python3Packages.python-multipart: 0.0.22 -> 0.0.29 (#512553)

This commit is contained in:
dotlambda 2026-05-22 05:02:00 +00:00 committed by GitHub
commit 1f09b80385
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 6 additions and 15 deletions

View file

@ -49,6 +49,8 @@ buildPythonPackage rec {
pythonImportsCheck = [ "asgi_csrf" ];
meta = {
# https://github.com/simonw/asgi-csrf/issues/38
broken = lib.versionAtLeast python-multipart.version "0.0.26";
description = "ASGI middleware for protecting against CSRF attacks";
license = lib.licenses.asl20;
homepage = "https://github.com/simonw/asgi-csrf";

View file

@ -195,7 +195,8 @@ buildPythonPackage rec {
openpyxl
xlrd
]
++ lib.concatAttrValues optional-dependencies;
# datasette is transitively broken by asgi-csrf
++ lib.concatAttrValues (lib.removeAttrs optional-dependencies [ "datasette" ]);
disabledTestPaths = [
# Requires optional dependencies that have not been packaged (commented out above)

View file

@ -2,10 +2,8 @@
lib,
buildPythonPackage,
fetchFromGitHub,
fetchpatch,
hatchling,
pytestCheckHook,
mock,
pyyaml,
# for passthru.tests
@ -18,32 +16,22 @@
buildPythonPackage (finalAttrs: {
pname = "python-multipart";
version = "0.0.22";
version = "0.0.29";
pyproject = true;
src = fetchFromGitHub {
owner = "Kludex";
repo = "python-multipart";
tag = finalAttrs.version;
hash = "sha256-UegnwGxiXQalbp18t1dl2JOQH6BY975cpBa9uo3SOuk=";
hash = "sha256-1aV7gWLuulINesm3L8Wm3+prmeD9+OY/ihm36rtQPRs=";
};
patches = [
(fetchpatch {
name = "CVE-2026-40347-part-1.patch";
url = "https://github.com/Kludex/python-multipart/commit/6a7b76dd2653d99d8e5981d7ff09a4a047750b37.patch";
hash = "sha256-W1nyYMMoaf+lsNze3ppPeAXN+swG1dScDibazePSt+k=";
})
./CVE-2026-40347-part-2.patch
];
build-system = [ hatchling ];
pythonImportsCheck = [ "python_multipart" ];
nativeCheckInputs = [
pytestCheckHook
mock
pyyaml
];