From be9562c758758c839e546fc30e56e7b61de68174 Mon Sep 17 00:00:00 2001
From: Samuel Tardieu <sam@rfc1149.net>
Date: Sat, 26 Oct 2024 17:26:41 +0200
Subject: [PATCH] [24.05] python3Packages.js2py: remove usage in other packages

unmaintained and insecure: https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape

(cherry picked from commit 0f79dd4197e3570ff7435e382346b9a3bf15db5b)
---
 pkgs/applications/networking/pyload-ng/default.nix     |  1 -
 .../python-modules/django-js-reverse/default.nix       |  5 +++--
 pkgs/development/python-modules/lark/default.nix       |  2 +-
 pkgs/development/python-modules/pyjsparser/default.nix | 10 +---------
 4 files changed, 5 insertions(+), 13 deletions(-)

diff --git a/pkgs/applications/networking/pyload-ng/default.nix b/pkgs/applications/networking/pyload-ng/default.nix
index 61c62fb95e949..a43621c6f51e5 100644
--- a/pkgs/applications/networking/pyload-ng/default.nix
+++ b/pkgs/applications/networking/pyload-ng/default.nix
@@ -37,7 +37,6 @@ python3.pkgs.buildPythonApplication rec {
     flask-compress
     flask-session
     flask-themes2
-    js2py
     pycurl
     semver
     setuptools
diff --git a/pkgs/development/python-modules/django-js-reverse/default.nix b/pkgs/development/python-modules/django-js-reverse/default.nix
index 9fedef235c113..bbc1188ec3092 100644
--- a/pkgs/development/python-modules/django-js-reverse/default.nix
+++ b/pkgs/development/python-modules/django-js-reverse/default.nix
@@ -8,7 +8,6 @@
   django,
   packaging,
   nodejs,
-  js2py,
   six,
 }:
 
@@ -26,9 +25,11 @@ buildPythonPackage rec {
 
   propagatedBuildInputs = [ django ] ++ lib.optionals (pythonAtLeast "3.7") [ packaging ];
 
+  # Js2py is needed for tests but it's unmaintained and insecure
+  doCheck = false;
+
   nativeCheckInputs = [
     nodejs
-    js2py
     six
   ];
 
diff --git a/pkgs/development/python-modules/lark/default.nix b/pkgs/development/python-modules/lark/default.nix
index ba99dc53431ca..81ca1050979a1 100644
--- a/pkgs/development/python-modules/lark/default.nix
+++ b/pkgs/development/python-modules/lark/default.nix
@@ -30,7 +30,7 @@ buildPythonPackage rec {
     "lark.grammars"
   ];
 
-  # Js2py is needed for tests but it's marked as insecure
+  # Js2py is needed for tests but it's unmaintained and insecure
   doCheck = false;
 
   meta = with lib; {
diff --git a/pkgs/development/python-modules/pyjsparser/default.nix b/pkgs/development/python-modules/pyjsparser/default.nix
index 0b6eab26b5c35..b0988585e21bc 100644
--- a/pkgs/development/python-modules/pyjsparser/default.nix
+++ b/pkgs/development/python-modules/pyjsparser/default.nix
@@ -3,7 +3,6 @@
   fetchFromGitHub,
   buildPythonPackage,
   pytestCheckHook,
-  js2py,
 }:
 
 let
@@ -21,18 +20,11 @@ let
 
     nativeCheckInputs = [
       pytestCheckHook
-      js2py
     ];
 
-    # escape infinite recursion with js2py
+    # js2py is needed for tests but it's unmaintained and insecure
     doCheck = false;
 
-    passthru.tests = {
-      check = pyjsparser.overridePythonAttrs (_: {
-        doCheck = true;
-      });
-    };
-
     pythonImportsCheck = [ "pyjsparser" ];
 
     meta = with lib; {