From c5d5119a6d6592c40121aedb19687dd603ce7095 Mon Sep 17 00:00:00 2001
From: Tom Prince <tom.prince@private.storage>
Date: Fri, 8 Oct 2021 21:00:15 -0600
Subject: [PATCH] Pin new vulnix.

---
 ci-tools/vulnerability-scan | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ci-tools/vulnerability-scan b/ci-tools/vulnerability-scan
index 48bf51e0..67e1a212 100755
--- a/ci-tools/vulnerability-scan
+++ b/ci-tools/vulnerability-scan
@@ -32,6 +32,12 @@ else
 fi
 '
 
+# The version (1.9.6) of vulnix in nixos-21.05 incorrectly collapses
+# derivations with the same name+version, but different sets of patches
+# applied. Therefore, we use a recent nixos-unstable version that has a newer
+# version of vulnix included.
+export NIX_PATH=nixpkgs=https://api.github.com/repos/NixOS/nixpkgs/tarball/ee084c02040e864eeeb4cf4f8538d92f7c675671
+
 # vulnix exits with an error status if there are vulnerabilities.  We told
 # GitLab to allow this by setting `allow_failure` to true in the GitLab CI
 # config.  vulnix exit status indicates what vulnix thinks happened.  If we
-- 
GitLab