Oop, didn't mark as draft before opening.

The pkgs/by-name CI failure is a false positive, please ignore it! It will be fixed by #285089 :)

Could you also mark as vulnerable all the vulnerable java versions of adoptopenjdk, temurin, semeru...?

Could you also mark as vulnerable all the vulnerable java versions of adoptopenjdk, temurin, semeru...?

Done

The pkgs/by-name CI failure is a false positive, please ignore it! It will be fixed by #285089 :)

Noted, I was wondering why that was :)

JDK builds in Nixpkgs definitely need better infrastructure. Needing to set things in a number of different places to mark a version as EOL, and update so many different packages, is likely what has led to the state of the JDK in Nixpkgs.

Went ahead and switched to target staging for now
Will fix the build evaluation issue so ofborg can do its thing, then we can figure out staging vs staging-next.

The PR to fix the pkgs/by-name check is now merged and used in CI, so it won't fail anymore the next time you push :)

Can you fix eval here?

This eval issue really is more annoying than expected...

The issue is that in some cases, not all of the variants exist, so it fails to evaluate. However things like the package itself, java-packages.nix, and all-packages.nix hard-code the assumption that it does exist.

Just to update everyone on this, I've worked a bit on the eval issue, and it is a bit of a mess because of how the package assumes all of the variants will exist. (Thus it requires a fair amount of reworking to not make that assumption.)

Midterms and a family emergency has eaten up all of my free time recently, which is why I haven't made progress. Spring break is starting soon though, so I should be able to finish this up then.

That said, for the sake of getting this tested, I'm going to go ahead and rebase out the adoptopenjdk bump.
Nevermind, apparently similar to my Firefox fix, I had a commit ready to fix it but hadn't pushed it up. Letting ofborg do its thing.
Nevermind nevermind, the fix didn't actually solve it, going back to rebasing out.

OH HECK

NOT AGAIN

It looks like you accidentally mass-pinged a bunch of people, which are now subscribed
and getting notifications for everything in this pull request. Unfortunately, they
cannot be automatically unsubscribed from the issue (removing review request does not
unsubscribe), therefore development cannot continue in this pull request anymore.

Please create a new pull request, link back to this one and ping the
people actually involved in here over there. For the next time, remember to set your PR to draft status before rebasing. In draft status, you can preview the list of maintainers that are about to be requested for review, which allows you to sidestep this issue.

In order to avoid this in the future, there are instructions for how to properly
rebase between branches in our contribution guidelines.
Setting your pull request to draft prior to rebasing is strongly recommended.
In draft status, you can preview the list of people that are about to be requested
for review, which allows you to sidestep this issue.
This is not a bulletproof method, though, as OfBorg still does review requests even on draft PRs.