guix_mirror_bot pushed a commit to branch python-team
in repository guix.
commit 219c132b03c12a6747de8f72645995d3ea3bca3e
Author: Hugo Buddelmeijer <[email protected]>
AuthorDate: Wed May 27 21:48:15 2026 +0200
gnu: python-dotenv: Update to 1.2.2 [security-fixes].
Release notes since 1.1.1 (2025-06-24):
- v1.2.2 (2026-03-01)
<https://github.com/theskumar/python-dotenv/releases/tag/v1.2.2>.
- v1.2.1 (2025-10-26)
<https://github.com/theskumar/python-dotenv/releases/tag/v1.2.1>.
- v1.2.0 (2025-10-26)
<https://github.com/theskumar/python-dotenv/releases/tag/v1.2.0>.
Contains fixes for:
CVE-2026-28684: Path Traversal Vulnerability
* gnu/packages/python-xyz.scm (python-dotenv): Update to 1.2.2.
[arguments]<#:test-flags>: Disable failing test.
[native-inputs]: Remove python-sh.
Merges: guix/guix!8893
Change-Id: I64845fe6f3266dd9ac6e300bd3fc2f766309234e
Signed-off-by: Sharlatan Hellseher <[email protected]>
---
gnu/packages/python-xyz.scm | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/gnu/packages/python-xyz.scm b/gnu/packages/python-xyz.scm
index 67c3dfa141..be70035253 100644
--- a/gnu/packages/python-xyz.scm
+++ b/gnu/packages/python-xyz.scm
@@ -34219,18 +34219,22 @@ systems in Python.")
(define-public python-dotenv
(package
(name "python-dotenv")
- (version "1.1.1")
+ (version "1.2.2")
(source
(origin
(method url-fetch)
(uri (pypi-uri "python_dotenv" version))
(sha256
- (base32 "1aw9c5gw2gfjf7n3s7k6lb6ybz090hh60wq0daz4azr52sbkk9m8"))))
+ (base32 "1wwwg7gasqmnv5y2hb3w1155c8nai6zzih8x5hn0ifnpzf8ildrc"))))
(build-system pyproject-build-system)
+ (arguments
+ (list
+ #:test-flags
+ ;; .dotenv-real instead of dotenv
+ #~(list "-k not test_run_with_dotenv_and_command_flags")))
(native-inputs
(list python-pytest
- python-setuptools
- python-sh))
+ python-setuptools))
(propagated-inputs
(list python-click))
(home-page "https://saurabh-kumar.com/python-dotenv/")