chore(3p/sources): Bump channels & overlays

* //3p/gerrit: prevent python2 from crashing evaluating due to upstream now officially considering it insecure after being EOL for 3 years. Overriding the meta set has the benefit that we do not need to whitelist the package globally, forcing us to opt in everywhere the dependency is acceptable. * //3p/overlays: bump tdlib so tazjin's emacs can build Change-Id: I50df82d35d56b0dd44b5f687e2dcb101db79738d Reviewed-on: https://cl.tvl.fyi/c/depot/+/7809 Autosubmit: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2023-01-11 16:17:52 +01:00 · 2023-01-11 16:17:52 +01:00 · 423c2a09a9
commit 423c2a09a9
parent 43f6aec384
3 changed files with 43 additions and 19 deletions
--- a/third_party/gerrit/default.nix
+++ b/third_party/gerrit/default.nix
@ -13,7 +13,12 @@ let
      (pkgs.bazel_5.override { enableNixHacks = true; })
      pkgs.jdk11_headless
      pkgs.zlib
-      pkgs.python
+      (pkgs.python.overrideAttrs (old: {
+        meta = old.meta // {
+          # Ignore Python 2.7 EOL since it's a build only dependency here
+          knownVulnerabilities = [ /* I pretend I do not see it */ ];
+        };
+      }))
      pkgs.curl
      pkgs.nodejs
      pkgs.yarn