Extend the Zope 4.8.3 versions.cfg, but use Zope 4.8.6.

I don't want all the extra package updates. They did make it into Plone 5.2.10.1, but I don't want them in 5.2.10.2.
plone · Dec 21, 2022 · f3453dd · f3453dd
1 parent a05f392
commit f3453dd
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/versions.cfg b/versions.cfg
@@ -5,7 +5,10 @@
 # Based on latest development Zope:
 # extends = https://raw.githubusercontent.com/zopefoundation/Zope/4.x/versions.cfg
 # Based on released Zope:
-extends = https://zopefoundation.github.io/Zope/releases/4.8.6/versions.cfg
+extends = https://zopefoundation.github.io/Zope/releases/4.8.3/versions.cfg
+# Note: we extend the Zope 4.8.3 versions.cfg, but override this later to use
+# Zope 4.8.6 for a security fix.  Otherwise too many non-security related package
+# updates get included, like DateTime 4.7/4.8 which has a problem on Python 2.7.
 
 [versions]
 ##############################################################################
@@ -89,6 +92,7 @@ zope.password = 4.3.1
 
 # Older/newer versions than pinned in Zope.  Remove only if we are sure Zope has has a good version now.
 # Each pin should have a comment in versionannotations below.
+Zope = 4.8.6
 zope.component = 4.6.2
 Sphinx = 1.8.6
 
@@ -438,3 +442,5 @@ Unidecode =
     Unidecode 0.04.{2-9} breaks tests
 zope.component =
     5.0.0 causes a few problems.  See https://github.com/plone/buildout.coredev/pull/725#issuecomment-872272811
+Zope =
+    4.8.4 has a security fix, 4.8.5 and 4.8.6 fix regressions after this security fix.