fpm: fix vulnerable dependency

3 files changed, 16 insertions, 6 deletions

diff --git a/pkgs/tools/package-management/fpm/Gemfile b/pkgs/tools/package-management/fpm/Gemfile
index 95916cf4322a..ea498ca78355 100644
--- a/pkgs/tools/package-management/fpm/Gemfile
+++ b/pkgs/tools/package-management/fpm/Gemfile
@@ -1,2 +1,4 @@
 source 'https://rubygems.org'
+
+gem 'archive-tar-minitar', '>= 0.5.2.1', github: 'peterhoeg/archive-tar-minitar'
 gem 'fpm'
diff --git a/pkgs/tools/package-management/fpm/Gemfile.lock b/pkgs/tools/package-management/fpm/Gemfile.lock
index ab3d4dd6b46b..16d7a8250ec9 100644
--- a/pkgs/tools/package-management/fpm/Gemfile.lock
+++ b/pkgs/tools/package-management/fpm/Gemfile.lock
@@ -1,7 +1,12 @@
+GIT
+  remote: git://github.com/peterhoeg/archive-tar-minitar.git
+  revision: dae32ca550a87dba32597115ae18805db4782ebe
+  specs:
+    archive-tar-minitar (0.5.2.1)
+
 GEM
   remote: https://rubygems.org/
   specs:
-    archive-tar-minitar (0.5.2)
     arr-pm (0.0.10)
       cabin (> 0)
     backports (3.6.8)
@@ -40,7 +45,8 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  archive-tar-minitar (>= 0.5.2.1)!
   fpm
 
 BUNDLED WITH
-   1.12.5
+   1.14.3
diff --git a/pkgs/tools/package-management/fpm/gemset.nix b/pkgs/tools/package-management/fpm/gemset.nix
index 0670d3a5b140..4243651dd25d 100644
--- a/pkgs/tools/package-management/fpm/gemset.nix
+++ b/pkgs/tools/package-management/fpm/gemset.nix
@@ -1,11 +1,13 @@
 {
   archive-tar-minitar = {
     source = {
-      remotes = ["https://rubygems.org"];
-      sha256 = "1j666713r3cc3wb0042x0wcmq2v11vwwy5pcaayy5f0lnd26iqig";
-      type = "gem";
+      fetchSubmodules = false;
+      rev = "dae32ca550a87dba32597115ae18805db4782ebe";
+      sha256 = "0fvxacbcb52fm5dis451kdd7dv74z8p6nm4vnfqf7jg2aghcxdkd";
+      type = "git";
+      url = "git://github.com/peterhoeg/archive-tar-minitar.git";
     };
-    version = "0.5.2";
+    version = "0.5.2.1";
   };
   arr-pm = {
     source = {