Merge pull request #176420 from dotlambda/nixops-insecure

nixops: mark insecure
This commit is contained in:
Robert Schütz 2022-06-06 19:19:50 -07:00 committed by GitHub
commit b1d10e8209
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 0 deletions

View File

@ -40,5 +40,8 @@ buildPythonPackage rec {
description = "JSON Web Token implementation in Python";
homepage = "https://github.com/jpadilla/pyjwt";
license = licenses.mit;
knownVulnerabilities = [
"CVE-2022-29217"
];
};
}

View File

@ -6,6 +6,18 @@ let
inherit (poetry2nix.mkPoetryPackages {
projectDir = ./python-env;
python = python2;
overrides = [
poetry2nix.defaultPoetryOverrides
(self: super: {
pyjwt = super.pyjwt.overridePythonAttrs (old: {
meta = old.meta // {
knownVulnerabilities = lib.optionals (lib.versionOlder old.version "2.4.0") [
"CVE-2022-29217"
];
};
});
})
];
}) python;
pythonPackages = python.pkgs;