From ea678a781a34613cf67c9c81d4f176d531f40630 Mon Sep 17 00:00:00 2001
From: Simon Bruder <simon@sbruder.de>
Date: Sun, 2 Jan 2022 21:43:09 +0100
Subject: [PATCH] Make build compatible with newer nixpkgs

Nodejs 10 was marked as insecure which leads to the build failing. This
overrides the nodejs 10 derivation to not be marked as insecure. It does
not pose a high security risk due to it only being used in the
(sandboxed) build process with pinned inputs.
---
 flake.nix | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/flake.nix b/flake.nix
index 40384c9..ccc68c9 100644
--- a/flake.nix
+++ b/flake.nix
@@ -10,7 +10,13 @@
     overlay = final: prev: {
       AriaNg =
         let
-          nodeDependencies = (prev.callPackage ./build-dependencies.nix { pkgs = prev; }).shell.nodeDependencies;
+          # mark nodejs 10 as secure, YOLO
+          # it is somewhat acceptable, because it only gets used for the build
+          # upstream recommends using node 8, so using node 10 is the more secure option
+          # https://github.com/mayswind/AriaNg/issues/606#issuecomment-842461874
+          nodejs = prev.nodejs-10_x.overrideAttrs (o: o // { meta = o.meta // { knownVulnerabilities = [ ]; }; });
+
+          nodeDependencies = (prev.callPackage ./build-dependencies.nix { pkgs = prev; inherit nodejs; }).shell.nodeDependencies;
         in
         prev.stdenvNoCC.mkDerivation {
           pname = "AriaNg";
@@ -22,7 +28,7 @@
             ln -s ${nodeDependencies}/lib/node_modules ./node_modules
 
             # shebang uses nodejs-12_x?
-            ${prev.nodejs-10_x}/bin/node ${nodeDependencies}/bin/gulp clean build
+            ${nodejs}/bin/node ${nodeDependencies}/bin/gulp clean build
           '';
 
           installPhase = ''