From 3ce40861cb4ee79cb2289d2cf75afe12af11b4f4 Mon Sep 17 00:00:00 2001
From: Robert Schütz <nix@dotlambda.de>
Date: Sat, 4 Jun 2022 16:44:42 +0000
Subject: poetry: mark insecure

The version of cleo in poetry.lock (1.0.0a5) is vulnerable to
CVE-2022-42966.

(cherry picked from commit d1bdaa9a99b32fb2e6884be00508ef989eacdf5c)
---
 pkgs/development/tools/poetry2nix/poetry2nix/pkgs/poetry/default.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkgs/development/tools/poetry2nix/poetry2nix/pkgs/poetry/default.nix b/pkgs/development/tools/poetry2nix/poetry2nix/pkgs/poetry/default.nix
index 868599bde689..818814e87afe 100644
--- a/pkgs/development/tools/poetry2nix/poetry2nix/pkgs/poetry/default.nix
+++ b/pkgs/development/tools/poetry2nix/poetry2nix/pkgs/poetry/default.nix
@@ -50,5 +50,8 @@ poetry2nix.mkPoetryApplication {
   meta = with lib; {
     inherit (python.meta) platforms;
     maintainers = with maintainers; [ adisbladis jakewaksbaum ];
+    knownVulnerabilities = [
+      "CVE-2022-42966"  # cleo version in poetry.lock is vulnerable
+    ];
   };
 }
-- 
cgit v1.2.3