python312Packages.js2py: mark insecure (#348943)

2024-11-22 15:03:28 +00:00 · 2024-10-17 06:55:12 +01:00 · 2024-10-17 06:55:12 +01:00 · 02289590e9
commit 02289590e9
parent 0d4067f506 b461b19c78
2 changed files with 3 additions and 10 deletions
--- a/pkgs/development/python-modules/js2py/default.nix
+++ b/pkgs/development/python-modules/js2py/default.nix
@ -42,5 +42,6 @@ buildPythonPackage rec {
    homepage = "https://github.com/PiotrDabkowski/Js2Py";
    license = licenses.mit;
    maintainers = with maintainers; [ onny ];
+    knownVulnerabilities = [ "CVE-2024-28397" ];
  };
 }
--- a/pkgs/development/python-modules/lark/default.nix
+++ b/pkgs/development/python-modules/lark/default.nix
@ -3,9 +3,6 @@
  buildPythonPackage,
  fetchFromGitHub,
  regex,
-  pytestCheckHook,
-  pythonOlder,
-  js2py,
  setuptools,
 }:

@ -33,13 +30,8 @@ buildPythonPackage rec {
    "lark.grammars"
  ];

-  # Js2py is not supported on 3.12
-  doCheck = pythonOlder "3.12";
-
-  nativeCheckInputs = [
-    js2py
-    pytestCheckHook
-  ];
+  # Js2py is needed for tests but it's marked as insecure
+  doCheck = false;

  meta = with lib; {
    description = "Modern parsing library for Python, implementing Earley & LALR(1) and an easy interface";