https://bugzilla.redhat.com/show_bug.cgi?id=2216297
blinxen <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |WONTFIX Last Closed| |2023-06-24 18:07:23 --- Comment #2 from blinxen <[email protected]> --- > The dependency on "python" is not good, since this resolves to > "python-unversioned-command", which should no longer be used Any specific reason for this? Source? I tried looking into the python packaging guidelines but did not find anything relevant there. > Additionally, the "Requires: python" (which should be "python3" as well) is > ending up in a void, since it does not apply to any sub-package that's being > built. You'd need to move it to the "-devel" subpackage for it to have the > desired effect. Makes sense > It appears that only the gix-prompt crate would be affected? ``` > rg expectrl Cargo.lock 1011:name = "expectrl" 2046: "expectrl", gix-prompt/CHANGELOG.md 65: - Finally update expectrl to get rid of security exception in tests ([`d45f57a`](https://github.com/Byron/gitoxide/commit/d45f57a714e29cc52239a3456cf0035c97339f73)) 159: - The first successful assertion, showing that expectrl can intercept the tty ([`8582697`](https://github.com/Byron/gitoxide/commit/8582697cc21adc5eeb67155a0e4b0e2780d37beb)) 222: - Upgrade `expectrl` - still comes with dependencies flagged as vulnerable though ([`f9312d5`](https://github.com/Byron/gitoxide/commit/f9312d5719056006267d50370d366fc316b882cf)) gix-prompt/tests/prompt.rs 11: let mut p = expectrl::spawn("../target/debug/examples/use-askpass").unwrap(); 15: p.expect(expectrl::Eof).unwrap(); 25: let mut p = expectrl::spawn("../target/debug/examples/credentials").unwrap(); 32: p.expect(expectrl::Eof).unwrap(); gix-prompt/Cargo.toml 28:expectrl = "0.7.0" ``` Yeah it seems that way. I guess deactivating the tests is not such a bad idea here. Closing this package review. -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2216297 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202216297%23c2 _______________________________________________ package-review mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
