[MEDIUM] Upgrade python-filelock to 3.20.1 for CVE-2025-68146 (microsoft#15376)

Author: archana25-ms

SPECS/python-filelock/python-filelock.signatures.json

@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "python-filelock-3.14.0.tar.gz": "6ea72da3be9b8c82afd3edcf99f2fffbb5076335a5ae4d03248bb5b6c3eae78a"
+  "python-filelock-3.20.1.tar.gz": "b8360948b351b80f420878d8516519a2204b07aefcdcfd24912a5d33127f188c"
  }
 }

SPECS/python-filelock/python-filelock.spec

@@ -1,13 +1,14 @@
 %global srcname filelock
 Summary:        A platform independent file lock
 Name:           python-filelock
-Version:        3.14.0
+Version:        3.20.1
 Release:        1%{?dist}
 License:        Unlicense
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://github.com/toxdev/filelock
 Source0:        https://files.pythonhosted.org/packages/source/f/%{srcname}/%{srcname}-%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Patch0:         remove-python-3.14-classifier.patch
 BuildArch:      noarch
 
 %description
@@ -30,6 +31,7 @@ BuildRequires:  python%{python3_pkgversion}-setuptools
 BuildRequires:  python%{python3_pkgversion}-setuptools_scm
 BuildRequires:  python%{python3_pkgversion}-trove-classifiers
 %if %{with check}
+BuildRequires:  python%{python3_pkgversion}-pytest-asyncio
 BuildRequires:  python%{python3_pkgversion}-pytest
 BuildRequires:  python%{python3_pkgversion}-pytest-mock
 %endif
@@ -55,14 +57,22 @@ the same lock object twice, it will not block.
 %pyproject_save_files %{srcname}
 
 %check
+sed -i '/asyncio_default_fixture_loop_scope/d' pyproject.toml
+sed -i '/verbosity_assertions/d' pyproject.toml
 pip3 install iniconfig
-%pytest
+pip3 install pytest-virtualenv
+pip3 install pytest-timeout
+pip3 install pytest-asyncio
+%pytest -k "not test_mtime_zero_exit_branch" -v
 
 %files -n python%{python3_pkgversion}-%{srcname} -f %{pyproject_files}
 %doc README.md
 %license %{python3_sitelib}/%{srcname}-%{version}.dist-info/licenses/LICENSE
 
 %changelog
+* Tue Dec 23 2025 Archana Shettigar <v-shettigara@microsoft.com> - 3.20.1-1
+- Auto-upgrade to 3.20.1 - for CVE-2025-68146
+
 * Fri Apr 26 2024 Osama Esmail <osamaesmail@microsoft.com> - 3.14.0-1
 - Lot of redoing to use pyproject
 - Removing 'docs' subpackage since the new src doesn't include that folder

SPECS/python-filelock/remove-python-3.14-classifier.patch

@@ -0,0 +1,13 @@
+diff --git a/pyproject.toml b/pyproject.toml
+index 7b09dd5..568f3dd 100644
+--- a/pyproject.toml
++++ b/pyproject.toml
+@@ -31,8 +31,6 @@ classifiers = [
+   "Programming Language :: Python :: 3.10",
+   "Programming Language :: Python :: 3.11",
+   "Programming Language :: Python :: 3.12",
+-  "Programming Language :: Python :: 3.13",
+-  "Programming Language :: Python :: 3.14",
+   "Topic :: Internet",
+   "Topic :: Software Development :: Libraries",
+   "Topic :: System",

cgmanifest.json

@@ -22863,8 +22863,8 @@
         "type": "other",
         "other": {
           "name": "python-filelock",
-          "version": "3.14.0",
-          "downloadUrl": "https://files.pythonhosted.org/packages/source/f/filelock/filelock-3.14.0.tar.gz"
+          "version": "3.20.1",
+          "downloadUrl": "https://files.pythonhosted.org/packages/source/f/filelock/filelock-3.20.1.tar.gz"
         }
       }
     },