From 69e4a88ccfdbc981da4d96e963112c665f7a329b Mon Sep 17 00:00:00 2001 From: Simon Michael Date: Wed, 10 Apr 2024 07:37:45 -1000 Subject: [PATCH] pkg: require process 1.6.19.0+ for HSEC-2024-0003 This is to avoid potential vulnerabilities on Windows due to the process issue disclosed today: https://haskell.github.io/security-advisories/advisory/HSEC-2024-0003.html --- hledger-ui/package.yaml | 2 +- hledger/package.yaml | 2 +- stack.yaml | 4 +++- stack8.10.yaml | 3 +++ stack9.0.yaml | 3 +++ stack9.2.yaml | 3 +++ stack9.4.yaml | 4 ++++ stack9.6.yaml | 6 +++++- 8 files changed, 23 insertions(+), 4 deletions(-) diff --git a/hledger-ui/package.yaml b/hledger-ui/package.yaml index 31114aae2..f8c21bb9a 100644 --- a/hledger-ui/package.yaml +++ b/hledger-ui/package.yaml @@ -90,7 +90,7 @@ library: - microlens-platform >=0.2.3.1 - megaparsec >=7.0.0 && <9.7 - mtl >=2.2.1 - - process >=1.2 + - process >=1.6.19.0 - safe >=0.3.20 - split >=0.1 - text >=1.2.4.1 diff --git a/hledger/package.yaml b/hledger/package.yaml index 68f54b452..ae94f5b7c 100644 --- a/hledger/package.yaml +++ b/hledger/package.yaml @@ -116,7 +116,7 @@ dependencies: - megaparsec >=7.0.0 && <9.7 - microlens >=0.4 - mtl >=2.2.1 -- process +- process >=1.6.19.0 - regex-tdfa - safe >=0.3.20 - shakespeare >=2.0.2.2 diff --git a/stack.yaml b/stack.yaml index 27ce937e6..7a4256b96 100644 --- a/stack.yaml +++ b/stack.yaml @@ -1,6 +1,6 @@ # stack build plan using GHC 9.8.2 -resolver: nightly-2024-04-08 +resolver: nightly-2024-04-10 packages: - hledger-lib @@ -10,6 +10,8 @@ packages: extra-deps: - base64-0.4.2.4 # hledger-web does not yet support base64-1 +- process-1.6.19.0 # for HSEC-2024-0003 +- haskeline-0.8.2.1 nix: pure: false diff --git a/stack8.10.yaml b/stack8.10.yaml index 6cffcbc35..ff110c519 100644 --- a/stack8.10.yaml +++ b/stack8.10.yaml @@ -9,6 +9,9 @@ packages: - hledger-web extra-deps: +- process-1.6.19.0 # for HSEC-2024-0003 +- Cabal-3.2.1.0 + - safe-0.3.21 # for hledger-lib: - doctest-0.20.0 diff --git a/stack9.0.yaml b/stack9.0.yaml index 4bbd8e4a8..98c882407 100644 --- a/stack9.0.yaml +++ b/stack9.0.yaml @@ -13,6 +13,9 @@ packages: - hledger-web extra-deps: +- process-1.6.19.0 # for HSEC-2024-0003 +- Cabal-3.4.1.0 + - megaparsec-9.3.0 - safe-0.3.21 # for hledger-lib: diff --git a/stack9.2.yaml b/stack9.2.yaml index c61359b00..c892dc520 100644 --- a/stack9.2.yaml +++ b/stack9.2.yaml @@ -9,6 +9,9 @@ packages: - hledger-web extra-deps: +- process-1.6.19.0 # for HSEC-2024-0003 +- Cabal-3.6.3.0 + - megaparsec-9.3.0 - safe-0.3.21 # for hledger-lib: diff --git a/stack9.4.yaml b/stack9.4.yaml index da8155351..8844a3484 100644 --- a/stack9.4.yaml +++ b/stack9.4.yaml @@ -9,6 +9,10 @@ packages: - hledger-web extra-deps: +- process-1.6.19.0 # for HSEC-2024-0003 +- Cabal-3.8.1.0 +- haskeline-0.8.2.1 + - safe-0.3.21 - brick-2.3.1 - vty-6.2 diff --git a/stack9.6.yaml b/stack9.6.yaml index 00d79e5fa..7149e82f1 100644 --- a/stack9.6.yaml +++ b/stack9.6.yaml @@ -1,6 +1,6 @@ # stack build plan using GHC 9.6.4 -resolver: lts-22.12 +resolver: lts-22.16 packages: - hledger-lib @@ -9,6 +9,10 @@ packages: - hledger-web extra-deps: +- process-1.6.19.0 # for HSEC-2024-0003 +- Cabal-3.10.1.0 +- haskeline-0.8.2.1 + - vty-windows-0.2.0.1 # not yet in stackage nix: