pnpm_10_29_2: mark insecure

(cherry picked from commit 2e0bb4a325)
This commit is contained in:
Robert Schütz 2026-06-26 19:57:38 -07:00 committed by github-actions[bot]
commit 5db1641a3d
2 changed files with 12 additions and 0 deletions

View file

@ -20,6 +20,15 @@ let
"10_29_2" = {
version = "10.29.2";
hash = "sha256-hAL2daH0zJ1PJ7v6s1wtSi4dfrATHfA9rQlhnoZnTQw=";
knownVulnerabilities = [
"CVE-2026-48995"
"CVE-2026-50014"
"CVE-2026-50015"
"CVE-2026-50016"
"CVE-2026-50017"
"CVE-2026-50573"
"CVE-2026-55699"
];
};
"10" = {
version = "10.34.0";
@ -35,6 +44,7 @@ let
variant:
callPackage ./generic.nix {
inherit (variant) version hash;
knownVulnerabilities = variant.knownVulnerabilities or [ ];
#FIXME: remove this hack in a future version.
nodejs = null; # Passing null to detect out-of-tree overrides
};

View file

@ -17,6 +17,7 @@
withNode ? true,
version,
hash,
knownVulnerabilities,
}:
let
majorVersion = lib.versions.major version;
@ -170,5 +171,6 @@ stdenvNoCC.mkDerivation (finalAttrs: {
];
platforms = lib.platforms.all;
mainProgram = "pnpm";
inherit knownVulnerabilities;
};
})