Log message:
python313 py313-html-docs: updated to 3.13.13

Python 3.13.13

macOS

gh-144551: Update macOS installer to use OpenSSL 3.0.19.
gh-137586: Invoke osascript with absolute path in webbrowser and turtledemo.

Windows

gh-144551: Updated bundled version of OpenSSL to 3.0.19.
gh-140131: Fix REPL cursor position on Windows when module completion suggestion \ 
line hits console width.

Tests

gh-144418: The Android testbed’s emulator RAM has been increased from 2 GB to 4 GB.
gh-146202: Fix a race condition in regrtest: make sure that the temporary \ 
directory is created in the worker process. Previously, temp_cwd() could fail on \ 
Windows if the “build” directory was not created. Patch by Victor Stinner.
gh-144739: When Python was compiled with system expat older then 2.7.2 but tests \ 
run with newer expat, still skip test.test_pyexpat.MemoryProtectionTest.

Security

gh-145986: xml.parsers.expat: Fixed a crash caused by unbounded C recursion when \ 
converting deeply nested XML content models with ElementDeclHandler(). This \ 
addresses CVE 2026-4224.
gh-145599: Reject control characters in http.cookies.Morsel update() and \ 
js_output(). This addresses CVE 2026-3644.
gh-145506: Fixes CVE 2026-2297 by ensuring that SourcelessFileLoader uses \ 
io.open_code() when opening .pyc files.
gh-144370: Disallow usage of control characters in status in wsgiref.handlers to \ 
prevent HTTP header injections. Patch by Benedikt Johannes.
gh-143930: Reject leading dashes in URLs passed to webbrowser.open().

Library

gh-144503: Fix a regression introduced in 3.14.3 and 3.13.12 where the \ 
multiprocessing forkserver start method would fail with BrokenPipeError when the \ 
parent process had a very large sys.argv. The argv is now passed to the \ 
forkserver as separate command-line arguments rather than being embedded in the \ 
-c command string, avoiding the operating system’s per-argument length limit.
gh-146613: itertools: Fix a crash in itertools.groupby() when the grouper \ 
iterator is concurrently mutated.
gh-146080: ssl: fix a crash when an SNI callback tries to use an SSL object that \ 
has already been garbage-collected. Patch by Bénédikt Tran.
gh-146090: sqlite3: fix a crash when sqlite3.Connection.create_collation() fails \ 
with SQLITE_BUSY. Patch by Bénédikt Tran.
gh-146090: sqlite3: properly raise MemoryError instead of SystemError when a \ 
context callback fails to be allocated. Patch by Bénédikt Tran.
gh-145633: Fix struct.pack('f', float): use PyFloat_Pack4() to raise \ 
OverflowError. Patch by Sergey B Kirpichev and Victor Stinner.
gh-146310: The ensurepip module no longer looks for pip-*.whl wheel packages in \ 
the current directory.
gh-146083: Update bundled libexpat to version 2.7.5.
gh-146076: zoneinfo: fix crashes when deleting _weak_cache from a \ 
zoneinfo.ZoneInfo subclass.
gh-146054: Limit the size of encodings.search_function() cache. Found by OSS \ 
Fuzz in 493449985.
gh-145883: zoneinfo: Fix heap buffer overflow reads from malformed TZif data. \ 
Found by OSS Fuzz, issues 492245058 and 492230068.
gh-145750: Avoid undefined behaviour from signed integer overflow when parsing \ 
format strings in the struct module. Found by OSS Fuzz in 488466741.
gh-145492: Fix infinite recursion in collections.defaultdict __repr__ when a \ 
defaultdict contains itself. Based on analysis by KowalskiThomas in gh-145492.
gh-145623: Fix crash in struct when calling repr() or __sizeof__() on an \ 
uninitialized struct.Struct object created via Struct.__new__() without calling \ 
__init__().
gh-145616: Detect Android sysconfig ABI correctly on 32-bit ARM Android on \ 
64-bit ARM kernel
gh-145376: Fix null pointer dereference in unusual error scenario in hashlib.
gh-145551: Fix InvalidStateError when cancelling process created by \ 
asyncio.create_subprocess_exec() or asyncio.create_subprocess_shell(). Patch by \ 
Daan De Meyer.
gh-145417: venv: Prevent incorrect preservation of SELinux context when copying \ 
the Activate.ps1 script. The script inherited the SELinux security context of \ 
the system template directory, rather than the destination project directory.
gh-145301: hashlib: fix a crash when the initialization of the underlying C \ 
extension module fails.
gh-145264: Base64 decoder (see binascii.a2b_base64(), base64.b64decode(), etc) \ 
no longer ignores excess data after the first padded quad in non-strict \ 
(default) mode. Instead, in conformance with RFC 4648, section 3.3, it now \ 
ignores the pad character, “=”, if it is present before the end of the \ 
encoded data.
gh-145158: Avoid undefined behaviour from signed integer overflow when parsing \ 
format strings in the struct module.
gh-144984: Fix crash in xml.parsers.expat.xmlparser.ExternalEntityParserCreate() \ 
when an allocation fails. The error paths could dereference NULL handlers and \ 
double-decrement the parent parser’s reference count.
gh-88091: Fix unicodedata.decomposition() for Hangul characters.
gh-144835: Added missing explanations for some parameters in glob.glob() and \ 
glob.iglob().
gh-144833: Fixed a use-after-free in ssl when SSL_new() returns NULL in \ 
newPySSLSocket(). The error was reported via a dangling pointer after the object \ 
had already been freed.
gh-144259: Fix inconsistent display of long multiline pasted content in the REPL.
gh-144156: Fix the folding of headers by the email library when RFC 2047 encoded \ 
words are used. Now whitespace is correctly preserved and also correctly added \ 
between adjacent encoded words. The latter property was broken by the fix for \ 
gh-92081, which mostly fixed previous failures to preserve whitespace.
gh-66305: Fixed a hang on Windows in the tempfile module when trying to create a \ 
temporary file or subdirectory in a non-writable directory.
gh-140814: multiprocessing.freeze_support() no longer sets the default start \ 
method as a side effect, which previously caused a subsequent \ 
multiprocessing.set_start_method() call to raise RuntimeError.
gh-144475: Calling repr() on functools.partial() is now safer when the partial \ 
object’s internal attributes are replaced while the string representation is \ 
being generated.
gh-144538: Bump the version of pip bundled in ensurepip to version 26.0.1
gh-144363: Update bundled libexpat to 2.7.4
gh-143637: Fixed a crash in socket.sendmsg() that could occur if ancillary data \ 
is mutated re-entrantly during argument parsing.
gh-143880: Fix data race in functools.partial() in the free threading build.
gh-143543: Fix a crash in itertools.groupby that could occur when a user-defined \ 
__eq__() method re-enters the iterator during key comparison.
gh-140652: Fix a crash in _interpchannels.list_all() after closing a channel.
gh-143698: Allow scheduler and setpgroup arguments to be explicitly None when \ 
calling os.posix_spawn() or os.posix_spawnp(). Patch by Bénédikt Tran.
gh-143698: Raise TypeError instead of SystemError when the scheduler in \ 
os.posix_spawn() or os.posix_spawnp() is not a tuple. Patch by Bénédikt Tran.
gh-143304: Fix ctypes.CDLL to honor the handle parameter on POSIX systems.
gh-142781: zoneinfo: fix a crash when instantiating ZoneInfo objects for which \ 
the internal class-level cache is inconsistent.
gh-142763: Fix a race condition between zoneinfo.ZoneInfo creation and \ 
zoneinfo.ZoneInfo.clear_cache() that could raise KeyError.
gh-142787: Fix assertion failure in sqlite3 blob subscript when slicing with \ 
indices that result in an empty slice.
gh-142352: Fix asyncio.StreamWriter.start_tls() to transfer buffered data from \ 
StreamReader to the SSL layer, preventing data loss when upgrading a connection \ 
to TLS mid-stream (e.g., when implementing PROXY protocol support).
gh-141707: Don’t change tarfile.TarInfo type from AREGTYPE to DIRTYPE when \ 
parsing GNU long name or link headers.
gh-139933: Improve AttributeError suggestions for classes with a custom \ 
__dir__() method returning a list of unsortable values. Patch by Bénédikt \ 
Tran.
gh-138891: Fix SyntaxError when inspect.get_annotations(f, eval_str=True) is \ 
called on a function annotated with a PEP 646 star_expression
gh-137335: Get rid of any possibility of a name conflict for named pipes in \ 
multiprocessing and asyncio on Windows, no matter how small.
gh-80667: Support lookup for Tangut Ideographs in unicodedata.
bpo-40243: Fix unicodedata.ucd_3_2_0.numeric() for non-decimal values.

Documentation

gh-126676: Expand argparse documentation for type=bool with a demonstration of \ 
the surprising behavior and pointers to common alternatives.
gh-145450: Document missing public wave.Wave_write getter methods.

Core and Builtins

gh-148157: Fix an unlikely crash when parsing an invalid type comments for \ 
function parameters. Found by OSS Fuzz in 492782951.

gh-146615: Fix a crash in __get__() for METH_METHOD descriptors when an invalid \ 
(non-type) object is passed as the second argument. Patch by Steven Sun.

gh-146128: Fix a bug which could cause constant values to be partially corrupted \ 
in AArch64 JIT code. This issue is theoretical, and hasn’t actually been \ 
observed in unmodified Python interpreters.

gh-146250: Fixed a memory leak in SyntaxError when re-initializing it.

gh-146245: Fixed reference leaks in socket when audit hooks raise exceptions in \ 
socket.getaddrinfo() and socket.sendto().

gh-146227: Fix wrong type in _Py_atomic_load_uint16 in the C11 atomics backend \ 
(pyatomic_std.h), which used a 32-bit atomic load instead of 16-bit. Found by \ 
Mohammed Zuhaib.

gh-146056: Fix repr() for lists containing NULLs.

gh-145990: python --help-env sections are now sorted by environment variable name.

gh-145376: Fix GC tracking in structseq.__replace__().

gh-142183: Avoid a pathological case where repeated calls at a specific stack \ 
depth could be significantly slower.

gh-145783: Fix an unlikely crash in the parser when certain errors were \ 
erroneously not propagated. Found by OSS Fuzz in 491369109.

gh-145701: Fix SystemError when __classdict__ or __conditional_annotations__ is \ 
in a class-scope inlined comprehension. Found by OSS Fuzz in 491105000.

gh-145335: Fix a crash in os.pathconf() when called with -1 as the path argument.

gh-145234: Fixed a SystemError in the parser when an encoding cookie (for \ 
example, UTF-7) decodes to carriage returns (\r). Newlines are now normalized \ 
after decoding in the string tokenizer.

Patch by Pablo Galindo.

gh-130555: Fix use-after-free in dict.clear() when the dictionary values are \ 
embedded in an object and a destructor causes re-entrant mutation of the \ 
dictionary.

gh-145008: Fix a bug when calling certain methods at the recursion limit which \ 
manifested as a corruption of Python’s operand stack. Patch by Ken Jin.

gh-144872: Fix heap buffer overflow in the parser found by OSS-Fuzz.

gh-144766: Fix a crash in fork child process when perf support is enabled.

gh-144759: Fix undefined behavior in the lexer when start and multi_line_start \ 
pointers are NULL in _PyLexer_remember_fstring_buffers() and \ 
_PyLexer_restore_fstring_buffers(). The NULL pointer arithmetic (NULL - \ 
valid_pointer) is now guarded with explicit NULL checks.

gh-144601: Fix crash when importing a module whose PyInit function raises an \ 
exception from a subinterpreter.

gh-143636: Fix a crash when calling SimpleNamespace.__replace__() on \ 
non-namespace instances. Patch by Bénédikt Tran.

gh-143650: Fix race condition in importlib where a thread could receive a stale \ 
module reference when another thread’s import fails.

gh-140594: Fix an out of bounds read when a single NUL character is read from \ 
the standard input. Patch by Shamil Abdulaev.

gh-91636: While performing garbage collection, clear weakrefs to unreachable \ 
objects that are created during running of finalizers. If those weakrefs were \ 
are not cleared, they could reveal unreachable objects.

gh-130327: Fix erroneous clearing of an object’s __dict__ if overwritten at \ 
runtime.

gh-80667: Literals using the \N{name} escape syntax can now construct CJK \ 
ideographs and Hangul syllables using case-insensitive names.

Build

gh-146541: The Android testbed can now be built for 32-bit ARM and x86 targets.
gh-146450: The Android build script was modified to improve parity with other \ 
platform build scripts.
gh-145801: When Python build is optimized with GCC using PGO, use \ 
-fprofile-update=atomic option to use atomic operations when updating profile \ 
information. This option reduces the risk of gcov Data Files (.gcda) corruption \ 
which can cause random GCC crashes. Patch by Victor Stinner.
gh-129259: Fix AIX build failures caused by incorrect struct alignment in \ 
_Py_CODEUNIT and _Py_BackoffCounter by adding AIX-specific #pragma pack \ 
directives.

Log message:
python*: restrict expat workaround to NetBSD<11.99.5

that version installs expat_config.h

Pullups for 10, 11 have been filed, the pattern can be improved
when they are merged.

Log message:
python31*: force use expat from pkgsrc to fix builds across platforms

Log message:
python313 py313-html-docs: updated to 3.13.12

Python 3.13.12 final

Windows
gh-128067: Fix a bug in PyREPL on Windows where output without a trailing \ 
newline was overwritten by the next prompt.
Tools/Demos
gh-142095: Make gdb ‘py-bt’ command use frame from thread local state when \ 
available. Patch by Sam Gross and Victor Stinner.
Tests
gh-144415: The Android testbed now distinguishes between stdout/stderr messages \ 
which were triggered by a newline, and those triggered by a manual call to \ 
flush. This fixes logging of progress indicators and similar content.
gh-65784: Add support for parametrized resource wantobjects in regrtests, which \ 
allows to run Tkinter tests with the specified value of tkinter.wantobjects, for \ 
example -u wantobjects=0.
gh-143553: Add support for parametrized resources, such as -u xpickle=2.7.
gh-142836: Accommodated Solaris in test_pdb.test_script_target_anonymous_pipe.
gh-129401: Fix a flaky test in test_repr_rlock that checks the representation of \ 
multiprocessing.RLock.
bpo-31391: Forward-port test_xpickle from Python 2 to Python 3 and add the \ 
resource back to test’s command line.
Security
gh-144125: BytesGenerator will now refuse to serialize (write) headers that are \ 
unsafely folded or delimited; see verify_generated_headers. (Contributed by Bas \ 
Bloemsaat and Petr Viktorin in gh-121650).
gh-143935: Fixed a bug in the folding of comments when flattening an email \ 
message using a modern email policy. Comments consisting of a very long sequence \ 
of non-foldable characters could trigger a forced line wrap that omitted the \ 
required leading space on the continuation line, causing the remainder of the \ 
comment to be interpreted as a new header field. This enabled header injection \ 
with carefully crafted inputs.
gh-143925: Reject control characters in data: URL media types.
gh-143919: Reject control characters in http.cookies.Morsel fields and values.
gh-143916: Reject C0 control characters within wsgiref.headers.Headers fields, \ 
values, and parameters.
Library
gh-144380: Improve performance of io.BufferedReader line iteration by ~49%.
gh-144169: Fix three crashes when non-string keyword arguments are supplied to \ 
objects in the ast module.
gh-144100: Fixed a crash in ctypes when using a deprecated POINTER(str) type in \ 
argtypes. Instead of aborting, ctypes now raises a proper Python exception when \ 
the pointer target type is unresolved.
gh-144050: Fix stat.filemode() in the pure-Python implementation to avoid \ 
misclassifying invalid mode values as block devices.
gh-144023: Fixed validation of file descriptor 0 in posix functions when used \ 
with follow_symlinks parameter.
gh-143999: Fix an issue where inspect.getgeneratorstate() and \ 
inspect.getcoroutinestate() could fail for generators wrapped by \ 
types.coroutine() in the suspended state.
gh-143706: Fix multiprocessing forkserver so that sys.argv is correctly set \ 
before __main__ is preloaded. Previously, sys.argv was empty during main module \ 
import in forkserver child processes. This fixes a regression introduced in \ 
3.13.8 and 3.14.1. Root caused by Aaron Wieczorek, test provided by Thomas \ 
Watson, thanks!
gh-143638: Forbid reentrant calls of the pickle.Pickler and pickle.Unpickler \ 
methods for the C implementation. Previously, this could cause crash or data \ 
corruption, now concurrent calls of methods of the same object raise \ 
RuntimeError.
gh-78724: Raise RuntimeError’s when user attempts to call methods on \ 
half-initialized Struct objects, For example, created by Struct.__new__(Struct). \ 
Patch by Sergey B Kirpichev.
gh-143602: Fix a inconsistency issue in write() that leads to unexpected buffer \ 
overwrite by deduplicating the buffer exports.
gh-143547: Fix sys.unraisablehook() when the hook raises an exception and \ 
changes sys.unraisablehook(): hold a strong reference to the old hook. Patch by \ 
Victor Stinner.
gh-143378: Fix use-after-free crashes when a BytesIO object is concurrently \ 
mutated during write() or writelines().
gh-143346: Fix incorrect wrapping of the Base64 data in plistlib._PlistWriter \ 
when the indent contains a mix of tabs and spaces.
gh-143310: tkinter: fix a crash when a Python list is mutated during the \ 
conversion to a Tcl object (e.g., when setting a Tcl variable). Patch by \ 
Bénédikt Tran.
gh-143309: Fix a crash in os.execve() on non-Windows platforms when given a \ 
custom environment mapping which is then mutated during parsing. Patch by \ 
Bénédikt Tran.
gh-143308: pickle: fix use-after-free crashes when a PickleBuffer is \ 
concurrently mutated by a custom buffer callback during pickling. Patch by \ 
Bénédikt Tran and Aaron Wieczorek.
gh-143237: Fix support of named pipes in the rotating logging handlers.
gh-143249: Fix possible buffer leaks in Windows overlapped I/O on error handling.
gh-143241: zoneinfo: fix infinite loop in ZoneInfo.from_file when parsing a \ 
malformed TZif file. Patch by Fatih Celik.
gh-142830: sqlite3: fix use-after-free crashes when the connection’s callbacks \ 
are mutated during a callback execution. Patch by Bénédikt Tran.
gh-143200: xml.etree.ElementTree: fix use-after-free crashes in __getitem__() \ 
and __setitem__() methods of Element when the element is concurrently mutated. \ 
Patch by Bénédikt Tran.
gh-142195: Updated timeout evaluation logic in subprocess to be compatible with \ 
deterministic environments like Shadow where time moves exactly as requested.
gh-143145: Fixed a possible reference leak in ctypes when constructing results \ 
with multiple output parameters on error.
gh-122431: Corrected the error message in readline.append_history_file() to \ 
state that nelements must be non-negative instead of positive.
gh-143004: Fix a potential use-after-free in collections.Counter.update() when \ 
user code mutates the Counter during an update.
gh-143046: The asyncio REPL no longer prints copyright and version messages in \ 
the quiet mode (-q). Patch by Bartosz Sławecki.
gh-140648: The asyncio REPL now respects the -I flag (isolated mode). \ 
Previously, it would load and execute PYTHONSTARTUP even if the flag was set. \ 
Contributed by Bartosz Sławecki.
gh-142991: Fixed socket operations such as recvfrom() and sendto() for FreeBSD \ 
divert(4) socket.
gh-143010: Fixed a bug in mailbox where the precise timing of an external event \ 
could result in the library opening an existing file instead of a file it \ 
expected to create.
gh-142881: Fix concurrent and reentrant call of atexit.unregister().
gh-112127: Fix possible use-after-free in atexit.unregister() when the callback \ 
is unregistered during comparison.
gh-142783: Fix zoneinfo use-after-free with descriptor _weak_cache. a descriptor \ 
as _weak_cache could cause crashes during object creation. The fix ensures \ 
proper reference counting for descriptor-provided objects.
gh-142754: Add the ownerDocument attribute to xml.dom.minidom elements and \ 
attributes created by directly instantiating the Element or Attr class. Note \ 
that this way of creating nodes is not supported; creator functions like \ 
xml.dom.Document.documentElement() should be used instead.
gh-142784: The asyncio REPL now properly closes the loop upon the end of \ 
interactive session. Previously, it could cause surprising warnings. Contributed \ 
by Bartosz Sławecki.
gh-142555: array: fix a crash in a[i] = v when converting i to an index via \ 
i.__index__ or i.__float__ mutates the array.
gh-142594: Fix crash in TextIOWrapper.close() when the underlying buffer’s \ 
closed property calls detach().
gh-142451: hmac: Ensure that the HMAC.block_size attribute is correctly copied \ 
by HMAC.copy. Patch by Bénédikt Tran.
gh-142495: collections.defaultdict now prioritizes __setitem__() when inserting \ 
default values from default_factory. This prevents race conditions where a \ 
default value would overwrite a value set before default_factory returns.
gh-142651: unittest.mock: fix a thread safety issue where Mock.call_count may \ 
return inaccurate values when the mock is called concurrently from multiple \ 
threads.
gh-142595: Added type check during initialization of the decimal module to \ 
prevent a crash in case of broken stdlib. Patch by Sergey B Kirpichev.
gh-142517: The non-compat32 email policies now correctly handle refolding \ 
encoded words that contain bytes that can not be decoded in their specified \ 
character set. Previously this resulted in an encoding exception during folding.
gh-112527: The help text for required options in argparse no longer extended \ 
with “ (default: None)”.
gh-142315: Pdb can now run scripts from anonymous pipes used in process \ 
substitution. Patch by Bartosz Sławecki.
gh-142282: Fix winreg.QueryValueEx() to not accidentally read garbage buffer \ 
under race condition.
gh-75949: Fix argparse to preserve | separators in mutually exclusive groups \ 
when the usage line wraps due to length.
gh-68552: MisplacedEnvelopeHeaderDefect and Missing header name defects are now \ 
correctly passed to the handle_defect method of policy in FeedParser.
gh-142006: Fix a bug in the email.policy.default folding algorithm which \ 
incorrectly resulted in a doubled newline when a line ending at exactly \ 
max_line_length was followed by an unfoldable token.
gh-105836: Fix asyncio.run_coroutine_threadsafe() leaving underlying cancelled \ 
asyncio task running.
gh-139971: pydoc: Ensure that the link to the online documentation of a stdlib \ 
module is correct.
gh-139262: Some keystrokes can be swallowed in the new PyREPL on Windows, \ 
especially when used together with the ALT key. Fix by Chris Eibl.
gh-138897: Improved license/copyright/credits display in the REPL: now uses a pager.
gh-79986: Add parsing for References and In-Reply-To headers to the email \ 
library that parses the header content as lists of message id tokens. This \ 
prevents them from being folded incorrectly.
gh-109263: Starting a process from spawn context in multiprocessing no longer \ 
sets the start method globally.
gh-90871: Fixed an off by one error concerning the backlog parameter in \ 
create_unix_server(). Contributed by Christian Harries.
gh-133253: Fix thread-safety issues in linecache.
gh-132715: Skip writing objects during marshalling once a failure has occurred.
gh-127529: Correct behavior of \ 
asyncio.selector_events.BaseSelectorEventLoop._accept_connection() in handling \ 
ConnectionAbortedError in a loop. This improves performance on OpenBSD.
IDLE
gh-143774: Better explain the operation of Format / Format Paragraph.
Documentation
gh-140806: Add documentation for enum.bin().
Core and Builtins
gh-144307: Prevent a reference leak in module teardown at interpreter finalization.
gh-144194: Fix error handling in perf jitdump initialization on memory \ 
allocation failure.
gh-141805: Fix crash in set when objects with the same hash are concurrently \ 
added to the set after removing an element with the same hash while the set \ 
still contains elements with the same hash.
gh-143670: Fixes a crash in ga_repr_items_list function.
gh-143377: Fix a crash in _interpreters.capture_exception() when the exception \ 
is incorrectly formatted. Patch by Bénédikt Tran.
gh-143189: Fix crash when inserting a non-str key into a split table dictionary \ 
when the key matches an existing key in the split table but has no corresponding \ 
value in the dict.
gh-143228: Fix use-after-free in perf trampoline when toggling profiling while \ 
threads are running or during interpreter finalization with daemon threads \ 
active. The fix uses reference counting to ensure trampolines are not freed \ 
while any code object could still reference them. Pach by Pablo Galindo
gh-142664: Fix a use-after-free crash in memoryview.__hash__ when the __hash__ \ 
method of the referenced object mutates that object or the view. Patch by \ 
Bénédikt Tran.
gh-142557: Fix a use-after-free crash in bytearray.__mod__ when the bytearray is \ 
mutated while formatting the %-style arguments. Patch by Bénédikt Tran.
gh-143195: Fix use-after-free crashes in bytearray.hex() and memoryview.hex() \ 
when the separator’s __len__() mutates the original object. Patch by \ 
Bénédikt Tran.
gh-143135: Set sys.flags.inspect to 1 when PYTHONINSPECT is 0. Previously, it \ 
was set to 0 in this case.
gh-143003: Fix an overflow of the shared empty buffer in bytearray.extend() when \ 
__length_hint__() returns 0 for non-empty iterator.
gh-143006: Fix a possible assertion error when comparing negative non-integer \ 
float and int with the same number of bits in the integer part.
gh-142776: Fix a file descriptor leak in import.c
gh-142829: Fix a use-after-free crash in contextvars.Context comparison when a \ 
custom __eq__ method modifies the context via set().
gh-142766: Clear the frame of a generator when generator.close() is called.
gh-142737: Tracebacks will be displayed in fallback mode even if io.open() is \ 
lost. Previously, this would crash the interpreter. Patch by Bartosz Sławecki.
gh-142554: Fix a crash in divmod() when _pylong.int_divmod() does not return a \ 
tuple of length two exactly. Patch by Bénédikt Tran.
gh-142560: Fix use-after-free in bytearray search-like methods (find(), count(), \ 
index(), rindex(), and rfind()) by marking the storage as exported which causes \ 
reallocation attempts to raise BufferError. For contains(), split(), and \ 
rsplit() the buffer protocol is used for this.
gh-142343: Fix SIGILL crash on m68k due to incorrect assembly constraint.
gh-141732: Ensure the __repr__() for ExceptionGroup and BaseExceptionGroup does \ 
not change when the exception sequence that was original passed in to its \ 
constructor is subsequently mutated.
gh-100964: Fix reference cycle in exhausted generator frames. Patch by Savannah \ 
Ostrowski.
gh-140373: Correctly emit PY_UNWIND event when generator object is closed. Patch \ 
by Mikhail Efimov.
gh-138568: Adjusted the built-in help() function so that empty inputs are \ 
ignored in interactive mode.
gh-127773: Do not use the type attribute cache for types with incompatible MRO.
C API
gh-142571: PyUnstable_CopyPerfMapFile() now checks that opening the file \ 
succeeded before flushing.
Build
gh-142454: When calculating the digest of the JIT stencils input, sort the \ 
hashed files by filenames before adding their content to the hasher. This \ 
ensures deterministic hash input and hence deterministic hash, independent on \ 
filesystem order.
gh-141808: When running make clean-retain-profile, keep the generated JIT \ 
stencils. That way, the stencils are not generated twice when Profile-guided \ 
optimization (PGO) is used. It also allows distributors to supply their own \ 
pre-built JIT stencils.
gh-138061: Ensure reproducible builds by making JIT stencil header generation \ 
deterministic.

Log message:
*: recursive bump for icu 78.1

Log message:
lang/python313: remove unknown configure option

Log message:
python313 py313-html-docs: updated to 3.13.11

Python 3.13.11

Security

gh-142145: Remove quadratic behavior in xml.minidom node ID cache clearing.
gh-119451: Fix a potential memory denial of service in the http.client module. \ 
When connecting to a malicious server, it could cause an arbitrary amount of \ 
memory to be allocated. This could have led to symptoms including a MemoryError, \ 
swapping, out of memory (OOM) killed processes or containers, or even system \ 
crashes.
gh-119452: Fix a potential memory denial of service in the http.server module. \ 
When a malicious user is connected to the CGI server on Windows, it could cause \ 
an arbitrary amount of memory to be allocated. This could have led to symptoms \ 
including a MemoryError, swapping, out of memory (OOM) killed processes or \ 
containers, or even system crashes.

Library

gh-140797: Revert changes to the undocumented re.Scanner class. Capturing groups \ 
are still allowed for backward compatibility, although using them can lead to \ 
incorrect result. They will be forbidden in future Python versions.
gh-142206: The resource tracker in the multiprocessing module now uses the \ 
original communication protocol, as in Python 3.14.0 and below, by default. This \ 
avoids issues with upgrading Python while it is running. (Note that such \ 
‘in-place’ upgrades are not tested.) The tracker remains compatible with \ 
subprocesses that use new protocol (that is, subprocesses using Python 3.13.10, \ 
3.14.1 and 3.15).

Core and Builtins

gh-142218: Fix crash when inserting into a split table dictionary with a non str \ 
key that matches an existing key.

Log message:
python313: do not use system expat - it is not portable anymore