From 423c2a09a917fa6490ab2b7bc305b8228659fcae Mon Sep 17 00:00:00 2001
From: sterni <sternenseemann@systemli.org>
Date: Wed, 11 Jan 2023 16:17:52 +0100
Subject: chore(3p/sources): Bump channels & overlays

* //3p/gerrit: prevent python2 from crashing evaluating due to
  upstream now officially considering it insecure after being EOL
  for 3 years.

  Overriding the meta set has the benefit that we do not need to
  whitelist the package globally, forcing us to opt in everywhere
  the dependency is acceptable.

* //3p/overlays: bump tdlib so tazjin's emacs can build

Change-Id: I50df82d35d56b0dd44b5f687e2dcb101db79738d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7809
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
---
 third_party/gerrit/default.nix | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'third_party/gerrit')

diff --git a/third_party/gerrit/default.nix b/third_party/gerrit/default.nix
index 3938e3ad2a..3889ff23e2 100644
--- a/third_party/gerrit/default.nix
+++ b/third_party/gerrit/default.nix
@@ -13,7 +13,12 @@ let
       (pkgs.bazel_5.override { enableNixHacks = true; })
       pkgs.jdk11_headless
       pkgs.zlib
-      pkgs.python
+      (pkgs.python.overrideAttrs (old: {
+        meta = old.meta // {
+          # Ignore Python 2.7 EOL since it's a build only dependency here
+          knownVulnerabilities = [ /* I pretend I do not see it */ ];
+        };
+      }))
       pkgs.curl
       pkgs.nodejs
       pkgs.yarn
-- 
cgit 1.4.1