Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pkgs/by-name: rewrite hashes in SRI format #341924

Merged
merged 7 commits into from
Sep 15, 2024

Conversation

nbraud
Copy link
Contributor

@nbraud nbraud commented Sep 14, 2024

Description of changes

  • Update sha-to-sri.py's heuristics to avoid autogenerated gemset.nix files
  • Rewrote hashes in pkgs/by-name using sha-to-sri.py
    A couple packages had to be excluded and would need manual intervention. See the commit message for repro instructions.
  • Manually handle cargo-profiler, corefonts, fluxcd, solana-cli.

This isn't nearly treewide, but pkgs/by-name seemed like a decent cross-section of nixpkgs for testing how robust sha-to-sri.py is (and shoring up its limitations) while remaining small-enough to triage the issues by hand.

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed (used darwin-build-box.nix-community.org to re-eval nixpkgs)
  • Tested compilation of all affected packages using nixpkgs-review
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@github-actions github-actions bot added the 6.topic: cinnamon Desktop environment label Sep 14, 2024
nbraud and others added 6 commits September 15, 2024 11:24
Reproduction script:
	# Bulk rewrite
	./maintainers/scripts/sha-to-sri.py pkgs/by-name
	# Revert some packages which will need manual intervention
	for n in amdvlk azure-cli cargo-profiler corefonts flatito fluxcd gist perf_data_converter protoc-gen-js solana-cli swt verible; do
		git checkout -- "pkgs/by-name/${n:0:2}/${n}"
	done
@Aleksanaa
Copy link
Member

Related: #325892 Thanks!

@nbraud nbraud marked this pull request as ready for review September 15, 2024 10:00
@nbraud
Copy link
Contributor Author

nbraud commented Sep 15, 2024

Result of nixpkgs-review pr 341924 run on aarch64-darwin 1

1 package built:
  • vimPluginsUpdater

@nbraud
Copy link
Contributor Author

nbraud commented Sep 15, 2024

Result of nixpkgs-review pr 341924 run on x86_64-linux 1

1 package built:
  • vimPluginsUpdater

@nbraud
Copy link
Contributor Author

nbraud commented Sep 15, 2024

Feel free to review now that the PR is ready. 💚

@nbraud
Copy link
Contributor Author

nbraud commented Sep 15, 2024

@katexochen and @ulrikstrid, azure-cli is one package I didn't touch since that would break the extensions' update script; I tried modifying it to implement SRI format, but jq is pretty inconvenient for handling binary data (even just to hex-decode then base64-encode)

Would you be open to a PR just rewriting the update script (in Python or such) ? As a bonus, that could help replace commit-update-hunks.sh with something more sound.

@Aleksanaa
Copy link
Member

1 package built:
vimPluginsUpdater

@Aleksanaa
Copy link
Member

Aleksanaa commented Sep 15, 2024

# wrap python scripts
makeWrapperArgs+=( --prefix PATH : "${lib.makeBinPath [
nix nix-prefetch-git neovim-unwrapped nurl ]}" --prefix PYTHONPATH : "${./.}:${../../../../../maintainers/scripts}" )
wrapPythonPrograms

This is causing rebuild, and should be corrected in a separated PR.

Copy link
Member

@Aleksanaa Aleksanaa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Diff looks good

@Aleksanaa Aleksanaa merged commit 0465a01 into NixOS:master Sep 15, 2024
34 of 36 checks passed
@nbraud nbraud deleted the sha-to-SRI/by-name branch September 15, 2024 14:27
@@ -9,7 +9,7 @@

let
version = "2.3.0";
sha256 = "sha256-ZQs1rWI31qDo/BgjrmiNnEdR2OL8bUHVz+j5VceEp2k=";
hash = "sha256-ZQs1rWI31qDo/BgjrmiNnEdR2OL8bUHVz+j5VceEp2k=";
Copy link
Contributor

@superherointj superherointj Oct 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change change broke fluxcd update script logic. And it was already using SRI. Fix at: #345690

superherointj added a commit to superherointj/nixpkgs that referenced this pull request Oct 1, 2024
mkg20001 pushed a commit to mkg20001/nixpkgs that referenced this pull request Oct 9, 2024
mkg20001 pushed a commit to mkg20001/nixpkgs that referenced this pull request Oct 10, 2024
genga898 added a commit to genga898/nixpkgs that referenced this pull request Oct 24, 2024
norisk-client: update

norisk-client: update webkitgtk dependency

norisk-client: updated

maintainers: Add gileri

perlPackages.FileXDG: init at 1.03

eigenmath: 3.27-unstable-2024-09-15 -> 3.27-unstable-2024-10-02

fend: 1.5.2 -> 1.5.3

azure-cli: install completions for all shells

elementary-xfce-icon-theme: 0.19 -> 0.20

forbidden: 12.5 -> 12.6

forbidden: clean-up inputs

metasploit: 6.4.28 -> 6.4.29

ggshield: 1.32.0 -> 1.32.1

Diff: https://github.com/GitGuardian/ggshield/compare/refs/tags/v1.32.0...v1.32.1

Changelog: https://github.com/GitGuardian/ggshield/blob/1.32.1/CHANGELOG.md

gitleaks: 8.20.0 -> 8.20.1

Diff: https://github.com/zricethezav/gitleaks/compare/refs/tags/v8.20.0...v8.20.1

Changelog: https://github.com/zricethezav/gitleaks/releases/tag/v8.20.1

luaPackages: update on 2024-10-07

vimPlugins: update on 2024-10-07

vimPlugins.nvim-treesitter: update grammars

yt-dlp: 2024.9.27 -> 2024.10.7

Changelog: https://github.com/yt-dlp/yt-dlp/releases/tag/2024.10.07
Diff: https://github.com/yt-dlp/yt-dlp/compare/2024.09.27...2024.10.07

p3x-onenote: format

p3x-onenote: move to by-name

p3x-onenote: 2023.4.117 -> 2024.10.110

vimPlugins.cmp-ctags: init at 2023-05-16

maintainers: add takeda

pgmq: init at 1.4.4

marksman: 2023-12-09 -> 2024-10-07

mpvScripts.quality-menu: 4.1.2 -> 4.2.0

drawterm: 0-unstable-2024-09-09 -> 0-unstable-2024-10-04

diffoscope: 278 -> 279

Changes: https://diffoscope.org/news/diffoscope-279-released/

imagemagick: 7.1.1-38 -> 7.1.1-39

Diff: https://github.com/ImageMagick/ImageMagick/compare/7.1.1-38...7.1.1-39

Changelog: https://github.com/ImageMagick/Website/blob/main/ChangeLog.md

rke2: refactor update-script and update rke2 channel versions (#344692)

cf-terraforming: 0.20.0 -> 0.21.0 (#347201)

rdma-core: 53.0 -> 54.0

nagiosPlugins: init from pkgs/servers/monitoring/nagios/plugins

nagiosPlugins.check_systemd: format with nixfmt-rfc-style

nagiosPlugins.check_zfs: format with nixfmt-rfc-style

nagiosPlugins.check_smartmon: format with nixfmt-rfc-style

nagiosPlugins.check_ssl_cert: format with nixfmt-rfc-style

nagiosPlugins.check_systemd: 2.3.1 -> 4.1.0

https://github.com/Josef-Friedrich/check_systemd/compare/v2.3.1...v4.1.0

nagiosPlugins.check_esxi_hardware: format with nixfmt-rfc-style

nagiosPlugins.check_openvpn: format

nagiosPlugins.check_uptime: format with nixfmt-rfc-style

nagiosPlugins.check_wmi_plus: format with nixfmt-rfc-style

nagiosPlugins.labs_consol_de: format with nixfmt-rfc-style

nagiosPlugins.check_esxi_hardware: 20200710 -> 20221230

https://github.com/Napsty/check_esxi_hardware/compare/20200710...20221230

nagiosPlugins.check_uptime: 20161112 -> unstable-2016-11-12

nagiosPlugins.check_wmi_plus: fix meta.{homepage,license}

wmic-bin: move to pkgs/servers/monitoring/wmic-bin

coqPackages.mathcomp-analysis: 1.1.0 → 1.4.0

coqPackages.mathcomp-infotheo: 0.7.1 → 0.7.2

openscad-unstable: 2024-09-22 -> 2024-10-06

nixos/systemd: allow using writeShellApplication for systemd unit scripts

ifcopenshell: 240611 -> 0.7.10, fix build and activate most tests

By relevant release, I mean the ifcopenshell-python release, and not the blenderbim release

ifcopenshell: maintainer fehnomenal -> autra, as asked by fehnomenal

ifcopenshell: add a passthru.updateScript

python312Packages.cgal: init at 5.6.1.post202403291426

micronaut: 4.6.2 -> 4.6.3

zx: 8.1.8 -> 8.1.9

Diff: https://github.com/google/zx/compare/8.1.8...8.1.9
Changelog: https://github.com/google/zx/releases/tag/8.1.9

heptabase: 1.40.0 -> 1.41.1

flannel: 0.25.6 -> 0.25.7

python312Packages.boschshcpy: 0.2.91 -> 0.2.95

Diff: https://github.com/tschamm/boschshcpy/compare/refs/tags/0.2.91...0.2.95

sesh: 2.4.0 -> 2.5.0

python311Packages.llama-index-embeddings-gemini: 0.2.0 -> 0.2.1

python311Packages.llama-cloud: 0.0.17 -> 0.1.2

python311Packages.llama-parse: 0.5.6 -> 0.5.7

python311Packages.llama-index-llms-openai: 0.2.9 -> 0.2.12

python311Packages.llama-index-multi-modal-llms-openai: 0.2.1 -> 0.2.2

python311Packages.llama-index-core: 0.11.14 -> 0.11.16

Diff: https://github.com/run-llama/llama_index/compare/refs/tags/v0.11.14...v0.11.16

Changelog: https://github.com/run-llama/llama_index/blob/0.11.16/CHANGELOG.md

python312Packages.holidays: 0.57 -> 0.58

Diff: https://github.com/vacanza/python-holidays/compare/refs/tags/v0.57...v0.58

Changelog: https://github.com/vacanza/python-holidays/releases/tag/v0.58

python312Packages.pyeconet: 0.1.22 -> 0.1.23

Diff: https://github.com/w1ll1am23/pyeconet/compare/refs/tags/v0.1.22...v0.1.23

Changelog: https://github.com/w1ll1am23/pyeconet/releases/tag/v0.1.23

python312Packages.pysml: 0.1.3 -> 0.1.4

Diff: https://github.com/mtdcr/pysml/compare/refs/tags/0.1.3...0.1.4

python312Packages.mailchecker: 6.0.9 -> 6.0.11

Changelog: https://github.com/FGRibreau/mailchecker/blob/v6.0.11/CHANGELOG.md

python312Packages.python-hcl2: 4.3.5 -> 5.0.0

emplace: move to by-name; nixfmt

emplace: fix build

qalculate-qt: 5.2.0.1 -> 5.3.0

ferdium: 6.7.6 -> 6.7.7

c2patool: 0.9.9 -> 0.9.10

nym: move to by-name; nixfmt

nym: 1.1.21 -> 2024.10-caramello; add bot-wxt1221 as maintainers

materialgram: 5.5.4.1 -> 5.6.1.1

Diff: https://github.com/kukuruzka165/materialgram/compare/refs/tags/v5.5.4.1...v5.6.1.1

Changelog: https://github.com/kukuruzka165/materialgram/releases/tag/v5.6.1.1

trealla: 2.56.19 -> 2.57.1

livebook: 0.14.2 -> 0.14.4

https://github.com/livebook-dev/livebook/releases/tag/v0.14.4

fabric-ai: 1.4.46 -> 1.4.54

https://github.com/danielmiessler/fabric/releases/tag/v1.4.54

python3Packages.sshfs.optional-dependencies.pyopenssl: fix the eval

Without the change the eval fails as:

    nix-repl> python3Packages.sshfs.optional-dependencies.pyopenssl
    error:
       … while evaluating the attribute 'sshfs.optional-dependencies.pyopenssl'
         at pkgs/development/python-modules/sshfs/default.nix:45:5:
           44|     pkcs11 = [ asyncssh ] ++ asyncssh.optional-dependencies.pkcs11;
           45|     pyopenssl = [ asyncssh ] ++ asyncssh.optional-dependencies.pyopenssl;
             |     ^
           46|   };

       … while evaluating the attribute 'optional-dependencies.pyopenssl'
         at pkgs/development/interpreters/python/mk-python-derivation.nix:229:15:
          228|     // optionalAttrs (optional-dependencies != {}) {
          229|       inherit optional-dependencies;
             |               ^
          230|     }

       error: attribute 'pyopenssl' missing
       at pkgs/development/python-modules/sshfs/default.nix:45:33:
           44|     pkcs11 = [ asyncssh ] ++ asyncssh.optional-dependencies.pkcs11;
           45|     pyopenssl = [ asyncssh ] ++ asyncssh.optional-dependencies.pyopenssl;
             |                                 ^
           46|   };

openvi: 7.5.29 -> 7.6.30

viceroy: 0.12.0 -> 0.12.1

nwg-displays: 0.3.21 -> 0.3.22

moon: 1.28.3 -> 1.29.0

lune: 0.8.8 -> 0.8.9

chirp: 0.4.0-unstable-2024-09-28 -> 0.4.0-unstable-2024-10-03

i3bar-river: 1.0.0 -> 1.0.1

hyprland-protocols: 0.3.0 -> 0.4.0

govc: 0.43.0 -> 0.44.0

twitch-cli: move to by-name

blueprint-compiler: move to by-name

citations: move to by-name

raider: move to by-name

webfontkitgenerator: move to by-name

praat: 6.4.21 -> 6.4.22

syndicate-server: 0.46.0 -> 0.48.0

rainfrog: 0.2.6 -> 0.2.7

release notes: https://github.com/achristmascarl/rainfrog/releases/tag/v0.2.7

aerospike: 7.1.0.6 -> 7.2.0.1

ci: Add default.nix with exposed pkgs

Allows reusing it in more places

ci: Add review request scripts

Also post a comment in case base branch is wrong
  This guides newcomers in how to smoothly handle the potentially scary
  situation of having thousands of commits listed in a PR.

  While CI shows the same, people might not even look at CI if the PR
  looks botched.

ci: Add codeowners validator

workflows/codeowners: init

OWNERS: placeholder init

telegram-desktop: 5.5.5 -> 5.6.0

Diff: https://github.com/telegramdesktop/tdesktop/compare/v5.5.5...v5.6.0

Changelog: https://github.com/telegramdesktop/tdesktop/releases/tag/v5.6.0

telegram-desktop: 5.6.0 -> 5.6.1

Diff: https://github.com/telegramdesktop/tdesktop/compare/v5.6.0...v5.6.1

Changelog: https://github.com/telegramdesktop/tdesktop/releases/tag/v5.6.1

bazel-gazelle: 0.38.0 -> 0.39.0

jwm: 2.4.3 -> 2.4.5

wireless-regdb: 2024.07.04 -> 2024.10.07

Changes: https://lore.kernel.org/wireless-regdb/[email protected]/T/#u

CODEOWNERS: Fix non-matching patterns

Since https://github.com/NixOS/nixpkgs/pull/336261 we have CI that
checks that the codeowners file is valid:

https://github.com/NixOS/nixpkgs/actions/runs/11243668280/job/31260095472#step:7:34

Which files are correct (or whether they were removed) was determined
using the Git history and some grepping

buf: use go1.23

python312Packages.scikit-build-core: 0.10.5 -> 0.10.7

Diff: https://github.com/scikit-build/scikit-build-core/compare/refs/tags/v0.10.5...v0.10.7

Changelog: https://github.com/scikit-build/scikit-build-core/blob/v0.10.7/docs/changelog.md

python312Packages.rapidfuzz: 3.9.7 -> 3.10.0

Diff: https://github.com/maxbachmann/RapidFuzz/compare/refs/tags/v3.9.7...v3.10.0

Changelog: https://github.com/maxbachmann/RapidFuzz/blob/refs/tags/v3.10.0/CHANGELOG.rst

ceph: 18.2.4 -> 19.2.0

No-longer-necessary patches removed:

* dmcrypt: https://github.com/ceph/ceph/pull/57925
* Finduring.cmake: https://github.com/ceph/ceph/commit/670118abfb9ef6135972a56514173e72b64ef8f4
* Python "packaging": https://github.com/ceph/ceph/commit/d1d8df6fafbb744d50787d3ffcd5c572397e421f

Additional changes:

* Add more runtime deps mentioned by upstream debian/control file.
* Tell Ceph to use our specified Python dependencies,
  instead of the bundled ones (for `cephadm`).

rl-2411: Mention Ceph upgrade

llvmPackages_git: 20.0.0-git-2024-09-29 -> 20.0.0-git-2024-10-07

python3Packages.deepface: init at 0.0.92

python3Packages.retinaface: init at 0.0.17

python3Packages.mtcnn: init at 0.1.1

python3Packages.mtcnn: update meta.description

lib.oldestSupportedReleaseIsAtLeast: rename from bad name and deprecate after 24.11

It seems impossible to describe this condition more concisely without making
it incomprehensible.

treewide: lib.isInOldestRelease -> lib.oldestSupportedReleaseIsAtLeast

python312Packages.azure-mgmt-network: 26.0.0 -> 27.0.0

Changelog: https://github.com/Azure/azure-sdk-for-python/blob/azure-mgmt-network_27.0.0/sdk/network/azure-mgmt-network/CHANGELOG.md

python312Packages.azure-mgmt-eventhub: 11.0.0 -> 11.1.0

Changelog: https://github.com/Azure/azure-sdk-for-python/blob/azure-mgmt-eventhub_11.1.0/sdk/eventhub/azure-mgmt-eventhub/CHANGELOG.md

python312Packages.azure-mgmt-batch: 17.3.0 -> 18.0.0

Changelog: https://github.com/Azure/azure-sdk-for-python/tree/azure-mgmt-batch_18.0.0/sdk/batch/azure-mgmt-batch

loksh: 7.5 -> 7.6

python312Packages.minari: 0.5.0 -> 0.5.1

Diff: https://github.com/Farama-Foundation/Minari/compare/refs/tags/v0.5.0...v0.5.1

Changelog: https://github.com/Farama-Foundation/Minari/releases/tag/v0.5.1

python312Packages.imgw-pib: 1.0.5 -> 1.0.6

python312Packages.ytmusicapi: 1.8.1 -> 1.8.2

maintainers: add albertodvp

python312Packages.pulumi-hcloud: init at 1.20.4

python3Packages.opentelemetry-instrumentation-requests: init at 0.47b0

steamtinkerlaunch: don't wrap in order to preserve $0

Fixes https://github.com/NixOS/nixpkgs/issues/295902

steamtinkerlaunch: add steamcompattool output

This makes it possible to integrate this into our steam derivation's
extraCompatPackages

goldwarden: 0.3.3 -> 0.3.4

vivaldi: 6.9.3447.48 -> 6.9.3447.51

ecs-agent: 1.86.3 -> 1.87.0

k6: 0.53.0 -> 0.54.0

opencolorio: 2.3.2 -> 2.4.0

fio: 3.37 -> 3.38

haveged: 1.9.18 -> 1.9.19

malt: 1.2.2 -> 1.2.3

jdt-language-server: 1.39.0 -> 1.40.0

python312Packages.apprise: don't use python-xdist

python3Packages.pyte: 0.8.1 -> 0.8.2

python312Packages.drf-yasg: refactor

web-eid-app: 2.5.0 -> 2.6.0

python312Packages.xml2rfc: 3.23.1 -> 3.23.2

python312Packages.xml2rfc: switch to pypa builder

python312Packages.xml2rfc: clean up dependencies

emiluaPlugins.qt6: 1.0.3 -> 1.1.0

ocaml: default to version 5.2

ast-grep: 0.27.3 -> 0.28.0

handheld-daemon: 3.3.15 -> 3.4.1

fastddsgen: 4.0.1 -> 4.0.2

runc: 1.1.14 -> 1.1.15

ra-multiplex: 0.2.2 -> 0.2.5

ra-multiplex: fix typo on wrapProgram --suffix PATH

python312Packages.coinmetrics-api-client: 2024.8.20.13 -> 2024.10.4.15

python312Packages.archinfo: 9.2.119 -> 9.2.122

Diff: https://github.com/angr/archinfo/compare/refs/tags/v9.2.119...v9.2.122

python312Packages.ailment: 9.2.119 -> 9.2.122

Diff: https://github.com/angr/ailment/compare/refs/tags/v9.2.119...v9.2.122

python312Packages.pyvex: 9.2.119 -> 9.2.122

python312Packages.claripy: 9.2.119 -> 9.2.122

Diff: https://github.com/angr/claripy/compare/refs/tags/v9.2.119...v9.2.122

python312Packages.cle: 9.2.119 -> 9.2.122

Diff: https://github.com/angr/cle/compare/refs/tags/v9.2.119...v9.2.122

python312Packages.camel-converter: 4.0.0 -> 4.0.1

python312Packages.motionblindsble: 0.1.1 -> 0.1.2

python312Packages.grpcio-testing: 1.65.4 -> 1.66.2

Diff: grpc/[email protected]

Changelog: https://github.com/grpc/grpc/releases/tag/v1.66.2

fluxcd/update-script: use nix hash convert

Eliminates deprecation warning of former pattern.

fluxcd/update-script: add double quotes to prevent globbing and word splitting

Eliminates tooling warnings.

fluxcd: 2.3.0 -> 2.4.0

Release: https://github.com/fluxcd/flux2/releases/tag/v2.4.0

fluxcd: fix update script breakage caused by #341924

snappymail: 2.38.0 -> 2.38.1

nixos/nncp: refactor configuration merging

The NNCP utilities have poor support for configuration merging so
use jq and hjson-cli instead.

ocamlPackages.elpi: 1.18.1 → 1.20.0

syft: 1.13.0 -> 1.14.0

codux: 15.34.0 -> 15.35.2

python312Packages.tinygrad: patch cuda headers

nuget-to-nix: add meta.mainProgram

redpanda-client: 24.2.5 -> 24.2.6

minivmac: init at 2024.06.08

mpich: 4.2.2 -> 4.2.3

mpich: apply nixfmt

mpich: remove "with lib" from meta

vscode: 1.94.0 -> 1.94.1

signal-desktop: 7.26.0 -> 7.27.0

saucectl: init at 0.183.0 (#336737)

blackfire: 2.28.12 -> 2.28.13

eza: 0.20.1 -> 0.20.2

Signed-off-by: Christina Sørensen <[email protected]>

python312Packages.huggingface-hub: 0.25.1 -> 0.25.2

Diff: https://github.com/huggingface/huggingface_hub/compare/refs/tags/v0.25.1...v0.25.2

Changelog: https://github.com/huggingface/huggingface_hub/releases/tag/v0.25.2

fnm: 1.37.1 -> 1.37.2

nixosTests.openresty-lua: simplify

There's no point for the intermediate `getPath` function calling
`getLuaPath` with the "lua" argument.
There's also no other nginx test this copies code from.

We always call `getLuaPath` with "lua", so constant-propagate it in.

Also, camel-case `lualibs` to `luaLibs.`

hyprland: format

Use `inherit (lib) x` instead of `lib.x`
Remove no-longer-needed jq
Use importJSON

hyprland: use moldLinker via stdenvAdapters

Leave open the possibility of adding multiple adapters in the future.

hyprland: use meson for building

Follow upstream.

hyprland: 0.43.0 -> 0.44.0

hyprpicker: format

hyprpicker: drop unused dependencies

hyprpicker: 0.3.0 -> 0.4.1

pulumi-bin: 3.134.1 -> 3.136.1

xray: 1.8.24 -> 24.9.30

bacon: move to pkgs/by-name

bacon: format

bacon: 2.21.0 -> 3.0.0

Diff: https://github.com/Canop/bacon/compare/refs/tags/v2.21.0...v3.0.0

Changelog: https://github.com/Canop/bacon/blob/v3.0.0/CHANGELOG.md

reposilite: 3.5.17 -> 3.5.18

zsh-abbr: 5.8.2 -> 5.8.3

python312Packages.uplc: 1.0.6 -> 1.0.7

sem: 0.30.0 -> 0.30.1

python312Packages.pipenv-poetry-migrate: 0.5.9 -> 0.5.10

python312Packages.extract-msg: 0.49.0 -> 0.50.1

python312Packages.aiostream: 0.6.2 -> 0.6.3

python312Packages.sphinx-tabs: 3.4.5 -> 3.4.7

python312Packages.auroranoaa: 0.0.3 -> 0.0.5

python312Packages.auroranoaa: refactor

twilio-cli: 5.22.2 -> 5.22.3

nushellPlugins.units: init at 0.1.2

go-licence-detector: init at 0.7.0

tigerbeetle: 0.16.3 -> 0.16.8

webcord: 4.9.2 -> 4.10.2

maintainers: add mikut

python312Packages.requests-unixsocket2: init at 0.4.2

requests-unixsocket2 is a dependency of azure-iot-device Python package

python312Packages.azure-iot-device: init at 2.14.0

azure-iot-device is a dependency of azure-iot extension for Azure CLI

azure-cli-extensions.azure-iot: init at 0.25.0

renode-dts2repl: 0-unstable-2024-09-27 -> 0-unstable-2024-10-09

python3Packages.ifcopenshell.tests: fix the eval

Without the change the eval fails as:

    $ nix build --no-link -f. python3Packages.ifcopenshell.tests
    error:
       … while evaluating the attribute 'version'
         at pkgs/development/python-modules/ifcopenshell/default.nix:185:7:
          184|     tests = {
          185|       version = testers.testVersion { command = "IfcConvert --version"; };
             |       ^
          186|     };

       … from call site
         at pkgs/development/python-modules/ifcopenshell/default.nix:185:17:
          184|     tests = {
          185|       version = testers.testVersion { command = "IfcConvert --version"; };
             |                 ^
          186|     };

       error: function 'testVersion' called without required argument 'package'
       at pkgs/build-support/testers/default.nix:66:5:
           65|   testVersion =
           66|     { package,
             |     ^
           67|       command ? "${package.meta.mainProgram or package.pname or package.name} --version",

knossosnet: 1.2.3 -> 1.2.4

pachyderm: 2.11.3 -> 2.11.4

anilibria-winmaclinux: 2.2.19 -> 2.2.20

python312Packages.iminuit: 2.30.0 -> 2.30.1

python312Packages.pysqueezebox: 0.9.3 -> 0.9.4

rasm: 2.2.7 -> 2.2.8

clusterctl: 1.8.3 -> 1.8.4

python312Packages.pbs-installer: 2024.09.09 -> 2024.10.08

delly: 1.2.9 -> 1.3.1

jx: 3.10.155 -> 3.10.156

python312Packages.langfuse: 2.51.2 -> 2.51.5

v2ray: 5.19.0 -> 5.20.0

rio: 0.1.16 -> 0.1.17

Diff: https://github.com/raphamorim/rio/compare/v0.1.16...v0.1.17

Changelog: https://github.com/raphamorim/rio/blob/v0.1.17/docs/docs/releases.md

mycelium: 0.5.5 -> 0.5.6

nixos/libvirtd: add startDelay and shutdownTimeout option

nixos/headscale: modernize

Signed-off-by: Kristoffer Dalby <[email protected]>

headscale: 0.22.3 -> 0.23.0

Signed-off-by: Kristoffer Dalby <[email protected]>

nixos/headscale: update module to headscale 0.23.0

Signed-off-by: Kristoffer Dalby <[email protected]>

nixos/release-notes: add entry for headscale 0.23.0

tailscale: build derper

nixos/tailscale-derper: init

iwd: enable debug info

ladybird: 0-unstable-2024-09-21 -> 0-unstable-2024-10-05

nbdkit: init at 1.40.4

node-red: move from nodePackages

treewide: replace `stdenv.is` in non nix files

Continuing e0464e47880a69896f0fb1810f00e0de469f770a

doc/python: correct platform conditional

git-blame-ignore-revs: add formatting treewide

lua-language-server: 3.10.6 -> 3.11.1

nixos/dhcpcd: allow jemalloc and mimalloc memory allocators

jenkins: 2.462.2 -> 2.462.3

Fixes CVE-2024-47803 and CVE-2024-47804.

https://www.jenkins.io/security/advisory/2024-10-02/

Changes:
https://www.jenkins.io/changelog-stable/#v2.462.3

ocamlPackages.ctypes: 0.22.0 -> 0.23.0

Diff: https://github.com/ocamllabs/ocaml-ctypes/compare/0.22.0...0.23.0

nginxMainline: 1.27.1 -> 1.27.2

Changes: https://nginx.org/en/CHANGES

f3d: mark broken on x86_64-darwin

duckdb: disable tests that fail on x86_64 && aarch64

python3Packages.mitmproxy-macos: 0.5.1 -> 0.9.2

python3Packages.mitmproxy-rs: 0.6.3 -> 0.9.2

mitmproxy: 10.4.2 -> 11.0.0

vencord: 1.10.3 -> 1.10.4

git-identity: init at 1.1.1

Co-authored-by: Sandro <[email protected]>

go-task: 3.38.0 -> 3.39.2 (#347340)

Co-authored-by: Sandro <[email protected]>

kine: init at 0.13.2

nushellPlugins.highlight: init at 1.3.1+0.98.0

elixir-ls: 0.23.0 -> 0.24.0

python3Packages.plotly: 5.23.0 -> 5.24.0

python312Packages.plotly: switch to fetchFromGitHub

python312Packages.plotly: remove doCheck = false

python312Packages.plotly: fixup meta

plotly: Add pytestCheckHook

python312Packages.numpy_2: 2.1.1 -> 2.1.2

Changelog: https://github.com/numpy/numpy/releases/tag/v2.1.2

firefox-unwrapped: 131.0 -> 131.0.2

https://www.mozilla.org/en-US/firefox/131.0.2/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-51/

Fixes: CVE-2024-9680

firefox-bin-unwrapped: 131.0 -> 131.0.2

https://www.mozilla.org/en-US/firefox/131.0.2/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-51/

Fixes: CVE-2024-9680

firefox-esr-128-unwrapped: 128.3.0 -> 128.3.1

https://www.mozilla.org/en-US/firefox/128.3.1/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-51/

Fixes: CVE-2024-9680

firefox-esr-115-unwrapped: 115.16.0esr -> 115.16.1esr

https://www.mozilla.org/en-US/firefox/115.16.1/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2024-51/

Fixes: CVE-2024-9680

firefox-beta-unwrapped: 131.0b9 -> 132.0b5

firefox-devedition-unwrapped: 131.0b9 -> 132.0b5

monero-cli: update submodule version; disable aarch64-darwin

`trezor-common` submodule updated to match the rev at the version tag,
as per the conversation here:
https://github.com/NixOS/nixpkgs/pull/341980#discussion_r1760381016

Mark as disabled on macOS/ARM because it does not build.

Formatted with `nixfmt-rfc-style`.

Tested on macOS M1 both via `nix-build -A monero-cli` and via
`nixpkgs-review`.

boundary: fix update script

boundary: 0.15.4 -> 0.17.1

boundary: nixfmt

boundary: move to pkgs/by-name

php81Extensions.blackfire: 1.92.23 -> 1.92.25

workflows/codeowners: Dry mode for now

Apparently it started requesting reviews from code owners already
because the DRY_MODE from the global env was overridden in the local job
declaration: https://github.com/NixOS/nixpkgs/pull/347354#event-14570645380

python312Packages.recipe-scrapers: 15.1.0 -> 15.2.1

osu-lazer{,-bin}: format

osu-lazer: remove `with lib;`

osu-lazer-bin: improve error message for unsupported arch

osu-lazer{,-bin}: move to pkgs/by-name

osu-lazer{,-bin}: 2024.906.2 -> 2024.1009.1

python312Packages.datasalad: 0.3.0 -> 0.4.0

vscodium: 1.93.1.24256 -> 1.94.0.24282

vimPlugins/overrides: format

vimPlugins/overrides: add nvimRequireChecks

vimPlugins.nvim-metals: add plenary dependency and check

vimPlugins.elixir-tools-nvim: add plenary dependency and check

vimPlugins.cmp-tabnine: add nvim-cmp dependency and check

vimPlugins.chadtree: add python3 dependency and check

vimPlugins.moveline-nvim: mark darwin bad platforms

normaliz: 3.10.3 -> 3.10.4

muffon: 2.0.3 -> 2.1.0

ardour: 8.6 -> 8.8

rqlite: 8.31.0 -> 8.31.2

mtdutils: apply nixfmt

mtdutils: migrate to by-name

mtdutils: 2.2.0 -> 2.2.1

mtdutils: replace hardcoded /bin/mount in mount.ubifs

cage: 0.1.5-unstable-2024-07-29 -> 0.2.0

Diff: https://github.com/cage-kiosk/cage/compare/d3fb99d6654325ec46277cfdb589f89316bed701...v0.2.0

roddhjav-apparmor-rules: 0-unstable-2024-09-27 -> 0-unstable-2024-10-06

mediamtx: move to by-name

mediamtx: 1.9.1 -> 1.9.2

alacarte: 3.52.0 -> 3.54.0

riffdiff: 3.3.1 -> 3.3.3

whatsie: 4.15.5 -> 4.16.0

gitea 1.22.2 -> 1.22.3

Changelog: https://github.com/go-gitea/gitea/releases/tag/v1.22.3

git-credential-manager: inherit argv0

`git-credential-manager configure` sets up the user's Git configuration
to use the tool as a credential helper.  In Nix, the tool is wrapped,
but the configuration command uses the unwrapped command that doesn't
have the PATH set up and therefore fails.  Resolve this by including
`--inherit-argv0` in the wrapper, so the configuration is set up with
the wrapped version of the executable.

This will also mean that the specific git-credential-manager version
isn't hard-coded into the user's Git configuration files, at least
unless the user is calling git-credential-manager that way, and instead
the configuration will list whatever was found in the user's PATH, which
means user configuration will continue to work after
git-credential-manager is updated.

Fixes #298080.

sidplayfp: 2.9.0 -> 2.10.0

eiwd: 2.16-1 -> 2.22-1

crosvm: 127.0 -> 128.1

cross-domain virtio-gpu seems to be broken on 129.  I'll work on a fix
for that and then upgrade further, but in the meantime it's nice to
have 128, which fixes interoperability with virtiofsd.

bloop: 2.0.2 -> 2.0.3

iosevka: 31.7.1 -> 31.8.0

nixpkgs-review: 2.10.5 -> 2.11.0

Diff: https://github.com/Mic92/nixpkgs-review/compare/refs/tags/2.10.5...2.11.0

Changelog: https://github.com/Mic92/nixpkgs-review/releases/tag/2.11.0

vault: 1.17.6 -> 1.18.0

Diff: https://github.com/hashicorp/vault/compare/v1.17.6...v1.18.0

Changelog: https://github.com/hashicorp/vault/blob/v1.18.0/CHANGELOG.md

vault-bin: 1.17.6 -> 1.18.0

typescript: 5.6.2 -> 5.6.3

tdlib: 1.8.35 -> 1.8.37

hypre: 2.31.0 -> 2.32.0

qemacs: 6.1.1b -> 6.3.2

terramate: add asininemonkey to maintainers

terramate: 0.10.6 -> 0.10.7

authentik: use `npm --version`

nodePackages.npm: drop

python312Packages.libarcus: mark broken

It fails to build with

    Could NOT find SIP (missing: SIP_EXECUTABLE) (found version "4.19.25")

even if distutils is added to nativeBuildInputs.

libblake3: init at 1.5.4

astro-language-server: 2.14.2 -> 2.15.0

* Diff: https://github.com/withastro/language-tools/compare/%40astrojs/language-server%402.14.2...%40astrojs/language-server%402.15.0

circt: 1.86.0 -> 1.87.0

cloudlog: 2.6.15 -> 2.6.16

openpgl: 0.5.0 -> 0.7.0

delfin: 0.4.6 -> 0.4.7

nethogs: 0.8.7 -> 0.8.8

pnpm: 9.12.0 -> 9.12.1

cpu-x: 5.0.4 -> 5.1.0

cairo-lang: 2.8.2 -> 2.8.4

circom: 2.1.9 -> 2.2.0

papermc: 1.21.1-110 -> 1.21.1-119

protonplus: 0.4.13 -> 0.4.20

curtail: 1.10.0 -> 1.11.0

lilipod: run nixfmt

lilipod: fix build

python313: 3.13.0.rc3 -> 3.13.0

Changelog: https://docs.python.org/3.13/whatsnew/3.13.html

protonmail-bridge: 3.13.0 -> 3.14.0

overskride: 0.6.0 -> 0.6.1

tinymist: 0.11.28 -> 0.11.32

Diff: https://github.com/Myriad-Dreamin/tinymist/compare/refs/tags/v0.11.28...0.11.32

Changelog: https://github.com/Myriad-Dreamin/tinymist/blob/refs/tags/v0.11.32/CHANGELOG.md

androidenv: updates for Android API 35

androidenv: add maintainers

tor-browser: 13.5.6 -> 13.5.7

Signed-off-by: Sefa Eyeoglu <[email protected]>

nvrh: init at 0.1.8

chromium,chromedriver: 129.0.6668.91 -> 129.0.6668.100

https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_8.html

This update includes 3 security fixes.

CVEs:
CVE-2024-9602 CVE-2024-9603

mullvad-browser: 13.5.6 -> 13.5.7

Signed-off-by: Sefa Eyeoglu <[email protected]>

faiss: 1.8.0 -> 1.9.0

home-assistant-custom-components.moonraker: 1.3.5 -> 1.3.7

openapi-changes: 0.0.67 -> 0.0.68

Diff: https://github.com/pb33f/openapi-changes/compare/v0.0.67...v0.0.68

Changelog: https://github.com/pb33f/openapi-changes/releases/tag/v0.0.68

switched to `buildGo123Module` temporarily

argyllcms: 3.2.0 -> 3.3.0 (#345138)

Changes: https://www.argyllcms.com/doc/ChangesSummary.html

ci/request-reviews: Don't rerequest users that already reviewed

The automation should never rerequest reviews from users that already
reviewed the changes, which is what was happening before this change:

https://github.com/NixOS/nixpkgs/pull/347354#event-14570645380

Also reorder the arguments to make more sense

ci/request-reviews: Request reviews for individual team members

This makes this codeowner mechanism behave differently than the native
one, but there's no other way to avoid rerequesting reviews from teams
when a member already reviewed the PR.

nitrokey-storage-firmware: init at 0.57

Co-authored-by: Simon Bruder <[email protected]>
Co-authored-by: Abdullah Imad <[email protected]>
Co-authored-by: Alberto Merino <[email protected]>
Co-authored-by: Enric Morales <[email protected]>
Co-authored-by: Jack Leightcap <[email protected]>
Co-authored-by: Roland Coeurjoly <[email protected]>

nixos/redmine: Apply initial hardening using the systemd unit

These options are a good start for sandboxing the service. It's planned
to set `ProtectSystem` to `strict` instead of `full`, but that requires
specific directories to be configured as writable. It's also planned to
filter system calls. However, that requires more testing but it
shouldn't prevent us from applying these options for now and add others
later.

In my tests, Redmine only bound to an IPv4 address and Unix socket,
which is why I restricted the address families to these both.

The command `systemd-analyze security redmine.service` reports an
overall exposure level of 2.9 with this patch.

Signed-off-by: Felix Singer <[email protected]>

librewolf-unwrapped: 130.0-3 -> 131.0.2-1

Signed-off-by: Sefa Eyeoglu <[email protected]>

floorp: add CVE-2024-9680 as a known vulnerability

Signed-off-by: Sefa Eyeoglu <[email protected]>

librewolf-bin: add CVE-2024-9680 as a known vulnerability

Signed-off-by: Sefa Eyeoglu <[email protected]>

CODEOWNERS: Switch to alternate mechanism

This effectively disables the native GitHub codeowners feature
and enables the new alternate codeowners mechanism introduced in
https://github.com/NixOS/nixpkgs/pull/336261

This means that:
- We can now declare users without write access as code owners!
- Targeting the wrong branch won't trigger mass pings anymore!

CONTRIBUTING: Remove now-unneeded mass ping section

This is not a problem anymore with the parent commit

ci/request-reviews: Make wrong base branch message hashes more transparent

Also, fix the description of the text

.gitattributes: Mark ci/OWNERS as CODEOWNERS

waydroid: move to by-name

waydroid: nixfmt

waydroid: modernise

waydroid: set updateScript

waydroid: 1.4.2 -> 1.4.3

home-assistant-custom-components.adaptive_lighting: 1.22.0 -> 1.23.0

https://github.com/basnijholt/adaptive-lighting/releases/tag/1.23.0

pebble: fix version info

pebble: 2.4.0 -> 2.6.0

uxplay: 1.69 -> 1.70

svt-av1-psy: 2.2.1 -> 2.2.1-A

google-chrome: 129.0.6668.89 -> 129.0.6668.100

jasmin-compiler: 2024.07.0 → 2024.07.1

android-studio: fix wayland support

android-studio: add forceWayland

hyprland: 44.0 -> 44.1

This also fixes the info.json which was missed in the previous update.

zed-editor: 0.155.2 -> 0.156.0

Diff: https://github.com/zed-industries/zed/compare/refs/tags/v0.155.2...0.156.0

Changelog: https://github.com/zed-industries/zed/releases/tag/v0.156.0

double-entry-generator: init at 2.7.1

python312Packages.mypy-boto3-elasticache: 1.35.0 -> 1.35.36

python312Packages.mypy-boto3-memorydb: 1.35.0 -> 1.35.36

python312Packages.mypy-boto3-redshift: 1.35.0 -> 1.35.35

python312Packages.aiortm: 0.9.7 -> 0.9.11

Diff: https://github.com/MartinHjelmare/aiortm/compare/refs/tags/v0.9.7...v0.9.11

Changelog: https://github.com/MartinHjelmare/aiortm/blob/v0.9.11/CHANGELOG.md

cnspec: 11.24.0 -> 11.25.0

Diff: https://github.com/mondoohq/cnspec/compare/refs/tags/v11.24.0...v11.25.0

Changelog: https://github.com/mondoohq/cnspec/releases/tag/v11.25.0

python312Packages.elkm1-lib: 2.2.8 -> 2.2.10

Diff: https://github.com/gwww/elkm1/compare/refs/tags/2.2.8...2.2.10

Changelog: https://github.com/gwww/elkm1/blob/2.2.10/CHANGELOG.md

ldeep: 1.0.69 -> 1.0.70

Diff: https://github.com/franc-pentest/ldeep/compare/refs/tags/1.0.69...1.0.70

Changelog: https://github.com/franc-pentest/ldeep/releases/tag/1.0.70

python312Packages.spotifyaio: init at 0.6.0

Module for interacting with for Spotify

https://github.com/joostlek/python-spotify/

python312Packages.tesla-fleet-api: 0.7.8 -> 0.8.4

Diff: https://github.com/Teslemetry/python-tesla-fleet-api/compare/refs/tags/v0.7.8...v0.8.4

Changelog: https://github.com/Teslemetry/python-tesla-fleet-api/releases/tag/v0.8.4

python312Packages.restrictedpython: 7.3 -> 7.4

Changelog: https://github.com/zopefoundation/RestrictedPython/blob/7.4/CHANGES.rst

python312Packages.atenpdu: 0.6.2 -> 0.6.3

Changelog: https://github.com/mtdcr/pductl/releases/tag/0.6.3

greenmask: 0.1.14 -> 0.2.0

python312Packages.pyduotecno: 2024.9.0 -> 2024.10.0

nixos/hypridle: make hypridle start with graphical-session.target

If we don't add the dependency explicitly, the service won't be pulled in
at runtime. Link: https://github.com/NixOS/nixpkgs/pull/340874#issuecomment-2365302744

Closes: https://github.com/NixOS/nixpkgs/issues/347651

nixos/lvm: enable lvm when using systemd in stage 1 initrd

Fixes https://github.com/NixOS/nixpkgs/issues/343566

nixos/bcache: enable bcache when using systemd in stage 1 initrd

lxgw-wenkai: move to `pkgs/by-name`

lxgw-wenkai: 1.330 -> 1.500

lxgw-wenkai: add ryanccn as maintainer

schemamap: 0.3.0 -> 0.4.0

home-assistant-custom-lovelace-modules.universal-remote-card: 4.0.6 -> 4.1.0

Diff: https://github.com/Nerwyn/android-tv-card/compare/4.0.6...4.1.0

vscodium: 1.94.0 -> 1.94.1

numbat: 1.12.0 -> 1.13.0

kcl: 0.9.8 -> 0.10.0

nixos/ec2: Fix typo, chown -> chmod

nixos/shorewall: Fix typo, chown -> chmod

nixos/nebula: Fix typo, chown -> chmod

nixos/tmate-ssh-server: Fix typo, chown -> chmod

alsa-utils: 1.2.10 -> 1.2.12

scala{,-next}: add meta.mainProgram

node-red: 4.0.3 -> 4.0.4

subsurface: 5.0.10 -> 6.0.5231

subsurface changed from tagged releases to nightly builds
from which a somewhat stable release is marked as a "weekly release"
which is published on subsurface-divelog.org
Currently there is no tag on the main repository pointing
to the commit that was used to create the nightly build
that was finally selected as the "weekly release".

Upstream Documentation:
- https://github.com/subsurface/subsurface/releases/tag/v4.9.4
- https://github.com/subsurface/nightly-builds/releases
- https://subsurface-divelog.org/current-release/

grafanaPlugins.marcusolsson-dynamictext-panel: init at 5.4.0

python3Packages.opentelemetry-instrumentation-redis: init at 0.47b0

Add fnune as maintainer of tmuxPlugins.extrakto

freeplane: disable parallel building

should fix #346419

nixos/frr: refactor

- use upstream service and scripts
- switch to integrated-vtysh-config, abandon per-daemon config
- use always daemon names in options (e.g. ospf -> ospfd)
- zebra, mgmtd and staticd are always enabled
- abandon vtyListenAddress, vtyListenPort options; use
  just "extraOptions" or "options" instead, respectively
- extend test to test staticd
- update release-notes
- pkgs.servers.frr: fix sbindir and remove FHS PATH
- introduce services.frr.openFilesLimit option

osu-lazer-bin: fix hash

ack: use mirror url

apt-cacher-ng: use mirror url

druid: use mirror url

guacamole-client: use mirror url

hex-a-hop: use mirror url

hunspellDicts.cs-cz: use mirror url

jmeter: use mirror url

leafnode1: use mirror url

libkrunfw: use mirror url

libmysqlconnectorcpp: use mirror url

lua54Packages.cqueues: use mirror url

lucene: use mirror url

openctm: use mirror url

opentsdb: use mirror url

processing: use mirror url

psqlodbc: use mirror url

qtcreator: use mirror url

webalizer: use mirror url

ftjam: use mirror url

vscod{e,ium}: add url handler startupWMClass

lego: 4.17.4 -> 4.19.2 (#347554)

codechecker: init at 6.24.0

Signed-off-by: Zebreus <[email protected]>
Signed-off-by: Felix Singer <[email protected]>

nixos/localtimed: set time.timeZone to null to avoid silent overriding

Currently if a timezone was selected explicitly, the service will
silently override the value, essentially ignoring what is meant to be a
a deliberate choice of option. This may cause confusion as to why the
option is not doing anything when this service is enabled, particularly
in more complex set-ups after some time.

This will simply make the choice deliberate from the user's part, either
by having to remove the option or lowering its priority as a recognition
that it may be ignored.

This change was inspired by the `services.tzupdate` module, which does
the same.

[1]: <https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/misc/tzupdate.nix#L24>

immersed-vr: rename to immersed

nixos/programs.immersed-vr: rename to programs.immersed

ungoogled-chromium: 129.0.6668.89-1 -> 129.0.6668.100-1

https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_8.html

This update includes 3 security fixes.

CVEs:
CVE-2024-9602 CVE-2024-9603

aaaaxy: 1.5.202 -> 1.5.208

https://github.com/divVerent/aaaaxy/releases/tag/v1.5.208

nixpkgs-review: 2.11.0 -> 2.12.0

Diff: https://github.com/Mic92/nixpkgs-review/compare/refs/tags/2.11.0...2.12.0

Changelog: https://github.com/Mic92/nixpkgs-review/releases/tag/2.12.0

attic-client: 0-unstable-2024-10-04 -> 0-unstable-2024-10-06 (1b29816)

https://github.com/zhaofengli/attic/compare/61ebdef2e263c091f24807b07701be5cb8068dea..1b29816235b7573fca7f964709fd201e1a187024

floorp: 11.19.0 -> 11.19.1

Signed-off-by: Sefa Eyeoglu <[email protected]>

librewolf-bin: 129.0.2-1 -> 131.0.2-1

Signed-off-by: Sefa Eyeoglu <[email protected]>

rtmpdump: fix cross with Clang

"clang" is not the correct value for CC when cross compiling — it
should be the prefixed, wrapped clang for the host platform.  Let's
force the use of our original CC in all cases.

glab: move to by-name

glab: 1.45.0 -> 1.47.0

subversion: 1.14.3 -> 1.14.4

Changes: https://lists.apache.org/thread/glvmq598wv71thrd9vmbm0q5w6n3124w

mold: 2.34.0 -> 2.34.1

Changes: https://github.com/rui314/mold/releases/tag/v2.34.1

python3Packages.opentelemetry-instrumentation-celery: init at 0.47b0

terraform-docs: install shell completions (#347637)

python312Packages.labelbox: 5.1.0 -> 5.2.1

exo: 0-unstable-2024-10-06 -> 0-unstable-2024-10-09

music-assistant: 2.2.6 -> 2.2.7

https://github.com/music-assistant/server/releases/tag/2.2.7

chrony: move to by-name

chrony: run nixfmt-rfc-style

chrony: add vifino to maintainers

chrony: remove unnecessary dependencies

chrony: correct platform list; fix build on darwin

chrony: run unit tests; build in parallel

chrony: 4.5 -> 4.5.1

ttop: 1.2.8 -> 1.5.2

nixos/pam: add pam_rssh support

home-assistant-custom-components.nest_protect: init at 0.3.12

home-assistant-custom-components.miele: 2024.3.0 -> 2024.8.1

https://github.com/astrandb/miele/compare/v2024.3.0...v2024.8.1

python312Packages.beancount-black: 1.0.4 -> 1.0.5

python312Packages.drf-extra-fields: init at 3.7.0

Co-authored-by: OTABI Tomoya <[email protected]>
Co-authored-by: Sandro <[email protected]>

python312Packages.netbox-documents: init at 0.7.0

Co-authored-by: OTABI Tomoya <[email protected]>
Co-authored-by: Sandro <[email protected]>

zed-editor: 0.156.0 -> 0.156.1

Diff: https://github.com/zed-industries/zed/compare/refs/tags/v0.156.0...0.156.1

Changelog: https://github.com/zed-industries/zed/releases/tag/v0.156.1

level-zero: 1.17.42 -> 1.17.45

linux_testing: 6.12-rc1 -> 6.12-rc2

linux_6_11: 6.11.2 -> 6.11.3

linux_6_10: 6.10.13 -> 6.10.14

linux_6_6: 6.6.54 -> 6.6.55

linux_latest-libre: 19631 -> 19643

linux_6_6: 6.6.55 -> 6.6.56

deno: 1.46.3 -> 2.0.0

Updates deno to v2.
Slight refactor of fetcher code for grabbing librusty_v8.
Updated the update scripts to use new Deno v2 interfaces and pull latest
toml dependency from jsr rather than the deno.land registry.
Added release note.

deno_1: init at 1.46.3

Add a pre v2 copy of deno as deno_1 to provide some stability until our next
release and until 1.46 is fully abandoned soon.
deno_1 is expected to be removed prior to 24.11.
Added a release note.

python312Packages.plotly: disable checks on darwin, unbreak

python312Packages.plotly: deselect 2 tests on linux, unbreak python3.11

python312Packages.tokenizers: 0.20.0 -> 0.20.1

Diff:
https://github.com/huggingface/tokenizers/compare/refs/tags/v0.20.0...v0.20.1

Changelog:
https://github.com/huggingface/tokenizers/releases/tag/v0.20.1

netdata: 1.47.1 -> 1.47.3

emacsPackages.lsp-bridge: 0-unstable-2024-10-04 -> 0-unstable-2024-10-07

pkgs/top-level/aliases.nix: add clang19Stdenv and clang-tools_19

spirv-llvm-translator: fix building with llvm 19

spirv-llvm-translator: fix formatting

llvmPackages_19.libclc: fix building

llvmPackages_19.libclc: fix formatting

python312Packages.cgal: 5.6.1.post202403291426 -> 6.0.post202410011635

libclc: move from aliases into all-packages

biglybt: 3.6.0.0 -> 3.7.0.0

homebox: add passthru.tests

homebox: 0.13.0 -> 0.15.2

The new version requires go-1.23+.

nixos/fedimintd: make nginx url forwarding path configurable

Some users would like to customize it.

Also, in current versions of fedimint p2p port in the URL
must be set, due to some bug, so update the example value
to reflect that.

picom: v12.1 -> v12.2

josm: 19207 → 19230

tmuxPlugins.extrakto: unstable-2021-04-04 -> 0-unstable-2024-08-26

The Tmux plugin extrakto has added clipboard support for Wayland via `wl-copy`, so I added the `wl-clipboard` package as a dependency. The way extrakto executes Python scripts has also changed, so I directly changed the shebang of the Python script to the Python3 path to make sure the Python path is correctly set.

Apply suggestions from code review that use `patchShebangs` instead of `sed`

Co-authored-by: Franz Pletz <[email protected]>

fix: fix the updated version from 2024-08-25 to 2024-08-26

Due to the timezone, I misread the upstream commit as 2024-08-26, but it actually is 2024-08-25

python311Packages.flask-simpleldap: init at 2.0.0

wire-desktop: do not force wayland platform in gappsWrapperArgs

python312Packages.nox: 2024.04.15 -> 2024.10.09

python312Packages.nox: refactor

python3Packages.rns: 0.8.2 -> 0.8.3

Changelog: https://github.com/markqvist/Reticulum/releases/tag/0.8.3

python3Packages.rns: add qbit to maintainers

python312Packages.plotly: 5.24.0 -> 5.24.1

wasmtime: 25.0.1 -> 25.0.2

devbox: 0.13.3 -> 0.13.4

https://github.com/jetify-com/devbox/releases/tag/0.13.4

devspace: 6.3.13 -> 6.3.14

jumppad: 0.14.0 -> 0.15.0

python312Packages.conda-package-streaming: 0.10.0 -> 0.11.0

lutgen: 0.11.0 -> 0.11.1

lutgen: 0.11.1 -> 0.11.2

raycast: 1.83.2 -> 1.84.2

Changelog: https://www.raycast.com/changelog/1-84-0

adcskiller: init at 0-unstable-2024-05-19

errands: 46.2.4 -> 46.2.5

makemkv: alphabetize params

makemkv: add updateScript

We exit early when the versions are the same to avoid unnecessary work
in the second `update-source-version` call that has
`--ignore-same-version`. That arg is necessary as otherwise it becomes a
no-op since the version was updated in the previous
`update-source-version` invocation.

makemkv: 1.17.7 -> 1.17.8

warp-terminal: 0.2024.09.24.08.02.stable_01 -> 0.2024.10.08.08.02.stable_01

picard-tools: 3.2.0 -> 3.3.0

python312Packages.conda-package-handling: 2.3.0 -> 2.4.0

teamviewer: Update download url

It seems the Teamviewer company has changed their download links.

python312Packages.xknxproject: 3.8.0 -> 3.8.1

python312Packages.xknxproject: use hashlib instead of cryptography

lomiri.mediascanner2: 0.115 -> 0.116

sqldef: 0.17.19 -> 0.17.20

python312Packages.uxsim: 1.6.0 -> 1.7.0

python312Packages.hcloud: 2.2.1 -> 2.3.0

python312Packages.scikit-posthocs: 0.9.0 -> 0.9.1

redis-plus-plus: 1.3.12 -> 1.3.13

python312Packages.yosys: 0.45 -> 0.46

python312Packages.shippinglabel: 2.0.0 -> 2.1.0

python312Packages.ncclient: 0.6.15 -> 0.6.16

prometheus-pgbouncer-exporter: 0.9.0 -> 0.10.0

fh: 0.1.17 -> 0.1.18

dracula-theme: 4.0.0-unstable-2024-09-24 -> 4.0.0-unstable-2024-10-03

bngblaster: 0.9.7 -> 0.9.8

weaviate: 1.26.4 -> 1.26.6

upbound: 0.33.0 -> 0.34.0

protoc-gen-go: 1.34.2 -> 1.35.1

darcs-to-git: 0-unstable-2024-02-20 -> 0-unstable-2024-09-30

ssdfs-utils: 4.45 -> 4.46

chrpath: 0.16 -> 0.17

https://codeberg.org/pere/chrpath/releases/tag/release-0.17

The project moved to Codeberg since Alioth shut down.

chrpath: clarify license

https://codeberg.org/pere/chrpath/issues/1

local-ai: 2.20.1 -> 2.21.1

jellyfin-media-player: fix build on Darwin

- Stop removing web resources (it no longer seems necessary); and
- Enable aarch64-darwin

nixos/stalwart-mail: fix issue where webadmin interface disappears after some time

OWNERS: reference the ACME team directly

We can finally stop leaving @m1cr0man out thanks to
<https://github.com/NixOS/nixpkgs/pull/347610> 🎉

waveterm: add update script

waveterm: 0.8.8 -> 0.8.9

waveterm: 0.8.9 -> 0.8.10

nixos/netboot: Compress squashfs with zstd 19

vscode: 1.94.1 -> 1.94.2

howard-hinnant-date: enable for Windows

tex-match: remove

Revert "gg-jj: init at 0.20.0"

Several confused users have reported that this
package does not work at all, and per the discussion in
<https://github.com/NixOS/nixpkgs/pull/345905>, the contributor who
added it does not appear to have tested its basic functionality at
all before opening a pull request.

That’s not acceptable; we rely on package maintainers to be able
to assess the basic functionality of software and ensuring that a
program can even start up before opening a pull request to package it
is basic due diligence. It’s harmful to have a package that doesn’t
work and lacks a maintainer who can assess whether it works or not,
so we should remove it until both of those can be addressed.

This reverts commit 5eb022fdb22e90467d05e9ce880c0f9f096c08aa.

maintainers: add miampf

azure-cli-extensions.confcom: init at 1.0.0

slack: 4.39.95 -> 4.40.128

https://slack.com/release-notes/linux

coercer: modernize

baddns: init at 1.1.869

Tool to check subdomains for subdomain takeovers and other DNS issues

https://github.com/blacklanternsecurity/baddns/

doc: fix typo

Revert "wgpu: init at 22.1.0"

This package was added in
<https://github.com/NixOS/nixpkgs/pull/345248> to address
<https://github.com/NixOS/nixpkgs/issues/344689>, a request for a
package of wgpu-native, wgpu’s native WebGPU implementation that
other applications can use as a library.

However, it doesn’t package that at all; instead, it contains
only several binary utility and example programs shipped as part
of wgpu, and in fact, these were already present as the more
appropriately‐named `wgpu-utils` package, which needs only an update.

Given that this package was added without the due diligence to check
whether the software being packaged was what was being requested,
or whether it was already present under an obvious name, I don’t
think there’s an argument for retaining this duplicate. `wgpu-utils`
can be updated and refactored to be on par with this package, and if
the library that was actually requested is ever packaged, it should
be called `wgpu-native` instead.

This reverts commit 27e304c09e479c3ba328c22d58fb7c5a7dd00038.

linuxPackages_latest.prl-tools: fix regex used in updater script to comply with latest webpage

linuxPackages_latest.prl-tools: 20.0.1-55659 -> 20.1.0-55732

element-desktop: add commandLineArgs (#345453)

{qbittorrent, qbittorrent-nox}: add mainProgram

topgrade: 16.0.0 -> 16.0.1

https://github.com/topgrade-rs/topgrade/releases/tag/v16.0.1

python3Packages.txtai: 7.3.0 -> 7.4.0

faiss, python312Packages.faiss: remove useless wheel from build-system

python312Packages.faiss: patch use of deprecated numpy.distutils

dracula-icon-theme: unstable-2021-07-21 -> unstable-2024-05-26

nvrh: 0.1.8 -> 0.1.9

Diff: https://github.com/mikew/nvrh/compare/refs/tags/v0.1.8...v0.1.9

Changelog: https://github.com/mikew/nvrh/blob/refs/tags/v0.1.9/CHANGELOG.md

croc: 10.0.11 -> 10.0.13

croc: remove inactive maintainer; nixos/tests/croc: match maintainer with package

nixos/tests/croc: fix --pass argument and code passing

bcachefs-tools: 1.11.0 -> 1.13.0

zegrapher: migrate to by-name

zegrapher: refactor

- nixfmt-rfc-style
- no nested with
- finalAttrs
- strictDeps

nix-eval-jobs: 2.24.0 -> 2.24.1

python312Packages.model-bakery: 1.19.5 -> 1.20.0

python312Packages.pylacus: 1.10.0 -> 1.11.1

bitcoin: 27.1 -> 28.0

The miniupnpc 2.2.8 patch is dropped as it was included in Bitcoin
Core 28.0.

svt-av1-psy: 2.2.1-A -> 2.2.1-B

python312Packages.torchmetrics: 1.4.2 -> 1.4.3

Diff: https://github.com/Lightning-AI/torchmetrics/compare/refs/tags/v1.4.2...v1.4.3

Changelog: https://github.com/Lightning-AI/torchmetrics/releases/tag/v1.4.3

python312Packages.plumbum: 1.8.3 -> 1.9.0

Diff: https://github.com/tomerfiliba/plumbum/compare/refs/tags/v1.8.3...v1.9.0

Changelog: https://github.com/tomerfiliba/plumbum/releases/tag/v1.9.0

trivy: 0.56.1 -> 0.56.2

Diff: https://github.com/aquasecurity/trivy/compare/refs/tags/v0.56.1...v0.56.2

Changelog: https://github.com/aquasecurity/trivy/releases/tag/v0.56.2

trufflehog: 3.82.6 -> 3.82.8

Diff: https://github.com/trufflesecurity/trufflehog/compare/refs/tags/v3.82.6...v3.82.8

Changelog: https://github.com/trufflesecurity/trufflehog/releases/tag/v3.82.8

sqlfluff: 3.2.0 -> 3.2.3

Diff: https://github.com/sqlfluff/sqlfluff/compare/refs/tags/3.2.0...3.2.3

Changelog: https://github.com/sqlfluff/sqlfluff/blob/3.2.3/CHANGELOG.md

noto-fonts-color-emoji: 2.042 -> 2.047

nixos/gerrit: Apply initial hardening using the systemd unit

These options are a good start for sandboxing the service. It's planned
to set `ProtectSystem` to `strict` instead of `full`, but that requires
specific directories to be configured as writable. It's also planned to
filter system calls. However, that requires more testing but it
shouldn't prevent us from applying these options for now and add others
later.

Signed-off-by: Felix Singer <[email protected]>

liboqs: 0.10.1 -> 0.11.0

oqs-provider: 0.6.1 -> 0.7.0

ytdownloader: 3.18.2 -> 3.18.3

vscodium: 1.94.1 -> 1.94.2

python312Packages.sentence-transformers: 3.1.1 -> 3.2.0

Diff: https://github.com/UKPLab/sentence-transformers/compare/refs/tags/v3.1.1...v3.2.0

Changelog: https://github.com/UKPLab/sentence-transformers/releases/tag/3.2.0

p2pool: 4.1 -> 4.1.1

python312Packages.unstructured: 0.15.13 -> 0.15.14

open-vm-tools: 12.4.5 -> 12.5.0

remove patch from go-task build file

formats.ini: disable merging as list by default

Previously, setting listsAsDuplicateKeys or listToValue would make it so
merging these treat all values as lists, by coercing non-lists via
lib.singleton. Some programs (such as gamemode; see #345121), allow some
values to be repeated but not others, which can lead to unexpected
behavior when non-list values are merged like this rather than throwing
an error.

This now makes that behavior opt-in via the mergeAsList option. Setting
mergeAsList (to either true or false) without setting either
listsAsDuplicateKeys or listToValue is an error, since lists are
meaningless in this case.

grafana: 11.2.1 -> 11.2.2

palemoon-bin: 33.3.1 -> 33.4.0

palemoon-bin: 33.4.0 -> 33.4.0.1

bakelite: unstable-2022-02-12 -> unstable-2023-03-30

Revert "kops: 1.29.2 -> 1.30.1 (#344817)"

This reverts commit cb710f366bd5f1dd369e112615c4f00ee2a636d5.

python312Packages.spark-parser: 1.8.9 -> 1.9.0

apko: fix go tests

apko: add emilylange as maintainer

apko: 0.14.1 -> 0.19.1

https://github.com/chainguard-dev/apko/releases/tag/v0.19.1

https://github.com/chainguard-dev/apko/releases/tag/v0.19.0

https://github.com/chainguard-dev/apko/releases/tag/v0.18.1

https://github.com/chainguard-dev/apko/releases/tag/v0.18.0

https://github.com/chainguard-dev/apko/releases/tag/v0.17.0

https://github.com/chainguard-dev/apko/releases/tag/v0.16.0

https://github.com/chainguard-dev/apko/releases/tag/v0.15.0

https://github.com/chainguard-dev/apko/releases/tag/v0.14.9

https://github.com/chainguard-dev/apko/releases/tag/v0.14.8

https://github.com/chainguard-dev/apko/releases/tag/v0.14.7

https://github.com/chainguard-dev/apko/releases/tag/v0.14.6

https://github.com/chainguard-dev/apko/releases/tag/v0.14.5

https://github.com/chainguard-dev/apko/releases/tag/v0.14.4

https://github.com/chainguard-dev/apko/releases/tag/v0.14.3

https://github.com/chainguard-dev/apko/releases/tag/v0.14.2

diff: https://github.com/chainguard-dev/apko/compare/v0.14.1...v0.19.1

coeurl: 0.3.0 -> 0.3.1

coeurl: move to by-name and reformat

nheko: add rnhmjoj as maintainer

mtxclient: add rnhmjoj as maintainer

mtxclient: move to by-name and reformat

nheko: move to by-name and reformat

nixos/systemd-boot: autoformat

nixos/systemd-boot: add edk2-uefi-shell boot option

We already have a edk2-uefi-shell package in nixpkgs, but adding it to
systemd-boot was somewhat tedious. Now it's a single line of nix.

nixos/systemd-boot: add windows option for easy dual-booting

When installing NixOS on a machine with Windows, the "easiest" solution
to dual-boot is re-using the existing EFI System Partition (ESP), which
allows systemd-boot to detect Windows automatically.

However, if there are multiple ESPs, maybe even on multiple disks,
systemd-boot is unable to detect the other OSes, and you either have to
use Grub and os-prober, or do a tedious manual configuration as
described in the wiki:
https://wiki.nixos.org/w/index.php?title=Dual_Booting_NixOS_and_Windows&redirect=no#EFI_with_multiple_disks

This commit automates and documents this properly so only a single line
like

    boot.loader.systemd-boot.windows."10".efiDeviceHandle = "HD0c2";

is required.

In the future, we might want to try automatically detecting this
during installation, but finding the correct device handle while the
kernel is running is tricky.

firefox-beta-bin-unwrapped: 131.0b9 -> 132.0b6

firefox-devedition-bin-unwrapped: 131.0b9 -> 132.0b6

wakapi: set StateDirectory

fix #347393

hyprlandPlugins.hy3: 0.43.0 -> 0.44.0

hyprlandPlugins.hypr-dynamic-cursors: 0-unstable-2024-08-01 -> 0-unstable-2024-10-10

hyprlandPlugins.hyprgrass: 0.8.1 -> 0.8.2

hyprlandPlugins/hyprland-plugins: 0.43.0 -> 0.44.0

hyprlandPlugins.hyprscroller: 0-unstable-2024-09-06 -> 0-unstable-2024-10-10

hyprlandPlugins.hyprspace: 0-unstable-2024-08-21 -> 0-unstable-2024-09-16

hyprlandPlugins.hyprsplit: 0.43.0 -> 0.44.1

python312Packages.autobahn: Remove optional `xbr` dependencies

python312Packages.hkdf: drop

i2pd: 2.52.0 -> 2.54.0

spotube: 3.8.2 -> 3.8.3

figma-linux: 0.11.4 -> 0.11.5

https://github.com/Figma-Linux/figma-linux/releases/tag/v0.11.5

ergo: 5.0.22 -> 5.0.23

libirecovery: 1.2.0 -> 1.2.1

lxgw-wenkai-screen: 1.330 -> 1.501

python312Packages.opower: 0.8.2 -> 0.8.3

Diff: https://github.com/tronikos/opower/compare/refs/tags/v0.8.2...v0.8.3

Changelog: https://github.com/tronikos/opower/releases/tag/v0.8.3

python312Packages.aioautomower: 2024.9.3 -> 2024.10.0

Diff: https://github.com/Thomas55555/aioautomower/compare/refs/tags/2024.9.3...2024.10.0

Changelog: https://github.com/Thomas55555/aioautomower/releases/tag/2024.10.0

python312Packages.inotify: drop nose dependency

python312Packages.inotify: modernize

python312Packages.mitogen: 0.3.12 -> 0.3.13

Diff: https://github.com/mitogen-hq/mitogen/compare/refs/tags/v0.3.12...v0.3.13

Changelog: https://github.com/mitogen-hq/mitogen/blob/v0.3.13/docs/changelog.rst

vimPlugins.telescope-git-conflicts-nvim: init at 2024-01-14

python312Packages.propcache: 0.1.0 -> 0.2.0

Diff: https://github.com/aio-libs/propcache/compare/refs/tags/v0.1.0...v0.2.0

Changelog: https://github.com/aio-libs/propcache/blob/refs/tags/v0.2.0/CHANGES.rst

python312Packages.lxml-html-clean: 0.2.2 -> 0.3.1

Diff: https://github.com/fedora-python/lxml_html_clean/compare/refs/tags/0.2.2...0.3.1

Changelog: https://github.com/fedora-python/lxml_html_clean/blob/0.3.1/CHANGES.rst

python312Packages.dissect-cstruct: 4.1 -> 4.2

xmake-core-sv: remove

kubernetes-controller-tools: 0.16.3 -> 0.16.4

cargo-component: 0.16.0 -> 0.17.0

temporal: 1.25.0 -> 1.25.1

phrase-cli: 2.32.0 -> 2.33.1

python312Packages.playwrightcapture: 1.26.0 -> 1.26.1

alt-tab-macos: 6.71.0 -> 6.73.0

Changelog: https://github.com/lwouis/alt-tab-macos/releases/tag/v6.73.0
Diff: https://github.com/lwouis/alt-tab-macos/compare/v6.71.0...v6.73.0

dropbox: add libGL to the FHS environment

dropbox v209 has stopped shipping libGL.so, which causes a crash on startup if it's missing and $DISPLAY is set.

frostwire: 6.9.8 -> 6.13.3

https://github.com/frostwire/frostwire/releases/tag/frostwire-desktop-6.13.3-build-322

ci/request-reviews: Fix for branches starting with "pr"

Turns out if :<something> is passed, a local branch is updated, which
can conflict if the PR branch starts with "pr". I tried to avoid that
with the original code but apparently that didn't work!

https://github.com/NixOS/nixpkgs/actions/runs/11284183639/job/31384967152?pr=347822

    Fetching the PR commit history
    From https://github.com/linj-fork/nixpkgs
     * [new branch]            pr/kanata-add-version-check -> fork/pr
    error: cannot lock ref 'refs/remotes/fork/pr/kanata-add-version-check': 'refs/remotes/fork/pr' exists; cannot create 'refs/remotes/fork/pr/kanata-add-version-check'
     ! [new branch]            pr/kanata-add-version-check -> fork/pr/kanata-add-version-check  (unable to update local ref)
    error: some local refs could not be updated; try running

thunderbird-bin: 128.2.3esr -> 128.3.1esr

gerrit: 3.10.1 -> 3.10.2

https://www.gerritcodereview.com/3.10.html#3102

Signed-off-by: Felix Singer <[email protected]>

mihomo-party: init at 1.4.5

cgal: propagate correct package to Python packages

cgal was shadowed by the corresponding Python package after #344966

nixos/gamemode: use listsAsDuplicateKeys for settings

This allows settings multiple scripts in `.custom.start` and
`.custom.end`, as Gamemode reads them back out into a list.

This is slightly annoying, as *any* duplicate keys will appear multiple
times, while gamemode will only accept the last one for most keys
(clobbering previous ones). Ideally, it would be possible to only enable
`listsAsDuplicateKeys` for scripts, but this does not seem to be
possible in `pkgs.formats.ini`.

cpplint: move to by-name

cpplint: format

cpplint: 1.7.0 -> 2.0.0

Diff:
https://github.com/cpplint/cpplint/compare/8f62396aff6dc850415cbe5ed7edf9dc95f4a731...2.0.0

Changelog: https://github.com/cpplint/cpplint/releases/tag/2.0.0

rPackages.sf: fix build on darwin

rPackages.terra: fix build on darwin

rPackages.vapour: fix build on darwin

qdiskinfo: add themes

qdiskinfo: refactor themes

legcord: init at 1.0.0

https://github.com/Legcord/Legcord/releases/tag/v1.0.0

armcord: remove, add throw with migration details

https://github.com/Legcord/Legcord/releases/tag/v1.0.0

ci/request-reviews: fix headRef to point to the PR head

Previously, headRef points to the master branch of Nixpkgs, which
basically means no code owner review will be requested.

The problem can be verified using the following command.

$ DRY_MODE=1 ./ci/request-reviews/request-reviews.sh NixOS/nixpkgs 347973 ci/OWNERS
[...]
This PR touches 0 files
Requesting reviews from: {
  "reviewers": []
}
[...]

Additionally, the comment about conflicts is removed thanks to the
unambiguous way of specifying ref.

protonvpn-gui_legacy: deprecate application

The source code for this project was removed a while ago and there is no
method to build this from scratch anymore.

The erase decission was probably done by the Proton developers as they
are currently focussing all efforts on the protonvpn-gui app.

alire: 2.0.1 -> 2.0.2

kanata: add a version check using versionCheckHook

python312Packages.pyfaidx: 0.8.1.2 -> 0.8.1.3

tailscale: 1.74.1 -> 1.76.0

Diff: https://github.com/tailscale/tailscale/compare/v1.74.1...v1.76.0
Changelog: https://github.com/tailscale/tailscale/releases/tag/v1.76.0
Signed-off-by: Muhammad Falak R Wani <[email protected]>

lls: 0.2.0 -> 0.3.0

lls: add self as maintainer

buildDartApplication: include dart SDK builder by default

flutter326: init at 3.26.0-0.1pre

maintainers/team-list: add AndersonTorres and linj to emacs team

OWNERS: reference the Emacs team for Emacs stuff

OWNERS: make the Emacs team own Emacs docs

ci/request-reviews: Avoid duplicates with different casings

It's possible to have different casings in OWNERS, so we need to handle
that

ao: move to aliases

python312Packages.aioautomower: 2024.9.3 -> 2024.10.0

https://github.com/Thomas55555/aioautomower/releases/tag/2024.10.0

python312Packages.ayla-iot-unofficial: 1.4.1 -> 1.4.2

https://github.com/rewardone/ayla-iot-unofficial/releases/tag/v1.4.2

python312Packages.opower: 0.8.2 -> 0.8.3

https://github.com/tronikos/opower/releases/tag/v0.8.3

python312Packages.pysmlight: 0.1.2 -> 0.1.3

https://github.com/smlight-tech/pysmlight/releases/tag/v0.1.3

python312Packages.python-kasa: 0.7.4 -> 0.7.5

https://github.com/python-kasa/python-kasa/blob/0.7.5/CHANGELOG.md

python312Packages.python-linkplay: 0.0.14 -> 0.0.15

https://github.com/Velleman/python-linkplay/releases/tag/v0.0.15

python312Packages.pytouchlinesl: 0.1.7 -> 0.1.8

https://github.com/jnsgruk/pytouchlinesl/releases/tag/0.1.8

home-assistant: 2024.10.1 -> 2024.10.2

https://github.com/home-assistant/core/releases/tag/2024.10.2

home-assistant.python.pkgs.pytest-homeassistant-custom-component: 0.13.154 -> 0.13.172

https://github.com/MatthewFlamm/pytest-homeassistant-custom-component/blob/refs/tags/0.13.172/CHANGELOG.md

home-assistant-custom-components.mass: 2024.8.1 -> 2024.9.1

python312Packages.homeassistant-stubs: 2024.10.1 -> 2024.10.2

https://github.com/KapJI/homeassistant-stubs/releases/tag/2024.10.2

welle-io: 2.4 -> 2.5

welle-io: apply nixfmt

welle-io: remove nested "with lib" in meta.

python312Packages.python-jsonrpc-server: refactor

burpsuite: 2024.8.2 -> 2024.8.4

python312Packages.python-kasa: 0.7.4 -> 0.7.5

Diff: https://github.com/python-kasa/python-kasa/compare/refs/tags/0.7.4...0.7.5

Changelog: https://github.com/python-kasa/python-kasa/blob/0.7.5/CHANGELOG.md

metasploit: 6.4.29 -> 6.4.30

python312Packages.asn1tools: 0.166.0 -> 0.167.0

Diff: https://github.com/eerimoq/asn1tools/compare/refs/tags/0.166.0...0.167.0

Changelog: https://github.com/eerimoq/asn1tools/releases/tag/0.167.0

python312Packages.asn1tools: refactor

python312Packages.dissect-cstruct: 4.1 -> 4.2

Diff: https://github.com/fox-it/dissect.cstruct/compare/refs/tags/4.1...4.2

Changelog: https://github.com/fox-it/dissect.cstruct/releases/tag/4.2

python312Packages.dissect-cobaltstrike: 1.0.0 -> 1.2.0

Diff: https://github.com/fox-it/dissect.cobaltstrike/compare/refs/tags/v1.0.0...v1.2.0

Changelog: https://github.com/fox-it/dissect.cobaltstrike/releases/tag/1.2.0

python312Packages.dvc-task: 0.40.1 -> 0.40.2

Diff: https://github.com/iterative/dvc-task/compare/refs/tags/0.40.1...0.40.2

Changelog: https://github.com/iterative/dvc-task/releases/tag/0.40.2

python312Packages.pylitejet: init at 0.3.0

Library for interfacing with the LiteJet lighting system

https://github.com/joncar/pylitejet

home-assistant: update component-packages

python312Packages.pylitejet: 0.3.0 -> 0.6.3

Diff: https://github.com/joncar/pylitejet/compare/refs/tags/v0.3.0...v0.6.3

Changelog: https://github.com/joncar/pylitejet/releases/tag/v0.6.3

aider-chat: 0.57.0 -> 0.59.0

https://github.com/Aider-AI/aider/releases/tag/v0.59.0

webkitgtk: refactor top-level to deprecate default ABI version

treewide: replace webkitgtk to webkitgtk_4_0

sed -i 's/ webkitgtk\b/ webkitgtk_4_0/g' pkgs/**.nix
sed -i 's/(webkitgtk\b/(webkitgtk_4_0/g' pkgs/**.nix
sed -i 's/\.webkitgtk\b/.webkitgtk_4_0/g' pkgs/**.nix

webkitgtk is currently pointing to that specific ABI version but the
alias is going to start warning

webkitgtk: move webkitgtk to aliases with a warning

cachix: 1.7.4 -> 1.7.5

python312Packages.pynmeagps: 1.0.42 -> 1.0.43

python312Packages.reflex: 0.6.1 -> 0.6.2

Changelog: https://github.com/reflex-dev/reflex/releases/tag/v0.6.2

python312Packages.reflex: 0.6.2 -> 0.6.2.post1

Diff: https://github.com/reflex-dev/reflex/compare/refs/tags/v0.6.2...v0.6.2.post1

Changelog: https://github.com/reflex-dev/reflex/releases/tag/v0.6.2.post1

arti: 1.2.7 -> 1.2.8

Update the package to the latest version.
Remove from skipped 1 test that was fixed.

terraform-providers.deno: init at 0.1.0

telegraf: 1.32.0 -> 1.32.1

Diff: https://github.com/influxdata/telegraf/compare/v1.32.0...v1.32.1

Changelog: https://github.com/influxdata/telegraf/blob/v1.32.1/CHANGELOG.md

panoply: 5.5.2 -> 5.5.3

nextjs-ollama-llm-ui: 1.0.1 -> 1.1.0

nextjs-ollama-llm-ui: fix nextjs cache dir (#344316)

nixos/automatic-timezoned: set time.timeZone to null to avoid silent overriding

Currently if a timezone was selected explicitly, the service will
silently override the value, essentially ignoring what is meant to be a
a deliberate choice of option. This may cause confusion as to why the
option is not doing anything when this service is enabled, particularly
in more complex set-ups after some time.

This will simply make the choice deliberate from the user's part, either
by having to remove the option or lowering its priority as a recognition
that it may be ignored.

This change was inspired by the `services.tzupdate` module, which does
the same.

[1]: <https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/misc/tzupdate.nix#L24>

cheat: fix zsh completion

weechatScripts.wee-slack: 2.10.2 -> 2.11.0

The can now drop the fetchpatch, as that fix landed in 2.11.0.

userborn: add meta.changelog

userborn: platforms.linux -> platform.unix

userborn: 0.2.0 -> 0.3.0

nfs-ganesha: build man pages

nfs-ganesha: apply nixfmt, src.sha256 -> hash

kmod-blacklist-ubuntu: 30+20230519-1ubuntu3 -> 31+20240202-2ubuntu8

osu-lazer-bin: fix hash for the second time

gogs: remove

Upstream development has stalled and several critical vulnerabilities
that weren't addressed within a year[1][2].

Back then it was fair to mark it as insecure, but given nothing has
happened since, it's time to remove it.

[1] https://forgejo.org/2023-11-release-v1-20-5-1/
[2] https://github.com/gogs/gogs/is…
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants