- Use 1 line per input argument.
- Don't use let ... in if not needed.
- Use ${version} in url string.
- Run hooks in explicit installPhase.
(cherry picked from commit e1d6051d81835079f0e37e1d5fc5f029f32df512)
Changes: 3c56f62...bcd73eb
I figured that now with an actual 2.4 release around the corner[1] we
could bump it a bit more often considering that it seems to contain
mostly bugfixes, so that upstream receives a bit more feedback.
[1] https://discourse.nixos.org/t/tweag-nix-dev-update-17/15037
(cherry picked from commit 615d368aa000279f1c63d9c5521859181b5fbfe3)
When restoring a backup, discourse decompresses the backup archive in
the /share/discourse/tmp dir. Before this change, it is linked to /run
which is typically backed by memory, so the backup will fail to
restore if you do not have enough memory on your system to contain the
backup. This has already happened to me on two small forums.
This moves tmp to the StateDirectory /var/lib/discourse/tmp which is
typically backed by disk.
(cherry picked from commit f933c68374b9c6195dc74d26c95fc9bf240fead8)
Need to patch out the contextvars dependency (which is included in
python 3.7+).
The same patch is discussed in arch:
https://bugs.archlinux.org/task/71344
(cherry picked from commit c0b46c6b596dd25f32733ff01156d3d769640ab5)
ChangeLog: https://github.com/hedgedoc/hedgedoc/releases/tag/1.9.0
As documented in the Nix expression, I unfortunately had to patch
`yarn.lock` manually (the `yarn.nix` result isn't affected by this). By
adding a `git+https`-prefix to
`midi "https://github.com/paulrosen/MIDI.js.git#abcjs"` in the lock-file
I ensured that `yarn` actually uses the `MIDI.js` from the offline-cache
from `yarn2nix` rather than trying to download a tarball from GitHub.
Also, this release contains a fix for CVE-2021-39175 which doesn't seem
to be backported to 1.8. To quote NVD[1]:
> In versions prior to 1.9.0, an unauthenticated attacker can inject
> arbitrary JavaScript into the speaker-notes of the slide-mode feature
> by embedding an iframe hosting the malicious code into the slides or by
> embedding the HedgeDoc instance into another page.
Even though it "only" has a medium rating by NVD (6.1), this seems
rather problematic to me (also, GitHub rates this as "High"), so it's
actually a candidate for a backport.
[1] https://nvd.nist.gov/vuln/detail/CVE-2021-39175
(cherry picked from commit 0a10c17c8d01e5f9fefa3d6dbb7802a3cbce7e23)
The src points to the obsidiansystems repo as it has the ghcjs ported from
8.10.5 to 8.10.7, and a bunch of other fixes (#812, #811, #809)
(cherry picked from commit ba25b274f4bb0240a8ffa71e41b55712930af3d8)
Modified the stm_2_5_0_1 -> stm_2_5_0_0
