[staging-24.05] python311Packages.starlette: fix CVE-2024-47874 (#350969)

2024-11-27 01:13:05 +00:00 · 2024-10-25 03:32:01 +02:00 · 2024-10-25 03:32:01 +02:00 · b1a88d3540
commit b1a88d3540
parent e0933d74a8 aa3ba8d7a9
1 changed files with 10 additions and 0 deletions
--- a/pkgs/development/python-modules/starlette/default.nix
+++ b/pkgs/development/python-modules/starlette/default.nix
@ -2,6 +2,7 @@
  lib,
  buildPythonPackage,
  fetchFromGitHub,
+  fetchpatch2,

  # build-system
  hatchling,
@ -40,6 +41,15 @@ buildPythonPackage rec {
    hash = "sha256-GiCN1sfhLu9i19d2OcLZrlY8E64DFrFh+ITRSvLaxdE=";
  };

+  patches = [
+    (fetchpatch2 {
+      # https://github.com/encode/starlette/security/advisories/GHSA-f96h-pmfr-66vw
+      name = "CVE-2024-47874.patch";
+      url = "https://github.com/encode/starlette/commit/fd038f3070c302bff17ef7d173dbb0b007617733.patch";
+      hash = "sha256-N/v0xBa6e40ZrdHfDa5mlHJhh5IyDdC/XdmTtKNOYP4=";
+    })
+  ];
+
  nativeBuildInputs = [ hatchling ];

  propagatedBuildInputs = [ anyio ] ++ lib.optionals (pythonOlder "3.10") [ typing-extensions ];