pkgs/development/python-modules/django-ckeditor/default.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / pkgs / development / python-modules / django-ckeditor / default.nix
at master 2.4 kB view raw
 1{
 2  lib,
 3  buildPythonPackage,
 4  django,
 5  django-extensions,
 6  django-js-asset,
 7  fetchFromGitHub,
 8  pillow,
 9  python,
10  pythonOlder,
11  selenium,
12  setuptools-scm,
13}:
14
15buildPythonPackage rec {
16  pname = "django-ckeditor";
17  version = "6.7.1";
18  pyproject = true;
19
20  disabled = pythonOlder "3.8";
21
22  src = fetchFromGitHub {
23    owner = "django-ckeditor";
24    repo = "django-ckeditor";
25    tag = version;
26    hash = "sha256-tPwWXQAKoHPpZDZ+fnEoOA29at6gUXBw6CcPdireTr8=";
27  };
28
29  build-system = [ setuptools-scm ];
30
31  dependencies = [
32    django
33    django-js-asset
34    pillow
35  ];
36
37  DJANGO_SETTINGS_MODULE = "ckeditor_demo.settings";
38
39  checkInputs = [
40    django-extensions
41    selenium
42  ];
43
44  checkPhase = ''
45    runHook preCheck
46    ${python.interpreter} -m django test
47    runHook postCheck
48  '';
49
50  pythonImportsCheck = [ "ckeditor" ];
51
52  meta = with lib; {
53    description = "Django admin CKEditor integration";
54    homepage = "https://github.com/django-ckeditor/django-ckeditor";
55    changelog = "https://github.com/django-ckeditor/django-ckeditor/blob/${version}/CHANGELOG.rst";
56    license = licenses.bsd3;
57    maintainers = with maintainers; [ onny ];
58    knownVulnerabilities = [
59      ''
60        django-ckeditor bundles CKEditor 4.22.1 which isn’t supported anmyore and
61        which does have unfixed security issues
62
63        Existing users of django-ckeditor should consider switching to a
64        different editor such as CKEditor 5 (django-ckeditor-5), after verifying
65        that its GPL licensing terms are acceptable, or ProseMirror
66        (django-prose-mirror by the author of django-ckeditor). Support of the
67        CKEditor 4 package is provided by its upstream developers as a
68        non-free/commercial LTS package until December 2028.
69
70        Note that while there are publically known vulnerabilities for the
71        CKEditor 4 series, the exploitability of these issues depends on how
72        CKEditor is used by the given Django application.
73
74        Further information:
75
76        * List of vulnerabilites fixed in CKEditor 4.24.0-lts:
77
78          * GHSA-fq6h-4g8v-qqvm
79          * GHSA-fq6h-4g8v-qqvm
80          * GHSA-mw2c-vx6j-mg76
81
82        * The django-ckeditor deprecation notice:
83          <https://406.ch/writing/django-ckeditor/>
84
85        * The non-free/commerical CKEditor 4 LTS package:
86          <https://ckeditor.com/ckeditor-4-support/>
87      ''
88    ];
89  };
90}