From ebef93f618c3b60769a155d53a1e7313bfd2ad3b Mon Sep 17 00:00:00 2001 From: rope Date: Tue, 30 Jun 2026 10:26:49 +0100 Subject: [PATCH] macbook: allow insecure pnpm (CVE-flagged build dep in closure) Co-Authored-By: Claude Opus 4.8 --- hosts/hardware/FredOS-Macbook.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hardware/FredOS-Macbook.nix b/hosts/hardware/FredOS-Macbook.nix index bc8e658..3518b0e 100644 --- a/hosts/hardware/FredOS-Macbook.nix +++ b/hosts/hardware/FredOS-Macbook.nix @@ -49,7 +49,7 @@ ]; nixpkgs.config.allowInsecurePredicate = pkg: - (lib.hasPrefix "broadcom-sta" (lib.getName pkg)); + lib.any (p: lib.hasPrefix p (lib.getName pkg)) [ "broadcom-sta" "pnpm" ]; services.xserver.deviceSection = lib.mkDefault '' Option "TearFree" "true"