Commit 28ee4280 authored by Robert Schütz's avatar Robert Schütz Committed by github-actions[bot]
Browse files

home-assistant: remove xmltodict override 

This breks some components that depend (aio-)georss-client but xmltodict
is vulnerable to CVE-2025-9375 before version 1.0.0.

(cherry picked from commit 170685da)
parent 00b325c3

pkgs/servers/home-assistant/default.nix

+0 −12
Original line number Diff line number Diff line
@@ -263,18 +263,6 @@ let 
        };

      };



      # xmltodict>=1.0 not compatible with georss-client and aio-georss-client

      # https://github.com/exxamalte/python-aio-georss-client/issues/63

      xmltodict = super.xmltodict.overridePythonAttrs rec {

        version = "0.15.1";

        src = fetchFromGitHub {

          owner = "martinblech";

          repo = "xmltodict";

          tag = "v${version}";

          hash = "sha256-j3shoXjAoAWFd+7k+0w6eoNygS2wkbhDkIq7QG+TmSM=";

        };

      };



      # internal python packages only consumed by home-assistant itself

      hass-web-proxy-lib = self.callPackage ./python-modules/hass-web-proxy-lib { };

      home-assistant-frontend = self.callPackage ./frontend.nix { };