8 files changed, 55 insertions, 13 deletions

diff --git a/pkgs/tools/security/bundler-audit/Gemfile.lock b/pkgs/tools/security/bundler-audit/Gemfile.lock
index 107e425bc579..f130b57912b4 100644
--- a/pkgs/tools/security/bundler-audit/Gemfile.lock
+++ b/pkgs/tools/security/bundler-audit/Gemfile.lock
@@ -1,10 +1,10 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    bundler-audit (0.6.1)
+    bundler-audit (0.7.0.1)
       bundler (>= 1.2.0, < 3)
-      thor (~> 0.18)
-    thor (0.20.3)
+      thor (>= 0.18, < 2)
+    thor (1.0.1)
 
 PLATFORMS
   ruby
diff --git a/pkgs/tools/security/bundler-audit/default.nix b/pkgs/tools/security/bundler-audit/default.nix
index 6bcb341a8343..c24831f26b06 100644
--- a/pkgs/tools/security/bundler-audit/default.nix
+++ b/pkgs/tools/security/bundler-audit/default.nix
@@ -21,6 +21,7 @@ bundlerEnv rec {
       - Does not require a network connection.
     '';
     homepage    = "https://github.com/rubysec/bundler-audit";
+    changelog   = "https://github.com/rubysec/bundler-audit/blob/v${version}/ChangeLog.md";
     license     = licenses.gpl3Plus;
     maintainers = with maintainers; [ primeos nicknovitski ];
     platforms   = platforms.unix;
diff --git a/pkgs/tools/security/bundler-audit/gemset.nix b/pkgs/tools/security/bundler-audit/gemset.nix
index 56d78b3e8f16..2121a3c08e55 100644
--- a/pkgs/tools/security/bundler-audit/gemset.nix
+++ b/pkgs/tools/security/bundler-audit/gemset.nix
@@ -1,19 +1,23 @@
 {
   bundler-audit = {
     dependencies = ["thor"];
+    groups = ["default"];
+    platforms = [];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "0pm22xpn3xyymsainixnrk8v3l3xi9bzwkjkspx00cfzp84xvxbq";
+      sha256 = "04l9rs56rlvihbr2ybkrigjajgd3swa98lxvmdl8iylj1g5m7n0j";
       type = "gem";
     };
-    version = "0.6.1";
+    version = "0.7.0.1";
   };
   thor = {
+    groups = ["default"];
+    platforms = [];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "1yhrnp9x8qcy5vc7g438amd5j9sw83ih7c30dr6g6slgw9zj3g29";
+      sha256 = "1xbhkmyhlxwzshaqa7swy2bx6vd64mm0wrr8g3jywvxy7hg0cwkm";
       type = "gem";
     };
-    version = "0.20.3";
+    version = "1.0.1";
   };
 }
\ No newline at end of file
diff --git a/pkgs/tools/security/keybase/default.nix b/pkgs/tools/security/keybase/default.nix
index bbc99c2ac410..ee1cfa9d2a41 100644
--- a/pkgs/tools/security/keybase/default.nix
+++ b/pkgs/tools/security/keybase/default.nix
@@ -6,7 +6,7 @@
 
 buildGoPackage rec {
   pname = "keybase";
-  version = "5.4.2";
+  version = "5.5.1";
 
   goPackagePath = "github.com/keybase/client";
   subPackages = [ "go/kbnm" "go/keybase" ];
@@ -17,7 +17,7 @@ buildGoPackage rec {
     owner = "keybase";
     repo = "client";
     rev = "v${version}";
-    sha256 = "08lw5aw962f75xi42bwbgba94hiql2n2jnsxrkx84czi0ijs1wlr";
+    sha256 = "03y69zmzbnfay173xkbzvnhh8zjjd2rfnqmpgr0wvh1psn7mgpsh";
   };
 
   patches = [
diff --git a/pkgs/tools/security/keycard-cli/default.nix b/pkgs/tools/security/keycard-cli/default.nix
index a76c102b2bb9..73eab6c3dec9 100644
--- a/pkgs/tools/security/keycard-cli/default.nix
+++ b/pkgs/tools/security/keycard-cli/default.nix
@@ -2,7 +2,7 @@
 
 buildGoPackage rec {
   pname = "keycard-cli";
-  version = "0.0.12";
+  version = "0.4.0";
 
   goPackagePath = "github.com/status-im/keycard-cli";
   subPackages = [ "." ];
@@ -14,7 +14,7 @@ buildGoPackage rec {
     owner = "status-im";
     repo = pname;
     rev = version;
-    sha256 = "1jnbaq57i6i9bad1hcvd28mxfqq6v8rv806c6l74vlb79ff4v1wb";
+    sha256 = "0917vl5lw8wgvyn5l8q6xa8bqh342fibaa38syr8hmz8b09qkh38";
   };
 
   buildFlagsArray = [
diff --git a/pkgs/tools/security/ripasso/cursive.nix b/pkgs/tools/security/ripasso/cursive.nix
index c8a55d3f397f..29229bff0028 100644
--- a/pkgs/tools/security/ripasso/cursive.nix
+++ b/pkgs/tools/security/ripasso/cursive.nix
@@ -12,6 +12,8 @@ buildRustPackage rec {
     sha256 = "164da20j727p8l7hh37j2r8pai9sj402nhswvg0nrlgj53nr6083";
   };
 
+  patches = [ ./fix-tests.patch ];
+
   cargoSha256 = "1wpn67v0xmxhn1dgzhh1pwz1yc3cizmfxhpb7qv9b27ynx4486ji";
 
   cargoBuildFlags = [ "-p ripasso-cursive -p ripasso-man" ];
diff --git a/pkgs/tools/security/ripasso/fix-tests.patch b/pkgs/tools/security/ripasso/fix-tests.patch
new file mode 100644
index 000000000000..433ff933b1f7
--- /dev/null
+++ b/pkgs/tools/security/ripasso/fix-tests.patch
@@ -0,0 +1,35 @@
+diff --git a/src/pass/test.rs b/src/pass/test.rs
+index c980a2f..2e6c8cc 100644
+--- a/src/pass/test.rs
++++ b/src/pass/test.rs
+@@ -56,6 +56,7 @@ fn populate_password_list_small_repo() {
+     base_path.pop();
+     base_path.pop();
+     base_path.pop();
++    base_path.pop();
+     base_path.push("testres");
+ 
+     let mut password_dir: PathBuf = base_path.clone();
+@@ -84,6 +85,7 @@ fn populate_password_list_repo_with_deleted_files() {
+     base_path.pop();
+     base_path.pop();
+     base_path.pop();
++    base_path.pop();
+     base_path.push("testres");
+ 
+     let mut password_dir: PathBuf = base_path.clone();
+@@ -112,6 +114,7 @@ fn populate_password_list_directory_without_git() {
+     base_path.pop();
+     base_path.pop();
+     base_path.pop();
++    base_path.pop();
+     base_path.push("testres");
+ 
+     let mut password_dir: PathBuf = base_path.clone();
+@@ -149,4 +152,4 @@ fn parse_signing_keys_empty() {
+     let result = PasswordStore::parse_signing_keys(&None).unwrap();
+ 
+     assert_eq!(result.len(), 0);
+-}
+\ No newline at end of file
++}
diff --git a/pkgs/tools/security/saml2aws/default.nix b/pkgs/tools/security/saml2aws/default.nix
index 42845705ff6b..d3157529215b 100644
--- a/pkgs/tools/security/saml2aws/default.nix
+++ b/pkgs/tools/security/saml2aws/default.nix
@@ -2,13 +2,13 @@
 
 buildGoModule rec {
   pname = "saml2aws";
-  version = "2.25.0";
+  version = "2.26.1";
 
   src = fetchFromGitHub {
     owner = "Versent";
     repo = "saml2aws";
     rev = "v${version}";
-    sha256 = "12aidylamrq4rvy2cfdz669lr1p20yqrshigcc5x1hrlhh9y64xc";
+    sha256 = "09b217x10mn3y244rwym0fcqr4ly6n83wnykb77488kn960b0pqb";
   };
 
   hid = fetchFromGitHub {