Requires python-socketio >= 5.12.0 and python-engineio >= 4.11.0,
both bumped in preceding commits.
Also fix test.sh to use importlib.metadata for version check
since flask_socketio no longer exposes __version__ directly.
Link: https://github.com/miguelgrinberg/Flask-SocketIO/blob/main/CHANGES.md
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changes since 4.5.1:
- v4.6+: Add support for WebTransport protocol
- v4.9+: Improved async task handling and cancellation
- v4.11.0: Required minimum for python-socketio 5.12+
- Various fixes for connection lifecycle and error handling
Also add test.sh to verify WSGI/ASGI app wrappers and server creation.
Link: https://github.com/miguelgrinberg/python-engineio/blob/main/CHANGES.md
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Pure-Python WebSocket protocol implementation, implements RFC6455
and RFC7692 (WebSocket Compression Extensions).
Required as a dependency of python-simple-websocket.
Link: https://github.com/python-hyper/wsproto
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changelog since 3.1.2:
- Fix security vulnerability GHSA-68rp-wp8r-4726: session now marked as
accessed for key-existence checks (in, len) to prevent timing attacks
Add python3-blinker as dependency (should have been there also in 3.1.2)
Add test.sh.
Full changelog: https://flask.palletsprojects.com/en/stable/changes/
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Flask 3.x requires blinker for its signal system. Add python-blinker
1.9.0 as a new package.
blinker is a pure-Python package (flit-core build backend) with no
runtime dependencies.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
There is no clear user for this package.
It's a pure-python package which could be installed via pip on a target.
Unless there is someone who comes forward and asks that we keep it,
I see no reason to keep it.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
These are a massive help for keeping things stable on the
mid-to-longterm when updating packages.
We might even feel comfortable partially automating the process.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
These are a massive help for keeping things stable on the
mid-to-longterm when updating packages.
We might even feel comfortable partially automating the process.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
rtslib-fb depends on pyudev and provides a Python API for configuring
the Linux LIO target subsystem.
Signed-off-by: Andreas Hirschauer <andi@linux.com>
Notable changes since 23.3.0:
v26.0.0:
- Drop Python 3.7 support
- Minimum cryptography version is now 46.0.0
- Security fix: properly raise an error if a DTLS cookie callback
returned a cookie longer than DTLS1_COOKIE_LENGTH bytes, previously
resulting in a buffer-overflow (CVE-2026-27459)
- Security fix: Context.set_tlsext_servername_callback now handles
exceptions raised in the callback instead of silently swallowing
them (CVE-2026-27448)
- Added support for using aws-lc instead of OpenSSL
- Added OpenSSL.SSL.Connection.get_group_name
v25.x:
- Added OpenSSL.SSL.Context.set_tls13_ciphersuites
- Added OpenSSL.SSL.Connection.set_info_callback
- Added OpenSSL.SSL.Context.clear_mode
- pyOpenSSL now sets SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER by default
- typing-extensions added as a runtime dependency (for Python < 3.13)
Full changelog:
https://www.pyopenssl.org/en/stable/changelog.html
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Jan Pavlinec <jan.pavlinec1@gmail.com> is no longer maintaining
these packages. Remove him from the PKG_MAINTAINER field across
all affected packages.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Required for Python 3.14 compatibility; rpds-py 0.10.6 predates
Python 3.14 support in PyO3 and causes a segfault at runtime.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Notable changes since 1.4.0:
v1.4.1:
- Allow setting build constraints
- Fix pip hack workaround
v1.4.2:
- Ensure the uv installer uses the current version of Python,
avoiding an issue if UV_PYTHON is set
- Fix _has_valid_outer_pip returning True when pip is missing,
causing build to try using a non-existent pip instead of
falling back to virtualenv
Link: https://github.com/pypa/build/blob/main/CHANGELOG.rst
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Pygments is a generic syntax highlighting library that supports over
500 languages and text formats. It is used by a wide range of tools
for terminal, HTML, and LaTeX output.
Added as a required dependency for python-pytest >= 7.x, which uses
Pygments to syntax-highlight code snippets in failure reports and
tracebacks.
The package uses hatchling as its build backend and has no runtime
dependencies beyond the Python standard library.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Required by python-pytest >= 9.0.0, which needs pluggy >= 1.5.0.
v1.5.0 added support for deprecating specific hook parameters via
warn_on_impl_args (used by pytest 9.x hookspecs). Without this,
pytest fails to import with:
TypeError: HookspecMarker.__call__() got an unexpected keyword
argument 'warn_on_impl_args'
v1.6.0 changes:
- Drop Python 3.8 support
- Fix regression where get_result() on a failed Result caused the
exception traceback to grow longer on each call
- Fix StopIteration passing through hook wrappers
- Fix Python 3.14 SyntaxWarning
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
v3.0 removes the dependency on PLY by rewriting pycparser with a
hand-written lexer and recursive-descent parser for C. No API changes
or functionality changes - the same AST is produced as before.
Other changes:
- Drop EOL Python 3.8 and 3.9 support (minimum now 3.10)
- Add support for Python 3.14
Since PLY is no longer used:
- Remove python-ply from PKG_BUILD_DEPENDS and HOST_BUILD_DEPENDS
- Remove +python3-ply from package DEPENDS
- Remove 001-use-external-ply.patch (no longer needed)
Full release notes:
https://github.com/eliben/pycparser/releases/tag/release_v3.00
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Notable changes since 5.9.5:
v6.0.0:
- process_iter() is now ~20x faster (no longer pre-emptively checks
PID reuse); add process_iter.cache_clear() API
- Process.connections() renamed to Process.net_connections()
(old name deprecated)
- disk_partitions() namedtuple drops maxfile/maxpath fields
- Support building with free-threaded CPython 3.13
v7.0.0:
- Drop Python 2.7 support
v7.2.0:
- New heap_info() and heap_trim() functions for native C heap allocator
access (glibc, mimalloc, libmalloc)
- Tests are no longer part of the installed package
v7.2.2:
- [Linux] Process.wait() now uses pidfd_open() + poll() for waiting
(no busy loop, faster response); requires Linux >= 5.3 + Python 3.9,
falls back to polling otherwise
- [macOS/BSD] Process.wait() now uses kqueue() for waiting
- Various macOS memory leak and error handling fixes
Also refresh 100-fix-non-Linux-compile.patch for the updated setup.py
(noqa comment style changed; _compat imports removed upstream).
Add test.sh.
Full changelog:
https://github.com/giampaolo/psutil/blob/master/HISTORY.rst
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
v3.17.0 changes:
- Drop Python 3.9 support (minimum now 3.10)
- Drop deprecated coreapi support
- Add Python 3.14 support
- Add ability to specify output format for DurationField
- Add missing decorators: @versioning_class(), @content_negotiation_class(),
@metadata_class() for function-based views
- Support violation messages in UniqueConstraint
Full release notes:
https://github.com/encode/django-rest-framework/releases/tag/3.17.0
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
v10.0.0 is a major release with these key changes:
- Drop Python 3.8 and 3.9 support; minimum is now Python 3.10
- Depend on vcs-versioning for core version inference logic, allowing
other build backends to reuse it without a setuptools dependency
- Version files (write_to, version_file) are now written to the build
directory during build_py instead of the source tree during version
inference, enabling builds from read-only source directories
v10.0.1 fixes the release pipeline tooling only (no functional changes).
Full release notes:
https://github.com/pypa/setuptools-scm/releases/tag/setuptools-scm-v10.0.0
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
vcs-versioning provides the core VCS version inference logic that was
extracted from setuptools-scm into a standalone library. This enables
other build backends to use the same version inference without a
setuptools dependency.
Required as a new dependency for setuptools-scm >= 10.0.0.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Was needed by python-zipp
Right now, it's no longer needed, so it can be pulled by pip
on the device (if needed).
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Pillow 12.x introduces pybind11-based C extension bindings and a
custom build backend (wrapping setuptools.build_meta). This requires:
- Replacing python-setuptools-scm with python-setuptools as build dep
- Adding python-pybind11 as a new build dependency (host)
- Updating build config settings from --build-option flags to the new
key=value format (e.g. zlib=enable, imagequant=disable)
- Removing the separate webpmux flag (merged into webp feature)
Full release notes:
https://pillow.readthedocs.io/en/stable/releasenotes/index.html
Remove 001-remove-setuptools-version-limit.patch
That's an old relic since when setuptools was packaged inside Python3
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
pybind11 is a header-only library that exposes C++ types in Python,
used as a build-time dependency by packages like Pillow 12.x.
Uses setuptools as its build backend.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changelog since 3.1.3:
- v3.1.4: Fix special device name access on Windows in send_from_directory
(security); fix multipart parser \r\n handling at chunk boundaries;
improve Watchdog reloader CPU efficiency
- v3.1.5: Extend Windows path protection against special device names
(security); fix multipart form parser \r\n at chunk boundaries; fix
AttributeError in DebuggedApplication with pin_security=False
- v3.1.6: Block special device names in multi-segment paths on Windows
via safe_join (security)
Add test.sh.
Full changelog:
https://werkzeug.palletsprojects.com/en/stable/changes/
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changelog since 0.6.2:
- Fix CVE-2026-30922: nesting depth limit in ASN.1 decoder to prevent
stack overflow from deeply nested structures
- Fix OverflowError from oversized BER length fields (#54)
- Fix incorrect stacklevel in deprecation warnings (#86)
- Fix fractional seconds parsing in asDateTime function (#81)
Full changelog: https://github.com/pyasn1/pyasn1/blob/main/CHANGES.rst
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changelog since 25.3.0:
- v25.4.0: Add python-hatch-fancy-pypi-readme as build dependency
- v26.1.0: Field aliases now resolved before calling field_transformer,
with new Attribute.alias_is_default flag (#1509); fix type annotations
for validators.optional() with tuples (#1496); validators.disabled()
now supports nesting (#1513); frozen classes support
on_setattr=attrs.setters.NO_OP (#1515); attrs.fields() accepts
instances in addition to classes (#1529)
Full changelog: https://www.attrs.org/en/stable/changelog.html
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changes since 23.1.0:
- 24.1.0: migrate from setup.cfg to pyproject.toml
- 25.1.0: drop Python 3.7 and 3.8 support; maintenance updates
Required by python-attrs 25.4.0 which needs hatch-fancy-pypi-readme>=23.2.0.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changes since 1.1.0:
- Python 3.11+ compatibility fixes
- Drop Python 2 support
- Various bug fixes and maintenance updates
Drop upstreamed patch: 001-backport-ffi-fix.patch
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changes since 0.22.1:
- Require Python >= 3.8 (dropped 3.7)
- Performance improvements and internal refactoring
- Better type annotations and mypy support
- Various bug fixes
Also add PKG_BUILD_DEPENDS on python-setuptools/host as bidict uses
setuptools.build_meta build backend.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changes since 1.16.0:
- Drop Python 2.7 and 3.5 support
- Add ensure_str(), ensure_binary(), ensure_text() helpers
- Various minor fixes and maintenance updates
six 1.17.0 switched to pyproject.toml with setuptools build backend,
so add PKG_BUILD_DEPENDS on python-setuptools/host.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changelog since 2.2.2:
- Add mpz.array() method for NumPy interaction
- Implement mpq.limit_denominator() functionality
- Add is_integer() method for mpz/mpq types
- Add mixed-mode arithmetic support for mpc types
- Enhanced formatting using context's rounding mode defaults
- Full free-threaded Python build support
- Fix memory leaks in MPFR/MPC cache and context exit
- Drop CPython 3.8 support (requires 3.9+)
Add test.sh.
gmpy2 2.3.0 switched to pyproject.toml with setuptools-scm for version
management. Add python-setuptools-scm/host to PKG_BUILD_DEPENDS.
Full changelog:
https://github.com/aleaxit/gmpy/releases
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changelog since 0.5.1:
- Add configurable I/O buffer size via buffer_size attribute (0.5.2)
- Add Web Key Directory (WKD) support for automatic key location (0.5.3)
- Fix sensitive data exposure by removing decryption result logging (0.5.3)
- Fix exception handling in on_data callable during GPG operations (0.5.4)
- Fix GPG version detection robustness (0.5.5)
- Add uid_map attribute to capture UID information (0.5.5)
- Add capability, fingerprint and keygrip to subkey_info (0.5.6)
- Fix username handling when verification keys are expired/revoked (0.5.6)
Full changelog:
https://github.com/vsajip/python-gnupg/releases
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changelog since 2.4.2:
- Fix threading issue with OpenBLAS on ARM
- Fix memory leaks found via LeakSanitizer
- Fix buffer overrun in CPU baseline validation
- Fix NULL pointer dereference and reference leaks
- Fix np.ma.flatten_structured_array infinite recursion
- Fix np.isin() weak hash function
- Fix busdaycalendar bool array weekmask handling
Full changelog:
https://github.com/numpy/numpy/releases/tag/v2.4.3
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
