fix: Bump nixpkgs to fix packaging of nix-prefetch-git#238
Merged
Conversation
qmonnet
force-pushed
the
pr/qmonnet/nix-prefetch-git
branch
from
d6271f8 to
5ee336b
Compare
This comment was marked as outdated.
This comment was marked as outdated.
Member
Author
|
I think what we need instead is a temporary fix to update again and pull NixOS/nixpkgs#488336. The issue seems fixed upstream, we were unlucky to pull between the two PRs. I'll try it |
qmonnet
force-pushed
the
pr/qmonnet/nix-prefetch-git
branch
from
5ee336b to
caf3cd8
Compare
The packaging for nix-prefetch-git was temporarily broken in nixpkgs,
and we last updated in this repository between the commit introducing
the issue [0] and the fix [1]. Let's update again to pull the fix.
The issue would cause the bump.yml workflow to fail with:
./scripts/bump.sh: line 143: nix-prefetch-git: command not found
This is due to how nix-prefetch-git is installed. To make the workflow
work again for the update in the current commit, I used a temporary
commit that changed the path of the nix-prefetch-git executable in
scripts/bump.sh to nix-prefetch-git-26.05pre942779.d6c719321308.
[0]: NixOS/nixpkgs#487672 (comment)
[1]: NixOS/nixpkgs#488336
Signed-off-by: Quentin Monnet <qmo@qmon.net>
qmonnet
changed the title
qmonnet
force-pushed
the
pr/qmonnet/nix-prefetch-git
branch
from
b1fe983 to
a3cd678
Compare
Member
Author
|
Looks like it worked! I'm merging to fix the workflow (once CI tests have passed). |
Contributor
|
| priority | nix_package | version_local | version_nixpkgs | version_upstream |
|---|---|---|---|---|
| 13 | glibc | 2.42-47 | 2.42 | 2.43 |
| 11 | binutils | 2.44 | 2.44 | 2.46 |
| 10 | coreutils | 9.9 | 9.9 | 9.10 |
| 10 | pcre2 | 10.46 | 10.46 | 10.47 |
| 5 | ncurses | 6.6 | 6.6 | 6.6.20260124+really6.5.20250830 |
| 4 | kmod | 31 | 31 | 34.2 |
| 4 | expat | 2.7.3 | 2.7.3 | 2.7.4 |
| 4 | openssl | 3.6.0 | 1.1.1w | 3.6.1 |
| 4 | openssl | 3.6.0 | 3.6.0 | 3.6.1 |
| 4 | numactl | 2.0.18 | 2.0.18 | 2.0.19 |
| 2 | dpdk | 25.07 | 25.07 | 25.11 |
Contributor
|
| vuln_id | url | package | severity | version_local | version_nixpkgs | version_upstream | package_repology | sortcol | classify |
|---|---|---|---|---|---|---|---|---|---|
| CVE-2026-22796 | https://nvd.nist.gov/vuln/detail/CVE-2026-22796 | openssl | 5.3 | 3.6.0 | 3.6.0 | 3.6.1 | openssl | 2026A0000022796 | fix_update_to_version_upstream |
| CVE-2026-22795 | https://nvd.nist.gov/vuln/detail/CVE-2026-22795 | openssl | 5.5 | 3.6.0 | 3.6.0 | 3.6.1 | openssl | 2026A0000022795 | fix_update_to_version_upstream |
| CVE-2026-22184 | https://nvd.nist.gov/vuln/detail/CVE-2026-22184 | zlib | 9.8 | 1.3.1 | 1.3.1 | 1.3.1 | zlib | 2026A0000022184 | fix_not_available |
| CVE-2025-69421 | https://nvd.nist.gov/vuln/detail/CVE-2025-69421 | openssl | 7.5 | 3.6.0 | 3.6.0 | 3.6.1 | openssl | 2025A0000069421 | fix_update_to_version_upstream |
| CVE-2025-69420 | https://nvd.nist.gov/vuln/detail/CVE-2025-69420 | openssl | 7.5 | 3.6.0 | 3.6.0 | 3.6.1 | openssl | 2025A0000069420 | fix_update_to_version_upstream |
| CVE-2025-69419 | https://nvd.nist.gov/vuln/detail/CVE-2025-69419 | openssl | 7.4 | 3.6.0 | 3.6.0 | 3.6.1 | openssl | 2025A0000069419 | fix_update_to_version_upstream |
| CVE-2025-69418 | https://nvd.nist.gov/vuln/detail/CVE-2025-69418 | openssl | 4.0 | 3.6.0 | 3.6.0 | 3.6.1 | openssl | 2025A0000069418 | fix_update_to_version_upstream |
| CVE-2025-68160 | https://nvd.nist.gov/vuln/detail/CVE-2025-68160 | openssl | 4.7 | 3.6.0 | 3.6.0 | 3.6.1 | openssl | 2025A0000068160 | fix_update_to_version_upstream |
| CVE-2025-66199 | https://nvd.nist.gov/vuln/detail/CVE-2025-66199 | openssl | 5.9 | 3.6.0 | 3.6.0 | 3.6.1 | openssl | 2025A0000066199 | fix_update_to_version_upstream |
| CVE-2025-15469 | https://nvd.nist.gov/vuln/detail/CVE-2025-15469 | openssl | 5.5 | 3.6.0 | 3.6.0 | 3.6.1 | openssl | 2025A0000015469 | fix_update_to_version_upstream |
| CVE-2025-15468 | https://nvd.nist.gov/vuln/detail/CVE-2025-15468 | openssl | 5.9 | 3.6.0 | 3.6.0 | 3.6.1 | openssl | 2025A0000015468 | fix_update_to_version_upstream |
| CVE-2025-15467 | https://nvd.nist.gov/vuln/detail/CVE-2025-15467 | openssl | 9.8 | 3.6.0 | 3.6.0 | 3.6.1 | openssl | 2025A0000015467 | fix_update_to_version_upstream |
| CVE-2025-15281 | https://nvd.nist.gov/vuln/detail/CVE-2025-15281 | glibc | 7.5 | 2.42-47 | 2.42 | 2.43 | glibc | 2025A0000015281 | fix_update_to_version_upstream |
| CVE-2025-11187 | https://nvd.nist.gov/vuln/detail/CVE-2025-11187 | openssl | 6.1 | 3.6.0 | 3.6.0 | 3.6.1 | openssl | 2025A0000011187 | fix_update_to_version_upstream |
| CVE-2025-8225 | https://nvd.nist.gov/vuln/detail/CVE-2025-8225 | binutils | 3.3 | 2.44 | 2.44 | 2.46 | binutils | 2025A0000008225 | fix_update_to_version_upstream |
| CVE-2025-8224 | https://nvd.nist.gov/vuln/detail/CVE-2025-8224 | binutils | 3.3 | 2.44 | 2.44 | 2.46 | binutils | 2025A0000008224 | fix_update_to_version_upstream |
| CVE-2025-6170 | https://nvd.nist.gov/vuln/detail/CVE-2025-6170 | libxml2 | 2.5 | 2.15.1 | 2.15.1 | 2.15.1 | libxml2 | 2025A0000006170 | err_not_vulnerable_based_on_repology |
| CVE-2025-6021 | https://nvd.nist.gov/vuln/detail/CVE-2025-6021 | libxml2 | 7.5 | 2.15.1 | 2.15.1 | 2.15.1 | libxml2 | 2025A0000006021 | err_not_vulnerable_based_on_repology |
| CVE-2025-3198 | https://nvd.nist.gov/vuln/detail/CVE-2025-3198 | binutils | 3.3 | 2.44 | 2.44 | 2.46 | binutils | 2025A0000003198 | fix_update_to_version_upstream |
| CVE-2025-1153 | https://nvd.nist.gov/vuln/detail/CVE-2025-1153 | binutils | 3.1 | 2.44 | 2.44 | 2.46 | binutils | 2025A0000001153 | fix_update_to_version_upstream |
| OSV-2024-698 | https://osv.dev/OSV-2024-698 | libxml2 | 2.15.1 | 2.15.1 | 2.15.1 | libxml2 | 2024A0000000698 | err_not_vulnerable_based_on_repology | |
| CVE-2023-6992 | https://nvd.nist.gov/vuln/detail/CVE-2023-6992 | zlib | 4.0 | 1.3.1 | 1.3.1 | 1.3.1 | zlib | 2023A0000006992 | err_not_vulnerable_based_on_repology |
| CVE-2023-4039 | https://nvd.nist.gov/vuln/detail/CVE-2023-4039 | gcc | 4.8 | 15.2.0 | 15.2.0 | 15.2.0 | gcc | 2023A0000004039 | fix_not_available |
| OSV-2021-777 | https://osv.dev/OSV-2021-777 | libxml2 | 2.15.1 | 2.15.1 | 2.15.1 | libxml2 | 2021A0000000777 | err_not_vulnerable_based_on_repology | |
| CVE-2016-2781 | https://nvd.nist.gov/vuln/detail/CVE-2016-2781 | coreutils | 6.5 | 9.9 | 9.9 | 9.10 | coreutils | 2016A0000002781 | fix_not_available |
qmonnet
commented
Feb 9, 2026
| commit_date = "2026-02-06T12:24:04+00:00"; | ||
| source_url = "https://github.com/NixOS/nixpkgs/archive/ae67888ff7ef9dff69b3cf0cc0fbfbcd3a722abe.tar.gz"; | ||
| commit = "fef9403a3e4d31b0a23f0bacebbec52c248fbb51"; | ||
| commit_date = "2026-02-08T07:51:33+00:00"; |
Member
Author
There was a problem hiding this comment.
That's not recent enough 🤦 The fix was merged on that day but at 15:33 UTC. I'll need another update.
qmonnet
pushed a commit
that referenced
this pull request
Feb 11, 2026
Manual bump to pull the fix for the bump.yml workflow. Link: #238 (comment) Signed-off-by: Quentin Monnet <qmo@qmon.net>
qmonnet
pushed a commit
that referenced
this pull request
Feb 11, 2026
Manual bump to pull the fix for the bump.yml workflow. Link: #238 (comment) Signed-off-by: Quentin Monnet <qmo@qmon.net>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The packaging for nix-prefetch-git was temporarily broken in nixpkgs, and we last updated in this repository between the commit introducing the issue and the fix. Let's update again to pull the fix.
The issue would cause the bump.yml workflow to fail with:
This is due to how nix-prefetch-git is installed. To make the workflow work again for the update in the current commit, I used a temporary commit that changed the path of the nix-prefetch-git executable in scripts/bump.sh to nix-prefetch-git-26.05pre942779.d6c719321308.