diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/security')
20 files changed, 123 insertions, 74 deletions
diff --git a/nixpkgs/pkgs/tools/security/aflplusplus/default.nix b/nixpkgs/pkgs/tools/security/aflplusplus/default.nix index d1390253e63a..5d4b761df334 100644 --- a/nixpkgs/pkgs/tools/security/aflplusplus/default.nix +++ b/nixpkgs/pkgs/tools/security/aflplusplus/default.nix @@ -19,13 +19,13 @@ let libtokencap = callPackage ./libtokencap.nix { inherit aflplusplus; }; aflplusplus = stdenvNoCC.mkDerivation rec { pname = "aflplusplus"; - version = "4.09c"; + version = "4.10c"; src = fetchFromGitHub { owner = "AFLplusplus"; repo = "AFLplusplus"; rev = "v${version}"; - sha256 = "sha256-SQQJpR3+thi4iyrowkOD878nRHNgBJqqUdRFhtqld4k="; + sha256 = "sha256-elghcBw2tIttQo7bkMFRCx8iNqxwY0NCz0343wc8hWA="; }; enableParallelBuilding = true; diff --git a/nixpkgs/pkgs/tools/security/cfripper/default.nix b/nixpkgs/pkgs/tools/security/cfripper/default.nix index 5e13a2df14c8..aac55cf46b74 100644 --- a/nixpkgs/pkgs/tools/security/cfripper/default.nix +++ b/nixpkgs/pkgs/tools/security/cfripper/default.nix @@ -3,16 +3,23 @@ , python3 }: -python3.pkgs.buildPythonApplication rec { + +let + python = python3.override { + packageOverrides = self: super: { + pydantic = self.pydantic_1; + }; + }; +in python.pkgs.buildPythonApplication rec { pname = "cfripper"; - version = "1.15.3"; + version = "1.15.4"; pyproject = true; src = fetchFromGitHub { owner = "Skyscanner"; repo = "cfripper"; rev = "refs/tags/v${version}"; - hash = "sha256-SmD3Dq5LicPRe3lWFsq4zqM/yDZ1LsgRwSUA5/RbN9I="; + hash = "sha256-heVFum+Eaofd9L0dNHqD9GgHP+ckGwJi+NfeFci+ESc="; }; postPatch = '' @@ -20,11 +27,11 @@ python3.pkgs.buildPythonApplication rec { --replace "pluggy~=0.13.1" "pluggy" \ ''; - nativeBuildInputs = with python3.pkgs; [ + nativeBuildInputs = with python.pkgs; [ setuptools ]; - propagatedBuildInputs = with python3.pkgs; [ + propagatedBuildInputs = with python.pkgs; [ boto3 cfn-flip click @@ -35,7 +42,7 @@ python3.pkgs.buildPythonApplication rec { setuptools ]; - nativeCheckInputs = with python3.pkgs; [ + nativeCheckInputs = with python.pkgs; [ moto pytestCheckHook ]; diff --git a/nixpkgs/pkgs/tools/security/doppler/default.nix b/nixpkgs/pkgs/tools/security/doppler/default.nix index 92b964ad2c95..c90cf8c2725e 100644 --- a/nixpkgs/pkgs/tools/security/doppler/default.nix +++ b/nixpkgs/pkgs/tools/security/doppler/default.nix @@ -8,16 +8,16 @@ buildGoModule rec { pname = "doppler"; - version = "3.66.5"; + version = "3.67.0"; src = fetchFromGitHub { owner = "dopplerhq"; repo = "cli"; rev = version; - sha256 = "sha256-/kcGfTDthm4gp1M4lSeY1x8Q7EWVX2pZVjF2rAbz+Es="; + sha256 = "sha256-aBdpcmKv8EwUu8MKsC/aoSkiXf+JuTmhpGrPauWpThc="; }; - vendorHash = "sha256-FOmaK6S61fkzybpDx6qfi6m4e2IaqBpavaFhEgIvmqw="; + vendorHash = "sha256-NUHWKPszQH/pvnA+j65+bJ6t+C0FDRRbTviqkYztpE4="; ldflags = [ "-s -w" diff --git a/nixpkgs/pkgs/tools/security/enpass/default.nix b/nixpkgs/pkgs/tools/security/enpass/default.nix index cd5a3bc4618f..d95ba0baa9be 100644 --- a/nixpkgs/pkgs/tools/security/enpass/default.nix +++ b/nixpkgs/pkgs/tools/security/enpass/default.nix @@ -12,7 +12,7 @@ let x86_64-linux = "amd64"; }; - data = all_data.${system_map.${stdenv.hostPlatform.system} or (throw "Unsupported platform")}; + data = all_data.${system_map.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}")}; baseUrl = "https://apt.enpass.io"; diff --git a/nixpkgs/pkgs/tools/security/exploitdb/default.nix b/nixpkgs/pkgs/tools/security/exploitdb/default.nix index 4c9b252b7372..2b416ae08cad 100644 --- a/nixpkgs/pkgs/tools/security/exploitdb/default.nix +++ b/nixpkgs/pkgs/tools/security/exploitdb/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "exploitdb"; - version = "2024-02-10"; + version = "2024-02-17"; src = fetchFromGitLab { owner = "exploit-database"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-tnAPjyvzl70bLFyn1y0prkp8o7CjPy1XwYYF1IGq4No="; + hash = "sha256-rOhNN/kdwAtSq27P1vpTG/nLSyID/OKrPbDQOxdbgIw="; }; nativeBuildInputs = [ diff --git a/nixpkgs/pkgs/tools/security/grype/default.nix b/nixpkgs/pkgs/tools/security/grype/default.nix index eceffd9bdecd..dcae1af2bed1 100644 --- a/nixpkgs/pkgs/tools/security/grype/default.nix +++ b/nixpkgs/pkgs/tools/security/grype/default.nix @@ -1,19 +1,20 @@ { lib , buildGoModule , fetchFromGitHub +, git , installShellFiles , openssl }: buildGoModule rec { pname = "grype"; - version = "0.74.5"; + version = "0.74.6"; src = fetchFromGitHub { owner = "anchore"; - repo = pname; + repo = "grype"; rev = "refs/tags/v${version}"; - hash = "sha256-h68LfKQG5xgFIFkyuK9Z6tw8+xoimnF2d2QgTjwU74U="; + hash = "sha256-2KLVIwiSrs+e0srXkfBdk/RxCIvSq/Lixe83th2KvRA="; # populate values that require us to use git. By doing this in postFetch we # can delete .git afterwards and maintain better reproducibility of the src. leaveDotGit = true; @@ -28,17 +29,20 @@ buildGoModule rec { proxyVendor = true; - vendorHash = "sha256-lnOF3Xvjc20aFPOf9of3n+aBHvPrLTTlH7aPPlYA/RA="; + vendorHash = "sha256-wgcbP/VbHOMuc0PxWaOsiYTrr77ztLDVaDMhAD50vuQ="; nativeBuildInputs = [ installShellFiles ]; nativeCheckInputs = [ + git openssl ]; - subPackages = [ "cmd/grype" ]; + subPackages = [ + "cmd/grype" + ]; excludedPackages = "test/integration"; @@ -70,23 +74,25 @@ buildGoModule rec { # remove tests that depend on docker substituteInPlace test/cli/cmd_test.go \ - --replace "TestCmd" "SkipCmd" + --replace-fail "TestCmd" "SkipCmd" substituteInPlace grype/pkg/provider_test.go \ - --replace "TestSyftLocationExcludes" "SkipSyftLocationExcludes" + --replace-fail "TestSyftLocationExcludes" "SkipSyftLocationExcludes" substituteInPlace test/cli/cmd_test.go \ - --replace "Test_descriptorNameAndVersionSet" "Skip_descriptorNameAndVersionSet" + --replace-fail "Test_descriptorNameAndVersionSet" "Skip_descriptorNameAndVersionSet" # remove tests that depend on git substituteInPlace test/cli/db_validations_test.go \ - --replace "TestDBValidations" "SkipDBValidations" + --replace-fail "TestDBValidations" "SkipDBValidations" substituteInPlace test/cli/registry_auth_test.go \ - --replace "TestRegistryAuth" "SkipRegistryAuth" + --replace-fail "TestRegistryAuth" "SkipRegistryAuth" substituteInPlace test/cli/sbom_input_test.go \ - --replace "TestSBOMInput_FromStdin" "SkipSBOMInput_FromStdin" \ - --replace "TestSBOMInput_AsArgument" "SkipSBOMInput_AsArgument" + --replace-fail "TestSBOMInput_FromStdin" "SkipSBOMInput_FromStdin" \ + --replace-fail "TestSBOMInput_AsArgument" "SkipSBOMInput_AsArgument" substituteInPlace test/cli/subprocess_test.go \ - --replace "TestSubprocessStdin" "SkipSubprocessStdin" + --replace-fail "TestSubprocessStdin" "SkipSubprocessStdin" substituteInPlace grype/internal/packagemetadata/names_test.go \ - --replace "TestAllNames" "SkipAllNames" + --replace-fail "TestAllNames" "SkipAllNames" + substituteInPlace test/cli/version_cmd_test.go \ + --replace-fail "TestVersionCmdPrintsToStdout" "SkipVersionCmdPrintsToStdout" # segfault rm grype/db/v5/namespace/cpe/namespace_test.go diff --git a/nixpkgs/pkgs/tools/security/httpx/default.nix b/nixpkgs/pkgs/tools/security/httpx/default.nix index 9667d1997a08..98f41b9c599f 100644 --- a/nixpkgs/pkgs/tools/security/httpx/default.nix +++ b/nixpkgs/pkgs/tools/security/httpx/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "httpx"; - version = "1.3.9"; + version = "1.4.0"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = "httpx"; rev = "refs/tags/v${version}"; - hash = "sha256-3k/3CJ+/17Ygj4N8KPRYiAT+QJx3RlQMNemFztKtTt4="; + hash = "sha256-G+N9Zo8MbXbCRB21SvxSNftvn5v8Ss+I0v7Lj30CgJo="; }; - vendorHash = "sha256-apTCSKWkAarAHDEVvyyRjBm5s5M2YDXP5bMITDLoq20="; + vendorHash = "sha256-fy4yJkwBlVNRn8FWHtZHCMcCF7LQXsDhEYVSv4RVcBM="; subPackages = [ "cmd/httpx" diff --git a/nixpkgs/pkgs/tools/security/kubernetes-polaris/default.nix b/nixpkgs/pkgs/tools/security/kubernetes-polaris/default.nix index 885106528483..b053640d8da9 100644 --- a/nixpkgs/pkgs/tools/security/kubernetes-polaris/default.nix +++ b/nixpkgs/pkgs/tools/security/kubernetes-polaris/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "kubernetes-polaris"; - version = "8.5.4"; + version = "8.5.5"; src = fetchFromGitHub { owner = "FairwindsOps"; repo = "polaris"; rev = version; - sha256 = "sha256-Ip8SJi77QjNF2ez2NU48NKi+suOhViecuQyXSY6hLkI="; + sha256 = "sha256-DKfCXtFrZgmR0jiXwCD1iuwx/8aNEjwZ/fCQNeRhSu4="; }; vendorHash = "sha256-ZWetW+Xar4BXXlR0iG+O/NRqYk41x+PPVCGis2W2Nkk="; diff --git a/nixpkgs/pkgs/tools/security/ldapnomnom/default.nix b/nixpkgs/pkgs/tools/security/ldapnomnom/default.nix index 59daa142856b..03503c26c803 100644 --- a/nixpkgs/pkgs/tools/security/ldapnomnom/default.nix +++ b/nixpkgs/pkgs/tools/security/ldapnomnom/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "ldapnomnom"; - version = "1.2.0"; + version = "1.3.0"; src = fetchFromGitHub { owner = "lkarlslund"; repo = "ldapnomnom"; rev = "refs/tags/v${version}"; - hash = "sha256-3s2mLNqnJ+wZ17gy8Yr2Ze0S62A1bmE91E2ciLNO14E="; + hash = "sha256-enFTv8RqZpyS6LEqGIi55VMhArJy7Nhv0YhuWAOWyN0="; }; - vendorHash = "sha256-3ucnLD+qhBSWY2wLtBcsOcuEf1woqHP17qQg7LlERA8="; + vendorHash = "sha256-Iry9GoKOiXf83YudpmgHQRaP8GV4zokpX2mRAXoxSDQ="; ldflags = [ "-w" diff --git a/nixpkgs/pkgs/tools/security/oath-toolkit/default.nix b/nixpkgs/pkgs/tools/security/oath-toolkit/default.nix index 3e01af4886d9..1e5b418c3f46 100644 --- a/nixpkgs/pkgs/tools/security/oath-toolkit/default.nix +++ b/nixpkgs/pkgs/tools/security/oath-toolkit/default.nix @@ -8,11 +8,11 @@ let in stdenv.mkDerivation rec { pname = "oath-toolkit"; - version = "2.6.10"; + version = "2.6.11"; src = fetchurl { url = "mirror://savannah/${pname}/${pname}-${version}.tar.gz"; - sha256 = "sha256-hsJyJPfW19rUek9r7mX2uIS/W70VxemM8sxpYl2/I5E="; + sha256 = "sha256-/FEqSltG9MQ6sFhsMYn+zk1U9+ZJOX1voeI0KEMeLLQ="; }; buildInputs = [ securityDependency ]; diff --git a/nixpkgs/pkgs/tools/security/openpgp-card-tools/default.nix b/nixpkgs/pkgs/tools/security/openpgp-card-tools/default.nix index 38f814bbd2e2..ff1e2958cde5 100644 --- a/nixpkgs/pkgs/tools/security/openpgp-card-tools/default.nix +++ b/nixpkgs/pkgs/tools/security/openpgp-card-tools/default.nix @@ -12,17 +12,17 @@ rustPlatform.buildRustPackage rec { pname = "openpgp-card-tools"; - version = "0.9.5"; + version = "0.10.0"; src = fetchFromGitea { domain = "codeberg.org"; owner = "openpgp-card"; repo = "openpgp-card-tools"; rev = "v${version}"; - hash = "sha256-VD0eDq+lfeAu2gY9VZfz2ola3+CJCWerTEaGivpILyo="; + hash = "sha256-dSGkPAeiQ54hYMJgghlPkbeJP3ZPUXGU7WmE63yIvz0="; }; - cargoHash = "sha256-tfawWfwsdWUOimd97b059HXt83ew6KBouI2MdGN8Knc="; + cargoHash = "sha256-coFoFWI/Iq7tbkv9RKPCNfAVKWDsJd7KTzOTtQDHXJY="; nativeBuildInputs = [ pkg-config rustPlatform.bindgenHook ]; buildInputs = [ pcsclite nettle ] ++ lib.optionals stdenv.isDarwin [ PCSC ]; @@ -34,10 +34,10 @@ rustPlatform.buildRustPackage rec { }; meta = with lib; { - description = "CLI tools for OpenPGP cards"; - homepage = "https://gitlab.com/openpgp-card/openpgp-card"; + description = "A tool for inspecting and configuring OpenPGP cards"; + homepage = "https://codeberg.org/openpgp-card/openpgp-card-tools"; license = with licenses ;[ asl20 /* OR */ mit ]; maintainers = with maintainers; [ nickcao ]; - mainProgram = "opgpcard"; + mainProgram = "oct"; }; } diff --git a/nixpkgs/pkgs/tools/security/pass/rofi-pass.nix b/nixpkgs/pkgs/tools/security/pass/rofi-pass.nix index f23d27314eef..b8fd130df24b 100644 --- a/nixpkgs/pkgs/tools/security/pass/rofi-pass.nix +++ b/nixpkgs/pkgs/tools/security/pass/rofi-pass.nix @@ -29,13 +29,13 @@ assert lib.assertOneOf "backend" backend [ "x11" "wayland" ]; stdenv.mkDerivation { pname = "rofi-pass"; - version = "unstable-2023-07-07"; + version = "unstable-2024-02-13"; src = fetchFromGitHub { owner = "carnager"; repo = "rofi-pass"; - rev = "e77cbdbe0e885f0b1daba3a0b6bae793cc2b1ba3"; - hash = "sha256-zmNuFE+++tf4pKTXSTc7s8R9rvI+XwgWl8mCEPaaIRM="; + rev = "8aa6b9293a8f0af267425326fa966966ca42085e"; + hash = "sha256-g/AuLYj0yvLCXFR3y9GbMiE6hDCPBeuFM145c2Ukvys="; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/nixpkgs/pkgs/tools/security/semgrep/common.nix b/nixpkgs/pkgs/tools/security/semgrep/common.nix index da646461a20f..e4e51d81e9b7 100644 --- a/nixpkgs/pkgs/tools/security/semgrep/common.nix +++ b/nixpkgs/pkgs/tools/security/semgrep/common.nix @@ -1,9 +1,9 @@ { lib }: rec { - version = "1.37.0"; + version = "1.61.1"; - srcHash = "sha256-oFJ43dq3DAhux0UEFDKFZnxruoRdOfCndKY6XgG3d5I="; + srcHash = "sha256-muTw6rj9FuSSXvUzdP4QRQogzmUPlrvGARRK/Jqg+Gc="; # submodule dependencies # these are fetched so we: @@ -11,10 +11,10 @@ rec { # 2. avoid fetchSubmodules since it's prone to impurities submodules = { "cli/src/semgrep/semgrep_interfaces" = { - owner = "returntocorp"; + owner = "semgrep"; repo = "semgrep-interfaces"; - rev = "331603197022625f50a64dd5e3029a96a5f03ada"; - hash = "sha256-UAcWbTSCIdBGvgGSbdQ+miFOEuBvQ6m42MkU3VeErKY="; + rev = "bbfd1c5b91bd411bceffc3de73f5f0b37f04433d"; + hash = "sha256-wrhV5bBuIpVYehzVTxussiED//ObJXQSfPiiKnIR/DM="; }; }; @@ -25,22 +25,22 @@ rec { core = { x86_64-linux = { platform = "any"; - hash = "sha256-Sj/6tzZMyRQAJL09X/3zgvdGTIhNibqO8usKsus9Xss="; + hash = "sha256-lX/zRgkEyoln69pf4fWtb8f9wffBOI/KkCegn8kFmj4="; }; x86_64-darwin = { platform = "macosx_10_14_x86_64"; - hash = "sha256-hC04VknZG6aYYNX7lqvkcOoVslewNqlYax+o1nV2TcM="; + hash = "sha256-Rk4qP/iKpRUbqdry6V/NmXRQLkA0e9ltIOdYiO5DuTg="; }; aarch64-darwin = { platform = "macosx_11_0_arm64"; - hash = "sha256-0F+ndM4+0dnxf9acwWvGdIy9iYWSqixS9IzOxa95/yM="; + hash = "sha256-Gqq9LGwZ96i8LU8Z8qSN3TxuUUTDYrJiVCY9rm7aNzI="; }; }; meta = with lib; { homepage = "https://semgrep.dev/"; - downloadPage = "https://github.com/returntocorp/semgrep/"; - changelog = "https://github.com/returntocorp/semgrep/blob/v${version}/CHANGELOG.md"; + downloadPage = "https://github.com/semgrep/semgrep/"; + changelog = "https://github.com/semgrep/semgrep/blob/v${version}/CHANGELOG.md"; description = "Lightweight static analysis for many languages"; longDescription = '' Semgrep is a fast, open-source, static analysis tool for finding bugs and diff --git a/nixpkgs/pkgs/tools/security/semgrep/default.nix b/nixpkgs/pkgs/tools/security/semgrep/default.nix index ff41daacac30..70e6b8641ee8 100644 --- a/nixpkgs/pkgs/tools/security/semgrep/default.nix +++ b/nixpkgs/pkgs/tools/security/semgrep/default.nix @@ -1,5 +1,6 @@ { lib , fetchFromGitHub +, fetchpatch , semgrep-core , buildPythonApplication , pythonPackages @@ -9,19 +10,31 @@ , git }: +# testing locally post build: +# ./result/bin/semgrep scan --metrics=off --config 'r/generic.unicode.security.bidi.contains-bidirectional-characters' + let common = import ./common.nix { inherit lib; }; + semgrepBinPath = lib.makeBinPath [ semgrep-core ]; in buildPythonApplication rec { pname = "semgrep"; inherit (common) version; src = fetchFromGitHub { - owner = "returntocorp"; + owner = "semgrep"; repo = "semgrep"; rev = "v${version}"; hash = common.srcHash; }; + patches = [ + (fetchpatch { + name = "fix-test_dump_engine-test-for-nix-store-path.patch"; + url = "https://github.com/semgrep/semgrep/commit/c7553c1a61251146773617f80a2d360e6b6ab3f9.patch"; + hash = "sha256-A3QdL0DDh/pbDpRIBACUie7PEvC17iG4t6qTnmPIwA4="; + }) + ]; + # prepare a subset of the submodules as we only need a handful # and there are many many submodules total postPatch = (lib.concatStringsSep "\n" (lib.mapAttrsToList @@ -72,34 +85,57 @@ buildPythonApplication rec { ]; doCheck = true; + nativeCheckInputs = [ git pytestCheckHook ] ++ (with pythonPackages; [ + flaky pytest-snapshot pytest-mock pytest-freezegun types-freezegun ]); + disabledTests = [ # requires networking "test_send" # requires networking "test_parse_exclude_rules_auto" + # many child tests require networking to download files + "TestConfigLoaderForProducts" + # doesn't start flaky plugin correctly + "test_debug_performance" ]; + preCheck = '' # tests need a home directory export HOME="$(mktemp -d)" + # tests need access to `semgrep-core` + export OLD_PATH="$PATH" + export PATH="$PATH:${semgrepBinPath}" + + # we're in cli + # replace old semgrep with wrapped one + rm ./bin/semgrep + ln -s $out/bin/semgrep ./bin/semgrep + # disabledTestPaths doesn't manage to avoid the e2e tests # remove them from pyproject.toml # and remove need for pytest-split substituteInPlace pyproject.toml \ --replace '"tests/e2e",' "" \ + --replace '"tests/e2e-pro",' "" \ --replace 'addopts = "--splitting-algorithm=least_duration"' "" ''; + postCheck = '' + export PATH="$OLD_PATH" + unset OLD_PATH + ''; + # since we stop cli/setup.py from finding semgrep-core and copying it into # the result we need to provide it on the PATH preFixup = '' - makeWrapperArgs+=(--prefix PATH : ${lib.makeBinPath [ semgrep-core ]}) + makeWrapperArgs+=(--prefix PATH : ${semgrepBinPath}) ''; postInstall = '' diff --git a/nixpkgs/pkgs/tools/security/semgrep/semgrep-core.nix b/nixpkgs/pkgs/tools/security/semgrep/semgrep-core.nix index b924dd16579f..33e50837bf75 100644 --- a/nixpkgs/pkgs/tools/security/semgrep/semgrep-core.nix +++ b/nixpkgs/pkgs/tools/security/semgrep/semgrep-core.nix @@ -20,7 +20,7 @@ stdenvNoCC.mkDerivation rec { inherit version; format = "wheel"; dist = python; - python = "cp37.cp38.cp39.cp310.cp311.py37.py38.py39.py310.py311"; + python = "cp38.cp39.cp310.cp311.py37.py38.py39.py310.py311"; inherit (data) platform hash; }; diff --git a/nixpkgs/pkgs/tools/security/semgrep/update.sh b/nixpkgs/pkgs/tools/security/semgrep/update.sh index c66180cf8f2b..67b720154b0b 100755 --- a/nixpkgs/pkgs/tools/security/semgrep/update.sh +++ b/nixpkgs/pkgs/tools/security/semgrep/update.sh @@ -24,10 +24,10 @@ instantiateClean() { # get latest version NEW_VERSION=$( - curl -s -H \ + curl -s -L -H \ "Accept: application/vnd.github.v3+json" \ ${GITHUB_TOKEN:+ -H "Authorization: bearer $GITHUB_TOKEN"} \ - https://api.github.com/repos/returntocorp/semgrep/releases/latest \ + https://api.github.com/repos/semgrep/semgrep/releases/latest \ | jq -r '.tag_name' ) # trim v prefix @@ -58,7 +58,7 @@ fetchPypi rec { version = \"$VERSION\"; format = \"wheel\"; dist = python; - python = \"cp37.cp38.cp39.cp310.cp311.py37.py38.py39.py310.py311\"; + python = \"cp38.cp39.cp310.cp311.py37.py38.py39.py310.py311\"; platform = \"$PLATFORM\"; } " @@ -101,7 +101,7 @@ update_core_platform "aarch64-darwin" OLD_PWD=$PWD TMPDIR="$(mktemp -d)" # shallow clone to check submodule commits, don't actually need the submodules -git clone https://github.com/returntocorp/semgrep "$TMPDIR/semgrep" --depth 1 --branch "v$NEW_VERSION" +git clone https://github.com/semgrep/semgrep "$TMPDIR/semgrep" --depth 1 --branch "v$NEW_VERSION" get_submodule_commit() { OLD_PWD=$PWD diff --git a/nixpkgs/pkgs/tools/security/sigma-cli/default.nix b/nixpkgs/pkgs/tools/security/sigma-cli/default.nix index 4f12607ff06a..897fdfcb2f29 100644 --- a/nixpkgs/pkgs/tools/security/sigma-cli/default.nix +++ b/nixpkgs/pkgs/tools/security/sigma-cli/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "sigma-cli"; - version = "1.0.0"; + version = "1.0.1"; pyproject = true; src = fetchFromGitHub { owner = "SigmaHQ"; repo = "sigma-cli"; rev = "refs/tags/v${version}"; - hash = "sha256-TVsWGExs4diHoAhfbUs2q9Dh9xVr8WyDRMRhhAFpB8A="; + hash = "sha256-+6+xTc9XGsPxK3OsiA4dj2ORgC0PQtZsZ5a6STwmfcg="; }; postPatch = '' diff --git a/nixpkgs/pkgs/tools/security/sudo-rs/default.nix b/nixpkgs/pkgs/tools/security/sudo-rs/default.nix index d0e547dc2d23..a1e46c6ee708 100644 --- a/nixpkgs/pkgs/tools/security/sudo-rs/default.nix +++ b/nixpkgs/pkgs/tools/security/sudo-rs/default.nix @@ -11,15 +11,15 @@ rustPlatform.buildRustPackage rec { pname = "sudo-rs"; - version = "0.2.1"; + version = "0.2.2"; src = fetchFromGitHub { owner = "memorysafety"; repo = "sudo-rs"; rev = "v${version}"; - hash = "sha256-EQEdNDUXEMMiFZKuu9LR9ywjvKWyM5bWcRHHUB9+gp4="; + hash = "sha256-Fc9NgKo8Be8AqB1YcH/oH514f3pOjFtqNBIC+3xwagY="; }; - cargoHash = "sha256-Zs9/A7u4yMLKY4cAUCnsqRHgkxI8R3w1JwkAd2lw0eo="; + cargoHash = "sha256-1XhdMHGZZOmSFuVW3Oa1Xwjy3dzkgJOE7h24Ly2F3ps="; nativeBuildInputs = [ installShellFiles pandoc ]; diff --git a/nixpkgs/pkgs/tools/security/trufflehog/default.nix b/nixpkgs/pkgs/tools/security/trufflehog/default.nix index cfb6fb85b82b..c986dbab98cf 100644 --- a/nixpkgs/pkgs/tools/security/trufflehog/default.nix +++ b/nixpkgs/pkgs/tools/security/trufflehog/default.nix @@ -7,16 +7,16 @@ buildGoModule rec { pname = "trufflehog"; - version = "3.67.5"; + version = "3.67.6"; src = fetchFromGitHub { owner = "trufflesecurity"; repo = "trufflehog"; rev = "refs/tags/v${version}"; - hash = "sha256-163tIYqWUvfbN4Vh+nqQ98nHHFwEg0esJplBB5ivqOY="; + hash = "sha256-LKnFlgMbgp47mNkER+gE4PwEpqBY1txmhDpmcPCXH24="; }; - vendorHash = "sha256-Kp78cAg3zpxZkJlVAvaxbq6GvUH/4HTH6Xz9EIo9tc0="; + vendorHash = "sha256-/DKly5ZFrySYrjGywjsyQd5Ky1bQ+ZIJll0io6XC5+s="; ldflags = [ "-s" diff --git a/nixpkgs/pkgs/tools/security/zlint/default.nix b/nixpkgs/pkgs/tools/security/zlint/default.nix index ba8eeeb12fa5..838e866de20a 100644 --- a/nixpkgs/pkgs/tools/security/zlint/default.nix +++ b/nixpkgs/pkgs/tools/security/zlint/default.nix @@ -7,13 +7,13 @@ buildGoModule rec { pname = "zlint"; - version = "3.6.0"; + version = "3.6.1"; src = fetchFromGitHub { owner = "zmap"; repo = "zlint"; rev = "v${version}"; - hash = "sha256-SGQOWMpjSS0XHrBjhPSRPBssCk073Hc1OlzQh/pnSRs="; + hash = "sha256-8iZUEUU+HY8cJrBwiGNE4e6hXQvNwAt0cPnBjAVDcHo="; }; modRoot = "v3"; |