pkg: require process 1.6.19.0+ for HSEC-2024-0003

This is to avoid potential vulnerabilities on Windows due to the process issue disclosed today: https://haskell.github.io/security-advisories/advisory/HSEC-2024-0003.html
2024-11-08 07:09:28 +03:00 · 2024-04-10 07:37:45 -10:00 · 2024-04-10 07:37:45 -10:00 · 69e4a88ccf
commit 69e4a88ccf
parent d3634cf4dd
8 changed files with 23 additions and 4 deletions
--- a/hledger-ui/package.yaml
+++ b/hledger-ui/package.yaml
@ -90,7 +90,7 @@ library:
  - microlens-platform >=0.2.3.1
  - megaparsec >=7.0.0 && <9.7
  - mtl >=2.2.1
-  - process >=1.2
+  - process >=1.6.19.0
  - safe >=0.3.20
  - split >=0.1
  - text >=1.2.4.1
--- a/hledger/package.yaml
+++ b/hledger/package.yaml
@ -116,7 +116,7 @@ dependencies:
 - megaparsec >=7.0.0 && <9.7
 - microlens >=0.4
 - mtl >=2.2.1
- process
+- process >=1.6.19.0
 - regex-tdfa
 - safe >=0.3.20
 - shakespeare >=2.0.2.2
--- a/stack.yaml
+++ b/stack.yaml
@ -1,6 +1,6 @@
 # stack build plan using GHC 9.8.2

-resolver: nightly-2024-04-08
+resolver: nightly-2024-04-10

 packages:
 - hledger-lib
@ -10,6 +10,8 @@ packages:

 extra-deps:
 - base64-0.4.2.4            # hledger-web does not yet support base64-1
+- process-1.6.19.0          # for HSEC-2024-0003
+- haskeline-0.8.2.1

 nix:
  pure: false
--- a/stack8.10.yaml
+++ b/stack8.10.yaml
@ -9,6 +9,9 @@ packages:
 - hledger-web

 extra-deps:
+- process-1.6.19.0          # for HSEC-2024-0003
+- Cabal-3.2.1.0
+
 - safe-0.3.21
 # for hledger-lib:
 - doctest-0.20.0
--- a/stack9.0.yaml
+++ b/stack9.0.yaml
@ -13,6 +13,9 @@ packages:
 - hledger-web

 extra-deps:
+- process-1.6.19.0          # for HSEC-2024-0003
+- Cabal-3.4.1.0
+
 - megaparsec-9.3.0
 - safe-0.3.21
 # for hledger-lib:
--- a/stack9.2.yaml
+++ b/stack9.2.yaml
@ -9,6 +9,9 @@ packages:
 - hledger-web

 extra-deps:
+- process-1.6.19.0          # for HSEC-2024-0003
+- Cabal-3.6.3.0
+
 - megaparsec-9.3.0
 - safe-0.3.21
 # for hledger-lib:
--- a/stack9.4.yaml
+++ b/stack9.4.yaml
@ -9,6 +9,10 @@ packages:
 - hledger-web

 extra-deps:
+- process-1.6.19.0          # for HSEC-2024-0003
+- Cabal-3.8.1.0
+- haskeline-0.8.2.1
+
 - safe-0.3.21
 - brick-2.3.1
 - vty-6.2
--- a/stack9.6.yaml
+++ b/stack9.6.yaml
@ -1,6 +1,6 @@
 # stack build plan using GHC 9.6.4

-resolver: lts-22.12
+resolver: lts-22.16

 packages:
 - hledger-lib
@ -9,6 +9,10 @@ packages:
 - hledger-web

 extra-deps:
+- process-1.6.19.0          # for HSEC-2024-0003
+- Cabal-3.10.1.0
+- haskeline-0.8.2.1
+
 - vty-windows-0.2.0.1   # not yet in stackage

 nix: