mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-09-23 05:37:27 +03:00
pandoc: apply patch removing the usage of polyfill.io in the templates
If you output HTML with MathJax content Pandoc might uses a JS library provided by cdn.polyfill.io which is now considered to be a bad actor. https://sansec.io/research/polyfill-supply-chain-attack Pandoc does not use this domain in recent versions but upgrading it seems more complex right now especially if we consider backports to the stable releases.
This commit is contained in:
parent
00ba4c2c35
commit
08c21134cd
@ -1962,7 +1962,17 @@ self: super: {
|
||||
readline = appendPatch ./patches/readline-fix-for-cabal-3.patch super.readline;
|
||||
|
||||
# https://github.com/jgm/pandoc/issues/9589
|
||||
pandoc = assert super.pandoc.version == "3.1.11.1"; dontCheck super.pandoc;
|
||||
pandoc = assert super.pandoc.version == "3.1.11.1"; lib.pipe super.pandoc
|
||||
[
|
||||
dontCheck
|
||||
(appendPatch
|
||||
(pkgs.fetchpatch {
|
||||
name = "drop-usage-known-bad-actor-cdn.patch";
|
||||
url = "https://github.com/jgm/pandoc/commit/5877ec546df29115163b36de32837f5e08506092.patch";
|
||||
hash = "sha256-2ffdL2dS/hHWBjJcIHbae5OdL/VKlHNKUMDHRy3hqvc=";
|
||||
})
|
||||
)
|
||||
];
|
||||
|
||||
# 2020-12-06: Restrictive upper bounds w.r.t. pandoc-types (https://github.com/owickstrom/pandoc-include-code/issues/27)
|
||||
pandoc-include-code = doJailbreak super.pandoc-include-code;
|
||||
|
Loading…
Reference in New Issue
Block a user