Merge pull request #176420 from dotlambda/nixops-insecure

nixops: mark insecure
2024-11-17 23:36:17 +01:00 · 2022-06-06 19:19:50 -07:00 · 2022-06-06 19:19:50 -07:00 · b1d10e8209
commit b1d10e8209
parent 753b3c2bc1 007ffa6069
2 changed files with 15 additions and 0 deletions
--- a/pkgs/development/python2-modules/pyjwt/default.nix
+++ b/pkgs/development/python2-modules/pyjwt/default.nix
@ -40,5 +40,8 @@ buildPythonPackage rec {
    description = "JSON Web Token implementation in Python";
    homepage = "https://github.com/jpadilla/pyjwt";
    license = licenses.mit;
+    knownVulnerabilities = [
+      "CVE-2022-29217"
+    ];
  };
 }
--- a/pkgs/tools/package-management/nixops/default.nix
+++ b/pkgs/tools/package-management/nixops/default.nix
@ -6,6 +6,18 @@ let
  inherit (poetry2nix.mkPoetryPackages {
    projectDir = ./python-env;
    python = python2;
+    overrides = [
+      poetry2nix.defaultPoetryOverrides
+      (self: super: {
+        pyjwt = super.pyjwt.overridePythonAttrs (old: {
+          meta = old.meta // {
+            knownVulnerabilities = lib.optionals (lib.versionOlder old.version "2.4.0") [
+              "CVE-2022-29217"
+            ];
+          };
+        });
+      })
+    ];
  }) python;
  pythonPackages = python.pkgs;