1 files changed, 10 insertions, 6 deletions

diff --git a/pkgs/servers/http/envoy/default.nix b/pkgs/servers/http/envoy/default.nix
index 50067d7dd6220..7e58f50fa1c64 100644
--- a/pkgs/servers/http/envoy/default.nix
+++ b/pkgs/servers/http/envoy/default.nix
@@ -25,15 +25,15 @@ let
     # However, the version string is more useful for end-users.
     # These are contained in a attrset of their own to make it obvious that
     # people should update both.
-    version = "1.27.3";
-    rev = "0fd81ee7ffcd7cfc864094b24dc9b5c3ade89ff2";
-    hash = "sha256-WNyyUw3517oKqMd1sJMk9CiLa/V7UrhwlRS+AWNNOOo=";
+    version = "1.27.5";
+    rev = "be4f1cfd31c79fc05651efa2f88429b3c03d1d9e";
+    hash = "sha256-+sjNqq91YfyW83aq/8WoSo7Jl5QZUmtWtsajnLLMgDc=";
   };
 
   # these need to be updated for any changes to fetchAttrs
   depsHash = {
-    x86_64-linux = "sha256-wTGHfeFkCuijPdX//lT5GPspaxZsxzBHJffH1tpVM2w=";
-    aarch64-linux = "sha256-9/Wem+Gk/7bFeMNFC4J3mdTm3mrNmyMxiu5oadQcovU=";
+    x86_64-linux = "sha256-4XJgPfNEPmbvAZMLlQcnIaoGzaFtyhsuEshdEjLh0OY=";
+    aarch64-linux = "sha256-85HLiK+xX/tabazh97J4fWk5KYc7kynbxj/g8HCGTD4=";
   }.${stdenv.system} or (throw "unsupported system ${stdenv.system}");
 in
 buildBazelPackage {
@@ -179,8 +179,13 @@ buildBazelPackage {
     #       |         ^
     "--define=tcmalloc=disabled"
   ]);
+
   bazelFetchFlags = [
     "--define=wasm=${wasmRuntime}"
+
+    # https://github.com/bazelbuild/rules_go/issues/3844
+    "--repo_env=GOPROXY=https://proxy.golang.org,direct"
+    "--repo_env=GOSUMDB=sum.golang.org"
   ];
 
   passthru.tests = {
@@ -197,6 +202,5 @@ buildBazelPackage {
     license = licenses.asl20;
     maintainers = with maintainers; [ lukegb ];
     platforms = [ "x86_64-linux" "aarch64-linux" ];
-    knownVulnerabilities = [ "CVE-2024-30255" ];
   };
 }