agebox: update vulnerable dependency

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2024-04-27 16:34:30 +02:00 · 2024-04-27 16:34:30 +02:00 · 8f5c4cf5eb
commit 8f5c4cf5eb
parent 51c39ced2a
1 changed files with 11 additions and 2 deletions
--- a/pkgs/tools/security/agebox/default.nix
+++ b/pkgs/tools/security/agebox/default.nix
@ -1,4 +1,4 @@
-{ lib, buildGoModule, fetchFromGitHub }:
+{ lib, buildGoModule, fetchFromGitHub, fetchpatch }:

 buildGoModule rec {
  pname = "agebox";
@ -11,7 +11,16 @@ buildGoModule rec {
    hash = "sha256-W6/v5BIl+k6tMan/Wdua7mHKMsq23QZN13Cy24akJr4=";
  };

-  vendorHash = "sha256-PLeNTlQ0OMcupfbVN/KGb0iJYf3Jbcevg8gTcKHpn8s=";
+  patches = [
+    # Update gopkg.in/yaml.v2 to v2.2.8 to fix vulnerabilities.
+    # https://github.com/slok/agebox/pull/199
+    (fetchpatch {
+      url = "https://github.com/slok/agebox/commit/40a515d39911f601ebe05cc914e8a02695d85dc7.patch";
+      hash = "sha256-0iBI0nID12OoWqWY/8MPb3vvTUDe0JdSHu2vefix/bM=";
+    })
+  ];
+
+  vendorHash = "sha256-MNAF2ExIOYPzXyGR6H7lfUEhnMDCyD7ecst5MKm7u+A=";

  ldflags = [
    "-s"