From ac6983c06360b104851da95679c85ee5467fefa0 Mon Sep 17 00:00:00 2001
From: ruby0b <106119328+ruby0b@users.noreply.github.com>
Date: Wed, 16 Oct 2024 03:33:37 +0200
Subject: [PATCH 1/2] python312Packages.js2py: mark insecure

https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape
---
 pkgs/development/python-modules/js2py/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkgs/development/python-modules/js2py/default.nix b/pkgs/development/python-modules/js2py/default.nix
index fd28870e0e76..1ecceaf8329e 100644
--- a/pkgs/development/python-modules/js2py/default.nix
+++ b/pkgs/development/python-modules/js2py/default.nix
@@ -42,5 +42,6 @@ buildPythonPackage rec {
     homepage = "https://github.com/PiotrDabkowski/Js2Py";
     license = licenses.mit;
     maintainers = with maintainers; [ onny ];
+    knownVulnerabilities = [ "CVE-2024-28397" ];
   };
 }

From b461b19c780468ad8fbca094378029da2020ef50 Mon Sep 17 00:00:00 2001
From: ruby0b <106119328+ruby0b@users.noreply.github.com>
Date: Thu, 17 Oct 2024 04:01:07 +0200
Subject: [PATCH 2/2] python3Packages.lark: disable tests

---
 pkgs/development/python-modules/lark/default.nix | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/pkgs/development/python-modules/lark/default.nix b/pkgs/development/python-modules/lark/default.nix
index df891d96ed79..85f690d93d31 100644
--- a/pkgs/development/python-modules/lark/default.nix
+++ b/pkgs/development/python-modules/lark/default.nix
@@ -3,9 +3,6 @@
   buildPythonPackage,
   fetchFromGitHub,
   regex,
-  pytestCheckHook,
-  pythonOlder,
-  js2py,
   setuptools,
 }:
 
@@ -33,13 +30,8 @@ buildPythonPackage rec {
     "lark.grammars"
   ];
 
-  # Js2py is not supported on 3.12
-  doCheck = pythonOlder "3.12";
-
-  nativeCheckInputs = [
-    js2py
-    pytestCheckHook
-  ];
+  # Js2py is needed for tests but it's marked as insecure
+  doCheck = false;
 
   meta = with lib; {
     description = "Modern parsing library for Python, implementing Earley & LALR(1) and an easy interface";