Merge pull request #307229 from katexochen/agebox/fix-vuln

agebox: update vulnerable dependency
This commit is contained in:
Thomas Gerbet 2024-04-27 19:01:02 +02:00 committed by GitHub
commit 36134ff401
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -1,4 +1,4 @@
{ lib, buildGoModule, fetchFromGitHub }:
{ lib, buildGoModule, fetchFromGitHub, fetchpatch }:
buildGoModule rec {
pname = "agebox";
@ -11,7 +11,16 @@ buildGoModule rec {
hash = "sha256-W6/v5BIl+k6tMan/Wdua7mHKMsq23QZN13Cy24akJr4=";
};
vendorHash = "sha256-PLeNTlQ0OMcupfbVN/KGb0iJYf3Jbcevg8gTcKHpn8s=";
patches = [
# Update gopkg.in/yaml.v2 to v2.2.8 to fix vulnerabilities.
# https://github.com/slok/agebox/pull/199
(fetchpatch {
url = "https://github.com/slok/agebox/commit/40a515d39911f601ebe05cc914e8a02695d85dc7.patch";
hash = "sha256-0iBI0nID12OoWqWY/8MPb3vvTUDe0JdSHu2vefix/bM=";
})
];
vendorHash = "sha256-MNAF2ExIOYPzXyGR6H7lfUEhnMDCyD7ecst5MKm7u+A=";
ldflags = [
"-s"