diff options
| author | Robert Scott <code@humanleg.org.uk> | 2023-10-06 19:09:23 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-10-06 19:09:23 +0100 |
| commit | 0fd347fe392c271e39e7edc1e31f271d97a95020 (patch) | |
| tree | c74e83f76bffdb4376888780dcae906afb0cc9df | |
| parent | snipe-it: 6.2.0 -> 6.2.1 (diff) | |
| parent | woodpecker-*: mark knownVulnerabilities CVE-2023-40034 (diff) | |
| download | nixpkgs-0fd347fe392c271e39e7edc1e31f271d97a95020.tar.gz | |
Merge pull request #259258 from risicle/ris-woodpecker-0.15.11-CVE-2023-40034-r23.05
[23.05] woodpecker-*: 0.15.8 -> 0.15.11, mark knownVulnerabilities CVE-2023-40034
3 files changed, 12 insertions, 10 deletions
diff --git a/pkgs/development/tools/continuous-integration/woodpecker/common.nix b/pkgs/development/tools/continuous-integration/woodpecker/common.nix index 7e1f63b790c6..102da03cdc67 100644 --- a/pkgs/development/tools/continuous-integration/woodpecker/common.nix +++ b/pkgs/development/tools/continuous-integration/woodpecker/common.nix @@ -1,17 +1,17 @@ { lib, fetchFromGitHub }: let - version = "0.15.8"; - srcSha256 = "sha256-7CTRx7I47VEKfPvkWhmpyHV3hkeLyHymFMrkyYQ1wl8="; - yarnSha256 = "sha256-PY0BIBbjyi2DG+n5x/IPc0AwrFSwII4huMDU+FeZ/Sc="; + version = "0.15.11"; + srcHash = "sha256-iDcEkaR1ZvH7Q68sxbwOiP1WKbkiDhCOtkuipbjXHKM="; + yarnHash = "sha256-PY0BIBbjyi2DG+n5x/IPc0AwrFSwII4huMDU+FeZ/Sc="; in { - inherit version yarnSha256; + inherit version yarnHash; src = fetchFromGitHub { owner = "woodpecker-ci"; repo = "woodpecker"; rev = "v${version}"; - sha256 = srcSha256; + hash = srcHash; }; postBuild = '' @@ -32,5 +32,8 @@ in homepage = "https://woodpecker-ci.org/"; license = licenses.asl20; maintainers = with maintainers; [ ambroisie techknowlogick ]; + knownVulnerabilities = [ + "CVE-2023-40034" + ]; }; } diff --git a/pkgs/development/tools/continuous-integration/woodpecker/frontend.nix b/pkgs/development/tools/continuous-integration/woodpecker/frontend.nix index 267fdc13985a..ccd9a36b8c86 100644 --- a/pkgs/development/tools/continuous-integration/woodpecker/frontend.nix +++ b/pkgs/development/tools/continuous-integration/woodpecker/frontend.nix @@ -11,7 +11,7 @@ mkYarnPackage { packageJSON = ./woodpecker-package.json; offlineCache = fetchYarnDeps { yarnLock = "${common.src}/web/yarn.lock"; - sha256 = common.yarnSha256; + hash = common.yarnHash; }; buildPhase = '' diff --git a/pkgs/development/tools/continuous-integration/woodpecker/update.sh b/pkgs/development/tools/continuous-integration/woodpecker/update.sh index 3530ea6c46c6..b53e5b423936 100755 --- a/pkgs/development/tools/continuous-integration/woodpecker/update.sh +++ b/pkgs/development/tools/continuous-integration/woodpecker/update.sh @@ -28,7 +28,7 @@ fi version="${version#v}" # Woodpecker repository -src_hash=$(nix-prefetch-github woodpecker-ci woodpecker --rev "v${version}" | jq -r .sha256) +src_hash=$(nix-prefetch-github woodpecker-ci woodpecker --rev "v${version}" | jq -r .hash) # Front-end dependencies woodpecker_src="https://raw.githubusercontent.com/woodpecker-ci/woodpecker/v$version" @@ -42,9 +42,8 @@ yarn_hash=$(prefetch-yarn-deps yarn.lock) popd # Use friendlier hashes -src_hash=$(nix hash to-sri --type sha256 "$src_hash") yarn_hash=$(nix hash to-sri --type sha256 "$yarn_hash") sed -i -E -e "s#version = \".*\"#version = \"$version\"#" common.nix -sed -i -E -e "s#srcSha256 = \".*\"#srcSha256 = \"$src_hash\"#" common.nix -sed -i -E -e "s#yarnSha256 = \".*\"#yarnSha256 = \"$yarn_hash\"#" common.nix +sed -i -E -e "s#srcHash = \".*\"#srcHash = \"$src_hash\"#" common.nix +sed -i -E -e "s#yarnHash = \".*\"#yarnHash = \"$yarn_hash\"#" common.nix |