Skip to content

Bump aqt from 25.2.5 to 25.9.4#259

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/aqt-25.9.4
Open

Bump aqt from 25.2.5 to 25.9.4#259
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/aqt-25.9.4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown
Contributor

Bumps aqt from 25.2.5 to 25.9.4.

Release notes

Sourced from aqt's releases.

25.09.4

What's Changed

This is a security release. Please upgrade as soon as possible using Tools > Upgrade/Downgrade.

Importing untrusted decks (.apkg files) had the ability to read local files. This has now been fixed.

Other fixes and new features will follow in the next beta release.

Many thanks to @​Bankde for the excellent report and to @​abdnh, @​dae, and @​fernandolins for the fix! 🙏🏻

Installing

  • If you're a new user, please grab the latest launcher from https://apps.ankiweb.net
  • If you already have the 25.09 launcher, you can use Tools>Upgrade/Downgrade inside Anki.
  • If you have an older launcher/Anki, please grab the latest launcher first, as the older one may or may not work.

25.09.3

What's Changed

This is a security release. Please upgrade as soon as possible using Tools > Upgrade/Downgrade.

Anki's local media server did not sufficiently validate requests, which could allow a malicious website to read local files while Anki was running. This had the potential to affect mostly Firefox and Safari users. Chrome already restricts local network access. Thanks to the great Tavis Ormandy (@​taviso) for the report.

All other fixes and new features since 25.09.2 will follow in a separate beta release.

Installing

  • If you're a new user, please grab the latest launcher from https://apps.ankiweb.net
  • If you already have the 25.09 launcher, you can use Tools>Upgrade/Downgrade inside Anki.
  • If you have an older launcher/Anki, please grab the latest launcher first, as the older one may or may not work.

25.09.2

Installing

  • If you're a new user, please grab the latest launcher from https://apps.ankiweb.net
  • If you already have the 25.09 launcher, you can use Tools>Upgrade/Downgrade inside Anki.
  • If you have an older launcher/Anki, please grab the latest launcher first, as the older one may or may not work.

What's Changed

New Contributors

... (truncated)

Commits
  • d52ca66 Draft release.
  • 18f35ca Add arg attributes.
  • 341452e Add workflows for publishing Python packages.
  • 03de05a Prepare release 25.09.4
  • c887bb3 Update release.just to include version parameter in prepare command
  • 3854d22 Regenerate licenses.json.
  • 41bb118 just fmt.
  • f373daa Pull in changes to minilints.
  • 636fbd7 ci: support releases from non-main branches
  • 162e2ea Fix false-positive path in CSP smoke test for error events
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [aqt](https://github.com/ankitects/anki) from 25.2.5 to 25.9.4.
- [Release notes](https://github.com/ankitects/anki/releases)
- [Changelog](https://github.com/ankitects/anki/blob/main/release.just)
- [Commits](ankitects/anki@25.02.5...25.09.4)

---
updated-dependencies:
- dependency-name: aqt
  dependency-version: 25.9.4
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants