pomerium 0.21.3 -> 0.22.1 https://github.com/pomerium/pomerium/releases attrpath: pomerium Checking auto update branch... [version] [version] generic version rewriter does not support multiple hashes [rustCrateVersion] [rustCrateVersion] No cargoSha256 or cargoHash found [golangModuleVersion] [golangModuleVersion] skipping because derivation has updateScript [updateScript] [updateScript] Failed with exit code 1 this derivation will be built: /nix/store/ynpqfirrk855rszs7zndzvgv3fl6fd30-packages.json.drv building '/nix/store/ynpqfirrk855rszs7zndzvgv3fl6fd30-packages.json.drv'... Going to be running update for following packages: - pomerium-0.21.3 Press Enter key to continue... Running update for: - pomerium-0.21.3: UPDATING ... - pomerium-0.21.3: ERROR --- SHOWING ERROR LOG FOR pomerium-0.21.3 ---------------------- these 3 paths will be fetched (11.24 MiB download, 53.45 MiB unpacked): /nix/store/jphsrskn25jhxw8j1vd5dq8jh5iyyars-nodejs-slim-18.16.0 /nix/store/jq2pqdd63gbqz09ig18f42jv7399kzlz-prefetch-yarn-deps /nix/store/m5v6i5hrrzff9fp6li3w5wkd04xhykp1-wget-1.21.3 copying path '/nix/store/m5v6i5hrrzff9fp6li3w5wkd04xhykp1-wget-1.21.3' from 'https://cache.nixos.org'... copying path '/nix/store/jphsrskn25jhxw8j1vd5dq8jh5iyyars-nodejs-slim-18.16.0' from 'https://cache.nixos.org'... copying path '/nix/store/jq2pqdd63gbqz09ig18f42jv7399kzlz-prefetch-yarn-deps' from 'https://cache.nixos.org'... --2023-05-07 23:32:01-- https://raw.githubusercontent.com/pomerium/pomerium/v0.22.1//ui/yarn.lock Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 2606:50c0:8003::154, 2606:50c0:8000::154, 2606:50c0:8002::154, ... Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|2606:50c0:8003::154|:443... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: /pomerium/pomerium/v0.22.1/ui/yarn.lock [following] --2023-05-07 23:32:01-- https://raw.githubusercontent.com/pomerium/pomerium/v0.22.1/ui/yarn.lock Reusing existing connection to [raw.githubusercontent.com]:443. HTTP request sent, awaiting response... 200 OK Length: 113630 (111K) [text/plain] Saving to: ‘yarn.lock’ 0K .......... .......... .......... .......... .......... 45% 45.7M 0s 50K .......... .......... .......... .......... .......... 90% 86.5M 0s 100K .......... 100% 510M=0.002s 2023-05-07 23:32:01 (65.5 MB/s) - ‘yarn.lock’ saved [113630/113630] --2023-05-07 23:32:01-- https://raw.githubusercontent.com/pomerium/pomerium/v0.22.1//ui/package.json Reusing existing connection to [raw.githubusercontent.com]:443. HTTP request sent, awaiting response... 301 Moved Permanently Location: /pomerium/pomerium/v0.22.1/ui/package.json [following] --2023-05-07 23:32:02-- https://raw.githubusercontent.com/pomerium/pomerium/v0.22.1/ui/package.json Reusing existing connection to [raw.githubusercontent.com]:443. HTTP request sent, awaiting response... 200 OK Length: 1558 (1.5K) [text/plain] Saving to: ‘package.json’ 0K . 100% 250M=0s 2023-05-07 23:32:02 (250 MB/s) - ‘package.json’ saved [1558/1558] FINISHED --2023-05-07 23:32:02-- Total wall clock time: 0.8s Downloaded: 2 files, 112K in 0.002s (66.2 MB/s) error: Package ‘envoy-1.25.1’ in /var/cache/nixpkgs-update/worker/worktree/pomerium/pkgs/servers/http/envoy/default.nix:175 is marked as insecure, refusing to evaluate. Known issues: - CVE-2023-27487 - CVE-2023-27488 - CVE-2023-27491 - CVE-2023-27492 - CVE-2023-27493 - CVE-2023-27496 You can install it anyway by allowing this package, using the following methods: a) To temporarily allow all insecure packages, you can use an environment variable for a single invocation of the nix tools: $ export NIXPKGS_ALLOW_INSECURE=1 Note: For `nix shell`, `nix build`, `nix develop` or any other Nix 2.4+ (Flake) command, `--impure` must be passed in order to read this environment variable. b) for `nixos-rebuild` you can add ‘envoy-1.25.1’ to `nixpkgs.config.permittedInsecurePackages` in the configuration.nix, like so: { nixpkgs.config.permittedInsecurePackages = [ "envoy-1.25.1" ]; } c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add ‘envoy-1.25.1’ to `permittedInsecurePackages` in ~/.config/nixpkgs/config.nix, like so: { permittedInsecurePackages = [ "envoy-1.25.1" ]; } (use '--show-trace' to show detailed location information) Traceback (most recent call last): File "/nix/store/f21a9a4ils5n3i7hd9i4qfh9p2sy668h-nix-update-0.17.2/bin/.nix-update-wrapped", line 9, in sys.exit(main()) ^^^^^^ File "/nix/store/f21a9a4ils5n3i7hd9i4qfh9p2sy668h-nix-update-0.17.2/lib/python3.11/site-packages/nix_update/__init__.py", line 290, in main package = update(options) ^^^^^^^^^^^^^^^ File "/nix/store/f21a9a4ils5n3i7hd9i4qfh9p2sy668h-nix-update-0.17.2/lib/python3.11/site-packages/nix_update/update.py", line 340, in update update_go_modules_hash(opts, package.filename, package.go_modules) File "/nix/store/f21a9a4ils5n3i7hd9i4qfh9p2sy668h-nix-update-0.17.2/lib/python3.11/site-packages/nix_update/update.py", line 150, in update_go_modules_hash target_hash = nix_prefetch(opts, "go-modules") ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/nix/store/f21a9a4ils5n3i7hd9i4qfh9p2sy668h-nix-update-0.17.2/lib/python3.11/site-packages/nix_update/update.py", line 127, in nix_prefetch raise UpdateError( nix_update.errors.UpdateError: failed to retrieve hash when trying to update pomerium.go-modules --- SHOWING ERROR LOG FOR pomerium-0.21.3 ---------------------- The update script for pomerium-0.21.3 failed with exit code 1