From db5d71d190922ffcb6b79607ca00feddada39848 Mon Sep 17 00:00:00 2001
From: Hugo Buddelmeijer <hugo@buddelmeijer.nl>
Date: Wed, 27 May 2026 21:48:15 +0200
Subject: [PATCH] gnu: python-dotenv: Update to 1.2.2 [security-fixes].

Release notes since 1.1.1 (2025-06-24):
- v1.2.2 (2026-03-01)
  <https://github.com/theskumar/python-dotenv/releases/tag/v1.2.2>.
- v1.2.1 (2025-10-26)
  <https://github.com/theskumar/python-dotenv/releases/tag/v1.2.1>.
- v1.2.0 (2025-10-26)
  <https://github.com/theskumar/python-dotenv/releases/tag/v1.2.0>.

Contains fixes for:
CVE-2026-28684: Path Traversal Vulnerability

* gnu/packages/python-xyz.scm (python-dotenv): Update to 1.2.2.
[arguments]<#:test-flags>: Disable failing test.
[native-inputs]: Remove python-sh.

Merges: guix/guix!8893
Change-Id: I64845fe6f3266dd9ac6e300bd3fc2f766309234e
Signed-off-by: Sharlatan Hellseher <sharlatanus@gmail.com>
---
 gnu/packages/python-xyz.scm | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/gnu/packages/python-xyz.scm b/gnu/packages/python-xyz.scm
index 103020afd81..5f7dda5ea41 100644
--- a/gnu/packages/python-xyz.scm
+++ b/gnu/packages/python-xyz.scm
@@ -33517,18 +33517,22 @@ systems in Python.")
 (define-public python-dotenv
   (package
     (name "python-dotenv")
-    (version "1.1.1")
+    (version "1.2.2")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "python_dotenv" version))
        (sha256
-        (base32 "1aw9c5gw2gfjf7n3s7k6lb6ybz090hh60wq0daz4azr52sbkk9m8"))))
+        (base32 "1wwwg7gasqmnv5y2hb3w1155c8nai6zzih8x5hn0ifnpzf8ildrc"))))
     (build-system pyproject-build-system)
+    (arguments
+     (list
+      #:test-flags
+      ;; .dotenv-real instead of dotenv
+      #~(list "-k not test_run_with_dotenv_and_command_flags")))
     (native-inputs
      (list python-pytest
-           python-setuptools
-           python-sh))
+           python-setuptools))
     (propagated-inputs
      (list python-click))
     (home-page "https://saurabh-kumar.com/python-dotenv/")