Merged
Conversation
Member
|
Thanks for taking care of this @e1mo ! |
Flake lock file updates:
• Updated input 'flake-utils':
'github:numtide/flake-utils/c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a' (2024-09-17)
→ 'github:numtide/flake-utils/11707dc2f618dd54ca8739b309ec4fc024de578b' (2024-11-13)
• Updated input 'freescout-nix':
'gitlab:e1mo/freescout-nix-flake/7e35a8d1f507ea3d6b6be54edc3a83f48f3dd140' (2024-05-11)
→ 'gitlab:e1mo/freescout-nix-flake/2b5bcee06a673c13c5b5a62b4f4dd1300ce85903' (2025-04-05)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/f6f24b0bbb0461887719d10c77c9fe81e7bea37d' (2024-10-08)
→ 'github:NixOS/nixpkgs/250b695f41e0e2f5afbf15c6b12480de1fe0001b' (2025-04-05)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/06535d0e3d0201e6a8080dd32dbfde339b94f01b' (2024-10-08)
→ 'github:Mic92/sops-nix/cff8437c5fe8c68fc3a840a21bf1f4dc801da40d' (2025-04-04)
• Removed input 'sops-nix/nixpkgs-stable'
Apply the patch from the PR that replaces pyopenssl with cryptography. The PR has not been reviewed by upstream, so there is a chance of something being not right. However, the tests pass. So it should probably be allright? (And in turn we can finally update matrix and the rest of our services and close some very real CVEs)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
pysaml2 is broken due to changes pyopenssl: NixOS/nixpkgs#367976
Since we use SAML for authentication, we are not able to update matrix synapse. In order to be able to do that, this PR uses a patch for pysaml2 that switches to cryptography: IdentityPython/pysaml2#977
The PR has not been reviewed by upstream, so there is a chance of something being not right. However, the tests pass. However, given that this allows us to update matrix synapse (which has had fixes for very real CVEs in a recent release). Thus this seems like a decent tradeoff.