Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

python310Packages.future: 0.18.2 -> 0.18.3 #210072

Merged
merged 1 commit into from
Jan 19, 2023
Merged

python310Packages.future: 0.18.2 -> 0.18.3 #210072

merged 1 commit into from
Jan 19, 2023

Conversation

dotlambda
Copy link
Member

@dotlambda dotlambda commented Jan 10, 2023
edited
Loading

We should really remove future from the package set.

Description of changes

https://github.com/PythonCharmers/python-future/releases/tag/v0.18.3

fixes CVE-2022-40899

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 23.05 Release Notes (or backporting 22.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@dotlambda dotlambda added 1.severity: security Issues which raise a security issue, or PRs that fix one backport release-22.11 labels Jan 10, 2023
@ofborg ofborg bot requested a review from prikhi January 10, 2023 17:45
@dotlambda dotlambda requested a review from mweinelt January 11, 2023 19:35
@dotlambda dotlambda changed the base branch from master to staging January 11, 2023 19:36
@dotlambda dotlambda marked this pull request as draft January 14, 2023 08:44
@dotlambda dotlambda marked this pull request as ready for review January 14, 2023 12:19
@dotlambda dotlambda changed the title python310Packages.future: patch CVE-2022-40899 python310Packages.future: 0.18.2 -> 0.18.3 Jan 14, 2023
@dotlambda dotlambda merged commit 3a7055a into NixOS:staging Jan 19, 2023
@dotlambda dotlambda deleted the CVE-2022-40899 branch January 19, 2023 03:42
@github-actions github-actions bot mentioned this pull request Jan 19, 2023
Merged
1 task
@github-actions
Copy link
Contributor

Successfully created backport PR #211514 for staging-22.11.

SuperSandro2000
SuperSandro2000 reviewed Jan 19, 2023
View reviewed changes
pkgs/development/python-modules/future/default.nix
Comment on lines +17 to +23
pythonImportsCheck = [
"future.builtins"
"future.moves"
"future.standard_library"
"past.builtins"
"past.translation"
];
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for digging up several imports!

@kirillrdy kirillrdy mentioned this pull request Jan 24, 2023
Merged
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SuperSandro2000 SuperSandro2000 SuperSandro2000 left review comments

@FRidh FRidh Awaiting requested review from FRidh

@jonringer jonringer Awaiting requested review from jonringer

@prikhi prikhi Awaiting requested review from prikhi

@mweinelt mweinelt Awaiting requested review from mweinelt

Assignees
No one assigned
Labels
1.severity: security Issues which raise a security issue, or PRs that fix one 6.topic: python 8.has: clean-up 10.rebuild-darwin: 501+ 10.rebuild-darwin: 1001-2500 10.rebuild-linux: 501+ 10.rebuild-linux: 2501-5000
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dotlambda @SuperSandro2000