| Message ID | 20201029094754.15006-1-tanguy@bioneland.org |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [bug#44302] gnu: httpie: Update to 2.3.0. | expand |
| Context | Check | Description |
|---|---|---|
| cbaines/submitting builds | success | |
| cbaines/issue | success | View issue |
| cbaines/comparison | success | View comparision |
| cbaines/git branch | success | View Git branch |
| cbaines/applying patch | success | View Laminar job |
Hi, Tanguy Le Carrour <tanguy@bioneland.org> skribis: > * gnu/packages/python-web.scm (httpie): Update to 2.3.0. > [propagated-inputs]: Add python-requests-toolbelt. > [home-page]: Update URL. Applied, thanks! ‘guix lint’ says “probably vulnerable to CVE-2019-10751”. Would be nice if you could take a look and see what needs to be done about it. Thanks, Ludo’.
Hi Ludo', Le 31 octobre 2020 23:15:57 CET, "Ludovic Courtès" <ludo@gnu.org> a écrit : >Tanguy Le Carrour <tanguy@bioneland.org> skribis: > >> * gnu/packages/python-web.scm (httpie): Update to 2.3.0. >> [propagated-inputs]: Add python-requests-toolbelt. >> [home-page]: Update URL. > >Applied, thanks! Thanks. >‘guix lint’ says “probably vulnerable to CVE-2019-10751”. Would be >nice >if you could take a look and see what needs to be done about it. I saw that! But it only applies to older versions of httpie. Should I have mentioned it somewhere? In the commit message? Regards
Hi, Tanguy LE CARROUR <tanguy@bioneland.org> skribis: >>‘guix lint’ says “probably vulnerable to CVE-2019-10751”. Would be >>nice >>if you could take a look and see what needs to be done about it. > > I saw that! But it only applies to older versions of httpie. Should I have mentioned it somewhere? In the commit message? If you’re sure of that, you can add a ‘lint-hidden-cve’ property with a comment linking to evidence that this is fixed. Thanks for checking, Ludo’.
Hi, Le 11/02, Ludovic Courtès a écrit : > Tanguy LE CARROUR <tanguy@bioneland.org> skribis: > > >>‘guix lint’ says “probably vulnerable to CVE-2019-10751”. Would be > >>nice > >>if you could take a look and see what needs to be done about it. > > > > I saw that! But it only applies to older versions of httpie. Should I have mentioned it somewhere? In the commit message? > > If you’re sure of that, you can add a ‘lint-hidden-cve’ property with a > comment linking to evidence that this is fixed. Done! http://debbugs.gnu.org/cgi/bugreport.cgi?bug=44392 Regards
diff --git a/gnu/packages/python-web.scm b/gnu/packages/python-web.scm index 1b6f0290ab..cf71a64e7c 100644 --- a/gnu/packages/python-web.scm +++ b/gnu/packages/python-web.scm @@ -30,7 +30,7 @@ ;;; Copyright © 2019 Vagrant Cascadian <vagrant@debian.org> ;;; Copyright © 2019 Brendan Tildesley <mail@brendan.scot> ;;; Copyright © 2019 Pierre Langlois <pierre.langlois@gmx.com> -;;; Copyright © 2019 Tanguy Le Carrour <tanguy@bioneland.org> +;;; Copyright © 2019, 2020 Tanguy Le Carrour <tanguy@bioneland.org> ;;; Copyright © 2020 Jakub Kądziołka <kuba@kadziolka.net> ;;; Copyright © 2020 Evan Straw <evan.straw99@gmail.com> ;;; Copyright © 2020 Alexandros Theodotou <alex@zrythm.org> @@ -429,14 +429,14 @@ other HTTP libraries.") (define-public httpie (package (name "httpie") - (version "2.2.0") + (version "2.3.0") (source (origin (method url-fetch) (uri (pypi-uri "httpie" version)) (sha256 (base32 - "18058k0i3cc4ixvgzj882w693lf40283flvspbrvd876iq42ib1i")))) + "15ngl3yc186gkgqdx8iav9bpj8gxjpzz26y32z92jwyhj4cmfh6m")))) (build-system python-build-system) (arguments ;; The tests attempt to access external web servers, so we cannot run them. @@ -444,8 +444,9 @@ other HTTP libraries.") (propagated-inputs `(("python-colorama" ,python-colorama) ("python-pygments" ,python-pygments) - ("python-requests" ,python-requests))) - (home-page "https://httpie.org/") + ("python-requests" ,python-requests) + ("python-requests-toolbelt" ,python-requests-toolbelt-0.9.1))) + (home-page "https://httpie.io") (synopsis "cURL-like tool for humans") (description "A command line HTTP client with an intuitive UI, JSON support,