earlybird: 1.25.0 -> 3.16.0

pkgs/tools/security/earlybird/default.nix

@@ -2,24 +2,30 @@
 , buildGoModule
 , fetchFromGitHub
 }:
-buildGoModule {
+
+buildGoModule rec {
   pname = "earlybird";
-  version = "1.25.0";
+  version = "3.16.0";
 
   src = fetchFromGitHub {
     owner = "americanexpress";
     repo = "earlybird";
-    # According to the GitHub repo, the latest version *is* 1.25.0, but they
-    # tagged it as "refs/heads/main-2"
-    rev = "4f365f1c02972dc0a68a196a262912d9c4325b21";
-    sha256 = "UZXHYBwBmb9J1HrE/htPZcKvZ+7mc+oXnUtzgBmBgN4=";
+    rev = "v${version}";
+    hash = "sha256-qSW8O13UW5L2eVsqIuqOguhCyZBPqevZ9fJ7qkraa7M=";
   };
 
-  vendorSha256 = "oSHBR1EvK/1+cXqGNCE9tWn6Kd/BwNY3m5XrKCAijhA=";
+  patches = [
+    ./fix-go.mod-dependency.patch
+  ];
+
+  vendorHash = "sha256-ktsQvWc0CTnqOer+9cc0BddrQp0F3Xk7YJP3jxfuw1w=";
+
+  ldflags = [ "-s" "-w" ];
 
   meta = with lib; {
     description = "A sensitive data detection tool capable of scanning source code repositories for passwords, key files, and more";
     homepage = "https://github.com/americanexpress/earlybird";
+    changelog = "https://github.com/americanexpress/earlybird/releases/tag/v${version}";
     license = licenses.asl20;
     maintainers = [ ];
   };

pkgs/tools/security/earlybird/fix-go.mod-dependency.patch

@@ -0,0 +1,13 @@
+--- a/go.mod
++++ b/go.mod
+@@ -42,8 +42,9 @@ require (
+ 	github.com/src-d/gcfg v1.4.0 // indirect
+ 	github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf // indirect
+ 	github.com/xanzy/ssh-agent v0.2.1 // indirect
+-	golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4 // indirect
++	golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 // indirect
+ 	golang.org/x/sys v0.0.0-20220906165534-d0df966e6959 // indirect
++	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
+ 	google.golang.org/protobuf v1.23.0 // indirect
+ 	gopkg.in/src-d/go-billy.v4 v4.3.2 // indirect
+ 	gopkg.in/warnings.v0 v0.1.2 // indirect