| 28 Feb 2025 |
 Pol | Wondering if implementing lib.extendMkDerivation for PHP Builder is a good idea. | 12:33:10 |
| Pol | Context: https://github.com/NixOS/nixpkgs/pull/234651 | 12:33:16 |
| Pol | Something like this: https://github.com/NixOS/nixpkgs/pull/385830 | 16:15:15 |
| Pol | On another note, I wrote this post on Mastodon: https://main.elk.zone/mathstodon.xyz/@Pol/114081643763526228 Feel free to boost it. | 16:28:16 |
| 2 Mar 2025 |
|  @patka_123:matrix.org left the room. | 15:51:07 |
| 4 Mar 2025 |
| Pol | Updated the PR @ https://github.com/NixOS/nixpkgs/pull/386757 | 10:53:07 |
| 10 Mar 2025 |
 hexa |
CVE-2024-13918: Laravel 11.9.0-11.35.1 Reflected XSS via Request Parameter in Debug-Mode Error Page
| 15:13:19 |
| hexa | how many laravel versions do we vendor? | 15:13:30 |
 @patka:envs.net | The only one I can find is in Bookstack (pkgs/servers/web-apps/bookstack/php-packages.nix), which is EOL and out of the security update window.
(my search was quick and probably not exhaustive)
| 15:40:29 |
| @patka:envs.net | I tried to use the included update script but that blows up horribly (besides that it uses composer2nix that I've seen for the first time now and is horribly unmaintained). I don't have the time to sort this out and get Bookstack updated, sorry | 15:57:53 |
 tgerbet | Likely also Pixel fed, snipe-it and agorakit (and Pest but if you expose that publicly you have other issues…) | 15:59:36 |
| 11 Mar 2025 |
 Genghiz | Is bookstack actively maintained? | 16:09:11 |
| Genghiz | Let me rephrase. Is the maintainer active? | 16:09:23 |
| Genghiz | I can update it to use the same style as firefly-iii, which is also RFC 42 styled. | 16:11:00 |
 nebucatnetzer13 | He replies to mails this much I can say. | 16:57:11 |
| Genghiz | I see | 20:42:21 |
| Genghiz | I added this PR bumping bookstack and significantly refactoring the package and module https://github.com/NixOS/nixpkgs/pull/389071 | 20:42:44 |
| Genghiz | Would this be acceptable? It's a slightly major refactor, I feel, so kind of curious about whether it's okay or not. | 20:43:25 |
| 16 Mar 2025 |
| hexa | https://www.openwall.com/lists/oss-security/2025/03/14/6 | 01:06:38 |
| tgerbet | ✅ https://github.com/NixOS/nixpkgs/pull/390081 | 10:14:23 |
| hexa | why is github search | 12:28:47 |
| hexa | * why is github search | 12:28:54 |
| 21 Mar 2025 |
| Pol | What are you talking about? | 13:39:59 |
| hexa | the search capability being lacking | 13:42:01 |
| Pol | I was trying to find the link between that and PHP, hence the question. | 13:50:32 |
| 28 Mar 2025 |
 ma27 | Pol patka do you see any blockers for 25.05? For me, the answer is no. Would leave a comment later for PHP & postgres :) | 11:35:55 |
| Pol | Should we bump the default version of PHP ? | 12:16:30 |
| ma27 | yeah, sounds reasonable. Can prepare something tonight. | 18:19:38 |
| 30 Mar 2025 |
| ma27 | btw, I'd consider merging https://github.com/NixOS/nixpkgs/pull/394112#pullrequestreview-2727824432 (php: 8.3 -> 8.4) soon. Any objections? | 10:42:19 |
| 3 Apr 2025 |
 hansemschnokeloch | 
Download Capture d’écran du 2025-04-03 08-22-23.png | 06:22:51 |
