From 531c554627c6d86cab3200723e75a602c58b7fc3 Mon Sep 17 00:00:00 2001
From: 06kellyjac <dev@j-k.io>
Date: Wed, 5 Apr 2023 11:06:42 +0100
Subject: deno: fix CVE-2023-28446

---
 pkgs/development/web/deno/default.nix | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'pkgs')

diff --git a/pkgs/development/web/deno/default.nix b/pkgs/development/web/deno/default.nix
index a8a4ff5bc4785..871406b109a83 100644
--- a/pkgs/development/web/deno/default.nix
+++ b/pkgs/development/web/deno/default.nix
@@ -2,6 +2,7 @@
 , lib
 , callPackage
 , fetchFromGitHub
+, fetchpatch
 , rustPlatform
 , installShellFiles
 , tinycc
@@ -23,9 +24,18 @@ rustPlatform.buildRustPackage rec {
     owner = "denoland";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-0S5BSXWnv4DMcc8cijRQx6NyDReg5aJJT65TeNFlkkw=";
+    hash = "sha256-0S5BSXWnv4DMcc8cijRQx6NyDReg5aJJT65TeNFlkkw=";
   };
-  cargoSha256 = "sha256-DZICb85B9pWT8bV06FYjS604RdomB5nqtR55R00CT8c=";
+  cargoHash = "sha256-7Xfnc91yQiAwAF5fvtiwnELUDb7LJeye3GtXNzYkUo8=";
+
+  cargoPatches = [
+    # resolved in 1.31.2
+    (fetchpatch {
+      name = "CVE-2023-28446.patch";
+      url = "https://github.com/denoland/deno/commit/78d430103a8f6931154ddbbe19d36f3b8630286d.patch";
+      hash = "sha256-kXwr9wWxk1OaaubCr8pfmSp3TrJMQkbAg72nIHp/seA=";
+    })
+  ];
 
   postPatch = ''
     # upstream uses lld on aarch64-darwin for faster builds
-- 
cgit 1.4.1