Log Message:
python39 py39-html-docs: updated to 3.9.14

Python 3.9.14

Security
gh-95778: Converting between int and str in bases other than 2 (binary), 4, 8 \ 
(octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a \ 
ValueError if the number of digits in string form is above a limit to avoid \ 
potential denial of service attacks due to the algorithmic complexity. This is a \ 
mitigation for CVE-2020-10735.

This new limit can be configured or disabled by environment variable, command \ 
line flag, or sys APIs. See the integer string conversion length limitation \ 
documentation. The default limit is 4300 digits in string form.

Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with feedback \ 
from Victor Stinner, Thomas Wouters, Steve Dower, Ned Deily, and Mark Dickinson.
gh-87389: http.server: Fix an open redirection vulnerability in the HTTP server \ 
when an URI path starts with //. Vulnerability discovered, and initial fix \ 
proposed, by Hamza Avvan.

Core and Builtins
gh-93065: Fix contextvars HAMT implementation to handle iteration over deep trees.

The bug was discovered and fixed by Eli Libman. See MagicStack/immutables#84 for \ 
more details.

Library
gh-94821: Fix binding of unix socket to empty address on Linux to use an \ 
available address from the abstract namespace, instead of “0”.
gh-91810: Suppress writing an XML declaration in open files in \ 
ElementTree.write() with encoding='unicode' and xml_declaration=None.
bpo-45393: Fix the formatting for await x and not x in the operator precedence \ 
table when using the help() system.
bpo-46197: Fix ensurepip environment isolation for subprocess running pip.

Tests
gh-95280: Fix problem with test_ssl test_get_ciphers on systems that require \ 
perfect forward secrecy (PFS) ciphers.
gh-94208: test_ssl is now checking for supported TLS version and protocols in \ 
more tests.
bpo-47016: Create a GitHub Actions workflow for verifying bundled pip and \ 
setuptools. Patch by Illia Volochii and Adam Turner.