Since commit f7e28bf5d8 ("Split
buildPythonPackage into setup hooks"), the `ia` command provided by this
package has crashed with the error:
Traceback (most recent call last):
File "/nix/store/7n1jf081h0qnj82m2s69mxzj02zf746f-python3.7-internetarchive-1.8.1/bin/.ia-wrapped", line 7, in <module>
from internetarchive.cli.ia import main
File "/nix/store/7n1jf081h0qnj82m2s69mxzj02zf746f-python3.7-internetarchive-1.8.1/lib/python3.7/site-packages/internetarchive/cli/__init__.py", line 27, in <module>
from internetarchive.cli import ia, ia_configure, ia_delete, ia_download, ia_list, \
File "/nix/store/7n1jf081h0qnj82m2s69mxzj02zf746f-python3.7-internetarchive-1.8.1/lib/python3.7/site-packages/internetarchive/cli/ia.py", line 60, in <module>
from pkg_resources import iter_entry_points, DistributionNotFound
ModuleNotFoundError: No module named 'pkg_resources'
This commit fixes that by adding `setuptools` (which contains the
'pkg_resources' module) to `propagatedBuildInputs`.
https://about.gitlab.com/blog/2019/12/10/critical-security-release-gitlab-12-5-4-released/
Insufficient parameter sanitization for Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions. The issue is now mitigated in the latest release and is assigned CVE-2019-19628.
When transferring a public project to a private group, private code would be disclosed via the Group Search API provided by Elasticsearch integration. The issue is now mitigated in the latest release and is assigned CVE-2019-19629.
The Git dependency has been upgraded to 2.22.2 in order to apply security fixes detailed here.
CVE-2019-19604 was identified by the GitLab Security Research team. For more information on that issue, please visit the GitLab Security Research Advisory
closes#75506.
Install again default deps.edn. deps.edn was embedded in clojure jar,
but that change was reverted, see
a34969513f
Update derivation to produce only one output. Multiple outputs was
introduced by #35140, but I don't think is necessary anymore.
Since testresources declares `Requires-Dist: pbr (>=1.8)` and imports
`pbr.version`, any user of testresources also needs to have pbr.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>