Updated textproc/py-pdf to 5.7.0

(wiz)

lang/gcc13-gnat-libs: fix var name cross usage with gcc

(dkazankov)

py-textual: update to 3.5.0.

3.5.0

This release contains some optimizations to startup time, which
may be significant if you create a lot of widgets. There are also
some visual updates to Markdown.

This release will break your snapshots, although I don't expect
any visual changes. If you are using the snapshot plugin, you will
need to regenerate those snapshots. Even if you give them a quick
scan, this should only take a few minutes.

3.4.0

Mostly fixes, although there is a notable change to markup.

Previously anything in square brackets was considered a tag, which
resulted in markup errors with Python list literals. i.e. [1,2,3]
would be interpreted as a tag. The Content markup parser has been
made more lenient in these cases, and treats them as literal text.

(wiz)

py-zipp: update to 3.23.0.

v3.23.0
=======

Features
--------

- Add a compatibility shim for Python 3.13 and earlier. (#145)

(wiz)

doc: Updated lang/gcc13-gnat to 13.3.0nb3

(dkazankov)

doc: Updated security/py-oauthlib to 3.3.1

(wiz)

doc: Updated math/py-numpy to 2.3.1

(wiz)

mk/compiler.mk: document USE_ADA_FEATURES

(dkazankov)

mk/compiler/gcc.mk: refactor ada support code

* Determining the reqired version based on USE_ADA_FEATURES
  has been moved to GCC_REQD section
* Set USE_NATIVE_GCC to "no" in addition to USE_PKGSRC_GCC to "yes"
* Fix order of code determining version based on GCC_REQD and
  code based on USE_LANGUAGES
* Eliminate unnecessary code
* Remove unnecessary increase of the used version of GNAT.
* Add support for gcc*-gnat-libs packages.

(dkazankov)

py-msgpack: update to 1.1.1.

What's Changed

    Add Python 3.13 trove classifier by @edgarrmondragon in #626
    update Cython to 3.1.1 by @methane in #637
    update cibuildwheel to v2.23.3 by @methane in #638
    upload to PyPI on create a release by @methane in #639

(wiz)

py-lxml: update to 6.0.0.

6.0.0 (2025-06-26)
==================

Features added
--------------

* GH#463: ``lxml.html.diff`` is faster and provides structurally better diffs.
  Original patch by Steven Fernandez.

* GH#405: The factories ``Element`` and ``ElementTree`` can now be used in type hints.

* GH#448: Parsing from ``memoryview`` and other buffers is supported to allow zero-copy parsing.

* GH#437: ``lxml.html.builder`` was missing several HTML5 tag names.
  Patch by Nick Tarleton.

* GH#458: ``CDATA`` can now be written into the incremental ``xmlfile()`` writer.
  Original patch by Lane Shaw.

* A new parser option ``decompress=False`` was added that controls the automatic
  input decompression when using libxml2 2.15.0 or later.  Disabling this option
  by default will effectively prevent decompression bombs when handling untrusted
  input.  Code that depends on automatic decompression must enable this option.
  Note that libxml2 2.15.0 was not released yet, so this option currently has no
  effect but can already be used.

* The set of compile time / runtime supported libxml2 feature names is available as
  ``etree.LIBXML_COMPILED_FEATURES`` and ``etree.LIBXML_FEATURES``.
  This currently includes
  ``catalog``, ``ftp``, ``html``, ``http``, ``iconv``, ``icu``,
  ``lzma``, ``regexp``, ``schematron``, ``xmlschema``, ``xpath``, ``zlib``.

Bugs fixed
----------

* GH#353: Predicates in ``.find*()`` could mishandle tag indices if a default namespace is provided.
  Original patch by Luise K.

* GH#272: The ``head`` and ``body`` properties of ``lxml.html`` elements failed if no such element
  was found.  They now return ``None`` instead.
  Original patch by FVolral.

* Tag names provided by code (API, not data) that are longer than ``INT_MAX``
  could be truncated or mishandled in other ways.

* ``.text_content()`` on ``lxml.html`` elements accidentally returned a "smart string"
  without additional information.  It now returns a plain string.

* LP#2109931: When building lxml with coverage reporting, it now disables the ``sys.monitoring``
  support due to the lack of support in https://github.com/nedbat/coveragepy/issues/1790

Other changes
-------------

* Support for Python < 3.8 was removed.

* Parsing directly from zlib (or lzma) compressed data is now considered an optional
  feature in lxml.  It may get removed from libxml2 at some point for security reasons
  (compression bombs) and is therefore no longer guaranteed to be available in lxml.

  As of this release, zlib support is still normally available in the binary wheels
  but may get disabled or removed in later (x.y.0) releases.  To test the availability,
  use ``"zlib" in etree.LIBXML_FEATURES``.

* The ``Schematron`` class is deprecated and will become non-functional in a future lxml version.
  The feature will soon be removed from libxml2 and stop being available.

* GH#438: Wheels include the ``arm7l`` target.

* GH#465: Windows wheels include the ``arm64`` target.
  Patch by Finn Womack.

* Binary wheels use the library versions libxml2 2.14.4 and libxslt 1.1.43.
  Note that this disables direct HTTP and FTP support for parsing from URLs.
  Use Python URL request tools instead (which usually also support HTTPS).
  To test the availability, use ``"http" in etree.LIBXML_FEATURES``.

* Windows binary wheels use the library versions libxml2 2.11.9, libxslt 1.1.39 and libiconv 1.17.
  They are now based on VS-2022.

* Built using Cython 3.1.2.

* The debug methods ``MemDebug.dump()`` and ``MemDebug.show()`` were removed completely.
  libxml2 2.13.0 discarded this feature.

(wiz)

doc: Updated lang/py-lsprotocol to 2025.0.0

(wiz)

py-license-expression: update to 30.4.3.

v30.4.3 - 2025-06-25
--------------------

This is a minor bugfix release:

- Release license-expression wheels properly

v30.4.2 - 2025-06-25
--------------------

This is a minor release without API changes:

- Use latest skeleton
- Update license list to latest ScanCode

(wiz)

py-google-api-python-client: update to 2.174.0.

API updates.

(wiz)

py-google-api-core: update to 2.25.1.

Allow BackgroundConsumer To Inform Caller of Fatal Exceptions with Optional Callback (3206c01)

(wiz)

py-fonttools: update to 4.58.4.

4.58.4 (released 2025-06-13)
----------------------------

- [feaLib] Allow for empty MarkFilter & MarkAttach sets (#3856).

4.58.3 (released 2025-06-13)
----------------------------

- [feaLib] Fixed iterable check for Python 3.13.4 and newer (#3854, #3855).

(wiz)

py-flakes: update to 3.4.0.

3.4.0 (2025-06-20)

- Add support for python 3.14
- Add "t-string is missing placeholders" error
- Fix annotation erroneously causing a name to be defined with
  ``from __future__ import annotations``
- Add support for always-deferred annotations (PEP 749)

(wiz)

py-flake8: update to 7.3.0.

No changes summary found.

(wiz)

py-cyclonedx-python-lib: update to 10.2.0.

## v10.2.0 (2025-06-10)

### Bug Fixes

- `vulnerabilityscoresource.get_from_vector()` for `CVSS_V3_1` and `CVSS_V4`

### Features

- Add support for component's evidences according to spec

(wiz)

py-codestyle: update to 2.14.0.

* Add support for python 3.14.  PR #1283.
* Fix false positive for TypeVar defaults with more than one argument.
  PR #1286.

(wiz)

doc: Updated devel/py-aiostream to 0.7.0

(wiz)

gopls: update to 0.19.1.

0.19.1

This patch release changes the default value of the importsSource
setting: v0.19.0 changed it from goimports to gopls; this release
changes it back, due to a bug (#74280).

0.19.0

The gopls check subcommand now accepts a -severity flag to set a
minimum severity for the diagnostics it reports. By default, the
minimum severity is "warning", so gopls check may report fewer
diagnostics than before. Set -severity=hint to reproduce the previous
behavior.

"Implementations" supports signature types (within same package)
"Go to Implementation" reports interface-to-interface relations
Support for Type Hierarchy
Completion: auto-complete package clause for new Go files
New GOMODCACHE index for faster Organize Imports and unimported completions
Most staticcheck analyzers are enabled by default
recursiveiter: "inefficient recursive iterator"
maprange: "inefficient range over maps.Keys/Values"
Rename method receivers
"Eliminate dot import" code action
Add/remove tags from struct fields
Inline local variable

(wiz)

texlab: update to 5.23.1.

## [5.23.1] - 2025-06-24

### Fixed

- Make sort order of workspace symbols deterministic
- Parse command definitions without curly braces correctly, e. g. `\newcommand\foo{bar}`

## [5.23.0] - 2025-06-14

### Added

- Add `--line0`, `--line1` arguments to the `texlab inverse-search` command
- Extract the context provided by latexmkrc to infer additions to TEXINPUTS and BIBINPUTS
- Add support for `latexmk v4.86`
- Recognize wide float environment in label parsing
- Treat `\gdef`, `\edef`, `\xdef` and `\glet` as command definitions
- Add support for multi-word filtering in workspace symbols
- Add support for matching incomplete keywords in workspace symbol filtering
- Add an experimental capability for `textDocument/build` and `textDocument/forwardSearch`
- Allow disabling warnings using `% texlab: warnings off` and `% texlab: warnings on`

### Fixed

- Regenerate diagnostics after loading the TeX distribution
- Improve handling of nested curly braces in command parsing
- Don't panic if the server receives a completion request with an invalid position
- Only return `LocationLink[]` in `textDocument/definition` if the client supports it

(wiz)

enchant2: update to 2.8.10.

2.8.10 (June 21, 2025)
----------------------

This release fixes a crash bug and some space leaks in the Hunspell provider
that were introduced in 2.8.7.

Thanks to @haansn08 and @mike-fabian for the report and debug information.

The handling of PWL dictionaries has also been simplified slightly.

2.8.9 (June 17, 2025)
---------------------

This release fixes a critical bug in the Aspell provider that crept into
2.8.7. Thanks to @hamkg for the report and @chenrui333 analyzing the
problem.

A test has been added that simply runs `enchant-lsmod -list-dicts`, which
would have caught this bug and the double-free fixed in the previous
release.

2.8.8 (June 16, 2025)
---------------------

The previous release had a ���double-free��� bug that typically caused a crash
on application start-up. Thanks to @AdamWill of Fedora for a quick bug
report that enabled me to locate and instantly fix the bug (apologies!).

A test to detect this sort of bug in future will be forthcoming.

2.8.7 (June 15, 2025)
---------------------

This release stops the Hunspell provider from doing partial matching of
dictionary tags. This fixes an odd situation where it was possible for
Aspell to have an actual ���en��� dictionary, which would be shown by
enchant-lsmod(1), but when requesting that language, if Hunspell was
configured to take precedence over Aspell, and there was, for example, an
���en_US��� dictionary installed for Hunspell, then that would be used. Thanks
to @digitcrusher for filing the bug and helping with the solution.

The providers code has been formatted more consistently, simplified in
places, and made more robust when memory allocation fails. Thanks again to
@digitcrusher for spotting some simplifications I missed.

The minimum version of GLib required is now 2.76, which is quite recent
(from a bit over 2 years ago at the time of writing). Use of this enables
some deprecated APIs to be dropped, and some slight code simplification.

Finally, the compiler warnings used with GCC have been adjusted to turn off
useless warnings, especially for Vala-generated C.

(wiz)

doc: Updated sysutils/yazi to 25.5.31

(wiz)

yazi: update to 25.5.31.

Packaged in wip by pin@

v25.5.31
This is a maintenance release, focusing on bug fixes.
What's Changed

    fix: expose ui.Wrap by @sxyazi in #2810
    fix: forward --end-of-word of the input should consider the mode's delta by @sxyazi in #2811
    fix: make every effort to carry hidden states for dummy files by @sxyazi in #2814

v25.5.28
Breaking Changes

    [manager] is deprecated in favor of the new [mgr]. #2803
    tab_width has been removed as it no longer needs to be set manually. #2745
    tab_active and tab_inactive are moved under the new [tabs] section. #2745
    sixel_fraction has been removed as it's no longer needed. #2707

Deprecated

    ya.mgr_emit(), ya.app_emit() and ya.input_emit() are deprecated. #2653
    ya.preview_widgets() is deprecated. #2706
    Command:args() is deprecated. #2752
    The ya pack subcommand is deprecated. #2770
    LEFT, CENTER, RIGHT on ui.Line, ui.Text are deprecated. #2802
    NONE, TOP, RIGHT, BOTTOM, LEFT, ALL on ui.Bar, ui.Border are deprecated. #2802
    WRAP_NO, WRAP, WRAP_TRIM on ui.Text are deprecated. #2802

Redesign Tabs

#2745 decouples tabs from the header into an independent tab bar component to enhance UX:

    A standalone single-line component increases the available space for displaying tabs.
    Tab titles are displayed by default to increase recognizability.
    Supports switching tabs via mouse for easier navigation.

The new tab bar is only shown when there is more than one tab, ensuring no space is wasted for users who don't use tabs.

Calculate Real-Time Directory Size in Spotter

#2695 adds directory sizes to the folder spotter. The size is computed dynamically in real time and asynchronously, which means:

    Every time a user clicks <Tab> on a directory, the latest size is calculated.
    For large directories, real-time changes in size are reported to the user, with "(?)" appended at the end to indicate that the calculation is in progress.
    If the user closes the spotter or switches directories using the left/right arrow keys, any ongoing calculations will be canceled to avoid wasting resources.

Also, the computed directory size will be updated in the file list:

    If the user sets linemode = size, the latest size will be shown on the right of the file line.
    If the user sets sort_by = size, the file list will be sorted by the latest sizes (if necessary).

9x Faster Sixel Image Preview

#2707 replaces the existing neural network quantization algorithm with Wu's Color Quantizer, which offers better performance while maintaining comparable quality.

Old implementation (neural network via color_quant, with default sixel_fraction = 20) – average 189.5763999ms
New implementation (Wu - sRGB via quantette) – average 20.9199916ms

piper.yazi Plugin

With piper.yazi, you can use the output of any shell command as preview content. This eliminates the need to write a separate plugin for each command, making the use of custom previewers much more convenient.

Double Directory Size Calculation Speed

#2683 greatly improves directory computation performance by dividing the task into chunks and reusing existing threads. Directory sorting and file trashing will be observably twice as fast.

Run the benchmark script against a 10.16GB folder 5 times in release mode

Input Component Now Supports Password Mode

With #2675, a new obscure = true option is available

Truncate Long Items in the File List

#2754, #2759, and #2778 add truncation support for long filenames in the file list and archive preview, and display file extensions at the end, ensuring that even if a filename is truncated, you can still know what file type it is by its extension.

types.yazi Plugin

For a long time, Yazi lacked a type definition file, which made plugin development very painful. Now, it's here!

types.yazi provides type definitions for Yazi's Lua API, empowering an efficient plugin development experience.
Improved Built-In Previewers

    The video previewer now supports displaying embedded video covers, #2640
    The magick previewer will respect the user's image_alloc and image_bound settings, to limit its maximum resource usage, #2602, thanks to @ze0987
    The video previewer will respect the user's max_width setting, #2560, thanks to @ze0987

Improve Path Auto-Completion Results

The auto-completion results for interactive cd (key: g => <Space>) will now more closely match the user's input keywords.

What's Changed

    fix: reverse the mixing order of theme and flavor configuration by @sxyazi in #2594
    feat: limit memory usage for previewing large images by @ze0987 in #2602
    fix: respect the user's max_width setting for the built-in video previewer by @ze0987 in #2560
    feat: allow custom exit code with quit --code by @Nicholas42 in #2609
    fix: ensure state synchronization even when the package update fails midway by @sxyazi in #2613
    fix: do not change revision when package deployment fails by @sxyazi in #2627
    feat: copy-on-write support for field caching by @sxyazi in #2629
    feat: fall back to CSI 16 t when PowerShell OpenSSH returns a fake terminal size by @sxyazi in #2636
    feat: support embedded cover for video preview by @sxyazi in #2640
    fix: lazily update files to avoid triggering issues dependent on sort order by @sxyazi in #2643
    feat: new ya.emit() API by @sxyazi in #2653
    feat: fine-grained peek and watch by @sxyazi in #2655
    feat: new --no-dummy option for reveal command by @sxyazi in #2664
    feat: obscure input component for inputting passwords by @sxyazi in #2675
    feat: increase the maximum allowed value of sixel_fraction to 30 by @sxyazi in #2682
    perf: double directory size calculation speed by @sxyazi in #2683
    feat: new fs.calc_size() API by @sxyazi in #2691
    feat: promote Id to a first-class type by @sxyazi in #2692
    feat: calculate real-time directory size in spotter by @sxyazi in #2695
    feat: checks in ya pub and ya emit subcommands to verify receiver exists and has necessary abilities by @sxyazi in #2696
    feat: add s and S keybinds in the input component by @hankertrix in #2678
    fix: no title is set when starts the first time by @sxyazi in #2700
    refactor: move tty to the new yazi-term crate by @sxyazi in #2701
    feat: show error when image preview fails by @sxyazi in #2706
    feat!: 9x faster Sixel image preview by @sxyazi in #2707
    fix: reset the cursor position with arrow() after deleting files by @sxyazi in #2708
    fix: ya pub-to 0 checks if any peer is able to receive the message ...

(wiz)

doc: Updated audio/kid3 to 3.9.6

(wiz)

kid3: update to 3.9.6.

Sat Sep 21 08:03:29 CEST 2024  Urs Fleisch  <ufleisch@users.sourceforge.net>

* Release 3.9.6

* New:
  + Show preview for multiple embedded pictures.
  + Simplified editing of MP3 audiobooks in a "Chapters" frame edit dialog.
  + Arabic, Esperanto, Galician and Georgian translations.

* Improved:
  + macOS: Building, signing and notarizing packages.

* Fixed:
  + Embed lyrics action.
  + gnudb.org import, a registered e-mail address can be set in the
    "Token" UI control.
  + KDE 6: Install directory for kid3ui.rc.
  + Android: Building with arm64-v8a and x86_64 architectures.
  + Android: Use MANAGE_EXTERNAL_STORAGE permission to manage all files
    on a storage device.
  + Android: Saving picture tags.
  + Haiku: Installation paths.

(wiz)

doc: Updated devel/re2 to 20250626b

(wiz)

re2: update to 20250626b.

Move cc_configure.bzl to rules_cc
re2: add Set::Size
.github/workflows: test newer clang
prepare release 2025-06-26
.github/workflows: update sigstore helper in release.yml

(wiz)

doc: Updated www/restish to 0.21.0

(wiz)

restish: update to 0.21.0.

What's Changed

    docs: improve link accuracy by @eitamal in #258
    chore(deps): bump golang.org/x/net from 0.17.0 to 0.23.0 by @dependabot in #251
    chore(deps): bump google.golang.org/protobuf from 1.28.1 to 1.33.0 by @dependabot in #242
    Make it possible to use a client certificate stored in hardware by @jeffallen in #246
    Expand documentation on external-tool auth by @fflores97 in #256
    Escape '&' for Windows command line oAuth flow by @MatthiasScholzTW in #253
    Do not output colorized config when environment does not support it by @cfunkhouser in #270
    chore(deps): bump golang.org/x/image from 0.10.0 to 0.18.0 by @dependabot in #260
    docs: include command for fish completion help by @kbakk in #271
    feat: upgrade to Go 1.24 by @danielgtaylor in #277
    chore(deps): bump golang.org/x/net from 0.23.0 to 0.38.0 by @dependabot in #276
    fix: send scopes on refresh token requests by @danielgtaylor in #278
    feat: rename danielgtaylor/restish -> rest-sh/restish by @danielgtaylor in #281
    docs: fix build status by @danielgtaylor in #282
    Upgrade libopenapi by @terev in #283

(wiz)

doc: Updated devel/ast-grep to 0.38.6

(wiz)

ast-grep: update to 0.38.6.

#### 0.38.6

- fix(deps): update rust crate tower-lsp-server to 0.22.0
- feat: allow sgconfig.yml to not have required ruleDirs field
- fix: ast-grep -h should not fail if sgconfig is wrong
- chore(deps): update dependency @ast-grep/napi to v0.38.5
- Revert "fix(deps): update rust crate tower-lsp-server to 0.22.0 (#2056)"
- fix(deps): update rust crate toml_edit to v0.22.27

(wiz)

doc: Updated devel/wayland-protocols to 1.45

(wiz)

wayland-protocols: update to 1.45.

More APIs.

(wiz)

doc: Updated devel/nss to 3.113.1

(wiz)

nss: update to 3.113.1.

3.113.1

Changes:
- Bug 1974299 - convert Chunghwa Telecom ePKI Root removal to a distrust after.

3.113.0

Changes:
- Bug 1963792 - Fix alias for mac workers on try.
- Bug 198090  - Part 1: Use AES in the SDR (NSS)
- Bug 1968764 - Bump nssckbi version to 2.78.
- Bug 1967548 - Turn off Websites Trust Bit for Chunghwa Telecom ePKI Root in FF 141.
- Bug 1965556 - fix frame pointers in intel-gcm.s.
- Bug 1971510 - Typo in release notes for NSS 101.4.
- Bug 1968665 - Improve nss-release-helper.py.
- Bug 1930800 - shlibsign is broken in System FIPS mode.
- Bug 1954612 - Need up update NSS for PKCS 3.1: Move IPSEC to 3.1
- Bug 1965327 - PKCS #11 v3.2 header files.

(wiz)

doc: Updated archivers/py-zopfli to 0.2.3.1

(wiz)

py-zopfli: update to 0.2.3.1.

Added wheels for Python 3.13. No other code changes since v0.2.3.

(wiz)

doc/TODO: add some

+ ast-grep-0.38.6, cargo-c-0.10.14, mozilla-rootcerts-3.10.2,
  prometheus-3.4.2, py-aiostream-0.7.0,
  py-google-api-python-client-2.174.0, py-license-expression-30.4.3,
  py-lxml-6.0.0, py-pdf-5.6.1, py-ruff-0.12.1, py-zopfli-0.2.3.post1,
  re2-20250626b, texlab-5.23.1.

(wiz)

doc: Updated emulators/mame to 0.278

(wiz)

mame: update to 0.278.

After two long months, MAME 0.278 is finally ready. Of course, the
big news is that the new sound system has arrived! The benefits it
brings include:

- Native WASAPI support on Windows and PipeWire support on Linux.
- Support for sound input for emulated systems that have microphones
  or other audio capture hardware.
- Support for multi-channel input and output.
- Built-in effects, including a parametric equaliser and dynamic
  range compressor.
- Better quality sample rate conversion and mixing, and lower latency.

As this is the first release of a major new component, it窶冱 going
to be rough around the edges in some ways. But we窶决e already thinking
about some of the ways we can improve it further over the coming
months.

We窶况e been busy with the sound system, but we haven窶冲 stopped
working on emulation. There are some nice fixes for graphical issues
in 3D systems, including Sega Model 2 and Taito Type Zero. But it
doesn窶冲 stop with 3D 窶� the 2D classics are still getting love.
Quite a few Konami games are looking nicer, including often-overlooked
cocktail mode support, and all the missing graphics in the iconic
IGS mahjong game Long Hu Bang are finally fixed.

There窶冱 a long list of newly supported systems this month. We窶况e
got Exidy and Taito arcade games from the 1970s, LCD games from
behind the Iron Curtain, and a whole pile of recently dumped TV
games. On top of that, numerous additional versions of Gaelco arcade
games have surfaced from the archives. In between, you窶冤l find rare
Capcom arcade releases, music workstations and sequencers, game
watches, casino games, and more. If you do play casino games, please
be aware that some of the default input assignments for gambling
games have changed in this release.

There窶冱 lots of fun to be had with the computer emulation updates
in this release. The Victor 9000 has had its floppy support overhauled
and SASI hard disk support added. There窶冱 been a bit of a flurry
of updates for the Sanyo PHC-25. The POKEY窶冱 serial communication
support used by the Atari 8-bit computers has finally been implemented
properly.

(wiz)

pkg-vulnerabilities: Add recent CVEs

+ hdf5 (not fixed, all reported by uptsream and triaged though)

(leot)

Updated sysutils/xenkernel418 to 20250701
Updated sysutils/xentools418 to 20250701

(bouyer)

Update xentools418 and xenkernel418 to 20250701.
Changes since 20250521:
Fix XSA-470 / CVE-2025-27465

(bouyer)

doc: Updated finance/gnucash-docs to 5.12

(wiz)

gnucash-docs: update to 5.12.

pkgsrc change: allow parallel builds again, worked for me

5.12  - 29 June 2025
      o Fixed several typos in the German version.
      o Remove the Finance::Quote appedix from the German version, mirorring the English
        change in 5.10.

(wiz)

doc: Updated finance/gnucash to 5.12

(wiz)

gnucash: update to 5.12.

5.12 - 29 June 2025

The following bugfixes were accomplished:

    Bug 648768 - Warning "Change Reconciled Split" has wrong cursor fu
    Bug 797766 - Automatic decimal point doesn't work properly with zeros when
                  entering stocks.
                  Preserve the decimal point when printing numbers with no
  decimal places to stop the auto-decimal code from triggering
  when exiting the field.
    Bug 799490 - Error on start or opening a gnucash file: Can't parse the URL
                  g_filename_from_uri can't handle # in paths but
  gnc_uri_get_path can.
    Bug 799506 - reconcile bad date pops to 1969
    Bug 799521 - Segmentation fault on Autocomplete of Description with ß
    Bug 799572 - Return proper status code when Finance::Quote errors during
                  price quote retrieval via CLI.
    Bug 799580 - Swiss currency symbol is displayed as SFr. instead of CHF
                  Replace SFr. with Fr. as SFr. is obsolete but Fr. is still
  widely used. This is the local symbol so users who want CHF
  can set it in the security editor.

    Bug 799582 - Mortgage and Loan Assistant - Compounding Formula
                  Adds a semi-annual compounding period for Canadians
                  and implements the more correct simple-rate formula
                  provided by a Canadian licensed accountant. Also
                  adds support for day-interval loan payments, ensures
                  that the formula on the repayment page reflects
                  changes on that page, ensures that the number and
                  amounts of payments are correct when payments are
                  more frequent than monthly, use the correct intest
                  rate for compunding calculations, and fixes some
                  memory issues.
    Bug 799590 - Pressing enter after changing date on initial reconcile
                  information window does not change ending balance.
    Bug 799592 - "No transactions found" when importing CSV transactions
    Bug 799593 - macOS: mariadb hardcodes plugin paths to original install
                  directory.
    Bug 799594 - GnuCash 5.11 fails to build with boost 1.88
    Bug 799597 - Crash when deleting all splits in General Journal
    Bug 799602 - Unit Price on Invoice will NOT display as decimals
    Bug 799603 - Does not save to mysql on localhost.
    Bug 799623 - test-backend-dbi fails after 2038

The following fixes and improvements were not associated with bug reports:

    [reports]Lazily generate sub-reports. Reports with links to detail
          sub-reports like the budget reports would take a long time to generate
  because they built both the main report and all of the sub-reports.
  Now the sub-reports generate when the user clicks the link in the
  main report.
    Security editor quote sources: Add new source, China Merchants Bank. Remove
          no longer supported F::Q Modules Bloomberg.pm, DWSFunds, Investor's
  Exchange (U.S.), Morningstar Australia, Skanddinaviska Enskilda Banken,
  Tiaacref.pm, Troweprice.pm and many of the multi-source sources from
  the Security Editor.
    [import-main-matcher.cpp] Add tooltips to transaction A, U+C, and C action
          columns in the generic transaction import matcher.
    [reports] Use ICU for Unicode string comparison and substring search
          because it knows how to correctly localize comparisons of accented and
  unaccented characters.
    [reports] more robust error handling if target report doesn't exist.
    Register: Ensure splits belong to transaction when doing bulk operations on
          a transaction's splits.
    Drop the definition of __EXTENSIONS__ from three files and instead move it
          to compiler options if on a platform that needs it.
    Avoid non-POSIX "echo -n" behavior in util/gnc-vcs-info.
    Add testbuild target which builds tests without running them to accommodate
          packaging processes that run ctest separately.
    [engine.i] convert gnc_account_accumulate_at_dates to c++.
    [gnc-engine-guile.cpp] helper gnc_split_to_scm function.
    [gnc-engine-guile] reduce overhead of gnc_foo_to_scm by caching the result
          of SWIG_TypeQuery(typestr)
    [balance-forecast] optimise some loops: fewer temporary lists and gc
    Let cmake probe for the existence of HAVE_STRUCT_TM_GMTOFF, fix build of
          test-gnc-date on systems without HAVE_STRUCT_TM_GMTOFF, and avoid
  unused variable warnings on systems without HAVE_STRUCT_TM_GMTOFF
    Wrap include of gtest.h and gmock.h with a warning-silencing pragma.
        See https://github.com/google/googletest/issues/4701 The warnings cause
the Arch Linux CI to fail because of -Werror.
    Fixed GetInvoiceFromTxn to convert to the right type of Python object for
          a GncInvoice.
    [test-report-utilities] more tests for gnc:account-accumulate-at-dates
          testing balances at date boundaries

New and Updated Translations: Arabic, Bulgarian, Chinese (Simplified Han script),
      Danish, Dutch, Finnish, French, German, Hungarian, Portuguese, Romanian,
      Russian, Spanish, Swedish, Turkish

(wiz)

doc: Updated shells/sheldon to 0.8.3

(schmonz)

sheldon: update to 0.8.3. Changes:

- Fix unhandled error in access function calls.

(schmonz)

Updated archivers/libarchive, devel/py-fakefs

(adam)

py-fakefs: updated to 5.9.1

5.9.1

Fixes regression in packaging in version 5.9.0.

Fixes
* fixed handling of added `strict` argument in Python 3.9.23
* make sure test files are packaged

(adam)

doc: Updated www/p5-Playwright to 1.531

(schmonz)

p5-Playwright: update to 1.531. Changes:

- Fix Locator.all(), and likely other things returning arrays of
  playwright objects

(schmonz)

libarchive: updated to 3.8.1

3.8.1

Important bugfixes

various compilation fixes
fixed undefined behavior in a function in warc reader
Windows binary uses xz 5.2.5

(adam)

doc: Updated devel/swagger-codegen to 3.0.70

(schmonz)

swagger-codegen: update to 3.0.70. Changes:

- chore: migrate Sonatype OSSRH to Central Portal
- Vulnerability in jetty: lib upgrade
- Generator v3 base image bump

(schmonz)

doc: Updated mail/rspamd to 3.12.1

(schmonz)

rspamd: update to 3.12.1. Changes:

* [Feature] Add /bayes/classifiers HTTP endpoint
* [Feature] Further improvements in scheduling next checks
* [Fix] Another fix for maps concurrent load
* [Fix] Do not add log tag header in milter logic
* [Fix] Do not explicitly add Connection header if it's there
* [Fix] Fix proxy headers duplication
* [Fix] Fix several issues with the lua_logger
* [Fix] Make logger more graceful when dealing with format arguments
* [Fix] Try to avoid incomplete writes
* [Rework] Eliminate maps locking

(schmonz)

Updated security/openssl, devel/py-test-xdist

(adam)

py-test-xdist: updated to 3.8.0

pytest-xdist 3.8.0 (2025-06-30)

Features

- Add ``--no-loadscope-reorder`` and ``--loadscope-reorder`` option to control whether to automatically reorder tests in loadscope for tests where relative ordering matters. This only applies when using ``loadscope``.

  For example, [test_file_1, test_file_2, ..., test_file_n] are given as input test files, if ``--no-loadscope-reorder`` is used, for either worker, the ``test_file_a`` will be executed before ``test_file_b`` only if ``a < b``.

  The default behavior is to reorder the tests to maximize the number of tests that can be executed in parallel.

(adam)

openssl: updated to 3.5.1

OpenSSL 3.5.1 is a security patch release. The most severe CVE fixed in this
release is Low.

This release incorporates the following bug fixes and mitigations:

Fix x509 application adds trusted use instead of rejected use.
([CVE-2025-4575])

(adam)

Updated sysutils/salt, sysutils/salt-docs

(adam)

salt salt-docs: updated to 3007.5

3007.5

FIXED

Zeromq RequestServer continues to serve requests after encountering an un-handled exception
Added support for icmpv6-type to salt.modules.nftables

3007.4

FIXED

CVE-2024-38822 Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion.

CVSS 2.7 V:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

CVE-2024-38823 Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport.

CVSS Score 2.7 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

CVE-2024-38824 Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.

CVSS Score 9.6 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

CVE-2024-38825 The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication attempt to be accepted.

CVSS Score 6.4 AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CVE-2025-22236 Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions (>= 3007.0).

CVSS 8.1 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L

CVE-2025-22237 An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process.

CVSS 6.7 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2025-22238 Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache' files outside of the cache directory.

CVSS 4.2 AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N

CVE-2025-22239 Arbitrary event injection on Salt Master. The master's "_minion_event" method can be used by and authorized minion to send arbitrary events onto the master's event bus.

CVSS 8.1 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L

CVE-2025-22240 Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the ���tgt_env��� variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to

CVSS 6.3 AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

CVE-2025-22241 File contents overwrite the VirtKey class is called when ���on-demand pillar��� data is requested and uses un-validated input to create paths to the ���pki directory���. The functionality is used to auto-accept Minion authentication keys based on a pre-placed ���authorization file��� at a specific location and is present in the default configuration.

CVSS 5.6 AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N

CVE-2025-22242 Worker process denial of service through file read operation. .A vulnerability exists in the Master's ���pub_ret��� method which is exposed to all minions. The un-sanitized input value ���jid��� is used to construct a path which is then opened for reading. An attacker could exploit this vulnerabilities by attempting to read from a filename that will not return any data, e.g. by targeting a pipe node on the proc file system.

CVSS 5.6 AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H

This release also includes sqlite 3.50.1 to address CVE-2025-29087

(adam)

pkg_install: Add ugly workaround for SunOS/gcc14.

libnbcompat should absolutely not be leaking into the builds of the inplace
components, but fixing that correctly will require a much larger change.

(jperkin)

Updated devel/py-maturin, textproc/py-markdown

(adam)

py-markdown: updated to 3.8.2

3.8.2

Fixed

* Fix `codecs` deprecation in Python 3.14.
* Fix issue with unclosed comment parsing in Python 3.14.
* Fix issue with unclosed declarations in Python 3.14.
* Fix issue with unclosed HTML tag `<foo` and Python 3.14.

3.8.1

Fixed

* Ensure incomplete markup declaration in raw HTML doesn't crash parser
* Fixed dropped content in `md_in_html`
* Fixed HTML handling corner case that prevented some content from not being rendered

(adam)

py-maturin: updated to 1.9.0

1.9.0

* Add full PEP 639 support for `project.license` and `project.license-files`.
* Add `--compatiblity pypi` to only build wheels with platform tags that can also be uploaded to PyPI. This blocks e.g. building for riscv64, which is supported by manylinux, but not by PyPI.

(adam)