Merge pull request #178394 from dotlambda/pythonPackages-insecure

pkgs/applications/misc/etesync-dav/default.nix

@@ -46,12 +46,15 @@ in python.pkgs.buildPythonApplication rec {
   };
 
   propagatedBuildInputs = with python.pkgs; [
+    appdirs
     etebase
     etesync
     flask
     flask-wtf
+    msgpack
     (python.pkgs.toPythonModule (radicale3.override { python3 = python; }))
-  ];
+    requests
+  ] ++ requests.optional-dependencies.socks;
 
   doCheck = false;
 

pkgs/development/compilers/vyper/default.nix

@@ -69,5 +69,8 @@ buildPythonPackage rec {
     homepage = "https://github.com/vyperlang/vyper";
     license = licenses.asl20;
     maintainers = with maintainers; [ siraben ];
+    knownVulnerabilities = [
+      "CVE-2022-29255"
+    ];
   };
 }

pkgs/development/python-modules/aesara/default.nix

@@ -6,6 +6,8 @@
 , etuples
 , fetchFromGitHub
 , filelock
+, jax
+, jaxlib
 , logical-unification
 , minikanren
 , numba
@@ -19,7 +21,7 @@
 
 buildPythonPackage rec {
   pname = "aesara";
-  version = "2.7.2";
+  version = "2.7.3";
   format = "setuptools";
 
   disabled = pythonOlder "3.7";
@@ -28,7 +30,7 @@ buildPythonPackage rec {
     owner = "aesara-devs";
     repo = "aesara";
     rev = "refs/tags/rel-${version}";
-    hash = "sha256-NJxklOpIbSbi/SB/rafBNllpnNb1yWLVpyB2f/U0i78=";
+    hash = "sha256-LeZEWKSfVmU7k7qMjniUjwoDJ5xJUHoYux7Qy5/w4Cg=";
   };
 
   nativeBuildInputs = [
@@ -47,6 +49,8 @@ buildPythonPackage rec {
   ];
 
   checkInputs = [
+    jax
+    jaxlib
     numba
     numba-scipy
     pytestCheckHook

pkgs/development/python-modules/beaker/default.nix

@@ -70,6 +70,11 @@ buildPythonPackage rec {
 
   meta = {
     description = "A Session and Caching library with WSGI Middleware";
+    homepage = "https://github.com/bbangert/beaker";
+    license = lib.licenses.bsd3;
     maintainers = with lib.maintainers; [ domenkozar ];
+    knownVulnerabilities = [
+      "CVE-2013-7489"
+    ];
   };
 }

pkgs/development/python-modules/cookiecutter/default.nix

@@ -1,23 +1,31 @@
 { lib, buildPythonPackage, fetchPypi, isPyPy
 , pytest, pytest-cov, pytest-mock, freezegun
-, jinja2, future, binaryornot, click, whichcraft, poyo, jinja2_time, requests
-, python-slugify }:
+, jinja2, future, binaryornot, click, jinja2_time, requests
+, python-slugify
+, pyyaml
+}:
 
 buildPythonPackage rec {
   pname = "cookiecutter";
-  version = "1.7.3";
+  version = "2.1.1";
 
   # not sure why this is broken
   disabled = isPyPy;
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "sha256-a5pNcoguJDvgd6c5fQ8fdv5mzz35HzEV27UzDiFPpFc=";
+    sha256 = "sha256-85gr6NnFPawSYYZAE/3sf4Ov0uQu3m9t0GnF4UnFQNU=";
   };
 
   checkInputs = [ pytest pytest-cov pytest-mock freezegun ];
   propagatedBuildInputs = [
-    jinja2 future binaryornot click whichcraft poyo jinja2_time requests python-slugify
+    binaryornot
+    jinja2
+    click
+    pyyaml
+    jinja2_time
+    python-slugify
+    requests
   ];
 
   # requires network access for cloning git repos

pkgs/development/python-modules/flask-caching/default.nix

@@ -1,18 +1,34 @@
-{ lib, buildPythonPackage, fetchPypi, isPy27, flask, pytestCheckHook, pytest-cov, pytest-xprocess, pytestcache }:
+{ lib
+, buildPythonPackage
+, pythonOlder
+, fetchPypi
+, cachelib
+, flask
+, pytest-asyncio
+, pytest-xprocess
+, pytestCheckHook
+}:
 
 buildPythonPackage rec {
   pname = "Flask-Caching";
-  version = "1.10.1";
-  disabled = isPy27; # invalid python2 syntax
+  version = "1.11.1";
+  disabled = pythonOlder "3.7";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "cf19b722fcebc2ba03e4ae7c55b532ed53f0cbf683ce36fafe5e881789a01c00";
+    sha256 = "28af189e97defb9e39b43ebe197b54a58aaee81bdeb759f46d969c26d7aa7810";
   };
 
-  propagatedBuildInputs = [ flask ];
+  propagatedBuildInputs = [
+    cachelib
+    flask
+  ];
 
-  checkInputs = [ pytestCheckHook pytest-cov pytest-xprocess pytestcache ];
+  checkInputs = [
+    pytest-asyncio
+    pytest-xprocess
+    pytestCheckHook
+  ];
 
   disabledTests = [
     # backend_cache relies on pytest-cache, which is a stale package from 2013

pkgs/development/python-modules/flower/default.nix

@@ -54,5 +54,8 @@ buildPythonPackage rec {
     homepage = "https://github.com/mher/flower";
     license = licenses.bsdOriginal;
     maintainers = with maintainers; [ arnoldfarkas ];
+    knownVulnerabilities = [
+      "CVE-2022-30034"
+    ];
   };
 }

pkgs/development/python-modules/jupyter_server/default.nix

@@ -1,10 +1,12 @@
 { lib
 , stdenv
 , buildPythonPackage
-, fetchpatch
 , fetchPypi
 , pythonOlder
+, pandoc
 , pytestCheckHook
+, pytest-console-scripts
+, pytest-timeout
 , pytest-tornasync
 , argon2-cffi
 , jinja2
@@ -28,21 +30,14 @@
 
 buildPythonPackage rec {
   pname = "jupyter_server";
-  version = "1.11.2";
-  disabled = pythonOlder "3.6";
+  version = "1.17.1";
+  disabled = pythonOlder "3.7";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "c1f32e0c1807ab2de37bf70af97a36b4436db0bc8af3124632b1f4441038bf95";
+    sha256 = "a36781656645ae17b12819a49ace377c045bf633823b3e4cd4b0c88c01e7711b";
   };
 
-  patches = [ (fetchpatch
-    { name = "Normalize-file-name-and-path.patch";
-      url = "https://github.com/jupyter-server/jupyter_server/pull/608/commits/345e26cdfd78651954b68708fa44119c2ac0dbd5.patch";
-      sha256 = "1kqz3dyh2w0h1g1fbvqa13q17hb6y32694rlaasyg213mq6g4k32";
-    })
-  ];
-
   propagatedBuildInputs = [
     argon2-cffi
     jinja2
@@ -64,7 +59,10 @@ buildPythonPackage rec {
 
   checkInputs = [
     ipykernel
+    pandoc
     pytestCheckHook
+    pytest-console-scripts
+    pytest-timeout
     pytest-tornasync
     requests
   ];
@@ -74,19 +72,18 @@ buildPythonPackage rec {
     export PATH=$out/bin:$PATH
   '';
 
-  pytestFlagsArray = [ "jupyter_server" ];
-
-  # disabled failing tests
   disabledTests = [
-    "test_server_extension_list"
-    "test_list_formats"
-    "test_base_url"
-    "test_culling"
+    "test_cull_idle"
   ] ++ lib.optionals stdenv.isDarwin [
     # attempts to use trashcan, build env doesn't allow this
     "test_delete"
   ];
 
+  disabledTestPaths = [
+    "tests/services/kernels/test_api.py"
+    "tests/services/sessions/test_api.py"
+  ];
+
   __darwinAllowLocalNetworking = true;
 
   meta = with lib; {

pkgs/development/python-modules/jupyterhub/default.nix

@@ -61,12 +61,12 @@ in
 
 buildPythonPackage rec {
   pname = "jupyterhub";
-  version = "1.3.0";
+  version = "1.5.0";
   disabled = pythonOlder "3.6";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "13pf6qhimpaxj20871ff5rvwwan59320cdhhrn9cfh6314971zq5";
+    sha256 = "sha256-3GGPZXwjukYoDjYlflCTGAZnS6Dp5kmK+wke/GIm1p0=";
   };
 
   # Most of this only applies when building from source (e.g. js/css assets are
@@ -158,6 +158,7 @@ buildPythonPackage rec {
     broken = (stdenv.isLinux && stdenv.isAarch64) || stdenv.isDarwin;
     description = "Serves multiple Jupyter notebook instances";
     homepage = "https://jupyter.org/";
+    changelog = "https://github.com/jupyterhub/jupyterhub/blob/${version}/docs/source/changelog.md";
     license = licenses.bsd3;
     maintainers = with maintainers; [ ixxie cstrahan ];
   };

pkgs/development/python-modules/kerberos/default.nix

@@ -20,8 +20,10 @@ buildPythonPackage rec {
 
   meta = with lib; {
     description = "Kerberos high-level interface";
-    homepage = "https://pypi.python.org/pypi/kerberos";
+    homepage = "https://pypi.org/project/kerberos/";
     license = licenses.asl20;
+    knownVulnerabilities = [
+      "CVE-2015-3206"
+    ];
   };
-
 }

pkgs/development/python-modules/notebook/default.nix

@@ -27,12 +27,12 @@
 
 buildPythonPackage rec {
   pname = "notebook";
-  version = "6.4.10";
+  version = "6.4.12";
   disabled = !isPy3k;
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "sha256-JAina8YokoOo7s/KZ+KY7IPGfbUaTC4bcT3RgLs56Q4=";
+    sha256 = "sha256-YmjJ7JBIz/ekVAXJkMKaycpAsLw+wpJj0hjF4B8rToY=";
   };
 
   LC_ALL = "en_US.utf8";

pkgs/development/python-modules/pypdf2/default.nix

@@ -8,11 +8,11 @@
 
 buildPythonPackage rec {
   pname = "PyPDF2";
-  version = "1.26.0";
+  version = "1.28.4";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "11a3aqljg4sawjijkvzhs3irpw0y67zivqpbjpm065ha5wpr13z2";
+    sha256 = "sha256-BM5CzQVweIH+28oxZHRFEYBf6MMGGK5M+yuUDjNo1a0=";
   };
 
   LC_ALL = "en_US.UTF-8";

pkgs/development/python-modules/rencode/default.nix

@@ -2,25 +2,37 @@
 , buildPythonPackage
 , fetchFromGitHub
 , cython
+, pytestCheckHook
 }:
 
 buildPythonPackage rec {
   pname = "rencode";
-  version = "1.0.6";
+  version = "unstable-2021-08-10";
+
+  format = "setuptools";
 
   src = fetchFromGitHub {
     owner = "aresch";
     repo = "rencode";
-    rev = "v${version}";
-    sha256 = "sha256-PGjjrZuoGYSPMNqXG1KXoZnOoWIe4g6s056jFhqrJ60=";
+    rev = "572ff74586d9b1daab904c6f7f7009ce0143bb75";
+    hash = "sha256-cL1hV3RMDuSdcjpPXXDYIEbzQrxiPeRs82PU8HTEQYk=";
   };
 
-  buildInputs = [ cython ];
+  nativeBuildInputs = [ cython ];
+
+  checkInputs = [
+    pytestCheckHook
+  ];
+
+  preCheck = ''
+    # import from $out
+    rm -r rencode
+  '';
 
   meta = with lib; {
     homepage = "https://github.com/aresch/rencode";
     description = "Fast (basic) object serialization similar to bencode";
-    license = licenses.gpl3;
+    license = licenses.gpl3Plus;
+    maintainers = with maintainers; [ ];
   };
-
 }

pkgs/development/python-modules/waitress/default.nix

@@ -5,11 +5,11 @@
 
 buildPythonPackage rec {
   pname = "waitress";
-  version = "2.1.1";
+  version = "2.1.2";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "sha256-4uYFds8UoVOdp597fuHnmnHmTzZqC0fbVKFelx9XuxY=";
+    sha256 = "780a4082c5fbc0fde6a2fcfe5e26e6efc1e8f425730863c04085769781f51eba";
   };
 
   doCheck = false;