diff --git a/pkgs/development/web/deno/default.nix b/pkgs/development/web/deno/default.nix index a8a4ff5bc478..871406b109a8 100644 --- a/pkgs/development/web/deno/default.nix +++ b/pkgs/development/web/deno/default.nix @@ -2,6 +2,7 @@ , lib , callPackage , fetchFromGitHub +, fetchpatch , rustPlatform , installShellFiles , tinycc @@ -23,9 +24,18 @@ rustPlatform.buildRustPackage rec { owner = "denoland"; repo = pname; rev = "v${version}"; - sha256 = "sha256-0S5BSXWnv4DMcc8cijRQx6NyDReg5aJJT65TeNFlkkw="; + hash = "sha256-0S5BSXWnv4DMcc8cijRQx6NyDReg5aJJT65TeNFlkkw="; }; - cargoSha256 = "sha256-DZICb85B9pWT8bV06FYjS604RdomB5nqtR55R00CT8c="; + cargoHash = "sha256-7Xfnc91yQiAwAF5fvtiwnELUDb7LJeye3GtXNzYkUo8="; + + cargoPatches = [ + # resolved in 1.31.2 + (fetchpatch { + name = "CVE-2023-28446.patch"; + url = "https://github.com/denoland/deno/commit/78d430103a8f6931154ddbbe19d36f3b8630286d.patch"; + hash = "sha256-kXwr9wWxk1OaaubCr8pfmSp3TrJMQkbAg72nIHp/seA="; + }) + ]; postPatch = '' # upstream uses lld on aarch64-darwin for faster builds