chore(3p/sources): Bump channels & overlays r/5650

* //3p/gerrit: prevent python2 from crashing evaluating due to upstream now officially considering it insecure after being EOL for 3 years. Overriding the meta set has the benefit that we do not need to whitelist the package globally, forcing us to opt in everywhere the dependency is acceptable. * //3p/overlays: bump tdlib so tazjin's emacs can build Change-Id: I50df82d35d56b0dd44b5f687e2dcb101db79738d Reviewed-on: https://cl.tvl.fyi/c/depot/+/7809 Autosubmit: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
author: sterni <sternenseemann@systemli.org> 2023-01-11T15·17+0100
committer: clbot <clbot@tvl.fyi> 2023-01-12T10·32+0000
commit: 423c2a09a917fa6490ab2b7bc305b8228659fcae (patch)
tree: d512c35c1649f9a3b50661bf66e5313dc1ddacad /third_party/gerrit
parent: 43f6aec384978da8ba554f14ba89959051b47d94 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/third_party/gerrit/default.nix b/third_party/gerrit/default.nix
index 3938e3ad2a..3889ff23e2 100644
--- a/third_party/gerrit/default.nix
+++ b/third_party/gerrit/default.nix
@@ -13,7 +13,12 @@ let
       (pkgs.bazel_5.override { enableNixHacks = true; })
       pkgs.jdk11_headless
       pkgs.zlib
-      pkgs.python
+      (pkgs.python.overrideAttrs (old: {
+        meta = old.meta // {
+          # Ignore Python 2.7 EOL since it's a build only dependency here
+          knownVulnerabilities = [ /* I pretend I do not see it */ ];
+        };
+      }))
       pkgs.curl
       pkgs.nodejs
       pkgs.yarn
author	sterni <sternenseemann@systemli.org>	2023-01-11T15·17+0100
committer	clbot <clbot@tvl.fyi>	2023-01-12T10·32+0000
commit	423c2a09a917fa6490ab2b7bc305b8228659fcae (patch)
tree	d512c35c1649f9a3b50661bf66e5313dc1ddacad /third_party/gerrit
parent	43f6aec384978da8ba554f14ba89959051b47d94 (diff)