Sourced from bytes's releases.
Bytes v1.11.1
1.11.1 (February 3rd, 2026)
- Fix integer overflow in
BytesMut::reserve
Sourced from bytes's changelog.
1.11.1 (February 3rd, 2026)
- Fix integer overflow in
BytesMut::reserve
417dccd
Release bytes v1.11.1 (#820)d0293b0
Merge commit from forkSourced from cryptography's changelog.
46.0.5 - 2026-02-10
* An attacker could create a malicious public key that reveals portions of your private key when using certain uncommon elliptic curves (binary curves). This version now includes additional security checks to prevent this attack. This issue only affects binary elliptic curves, which are rarely used in real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and Atuin Automated Vulnerability Discovery Engine** for reporting the issue. **CVE-2026-26007** * Support for ``SECT*`` binary elliptic curves is deprecated and will be removed in the next release... v46-0-4:
46.0.4 - 2026-01-27
Dropped support for win_arm64 wheels_.- Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.
.. _v46-0-3:
Sourced from tokio's releases.
Tokio v1.49.0
1.49.0 (January 3rd, 2026)
Added
- net: add support for
TCLASSoption on IPv6 (#7781)- runtime: stabilize
runtime::id::Id(#7125)- task: implement
ExtendforJoinSet(#7195)- task: stabilize the
LocalSet::id()(#7776)Changed
- net: deprecate
{TcpStream,TcpSocket}::set_linger(#7752)Fixed
- macros: fix the hygiene issue of
join!andtry_join!(#7766)- runtime: revert "replace manual vtable definitions with Wake" (#7699)
- sync: return
TryRecvError::DisconnectedfromReceiver::try_recvafterReceiver::close(#7686)- task: remove unnecessary trait bounds on the
Debugimplementation (#7720)Unstable
- fs: handle
EINTRinfs::writefor io-uring (#7786)- fs: support io-uring with
tokio::fs::read(#7696)- runtime: disable io-uring on
EPERM(#7724)- time: add alternative timer for better multicore scalability (#7467)
Documented
- docs: fix a typos in
bounded.rsandpark.rs(#7817)- io: add
SyncIoBridgecross-references tocopyandcopy_buf(#7798)- io: doc that
AsyncWritedoes not inherit fromstd::io::Write(#7705)- metrics: clarify that
num_alive_tasksis not strongly consistent (#7614)- net: clarify the cancellation safety of the
TcpStream::peek(#7305)- net: clarify the drop behavior of
unix::OwnedWriteHalf(#7742)- net: clarify the platform-dependent backlog in
TcpSocketdocs (#7738)- runtime: mention
LocalRuntimeinnew_current_threaddocs (#7820)- sync: add missing period to
mpsc::Sender::try_senddocs (#7721)- sync: clarify the cancellation safety of
oneshot::Receiver(#7780)- sync: improve the docs for the
errorsof mpsc (#7722)- task: add example for
spawn_localusage on local runtime (#7689)#7125: tokio-rs/tokio#7125 #7195: tokio-rs/tokio#7195 #7305: tokio-rs/tokio#7305 #7467: tokio-rs/tokio#7467 #7614: tokio-rs/tokio#7614 #7686: tokio-rs/tokio#7686 #7689: tokio-rs/tokio#7689
... (truncated)
e3b89bb
chore: prepare Tokio v1.49.0 (#7824)4f577b8
Merge 'tokio-1.47.3' into 'master'f320197
chore: prepare Tokio v1.47.3 (#7823)ea6b144
ci: freeze rustc on nightly-2025-01-25 in netlify.toml (#7652)264e703
Merge tokio-1.43.4 into tokio-1.47.x (#7822)dfb0f00
chore: prepare Tokio v1.43.4 (#7821)4a91f19
ci: fix wasm32-wasip1 tests (#7788)601c383
ci: upgrade FreeBSD from 14.2 to 14.3 (#7758)484cb52
sync: return TryRecvError::Disconnected from
Receiver::try_recv after `Re...16f20c3
rt: mention LocalRuntime in new_current_thread
docs (#7820)Sourced from github.com/docker/docker's releases.
v28.3.3
28.3.3
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
Security
This release fixes an issue where, after a firewalld reload, published container ports could be accessed directly from the local network, even when they were intended to be accessible only via a loopback address. CVE-2025-54388 / GHSA-x4rx-4gw3-53p4 / moby/moby#50506.
Packaging updates
- Update Buildx to v0.26.1. docker/docker-ce-packaging#1230
- Update Compose to v2.39.1. docker/docker-ce-packaging#1234
- Update Docker Model CLI plugin to v0.1.36. docker/docker-ce-packaging#1233
Go SDK
- cli/command/formatter: add
TrunateID()utility as alternative forgithub.com/docker/docker/pkg/stringid.TrunateID(). docker/cli#618028.3.2
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
- docker/cli, 28.3.2 milestone
- moby/moby, 28.3.2 milestone
- Deprecated and removed features, see Deprecated Features.
- Changes to the Engine API, see API version history.
Bug fixes and enhancements
- Fix
--use-api-socketnot working correctly when targeting a remote daemon. docker/cli#6157- Fix stray "otel error" logs being printed if debug logging is enabled. docker/cli#6160
- Quote SSH arguments when connecting to a remote daemon over an SSH connection to avoid unexpected expansion. docker/cli#6147
- Warn when
DOCKER_AUTH_CONFIGis set duringdocker loginanddocker logout. docker/cli#6163Packaging updates
- Update Compose to v2.38.2. docker/docker-ce-packaging#1225
- Update Docker Model CLI plugin to v0.1.33. docker/docker-ce-packaging#1227
- Update Go runtime to 1.24.5. moby/moby#50354
28.3.1
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
... (truncated)
bea959c
Merge pull request #50506
from robmry/backport-28.x/fix_firewalld_reload3e9ff78
bridge: Reapply endpoint iptables rules on firewalld reload29ed80a
bridge: Trigger firewalld reload during bridge integration testsda489a1
Merge pull request #50478
from thaJeztah/28.x_backport_gha_bump_bkf173e45
Merge pull request #50480
from austinvazquez/cherry-pick-ea29dffaa541289591aa...e4b1f89
daemon/server: remove compatibility with API v1.4 auth-config on
push0c9e14d
hack/buildkit-ref: temporarily bump BuildKit to head of v0.23
branchbf6d688
Merge pull request #50471
from austinvazquez/cherry-pick-b1ce0c89f0214cc6711c...4205776
client: always send (empty) body on pushe77ff99
Merge pull request #50354
from vvoland/50353-28.xSourced from docker/login-action's releases.
v3.7.0
- Add
scopeinput to set scopes for the authentication token by@crazy-maxin docker/login-action#912- Add support for AWS European Sovereign Cloud ECR by
@dphiin docker/login-action#914- Ensure passwords are redacted with
registry-authinput by@crazy-maxin docker/login-action#911- build(deps): bump lodash from 4.17.21 to 4.17.23 in docker/login-action#915
Full Changelog: https://github.com/docker/login-action/compare/v3.6.0...v3.7.0
c94ce9f
Merge pull request #915
from docker/dependabot/npm_and_yarn/lodash-4.17.238339c95
Merge pull request #912
from docker/scopec83e932
build(deps): bump lodash from 4.17.21 to 4.17.23b268aa5
chore: update generated contenta603229
documentation for scope input7567f92
Add scope input to set scopes for the authentication token0567fa5
Merge pull request #914
from dphi/add-support-for-amazonaws.euf6ef577
feat: add support for AWS European Sovereign Cloud ECR registries916386b
Merge pull request #911
from crazy-max/ensure-redact5b3f94a
chore: update generated contentSourced from actions/setup-python's releases.
v6.2.0
What's Changed
Dependency Upgrades
- Upgrade dependencies to Node 24 compatible versions by
@salmanmkcin actions/setup-python#1259- Upgrade urllib3 from 2.5.0 to 2.6.3 in
/__tests__/databy@dependabotin actions/setup-python#1253 and actions/setup-python#1264Full Changelog: https://github.com/actions/setup-python/compare/v6...v6.2.0
Sourced from actions/cache's releases.
v5.0.3
What's Changed
- Bump
@actions/cacheto v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)- Bump
@actions/coreto v2.0.3Full Changelog: https://github.com/actions/cache/compare/v5...v5.0.3
v.5.0.2
v5.0.2
What's Changed
When creating cache entries, 429s returned from the cache service will not be retried.
Sourced from actions/cache's changelog.
Releases
How to prepare a release
[!NOTE]
Relevant for maintainers with write access only.
- Switch to a new branch from
main.- Run
npm testto ensure all tests are passing.- Update the version in
https://github.com/actions/cache/blob/main/package.json.- Run
npm run buildto update the compiled files.- Update this
https://github.com/actions/cache/blob/main/RELEASES.mdwith the new version and changes in the## Changelogsection.- Run
licensed cacheto update the license report.- Run
licensed statusand resolve any warnings by updating thehttps://github.com/actions/cache/blob/main/.licensed.ymlfile with the exceptions.- Commit your changes and push your branch upstream.
- Open a pull request against
mainand get it reviewed and merged.- Draft a new release https://github.com/actions/cache/releases use the same version number used in
package.json
- Create a new tag with the version number.
- Auto generate release notes and update them to match the changes you made in
RELEASES.md.- Toggle the set as the latest release option.
- Publish the release.
- Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
- There should be a workflow run queued with the same version number.
- Approve the run to publish the new version and update the major tags for this action.
Changelog
5.0.3
- Bump
@actions/cacheto v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)- Bump
@actions/coreto v2.0.35.0.2
- Bump
@actions/cacheto v5.0.3 #16925.0.1
- Update
@azure/storage-blobto^12.29.1via@actions/cache@5.0.1#16855.0.0
[!IMPORTANT]
actions/cache@v5runs on the Node.js 24 runtime and requires a minimum Actions Runner version of2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.4.3.0
- Bump
@actions/cacheto v4.1.0
... (truncated)
cdf6c1f
Merge pull request #1695
from actions/Link-/prepare-5.0.3a1bee22
Add review for the @actions/http-client license4695763
Add licensed outputdc73bb9
Upgrade dependencies and address security warnings345d5c2
Add 5.0.3 builds8b402f5
Merge pull request #1692
from GhadimiR/main304ab5a
license for httpclient609fc19
Update licensed record for cacheb22231e
Build93150cd
Add PR link to releasesSourced from reqwest's releases.
v0.12.28
What's Changed
- fix: correctly import TokioIo on Windows by
@seanmonstarin seanmonstar/reqwest#2896Full Changelog: https://github.com/seanmonstar/reqwest/compare/v0.12.27...v0.12.28
v0.12.27
tl;dr
- Add
ClientBuilder::windows_named_pipe(name)option that will force all requests over that Windows Named Pipe.What's Changed
- chore: Disable unused tokio-util codec feature by
@tottotoin seanmonstar/reqwest#2893- chore: Use http_body_util::BodyDataStream by
@tottotoin seanmonstar/reqwest#2892- feat: add windows_named_pipe() option to client builder by
@seanmonstarin seanmonstar/reqwest#2789Full Changelog: https://github.com/seanmonstar/reqwest/compare/v0.12.26...v0.12.27
Sourced from reqwest's changelog.
v0.12.28
- Fix compiling on Windows if TLS and SOCKS features are not enabled.
v0.12.27
- Add
ClientBuilder::windows_named_pipe(name)option that will force all requests over that Windows Named Piper.
d978599
v0.12.28ef2768a
fix: correctly import TokioIo on Windows (#2896)1bf6441
v0.12.274967b1b
feat: add windows_named_pipe() option to client builder (#2789)ef5b239
chore: Use http_body_util::BodyDataStream (#2892)a810004
chore: Disable unused tokio-util codec feature (#2893)