[24.05] python3Packages.js2py: remove

unmaintained and insecure: https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape (cherry picked from commit 0f79dd4)
NixOS · Oct 26, 2024 · 0b14357 · 0b14357
1 parent 79029a3
commit 0b14357
Show file tree

Hide file tree

Showing 7 changed files with 6 additions and 62 deletions.
diff --git a/pkgs/applications/networking/pyload-ng/default.nix b/pkgs/applications/networking/pyload-ng/default.nix
@@ -37,7 +37,6 @@ python3.pkgs.buildPythonApplication rec {
     flask-compress
     flask-session
     flask-themes2
-    js2py
     pycurl
     semver
     setuptools

diff --git a/pkgs/development/python-modules/django-js-reverse/default.nix b/pkgs/development/python-modules/django-js-reverse/default.nix
@@ -8,7 +8,6 @@
   django,
   packaging,
   nodejs,
-  js2py,
   six,
 }:
 
@@ -26,9 +25,11 @@ buildPythonPackage rec {
 
   propagatedBuildInputs = [ django ] ++ lib.optionals (pythonAtLeast "3.7") [ packaging ];
 
+  # Js2py is needed for tests but it's unmaintained and insecure
+  doCheck = false;
+
   nativeCheckInputs = [
     nodejs
-    js2py
     six
   ];
 

diff --git a/pkgs/development/python-modules/js2py/default.nix b/pkgs/development/python-modules/js2py/default.nix
diff --git a/pkgs/development/python-modules/lark/default.nix b/pkgs/development/python-modules/lark/default.nix
@@ -30,7 +30,7 @@ buildPythonPackage rec {
     "lark.grammars"
   ];
 
-  # Js2py is needed for tests but it's marked as insecure
+  # Js2py is needed for tests but it's unmaintained and insecure
   doCheck = false;
 
   meta = with lib; {

diff --git a/pkgs/development/python-modules/pyjsparser/default.nix b/pkgs/development/python-modules/pyjsparser/default.nix
@@ -3,7 +3,6 @@
   fetchFromGitHub,
   buildPythonPackage,
   pytestCheckHook,
-  js2py,
 }:
 
 let
@@ -21,18 +20,11 @@ let
 
     nativeCheckInputs = [
       pytestCheckHook
-      js2py
     ];
 
-    # escape infinite recursion with js2py
+    # js2py is needed for tests but it's unmaintained and insecure
     doCheck = false;
 
-    passthru.tests = {
-      check = pyjsparser.overridePythonAttrs (_: {
-        doCheck = true;
-      });
-    };
-
     pythonImportsCheck = [ "pyjsparser" ];
 
     meta = with lib; {

diff --git a/pkgs/top-level/python-aliases.nix b/pkgs/top-level/python-aliases.nix
@@ -245,6 +245,7 @@ mapAliases ({
   jinja2_pluralize = jinja2-pluralize; # added 2023-11-01
   jinja2_time = jinja2-time; # added 2022-11-07
   JPype1 = jpype1; # added 2023-02-19
+  js2py = throw "js2py has been removed, as it is unmaintained and insecure"; # added 2024-10-17
   jsonpath_rw = jsonpath-rw; # added 2024-01-06
   jsonschema_3 = throw "jsonschema 3 is neither the latest version nor needed inside nixpkgs anymore"; # added 2023-06-28
   jupyter_client = jupyter-client; # added 2021-10-15

diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
@@ -6126,8 +6126,6 @@ self: super: with self; {
     inherit (pkgs) jq;
   };
 
-  js2py = callPackage ../development/python-modules/js2py { };
-
   jsbeautifier = callPackage ../development/python-modules/jsbeautifier { };
 
   jschema-to-python = callPackage ../development/python-modules/jschema-to-python { };