-
-
Notifications
You must be signed in to change notification settings - Fork 14.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pkgs/by-name: rewrite hashes in SRI format #341924
Conversation
Reproduction script: # Bulk rewrite ./maintainers/scripts/sha-to-sri.py pkgs/by-name # Revert some packages which will need manual intervention for n in amdvlk azure-cli cargo-profiler corefonts flatito fluxcd gist perf_data_converter protoc-gen-js solana-cli swt verible; do git checkout -- "pkgs/by-name/${n:0:2}/${n}" done
0971195
to
d2ff083
Compare
Related: #325892 Thanks! |
Result of 1 package built:
|
Result of 1 package built:
|
Feel free to review now that the PR is ready. 💚 |
@katexochen and @ulrikstrid, Would you be open to a PR just rewriting the update script (in Python or such) ? As a bonus, that could help replace |
|
nixpkgs/pkgs/applications/editors/vim/plugins/updater.nix Lines 34 to 37 in cd16cb5
This is causing rebuild, and should be corrected in a separated PR. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Diff looks good
@@ -9,7 +9,7 @@ | |||
|
|||
let | |||
version = "2.3.0"; | |||
sha256 = "sha256-ZQs1rWI31qDo/BgjrmiNnEdR2OL8bUHVz+j5VceEp2k="; | |||
hash = "sha256-ZQs1rWI31qDo/BgjrmiNnEdR2OL8bUHVz+j5VceEp2k="; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change change broke fluxcd
update script logic. And it was already using SRI. Fix at: #345690
norisk-client: update norisk-client: update webkitgtk dependency norisk-client: updated maintainers: Add gileri perlPackages.FileXDG: init at 1.03 eigenmath: 3.27-unstable-2024-09-15 -> 3.27-unstable-2024-10-02 fend: 1.5.2 -> 1.5.3 azure-cli: install completions for all shells elementary-xfce-icon-theme: 0.19 -> 0.20 forbidden: 12.5 -> 12.6 forbidden: clean-up inputs metasploit: 6.4.28 -> 6.4.29 ggshield: 1.32.0 -> 1.32.1 Diff: https://github.com/GitGuardian/ggshield/compare/refs/tags/v1.32.0...v1.32.1 Changelog: https://github.com/GitGuardian/ggshield/blob/1.32.1/CHANGELOG.md gitleaks: 8.20.0 -> 8.20.1 Diff: https://github.com/zricethezav/gitleaks/compare/refs/tags/v8.20.0...v8.20.1 Changelog: https://github.com/zricethezav/gitleaks/releases/tag/v8.20.1 luaPackages: update on 2024-10-07 vimPlugins: update on 2024-10-07 vimPlugins.nvim-treesitter: update grammars yt-dlp: 2024.9.27 -> 2024.10.7 Changelog: https://github.com/yt-dlp/yt-dlp/releases/tag/2024.10.07 Diff: https://github.com/yt-dlp/yt-dlp/compare/2024.09.27...2024.10.07 p3x-onenote: format p3x-onenote: move to by-name p3x-onenote: 2023.4.117 -> 2024.10.110 vimPlugins.cmp-ctags: init at 2023-05-16 maintainers: add takeda pgmq: init at 1.4.4 marksman: 2023-12-09 -> 2024-10-07 mpvScripts.quality-menu: 4.1.2 -> 4.2.0 drawterm: 0-unstable-2024-09-09 -> 0-unstable-2024-10-04 diffoscope: 278 -> 279 Changes: https://diffoscope.org/news/diffoscope-279-released/ imagemagick: 7.1.1-38 -> 7.1.1-39 Diff: https://github.com/ImageMagick/ImageMagick/compare/7.1.1-38...7.1.1-39 Changelog: https://github.com/ImageMagick/Website/blob/main/ChangeLog.md rke2: refactor update-script and update rke2 channel versions (#344692) cf-terraforming: 0.20.0 -> 0.21.0 (#347201) rdma-core: 53.0 -> 54.0 nagiosPlugins: init from pkgs/servers/monitoring/nagios/plugins nagiosPlugins.check_systemd: format with nixfmt-rfc-style nagiosPlugins.check_zfs: format with nixfmt-rfc-style nagiosPlugins.check_smartmon: format with nixfmt-rfc-style nagiosPlugins.check_ssl_cert: format with nixfmt-rfc-style nagiosPlugins.check_systemd: 2.3.1 -> 4.1.0 https://github.com/Josef-Friedrich/check_systemd/compare/v2.3.1...v4.1.0 nagiosPlugins.check_esxi_hardware: format with nixfmt-rfc-style nagiosPlugins.check_openvpn: format nagiosPlugins.check_uptime: format with nixfmt-rfc-style nagiosPlugins.check_wmi_plus: format with nixfmt-rfc-style nagiosPlugins.labs_consol_de: format with nixfmt-rfc-style nagiosPlugins.check_esxi_hardware: 20200710 -> 20221230 https://github.com/Napsty/check_esxi_hardware/compare/20200710...20221230 nagiosPlugins.check_uptime: 20161112 -> unstable-2016-11-12 nagiosPlugins.check_wmi_plus: fix meta.{homepage,license} wmic-bin: move to pkgs/servers/monitoring/wmic-bin coqPackages.mathcomp-analysis: 1.1.0 → 1.4.0 coqPackages.mathcomp-infotheo: 0.7.1 → 0.7.2 openscad-unstable: 2024-09-22 -> 2024-10-06 nixos/systemd: allow using writeShellApplication for systemd unit scripts ifcopenshell: 240611 -> 0.7.10, fix build and activate most tests By relevant release, I mean the ifcopenshell-python release, and not the blenderbim release ifcopenshell: maintainer fehnomenal -> autra, as asked by fehnomenal ifcopenshell: add a passthru.updateScript python312Packages.cgal: init at 5.6.1.post202403291426 micronaut: 4.6.2 -> 4.6.3 zx: 8.1.8 -> 8.1.9 Diff: https://github.com/google/zx/compare/8.1.8...8.1.9 Changelog: https://github.com/google/zx/releases/tag/8.1.9 heptabase: 1.40.0 -> 1.41.1 flannel: 0.25.6 -> 0.25.7 python312Packages.boschshcpy: 0.2.91 -> 0.2.95 Diff: https://github.com/tschamm/boschshcpy/compare/refs/tags/0.2.91...0.2.95 sesh: 2.4.0 -> 2.5.0 python311Packages.llama-index-embeddings-gemini: 0.2.0 -> 0.2.1 python311Packages.llama-cloud: 0.0.17 -> 0.1.2 python311Packages.llama-parse: 0.5.6 -> 0.5.7 python311Packages.llama-index-llms-openai: 0.2.9 -> 0.2.12 python311Packages.llama-index-multi-modal-llms-openai: 0.2.1 -> 0.2.2 python311Packages.llama-index-core: 0.11.14 -> 0.11.16 Diff: https://github.com/run-llama/llama_index/compare/refs/tags/v0.11.14...v0.11.16 Changelog: https://github.com/run-llama/llama_index/blob/0.11.16/CHANGELOG.md python312Packages.holidays: 0.57 -> 0.58 Diff: https://github.com/vacanza/python-holidays/compare/refs/tags/v0.57...v0.58 Changelog: https://github.com/vacanza/python-holidays/releases/tag/v0.58 python312Packages.pyeconet: 0.1.22 -> 0.1.23 Diff: https://github.com/w1ll1am23/pyeconet/compare/refs/tags/v0.1.22...v0.1.23 Changelog: https://github.com/w1ll1am23/pyeconet/releases/tag/v0.1.23 python312Packages.pysml: 0.1.3 -> 0.1.4 Diff: https://github.com/mtdcr/pysml/compare/refs/tags/0.1.3...0.1.4 python312Packages.mailchecker: 6.0.9 -> 6.0.11 Changelog: https://github.com/FGRibreau/mailchecker/blob/v6.0.11/CHANGELOG.md python312Packages.python-hcl2: 4.3.5 -> 5.0.0 emplace: move to by-name; nixfmt emplace: fix build qalculate-qt: 5.2.0.1 -> 5.3.0 ferdium: 6.7.6 -> 6.7.7 c2patool: 0.9.9 -> 0.9.10 nym: move to by-name; nixfmt nym: 1.1.21 -> 2024.10-caramello; add bot-wxt1221 as maintainers materialgram: 5.5.4.1 -> 5.6.1.1 Diff: https://github.com/kukuruzka165/materialgram/compare/refs/tags/v5.5.4.1...v5.6.1.1 Changelog: https://github.com/kukuruzka165/materialgram/releases/tag/v5.6.1.1 trealla: 2.56.19 -> 2.57.1 livebook: 0.14.2 -> 0.14.4 https://github.com/livebook-dev/livebook/releases/tag/v0.14.4 fabric-ai: 1.4.46 -> 1.4.54 https://github.com/danielmiessler/fabric/releases/tag/v1.4.54 python3Packages.sshfs.optional-dependencies.pyopenssl: fix the eval Without the change the eval fails as: nix-repl> python3Packages.sshfs.optional-dependencies.pyopenssl error: … while evaluating the attribute 'sshfs.optional-dependencies.pyopenssl' at pkgs/development/python-modules/sshfs/default.nix:45:5: 44| pkcs11 = [ asyncssh ] ++ asyncssh.optional-dependencies.pkcs11; 45| pyopenssl = [ asyncssh ] ++ asyncssh.optional-dependencies.pyopenssl; | ^ 46| }; … while evaluating the attribute 'optional-dependencies.pyopenssl' at pkgs/development/interpreters/python/mk-python-derivation.nix:229:15: 228| // optionalAttrs (optional-dependencies != {}) { 229| inherit optional-dependencies; | ^ 230| } error: attribute 'pyopenssl' missing at pkgs/development/python-modules/sshfs/default.nix:45:33: 44| pkcs11 = [ asyncssh ] ++ asyncssh.optional-dependencies.pkcs11; 45| pyopenssl = [ asyncssh ] ++ asyncssh.optional-dependencies.pyopenssl; | ^ 46| }; openvi: 7.5.29 -> 7.6.30 viceroy: 0.12.0 -> 0.12.1 nwg-displays: 0.3.21 -> 0.3.22 moon: 1.28.3 -> 1.29.0 lune: 0.8.8 -> 0.8.9 chirp: 0.4.0-unstable-2024-09-28 -> 0.4.0-unstable-2024-10-03 i3bar-river: 1.0.0 -> 1.0.1 hyprland-protocols: 0.3.0 -> 0.4.0 govc: 0.43.0 -> 0.44.0 twitch-cli: move to by-name blueprint-compiler: move to by-name citations: move to by-name raider: move to by-name webfontkitgenerator: move to by-name praat: 6.4.21 -> 6.4.22 syndicate-server: 0.46.0 -> 0.48.0 rainfrog: 0.2.6 -> 0.2.7 release notes: https://github.com/achristmascarl/rainfrog/releases/tag/v0.2.7 aerospike: 7.1.0.6 -> 7.2.0.1 ci: Add default.nix with exposed pkgs Allows reusing it in more places ci: Add review request scripts Also post a comment in case base branch is wrong This guides newcomers in how to smoothly handle the potentially scary situation of having thousands of commits listed in a PR. While CI shows the same, people might not even look at CI if the PR looks botched. ci: Add codeowners validator workflows/codeowners: init OWNERS: placeholder init telegram-desktop: 5.5.5 -> 5.6.0 Diff: https://github.com/telegramdesktop/tdesktop/compare/v5.5.5...v5.6.0 Changelog: https://github.com/telegramdesktop/tdesktop/releases/tag/v5.6.0 telegram-desktop: 5.6.0 -> 5.6.1 Diff: https://github.com/telegramdesktop/tdesktop/compare/v5.6.0...v5.6.1 Changelog: https://github.com/telegramdesktop/tdesktop/releases/tag/v5.6.1 bazel-gazelle: 0.38.0 -> 0.39.0 jwm: 2.4.3 -> 2.4.5 wireless-regdb: 2024.07.04 -> 2024.10.07 Changes: https://lore.kernel.org/wireless-regdb/[email protected]/T/#u CODEOWNERS: Fix non-matching patterns Since https://github.com/NixOS/nixpkgs/pull/336261 we have CI that checks that the codeowners file is valid: https://github.com/NixOS/nixpkgs/actions/runs/11243668280/job/31260095472#step:7:34 Which files are correct (or whether they were removed) was determined using the Git history and some grepping buf: use go1.23 python312Packages.scikit-build-core: 0.10.5 -> 0.10.7 Diff: https://github.com/scikit-build/scikit-build-core/compare/refs/tags/v0.10.5...v0.10.7 Changelog: https://github.com/scikit-build/scikit-build-core/blob/v0.10.7/docs/changelog.md python312Packages.rapidfuzz: 3.9.7 -> 3.10.0 Diff: https://github.com/maxbachmann/RapidFuzz/compare/refs/tags/v3.9.7...v3.10.0 Changelog: https://github.com/maxbachmann/RapidFuzz/blob/refs/tags/v3.10.0/CHANGELOG.rst ceph: 18.2.4 -> 19.2.0 No-longer-necessary patches removed: * dmcrypt: https://github.com/ceph/ceph/pull/57925 * Finduring.cmake: https://github.com/ceph/ceph/commit/670118abfb9ef6135972a56514173e72b64ef8f4 * Python "packaging": https://github.com/ceph/ceph/commit/d1d8df6fafbb744d50787d3ffcd5c572397e421f Additional changes: * Add more runtime deps mentioned by upstream debian/control file. * Tell Ceph to use our specified Python dependencies, instead of the bundled ones (for `cephadm`). rl-2411: Mention Ceph upgrade llvmPackages_git: 20.0.0-git-2024-09-29 -> 20.0.0-git-2024-10-07 python3Packages.deepface: init at 0.0.92 python3Packages.retinaface: init at 0.0.17 python3Packages.mtcnn: init at 0.1.1 python3Packages.mtcnn: update meta.description lib.oldestSupportedReleaseIsAtLeast: rename from bad name and deprecate after 24.11 It seems impossible to describe this condition more concisely without making it incomprehensible. treewide: lib.isInOldestRelease -> lib.oldestSupportedReleaseIsAtLeast python312Packages.azure-mgmt-network: 26.0.0 -> 27.0.0 Changelog: https://github.com/Azure/azure-sdk-for-python/blob/azure-mgmt-network_27.0.0/sdk/network/azure-mgmt-network/CHANGELOG.md python312Packages.azure-mgmt-eventhub: 11.0.0 -> 11.1.0 Changelog: https://github.com/Azure/azure-sdk-for-python/blob/azure-mgmt-eventhub_11.1.0/sdk/eventhub/azure-mgmt-eventhub/CHANGELOG.md python312Packages.azure-mgmt-batch: 17.3.0 -> 18.0.0 Changelog: https://github.com/Azure/azure-sdk-for-python/tree/azure-mgmt-batch_18.0.0/sdk/batch/azure-mgmt-batch loksh: 7.5 -> 7.6 python312Packages.minari: 0.5.0 -> 0.5.1 Diff: https://github.com/Farama-Foundation/Minari/compare/refs/tags/v0.5.0...v0.5.1 Changelog: https://github.com/Farama-Foundation/Minari/releases/tag/v0.5.1 python312Packages.imgw-pib: 1.0.5 -> 1.0.6 python312Packages.ytmusicapi: 1.8.1 -> 1.8.2 maintainers: add albertodvp python312Packages.pulumi-hcloud: init at 1.20.4 python3Packages.opentelemetry-instrumentation-requests: init at 0.47b0 steamtinkerlaunch: don't wrap in order to preserve $0 Fixes https://github.com/NixOS/nixpkgs/issues/295902 steamtinkerlaunch: add steamcompattool output This makes it possible to integrate this into our steam derivation's extraCompatPackages goldwarden: 0.3.3 -> 0.3.4 vivaldi: 6.9.3447.48 -> 6.9.3447.51 ecs-agent: 1.86.3 -> 1.87.0 k6: 0.53.0 -> 0.54.0 opencolorio: 2.3.2 -> 2.4.0 fio: 3.37 -> 3.38 haveged: 1.9.18 -> 1.9.19 malt: 1.2.2 -> 1.2.3 jdt-language-server: 1.39.0 -> 1.40.0 python312Packages.apprise: don't use python-xdist python3Packages.pyte: 0.8.1 -> 0.8.2 python312Packages.drf-yasg: refactor web-eid-app: 2.5.0 -> 2.6.0 python312Packages.xml2rfc: 3.23.1 -> 3.23.2 python312Packages.xml2rfc: switch to pypa builder python312Packages.xml2rfc: clean up dependencies emiluaPlugins.qt6: 1.0.3 -> 1.1.0 ocaml: default to version 5.2 ast-grep: 0.27.3 -> 0.28.0 handheld-daemon: 3.3.15 -> 3.4.1 fastddsgen: 4.0.1 -> 4.0.2 runc: 1.1.14 -> 1.1.15 ra-multiplex: 0.2.2 -> 0.2.5 ra-multiplex: fix typo on wrapProgram --suffix PATH python312Packages.coinmetrics-api-client: 2024.8.20.13 -> 2024.10.4.15 python312Packages.archinfo: 9.2.119 -> 9.2.122 Diff: https://github.com/angr/archinfo/compare/refs/tags/v9.2.119...v9.2.122 python312Packages.ailment: 9.2.119 -> 9.2.122 Diff: https://github.com/angr/ailment/compare/refs/tags/v9.2.119...v9.2.122 python312Packages.pyvex: 9.2.119 -> 9.2.122 python312Packages.claripy: 9.2.119 -> 9.2.122 Diff: https://github.com/angr/claripy/compare/refs/tags/v9.2.119...v9.2.122 python312Packages.cle: 9.2.119 -> 9.2.122 Diff: https://github.com/angr/cle/compare/refs/tags/v9.2.119...v9.2.122 python312Packages.camel-converter: 4.0.0 -> 4.0.1 python312Packages.motionblindsble: 0.1.1 -> 0.1.2 python312Packages.grpcio-testing: 1.65.4 -> 1.66.2 Diff: grpc/[email protected] Changelog: https://github.com/grpc/grpc/releases/tag/v1.66.2 fluxcd/update-script: use nix hash convert Eliminates deprecation warning of former pattern. fluxcd/update-script: add double quotes to prevent globbing and word splitting Eliminates tooling warnings. fluxcd: 2.3.0 -> 2.4.0 Release: https://github.com/fluxcd/flux2/releases/tag/v2.4.0 fluxcd: fix update script breakage caused by #341924 snappymail: 2.38.0 -> 2.38.1 nixos/nncp: refactor configuration merging The NNCP utilities have poor support for configuration merging so use jq and hjson-cli instead. ocamlPackages.elpi: 1.18.1 → 1.20.0 syft: 1.13.0 -> 1.14.0 codux: 15.34.0 -> 15.35.2 python312Packages.tinygrad: patch cuda headers nuget-to-nix: add meta.mainProgram redpanda-client: 24.2.5 -> 24.2.6 minivmac: init at 2024.06.08 mpich: 4.2.2 -> 4.2.3 mpich: apply nixfmt mpich: remove "with lib" from meta vscode: 1.94.0 -> 1.94.1 signal-desktop: 7.26.0 -> 7.27.0 saucectl: init at 0.183.0 (#336737) blackfire: 2.28.12 -> 2.28.13 eza: 0.20.1 -> 0.20.2 Signed-off-by: Christina Sørensen <[email protected]> python312Packages.huggingface-hub: 0.25.1 -> 0.25.2 Diff: https://github.com/huggingface/huggingface_hub/compare/refs/tags/v0.25.1...v0.25.2 Changelog: https://github.com/huggingface/huggingface_hub/releases/tag/v0.25.2 fnm: 1.37.1 -> 1.37.2 nixosTests.openresty-lua: simplify There's no point for the intermediate `getPath` function calling `getLuaPath` with the "lua" argument. There's also no other nginx test this copies code from. We always call `getLuaPath` with "lua", so constant-propagate it in. Also, camel-case `lualibs` to `luaLibs.` hyprland: format Use `inherit (lib) x` instead of `lib.x` Remove no-longer-needed jq Use importJSON hyprland: use moldLinker via stdenvAdapters Leave open the possibility of adding multiple adapters in the future. hyprland: use meson for building Follow upstream. hyprland: 0.43.0 -> 0.44.0 hyprpicker: format hyprpicker: drop unused dependencies hyprpicker: 0.3.0 -> 0.4.1 pulumi-bin: 3.134.1 -> 3.136.1 xray: 1.8.24 -> 24.9.30 bacon: move to pkgs/by-name bacon: format bacon: 2.21.0 -> 3.0.0 Diff: https://github.com/Canop/bacon/compare/refs/tags/v2.21.0...v3.0.0 Changelog: https://github.com/Canop/bacon/blob/v3.0.0/CHANGELOG.md reposilite: 3.5.17 -> 3.5.18 zsh-abbr: 5.8.2 -> 5.8.3 python312Packages.uplc: 1.0.6 -> 1.0.7 sem: 0.30.0 -> 0.30.1 python312Packages.pipenv-poetry-migrate: 0.5.9 -> 0.5.10 python312Packages.extract-msg: 0.49.0 -> 0.50.1 python312Packages.aiostream: 0.6.2 -> 0.6.3 python312Packages.sphinx-tabs: 3.4.5 -> 3.4.7 python312Packages.auroranoaa: 0.0.3 -> 0.0.5 python312Packages.auroranoaa: refactor twilio-cli: 5.22.2 -> 5.22.3 nushellPlugins.units: init at 0.1.2 go-licence-detector: init at 0.7.0 tigerbeetle: 0.16.3 -> 0.16.8 webcord: 4.9.2 -> 4.10.2 maintainers: add mikut python312Packages.requests-unixsocket2: init at 0.4.2 requests-unixsocket2 is a dependency of azure-iot-device Python package python312Packages.azure-iot-device: init at 2.14.0 azure-iot-device is a dependency of azure-iot extension for Azure CLI azure-cli-extensions.azure-iot: init at 0.25.0 renode-dts2repl: 0-unstable-2024-09-27 -> 0-unstable-2024-10-09 python3Packages.ifcopenshell.tests: fix the eval Without the change the eval fails as: $ nix build --no-link -f. python3Packages.ifcopenshell.tests error: … while evaluating the attribute 'version' at pkgs/development/python-modules/ifcopenshell/default.nix:185:7: 184| tests = { 185| version = testers.testVersion { command = "IfcConvert --version"; }; | ^ 186| }; … from call site at pkgs/development/python-modules/ifcopenshell/default.nix:185:17: 184| tests = { 185| version = testers.testVersion { command = "IfcConvert --version"; }; | ^ 186| }; error: function 'testVersion' called without required argument 'package' at pkgs/build-support/testers/default.nix:66:5: 65| testVersion = 66| { package, | ^ 67| command ? "${package.meta.mainProgram or package.pname or package.name} --version", knossosnet: 1.2.3 -> 1.2.4 pachyderm: 2.11.3 -> 2.11.4 anilibria-winmaclinux: 2.2.19 -> 2.2.20 python312Packages.iminuit: 2.30.0 -> 2.30.1 python312Packages.pysqueezebox: 0.9.3 -> 0.9.4 rasm: 2.2.7 -> 2.2.8 clusterctl: 1.8.3 -> 1.8.4 python312Packages.pbs-installer: 2024.09.09 -> 2024.10.08 delly: 1.2.9 -> 1.3.1 jx: 3.10.155 -> 3.10.156 python312Packages.langfuse: 2.51.2 -> 2.51.5 v2ray: 5.19.0 -> 5.20.0 rio: 0.1.16 -> 0.1.17 Diff: https://github.com/raphamorim/rio/compare/v0.1.16...v0.1.17 Changelog: https://github.com/raphamorim/rio/blob/v0.1.17/docs/docs/releases.md mycelium: 0.5.5 -> 0.5.6 nixos/libvirtd: add startDelay and shutdownTimeout option nixos/headscale: modernize Signed-off-by: Kristoffer Dalby <[email protected]> headscale: 0.22.3 -> 0.23.0 Signed-off-by: Kristoffer Dalby <[email protected]> nixos/headscale: update module to headscale 0.23.0 Signed-off-by: Kristoffer Dalby <[email protected]> nixos/release-notes: add entry for headscale 0.23.0 tailscale: build derper nixos/tailscale-derper: init iwd: enable debug info ladybird: 0-unstable-2024-09-21 -> 0-unstable-2024-10-05 nbdkit: init at 1.40.4 node-red: move from nodePackages treewide: replace `stdenv.is` in non nix files Continuing e0464e47880a69896f0fb1810f00e0de469f770a doc/python: correct platform conditional git-blame-ignore-revs: add formatting treewide lua-language-server: 3.10.6 -> 3.11.1 nixos/dhcpcd: allow jemalloc and mimalloc memory allocators jenkins: 2.462.2 -> 2.462.3 Fixes CVE-2024-47803 and CVE-2024-47804. https://www.jenkins.io/security/advisory/2024-10-02/ Changes: https://www.jenkins.io/changelog-stable/#v2.462.3 ocamlPackages.ctypes: 0.22.0 -> 0.23.0 Diff: https://github.com/ocamllabs/ocaml-ctypes/compare/0.22.0...0.23.0 nginxMainline: 1.27.1 -> 1.27.2 Changes: https://nginx.org/en/CHANGES f3d: mark broken on x86_64-darwin duckdb: disable tests that fail on x86_64 && aarch64 python3Packages.mitmproxy-macos: 0.5.1 -> 0.9.2 python3Packages.mitmproxy-rs: 0.6.3 -> 0.9.2 mitmproxy: 10.4.2 -> 11.0.0 vencord: 1.10.3 -> 1.10.4 git-identity: init at 1.1.1 Co-authored-by: Sandro <[email protected]> go-task: 3.38.0 -> 3.39.2 (#347340) Co-authored-by: Sandro <[email protected]> kine: init at 0.13.2 nushellPlugins.highlight: init at 1.3.1+0.98.0 elixir-ls: 0.23.0 -> 0.24.0 python3Packages.plotly: 5.23.0 -> 5.24.0 python312Packages.plotly: switch to fetchFromGitHub python312Packages.plotly: remove doCheck = false python312Packages.plotly: fixup meta plotly: Add pytestCheckHook python312Packages.numpy_2: 2.1.1 -> 2.1.2 Changelog: https://github.com/numpy/numpy/releases/tag/v2.1.2 firefox-unwrapped: 131.0 -> 131.0.2 https://www.mozilla.org/en-US/firefox/131.0.2/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-51/ Fixes: CVE-2024-9680 firefox-bin-unwrapped: 131.0 -> 131.0.2 https://www.mozilla.org/en-US/firefox/131.0.2/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-51/ Fixes: CVE-2024-9680 firefox-esr-128-unwrapped: 128.3.0 -> 128.3.1 https://www.mozilla.org/en-US/firefox/128.3.1/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-51/ Fixes: CVE-2024-9680 firefox-esr-115-unwrapped: 115.16.0esr -> 115.16.1esr https://www.mozilla.org/en-US/firefox/115.16.1/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-51/ Fixes: CVE-2024-9680 firefox-beta-unwrapped: 131.0b9 -> 132.0b5 firefox-devedition-unwrapped: 131.0b9 -> 132.0b5 monero-cli: update submodule version; disable aarch64-darwin `trezor-common` submodule updated to match the rev at the version tag, as per the conversation here: https://github.com/NixOS/nixpkgs/pull/341980#discussion_r1760381016 Mark as disabled on macOS/ARM because it does not build. Formatted with `nixfmt-rfc-style`. Tested on macOS M1 both via `nix-build -A monero-cli` and via `nixpkgs-review`. boundary: fix update script boundary: 0.15.4 -> 0.17.1 boundary: nixfmt boundary: move to pkgs/by-name php81Extensions.blackfire: 1.92.23 -> 1.92.25 workflows/codeowners: Dry mode for now Apparently it started requesting reviews from code owners already because the DRY_MODE from the global env was overridden in the local job declaration: https://github.com/NixOS/nixpkgs/pull/347354#event-14570645380 python312Packages.recipe-scrapers: 15.1.0 -> 15.2.1 osu-lazer{,-bin}: format osu-lazer: remove `with lib;` osu-lazer-bin: improve error message for unsupported arch osu-lazer{,-bin}: move to pkgs/by-name osu-lazer{,-bin}: 2024.906.2 -> 2024.1009.1 python312Packages.datasalad: 0.3.0 -> 0.4.0 vscodium: 1.93.1.24256 -> 1.94.0.24282 vimPlugins/overrides: format vimPlugins/overrides: add nvimRequireChecks vimPlugins.nvim-metals: add plenary dependency and check vimPlugins.elixir-tools-nvim: add plenary dependency and check vimPlugins.cmp-tabnine: add nvim-cmp dependency and check vimPlugins.chadtree: add python3 dependency and check vimPlugins.moveline-nvim: mark darwin bad platforms normaliz: 3.10.3 -> 3.10.4 muffon: 2.0.3 -> 2.1.0 ardour: 8.6 -> 8.8 rqlite: 8.31.0 -> 8.31.2 mtdutils: apply nixfmt mtdutils: migrate to by-name mtdutils: 2.2.0 -> 2.2.1 mtdutils: replace hardcoded /bin/mount in mount.ubifs cage: 0.1.5-unstable-2024-07-29 -> 0.2.0 Diff: https://github.com/cage-kiosk/cage/compare/d3fb99d6654325ec46277cfdb589f89316bed701...v0.2.0 roddhjav-apparmor-rules: 0-unstable-2024-09-27 -> 0-unstable-2024-10-06 mediamtx: move to by-name mediamtx: 1.9.1 -> 1.9.2 alacarte: 3.52.0 -> 3.54.0 riffdiff: 3.3.1 -> 3.3.3 whatsie: 4.15.5 -> 4.16.0 gitea 1.22.2 -> 1.22.3 Changelog: https://github.com/go-gitea/gitea/releases/tag/v1.22.3 git-credential-manager: inherit argv0 `git-credential-manager configure` sets up the user's Git configuration to use the tool as a credential helper. In Nix, the tool is wrapped, but the configuration command uses the unwrapped command that doesn't have the PATH set up and therefore fails. Resolve this by including `--inherit-argv0` in the wrapper, so the configuration is set up with the wrapped version of the executable. This will also mean that the specific git-credential-manager version isn't hard-coded into the user's Git configuration files, at least unless the user is calling git-credential-manager that way, and instead the configuration will list whatever was found in the user's PATH, which means user configuration will continue to work after git-credential-manager is updated. Fixes #298080. sidplayfp: 2.9.0 -> 2.10.0 eiwd: 2.16-1 -> 2.22-1 crosvm: 127.0 -> 128.1 cross-domain virtio-gpu seems to be broken on 129. I'll work on a fix for that and then upgrade further, but in the meantime it's nice to have 128, which fixes interoperability with virtiofsd. bloop: 2.0.2 -> 2.0.3 iosevka: 31.7.1 -> 31.8.0 nixpkgs-review: 2.10.5 -> 2.11.0 Diff: https://github.com/Mic92/nixpkgs-review/compare/refs/tags/2.10.5...2.11.0 Changelog: https://github.com/Mic92/nixpkgs-review/releases/tag/2.11.0 vault: 1.17.6 -> 1.18.0 Diff: https://github.com/hashicorp/vault/compare/v1.17.6...v1.18.0 Changelog: https://github.com/hashicorp/vault/blob/v1.18.0/CHANGELOG.md vault-bin: 1.17.6 -> 1.18.0 typescript: 5.6.2 -> 5.6.3 tdlib: 1.8.35 -> 1.8.37 hypre: 2.31.0 -> 2.32.0 qemacs: 6.1.1b -> 6.3.2 terramate: add asininemonkey to maintainers terramate: 0.10.6 -> 0.10.7 authentik: use `npm --version` nodePackages.npm: drop python312Packages.libarcus: mark broken It fails to build with Could NOT find SIP (missing: SIP_EXECUTABLE) (found version "4.19.25") even if distutils is added to nativeBuildInputs. libblake3: init at 1.5.4 astro-language-server: 2.14.2 -> 2.15.0 * Diff: https://github.com/withastro/language-tools/compare/%40astrojs/language-server%402.14.2...%40astrojs/language-server%402.15.0 circt: 1.86.0 -> 1.87.0 cloudlog: 2.6.15 -> 2.6.16 openpgl: 0.5.0 -> 0.7.0 delfin: 0.4.6 -> 0.4.7 nethogs: 0.8.7 -> 0.8.8 pnpm: 9.12.0 -> 9.12.1 cpu-x: 5.0.4 -> 5.1.0 cairo-lang: 2.8.2 -> 2.8.4 circom: 2.1.9 -> 2.2.0 papermc: 1.21.1-110 -> 1.21.1-119 protonplus: 0.4.13 -> 0.4.20 curtail: 1.10.0 -> 1.11.0 lilipod: run nixfmt lilipod: fix build python313: 3.13.0.rc3 -> 3.13.0 Changelog: https://docs.python.org/3.13/whatsnew/3.13.html protonmail-bridge: 3.13.0 -> 3.14.0 overskride: 0.6.0 -> 0.6.1 tinymist: 0.11.28 -> 0.11.32 Diff: https://github.com/Myriad-Dreamin/tinymist/compare/refs/tags/v0.11.28...0.11.32 Changelog: https://github.com/Myriad-Dreamin/tinymist/blob/refs/tags/v0.11.32/CHANGELOG.md androidenv: updates for Android API 35 androidenv: add maintainers tor-browser: 13.5.6 -> 13.5.7 Signed-off-by: Sefa Eyeoglu <[email protected]> nvrh: init at 0.1.8 chromium,chromedriver: 129.0.6668.91 -> 129.0.6668.100 https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_8.html This update includes 3 security fixes. CVEs: CVE-2024-9602 CVE-2024-9603 mullvad-browser: 13.5.6 -> 13.5.7 Signed-off-by: Sefa Eyeoglu <[email protected]> faiss: 1.8.0 -> 1.9.0 home-assistant-custom-components.moonraker: 1.3.5 -> 1.3.7 openapi-changes: 0.0.67 -> 0.0.68 Diff: https://github.com/pb33f/openapi-changes/compare/v0.0.67...v0.0.68 Changelog: https://github.com/pb33f/openapi-changes/releases/tag/v0.0.68 switched to `buildGo123Module` temporarily argyllcms: 3.2.0 -> 3.3.0 (#345138) Changes: https://www.argyllcms.com/doc/ChangesSummary.html ci/request-reviews: Don't rerequest users that already reviewed The automation should never rerequest reviews from users that already reviewed the changes, which is what was happening before this change: https://github.com/NixOS/nixpkgs/pull/347354#event-14570645380 Also reorder the arguments to make more sense ci/request-reviews: Request reviews for individual team members This makes this codeowner mechanism behave differently than the native one, but there's no other way to avoid rerequesting reviews from teams when a member already reviewed the PR. nitrokey-storage-firmware: init at 0.57 Co-authored-by: Simon Bruder <[email protected]> Co-authored-by: Abdullah Imad <[email protected]> Co-authored-by: Alberto Merino <[email protected]> Co-authored-by: Enric Morales <[email protected]> Co-authored-by: Jack Leightcap <[email protected]> Co-authored-by: Roland Coeurjoly <[email protected]> nixos/redmine: Apply initial hardening using the systemd unit These options are a good start for sandboxing the service. It's planned to set `ProtectSystem` to `strict` instead of `full`, but that requires specific directories to be configured as writable. It's also planned to filter system calls. However, that requires more testing but it shouldn't prevent us from applying these options for now and add others later. In my tests, Redmine only bound to an IPv4 address and Unix socket, which is why I restricted the address families to these both. The command `systemd-analyze security redmine.service` reports an overall exposure level of 2.9 with this patch. Signed-off-by: Felix Singer <[email protected]> librewolf-unwrapped: 130.0-3 -> 131.0.2-1 Signed-off-by: Sefa Eyeoglu <[email protected]> floorp: add CVE-2024-9680 as a known vulnerability Signed-off-by: Sefa Eyeoglu <[email protected]> librewolf-bin: add CVE-2024-9680 as a known vulnerability Signed-off-by: Sefa Eyeoglu <[email protected]> CODEOWNERS: Switch to alternate mechanism This effectively disables the native GitHub codeowners feature and enables the new alternate codeowners mechanism introduced in https://github.com/NixOS/nixpkgs/pull/336261 This means that: - We can now declare users without write access as code owners! - Targeting the wrong branch won't trigger mass pings anymore! CONTRIBUTING: Remove now-unneeded mass ping section This is not a problem anymore with the parent commit ci/request-reviews: Make wrong base branch message hashes more transparent Also, fix the description of the text .gitattributes: Mark ci/OWNERS as CODEOWNERS waydroid: move to by-name waydroid: nixfmt waydroid: modernise waydroid: set updateScript waydroid: 1.4.2 -> 1.4.3 home-assistant-custom-components.adaptive_lighting: 1.22.0 -> 1.23.0 https://github.com/basnijholt/adaptive-lighting/releases/tag/1.23.0 pebble: fix version info pebble: 2.4.0 -> 2.6.0 uxplay: 1.69 -> 1.70 svt-av1-psy: 2.2.1 -> 2.2.1-A google-chrome: 129.0.6668.89 -> 129.0.6668.100 jasmin-compiler: 2024.07.0 → 2024.07.1 android-studio: fix wayland support android-studio: add forceWayland hyprland: 44.0 -> 44.1 This also fixes the info.json which was missed in the previous update. zed-editor: 0.155.2 -> 0.156.0 Diff: https://github.com/zed-industries/zed/compare/refs/tags/v0.155.2...0.156.0 Changelog: https://github.com/zed-industries/zed/releases/tag/v0.156.0 double-entry-generator: init at 2.7.1 python312Packages.mypy-boto3-elasticache: 1.35.0 -> 1.35.36 python312Packages.mypy-boto3-memorydb: 1.35.0 -> 1.35.36 python312Packages.mypy-boto3-redshift: 1.35.0 -> 1.35.35 python312Packages.aiortm: 0.9.7 -> 0.9.11 Diff: https://github.com/MartinHjelmare/aiortm/compare/refs/tags/v0.9.7...v0.9.11 Changelog: https://github.com/MartinHjelmare/aiortm/blob/v0.9.11/CHANGELOG.md cnspec: 11.24.0 -> 11.25.0 Diff: https://github.com/mondoohq/cnspec/compare/refs/tags/v11.24.0...v11.25.0 Changelog: https://github.com/mondoohq/cnspec/releases/tag/v11.25.0 python312Packages.elkm1-lib: 2.2.8 -> 2.2.10 Diff: https://github.com/gwww/elkm1/compare/refs/tags/2.2.8...2.2.10 Changelog: https://github.com/gwww/elkm1/blob/2.2.10/CHANGELOG.md ldeep: 1.0.69 -> 1.0.70 Diff: https://github.com/franc-pentest/ldeep/compare/refs/tags/1.0.69...1.0.70 Changelog: https://github.com/franc-pentest/ldeep/releases/tag/1.0.70 python312Packages.spotifyaio: init at 0.6.0 Module for interacting with for Spotify https://github.com/joostlek/python-spotify/ python312Packages.tesla-fleet-api: 0.7.8 -> 0.8.4 Diff: https://github.com/Teslemetry/python-tesla-fleet-api/compare/refs/tags/v0.7.8...v0.8.4 Changelog: https://github.com/Teslemetry/python-tesla-fleet-api/releases/tag/v0.8.4 python312Packages.restrictedpython: 7.3 -> 7.4 Changelog: https://github.com/zopefoundation/RestrictedPython/blob/7.4/CHANGES.rst python312Packages.atenpdu: 0.6.2 -> 0.6.3 Changelog: https://github.com/mtdcr/pductl/releases/tag/0.6.3 greenmask: 0.1.14 -> 0.2.0 python312Packages.pyduotecno: 2024.9.0 -> 2024.10.0 nixos/hypridle: make hypridle start with graphical-session.target If we don't add the dependency explicitly, the service won't be pulled in at runtime. Link: https://github.com/NixOS/nixpkgs/pull/340874#issuecomment-2365302744 Closes: https://github.com/NixOS/nixpkgs/issues/347651 nixos/lvm: enable lvm when using systemd in stage 1 initrd Fixes https://github.com/NixOS/nixpkgs/issues/343566 nixos/bcache: enable bcache when using systemd in stage 1 initrd lxgw-wenkai: move to `pkgs/by-name` lxgw-wenkai: 1.330 -> 1.500 lxgw-wenkai: add ryanccn as maintainer schemamap: 0.3.0 -> 0.4.0 home-assistant-custom-lovelace-modules.universal-remote-card: 4.0.6 -> 4.1.0 Diff: https://github.com/Nerwyn/android-tv-card/compare/4.0.6...4.1.0 vscodium: 1.94.0 -> 1.94.1 numbat: 1.12.0 -> 1.13.0 kcl: 0.9.8 -> 0.10.0 nixos/ec2: Fix typo, chown -> chmod nixos/shorewall: Fix typo, chown -> chmod nixos/nebula: Fix typo, chown -> chmod nixos/tmate-ssh-server: Fix typo, chown -> chmod alsa-utils: 1.2.10 -> 1.2.12 scala{,-next}: add meta.mainProgram node-red: 4.0.3 -> 4.0.4 subsurface: 5.0.10 -> 6.0.5231 subsurface changed from tagged releases to nightly builds from which a somewhat stable release is marked as a "weekly release" which is published on subsurface-divelog.org Currently there is no tag on the main repository pointing to the commit that was used to create the nightly build that was finally selected as the "weekly release". Upstream Documentation: - https://github.com/subsurface/subsurface/releases/tag/v4.9.4 - https://github.com/subsurface/nightly-builds/releases - https://subsurface-divelog.org/current-release/ grafanaPlugins.marcusolsson-dynamictext-panel: init at 5.4.0 python3Packages.opentelemetry-instrumentation-redis: init at 0.47b0 Add fnune as maintainer of tmuxPlugins.extrakto freeplane: disable parallel building should fix #346419 nixos/frr: refactor - use upstream service and scripts - switch to integrated-vtysh-config, abandon per-daemon config - use always daemon names in options (e.g. ospf -> ospfd) - zebra, mgmtd and staticd are always enabled - abandon vtyListenAddress, vtyListenPort options; use just "extraOptions" or "options" instead, respectively - extend test to test staticd - update release-notes - pkgs.servers.frr: fix sbindir and remove FHS PATH - introduce services.frr.openFilesLimit option osu-lazer-bin: fix hash ack: use mirror url apt-cacher-ng: use mirror url druid: use mirror url guacamole-client: use mirror url hex-a-hop: use mirror url hunspellDicts.cs-cz: use mirror url jmeter: use mirror url leafnode1: use mirror url libkrunfw: use mirror url libmysqlconnectorcpp: use mirror url lua54Packages.cqueues: use mirror url lucene: use mirror url openctm: use mirror url opentsdb: use mirror url processing: use mirror url psqlodbc: use mirror url qtcreator: use mirror url webalizer: use mirror url ftjam: use mirror url vscod{e,ium}: add url handler startupWMClass lego: 4.17.4 -> 4.19.2 (#347554) codechecker: init at 6.24.0 Signed-off-by: Zebreus <[email protected]> Signed-off-by: Felix Singer <[email protected]> nixos/localtimed: set time.timeZone to null to avoid silent overriding Currently if a timezone was selected explicitly, the service will silently override the value, essentially ignoring what is meant to be a a deliberate choice of option. This may cause confusion as to why the option is not doing anything when this service is enabled, particularly in more complex set-ups after some time. This will simply make the choice deliberate from the user's part, either by having to remove the option or lowering its priority as a recognition that it may be ignored. This change was inspired by the `services.tzupdate` module, which does the same. [1]: <https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/misc/tzupdate.nix#L24> immersed-vr: rename to immersed nixos/programs.immersed-vr: rename to programs.immersed ungoogled-chromium: 129.0.6668.89-1 -> 129.0.6668.100-1 https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_8.html This update includes 3 security fixes. CVEs: CVE-2024-9602 CVE-2024-9603 aaaaxy: 1.5.202 -> 1.5.208 https://github.com/divVerent/aaaaxy/releases/tag/v1.5.208 nixpkgs-review: 2.11.0 -> 2.12.0 Diff: https://github.com/Mic92/nixpkgs-review/compare/refs/tags/2.11.0...2.12.0 Changelog: https://github.com/Mic92/nixpkgs-review/releases/tag/2.12.0 attic-client: 0-unstable-2024-10-04 -> 0-unstable-2024-10-06 (1b29816) https://github.com/zhaofengli/attic/compare/61ebdef2e263c091f24807b07701be5cb8068dea..1b29816235b7573fca7f964709fd201e1a187024 floorp: 11.19.0 -> 11.19.1 Signed-off-by: Sefa Eyeoglu <[email protected]> librewolf-bin: 129.0.2-1 -> 131.0.2-1 Signed-off-by: Sefa Eyeoglu <[email protected]> rtmpdump: fix cross with Clang "clang" is not the correct value for CC when cross compiling — it should be the prefixed, wrapped clang for the host platform. Let's force the use of our original CC in all cases. glab: move to by-name glab: 1.45.0 -> 1.47.0 subversion: 1.14.3 -> 1.14.4 Changes: https://lists.apache.org/thread/glvmq598wv71thrd9vmbm0q5w6n3124w mold: 2.34.0 -> 2.34.1 Changes: https://github.com/rui314/mold/releases/tag/v2.34.1 python3Packages.opentelemetry-instrumentation-celery: init at 0.47b0 terraform-docs: install shell completions (#347637) python312Packages.labelbox: 5.1.0 -> 5.2.1 exo: 0-unstable-2024-10-06 -> 0-unstable-2024-10-09 music-assistant: 2.2.6 -> 2.2.7 https://github.com/music-assistant/server/releases/tag/2.2.7 chrony: move to by-name chrony: run nixfmt-rfc-style chrony: add vifino to maintainers chrony: remove unnecessary dependencies chrony: correct platform list; fix build on darwin chrony: run unit tests; build in parallel chrony: 4.5 -> 4.5.1 ttop: 1.2.8 -> 1.5.2 nixos/pam: add pam_rssh support home-assistant-custom-components.nest_protect: init at 0.3.12 home-assistant-custom-components.miele: 2024.3.0 -> 2024.8.1 https://github.com/astrandb/miele/compare/v2024.3.0...v2024.8.1 python312Packages.beancount-black: 1.0.4 -> 1.0.5 python312Packages.drf-extra-fields: init at 3.7.0 Co-authored-by: OTABI Tomoya <[email protected]> Co-authored-by: Sandro <[email protected]> python312Packages.netbox-documents: init at 0.7.0 Co-authored-by: OTABI Tomoya <[email protected]> Co-authored-by: Sandro <[email protected]> zed-editor: 0.156.0 -> 0.156.1 Diff: https://github.com/zed-industries/zed/compare/refs/tags/v0.156.0...0.156.1 Changelog: https://github.com/zed-industries/zed/releases/tag/v0.156.1 level-zero: 1.17.42 -> 1.17.45 linux_testing: 6.12-rc1 -> 6.12-rc2 linux_6_11: 6.11.2 -> 6.11.3 linux_6_10: 6.10.13 -> 6.10.14 linux_6_6: 6.6.54 -> 6.6.55 linux_latest-libre: 19631 -> 19643 linux_6_6: 6.6.55 -> 6.6.56 deno: 1.46.3 -> 2.0.0 Updates deno to v2. Slight refactor of fetcher code for grabbing librusty_v8. Updated the update scripts to use new Deno v2 interfaces and pull latest toml dependency from jsr rather than the deno.land registry. Added release note. deno_1: init at 1.46.3 Add a pre v2 copy of deno as deno_1 to provide some stability until our next release and until 1.46 is fully abandoned soon. deno_1 is expected to be removed prior to 24.11. Added a release note. python312Packages.plotly: disable checks on darwin, unbreak python312Packages.plotly: deselect 2 tests on linux, unbreak python3.11 python312Packages.tokenizers: 0.20.0 -> 0.20.1 Diff: https://github.com/huggingface/tokenizers/compare/refs/tags/v0.20.0...v0.20.1 Changelog: https://github.com/huggingface/tokenizers/releases/tag/v0.20.1 netdata: 1.47.1 -> 1.47.3 emacsPackages.lsp-bridge: 0-unstable-2024-10-04 -> 0-unstable-2024-10-07 pkgs/top-level/aliases.nix: add clang19Stdenv and clang-tools_19 spirv-llvm-translator: fix building with llvm 19 spirv-llvm-translator: fix formatting llvmPackages_19.libclc: fix building llvmPackages_19.libclc: fix formatting python312Packages.cgal: 5.6.1.post202403291426 -> 6.0.post202410011635 libclc: move from aliases into all-packages biglybt: 3.6.0.0 -> 3.7.0.0 homebox: add passthru.tests homebox: 0.13.0 -> 0.15.2 The new version requires go-1.23+. nixos/fedimintd: make nginx url forwarding path configurable Some users would like to customize it. Also, in current versions of fedimint p2p port in the URL must be set, due to some bug, so update the example value to reflect that. picom: v12.1 -> v12.2 josm: 19207 → 19230 tmuxPlugins.extrakto: unstable-2021-04-04 -> 0-unstable-2024-08-26 The Tmux plugin extrakto has added clipboard support for Wayland via `wl-copy`, so I added the `wl-clipboard` package as a dependency. The way extrakto executes Python scripts has also changed, so I directly changed the shebang of the Python script to the Python3 path to make sure the Python path is correctly set. Apply suggestions from code review that use `patchShebangs` instead of `sed` Co-authored-by: Franz Pletz <[email protected]> fix: fix the updated version from 2024-08-25 to 2024-08-26 Due to the timezone, I misread the upstream commit as 2024-08-26, but it actually is 2024-08-25 python311Packages.flask-simpleldap: init at 2.0.0 wire-desktop: do not force wayland platform in gappsWrapperArgs python312Packages.nox: 2024.04.15 -> 2024.10.09 python312Packages.nox: refactor python3Packages.rns: 0.8.2 -> 0.8.3 Changelog: https://github.com/markqvist/Reticulum/releases/tag/0.8.3 python3Packages.rns: add qbit to maintainers python312Packages.plotly: 5.24.0 -> 5.24.1 wasmtime: 25.0.1 -> 25.0.2 devbox: 0.13.3 -> 0.13.4 https://github.com/jetify-com/devbox/releases/tag/0.13.4 devspace: 6.3.13 -> 6.3.14 jumppad: 0.14.0 -> 0.15.0 python312Packages.conda-package-streaming: 0.10.0 -> 0.11.0 lutgen: 0.11.0 -> 0.11.1 lutgen: 0.11.1 -> 0.11.2 raycast: 1.83.2 -> 1.84.2 Changelog: https://www.raycast.com/changelog/1-84-0 adcskiller: init at 0-unstable-2024-05-19 errands: 46.2.4 -> 46.2.5 makemkv: alphabetize params makemkv: add updateScript We exit early when the versions are the same to avoid unnecessary work in the second `update-source-version` call that has `--ignore-same-version`. That arg is necessary as otherwise it becomes a no-op since the version was updated in the previous `update-source-version` invocation. makemkv: 1.17.7 -> 1.17.8 warp-terminal: 0.2024.09.24.08.02.stable_01 -> 0.2024.10.08.08.02.stable_01 picard-tools: 3.2.0 -> 3.3.0 python312Packages.conda-package-handling: 2.3.0 -> 2.4.0 teamviewer: Update download url It seems the Teamviewer company has changed their download links. python312Packages.xknxproject: 3.8.0 -> 3.8.1 python312Packages.xknxproject: use hashlib instead of cryptography lomiri.mediascanner2: 0.115 -> 0.116 sqldef: 0.17.19 -> 0.17.20 python312Packages.uxsim: 1.6.0 -> 1.7.0 python312Packages.hcloud: 2.2.1 -> 2.3.0 python312Packages.scikit-posthocs: 0.9.0 -> 0.9.1 redis-plus-plus: 1.3.12 -> 1.3.13 python312Packages.yosys: 0.45 -> 0.46 python312Packages.shippinglabel: 2.0.0 -> 2.1.0 python312Packages.ncclient: 0.6.15 -> 0.6.16 prometheus-pgbouncer-exporter: 0.9.0 -> 0.10.0 fh: 0.1.17 -> 0.1.18 dracula-theme: 4.0.0-unstable-2024-09-24 -> 4.0.0-unstable-2024-10-03 bngblaster: 0.9.7 -> 0.9.8 weaviate: 1.26.4 -> 1.26.6 upbound: 0.33.0 -> 0.34.0 protoc-gen-go: 1.34.2 -> 1.35.1 darcs-to-git: 0-unstable-2024-02-20 -> 0-unstable-2024-09-30 ssdfs-utils: 4.45 -> 4.46 chrpath: 0.16 -> 0.17 https://codeberg.org/pere/chrpath/releases/tag/release-0.17 The project moved to Codeberg since Alioth shut down. chrpath: clarify license https://codeberg.org/pere/chrpath/issues/1 local-ai: 2.20.1 -> 2.21.1 jellyfin-media-player: fix build on Darwin - Stop removing web resources (it no longer seems necessary); and - Enable aarch64-darwin nixos/stalwart-mail: fix issue where webadmin interface disappears after some time OWNERS: reference the ACME team directly We can finally stop leaving @m1cr0man out thanks to <https://github.com/NixOS/nixpkgs/pull/347610> 🎉 waveterm: add update script waveterm: 0.8.8 -> 0.8.9 waveterm: 0.8.9 -> 0.8.10 nixos/netboot: Compress squashfs with zstd 19 vscode: 1.94.1 -> 1.94.2 howard-hinnant-date: enable for Windows tex-match: remove Revert "gg-jj: init at 0.20.0" Several confused users have reported that this package does not work at all, and per the discussion in <https://github.com/NixOS/nixpkgs/pull/345905>, the contributor who added it does not appear to have tested its basic functionality at all before opening a pull request. That’s not acceptable; we rely on package maintainers to be able to assess the basic functionality of software and ensuring that a program can even start up before opening a pull request to package it is basic due diligence. It’s harmful to have a package that doesn’t work and lacks a maintainer who can assess whether it works or not, so we should remove it until both of those can be addressed. This reverts commit 5eb022fdb22e90467d05e9ce880c0f9f096c08aa. maintainers: add miampf azure-cli-extensions.confcom: init at 1.0.0 slack: 4.39.95 -> 4.40.128 https://slack.com/release-notes/linux coercer: modernize baddns: init at 1.1.869 Tool to check subdomains for subdomain takeovers and other DNS issues https://github.com/blacklanternsecurity/baddns/ doc: fix typo Revert "wgpu: init at 22.1.0" This package was added in <https://github.com/NixOS/nixpkgs/pull/345248> to address <https://github.com/NixOS/nixpkgs/issues/344689>, a request for a package of wgpu-native, wgpu’s native WebGPU implementation that other applications can use as a library. However, it doesn’t package that at all; instead, it contains only several binary utility and example programs shipped as part of wgpu, and in fact, these were already present as the more appropriately‐named `wgpu-utils` package, which needs only an update. Given that this package was added without the due diligence to check whether the software being packaged was what was being requested, or whether it was already present under an obvious name, I don’t think there’s an argument for retaining this duplicate. `wgpu-utils` can be updated and refactored to be on par with this package, and if the library that was actually requested is ever packaged, it should be called `wgpu-native` instead. This reverts commit 27e304c09e479c3ba328c22d58fb7c5a7dd00038. linuxPackages_latest.prl-tools: fix regex used in updater script to comply with latest webpage linuxPackages_latest.prl-tools: 20.0.1-55659 -> 20.1.0-55732 element-desktop: add commandLineArgs (#345453) {qbittorrent, qbittorrent-nox}: add mainProgram topgrade: 16.0.0 -> 16.0.1 https://github.com/topgrade-rs/topgrade/releases/tag/v16.0.1 python3Packages.txtai: 7.3.0 -> 7.4.0 faiss, python312Packages.faiss: remove useless wheel from build-system python312Packages.faiss: patch use of deprecated numpy.distutils dracula-icon-theme: unstable-2021-07-21 -> unstable-2024-05-26 nvrh: 0.1.8 -> 0.1.9 Diff: https://github.com/mikew/nvrh/compare/refs/tags/v0.1.8...v0.1.9 Changelog: https://github.com/mikew/nvrh/blob/refs/tags/v0.1.9/CHANGELOG.md croc: 10.0.11 -> 10.0.13 croc: remove inactive maintainer; nixos/tests/croc: match maintainer with package nixos/tests/croc: fix --pass argument and code passing bcachefs-tools: 1.11.0 -> 1.13.0 zegrapher: migrate to by-name zegrapher: refactor - nixfmt-rfc-style - no nested with - finalAttrs - strictDeps nix-eval-jobs: 2.24.0 -> 2.24.1 python312Packages.model-bakery: 1.19.5 -> 1.20.0 python312Packages.pylacus: 1.10.0 -> 1.11.1 bitcoin: 27.1 -> 28.0 The miniupnpc 2.2.8 patch is dropped as it was included in Bitcoin Core 28.0. svt-av1-psy: 2.2.1-A -> 2.2.1-B python312Packages.torchmetrics: 1.4.2 -> 1.4.3 Diff: https://github.com/Lightning-AI/torchmetrics/compare/refs/tags/v1.4.2...v1.4.3 Changelog: https://github.com/Lightning-AI/torchmetrics/releases/tag/v1.4.3 python312Packages.plumbum: 1.8.3 -> 1.9.0 Diff: https://github.com/tomerfiliba/plumbum/compare/refs/tags/v1.8.3...v1.9.0 Changelog: https://github.com/tomerfiliba/plumbum/releases/tag/v1.9.0 trivy: 0.56.1 -> 0.56.2 Diff: https://github.com/aquasecurity/trivy/compare/refs/tags/v0.56.1...v0.56.2 Changelog: https://github.com/aquasecurity/trivy/releases/tag/v0.56.2 trufflehog: 3.82.6 -> 3.82.8 Diff: https://github.com/trufflesecurity/trufflehog/compare/refs/tags/v3.82.6...v3.82.8 Changelog: https://github.com/trufflesecurity/trufflehog/releases/tag/v3.82.8 sqlfluff: 3.2.0 -> 3.2.3 Diff: https://github.com/sqlfluff/sqlfluff/compare/refs/tags/3.2.0...3.2.3 Changelog: https://github.com/sqlfluff/sqlfluff/blob/3.2.3/CHANGELOG.md noto-fonts-color-emoji: 2.042 -> 2.047 nixos/gerrit: Apply initial hardening using the systemd unit These options are a good start for sandboxing the service. It's planned to set `ProtectSystem` to `strict` instead of `full`, but that requires specific directories to be configured as writable. It's also planned to filter system calls. However, that requires more testing but it shouldn't prevent us from applying these options for now and add others later. Signed-off-by: Felix Singer <[email protected]> liboqs: 0.10.1 -> 0.11.0 oqs-provider: 0.6.1 -> 0.7.0 ytdownloader: 3.18.2 -> 3.18.3 vscodium: 1.94.1 -> 1.94.2 python312Packages.sentence-transformers: 3.1.1 -> 3.2.0 Diff: https://github.com/UKPLab/sentence-transformers/compare/refs/tags/v3.1.1...v3.2.0 Changelog: https://github.com/UKPLab/sentence-transformers/releases/tag/3.2.0 p2pool: 4.1 -> 4.1.1 python312Packages.unstructured: 0.15.13 -> 0.15.14 open-vm-tools: 12.4.5 -> 12.5.0 remove patch from go-task build file formats.ini: disable merging as list by default Previously, setting listsAsDuplicateKeys or listToValue would make it so merging these treat all values as lists, by coercing non-lists via lib.singleton. Some programs (such as gamemode; see #345121), allow some values to be repeated but not others, which can lead to unexpected behavior when non-list values are merged like this rather than throwing an error. This now makes that behavior opt-in via the mergeAsList option. Setting mergeAsList (to either true or false) without setting either listsAsDuplicateKeys or listToValue is an error, since lists are meaningless in this case. grafana: 11.2.1 -> 11.2.2 palemoon-bin: 33.3.1 -> 33.4.0 palemoon-bin: 33.4.0 -> 33.4.0.1 bakelite: unstable-2022-02-12 -> unstable-2023-03-30 Revert "kops: 1.29.2 -> 1.30.1 (#344817)" This reverts commit cb710f366bd5f1dd369e112615c4f00ee2a636d5. python312Packages.spark-parser: 1.8.9 -> 1.9.0 apko: fix go tests apko: add emilylange as maintainer apko: 0.14.1 -> 0.19.1 https://github.com/chainguard-dev/apko/releases/tag/v0.19.1 https://github.com/chainguard-dev/apko/releases/tag/v0.19.0 https://github.com/chainguard-dev/apko/releases/tag/v0.18.1 https://github.com/chainguard-dev/apko/releases/tag/v0.18.0 https://github.com/chainguard-dev/apko/releases/tag/v0.17.0 https://github.com/chainguard-dev/apko/releases/tag/v0.16.0 https://github.com/chainguard-dev/apko/releases/tag/v0.15.0 https://github.com/chainguard-dev/apko/releases/tag/v0.14.9 https://github.com/chainguard-dev/apko/releases/tag/v0.14.8 https://github.com/chainguard-dev/apko/releases/tag/v0.14.7 https://github.com/chainguard-dev/apko/releases/tag/v0.14.6 https://github.com/chainguard-dev/apko/releases/tag/v0.14.5 https://github.com/chainguard-dev/apko/releases/tag/v0.14.4 https://github.com/chainguard-dev/apko/releases/tag/v0.14.3 https://github.com/chainguard-dev/apko/releases/tag/v0.14.2 diff: https://github.com/chainguard-dev/apko/compare/v0.14.1...v0.19.1 coeurl: 0.3.0 -> 0.3.1 coeurl: move to by-name and reformat nheko: add rnhmjoj as maintainer mtxclient: add rnhmjoj as maintainer mtxclient: move to by-name and reformat nheko: move to by-name and reformat nixos/systemd-boot: autoformat nixos/systemd-boot: add edk2-uefi-shell boot option We already have a edk2-uefi-shell package in nixpkgs, but adding it to systemd-boot was somewhat tedious. Now it's a single line of nix. nixos/systemd-boot: add windows option for easy dual-booting When installing NixOS on a machine with Windows, the "easiest" solution to dual-boot is re-using the existing EFI System Partition (ESP), which allows systemd-boot to detect Windows automatically. However, if there are multiple ESPs, maybe even on multiple disks, systemd-boot is unable to detect the other OSes, and you either have to use Grub and os-prober, or do a tedious manual configuration as described in the wiki: https://wiki.nixos.org/w/index.php?title=Dual_Booting_NixOS_and_Windows&redirect=no#EFI_with_multiple_disks This commit automates and documents this properly so only a single line like boot.loader.systemd-boot.windows."10".efiDeviceHandle = "HD0c2"; is required. In the future, we might want to try automatically detecting this during installation, but finding the correct device handle while the kernel is running is tricky. firefox-beta-bin-unwrapped: 131.0b9 -> 132.0b6 firefox-devedition-bin-unwrapped: 131.0b9 -> 132.0b6 wakapi: set StateDirectory fix #347393 hyprlandPlugins.hy3: 0.43.0 -> 0.44.0 hyprlandPlugins.hypr-dynamic-cursors: 0-unstable-2024-08-01 -> 0-unstable-2024-10-10 hyprlandPlugins.hyprgrass: 0.8.1 -> 0.8.2 hyprlandPlugins/hyprland-plugins: 0.43.0 -> 0.44.0 hyprlandPlugins.hyprscroller: 0-unstable-2024-09-06 -> 0-unstable-2024-10-10 hyprlandPlugins.hyprspace: 0-unstable-2024-08-21 -> 0-unstable-2024-09-16 hyprlandPlugins.hyprsplit: 0.43.0 -> 0.44.1 python312Packages.autobahn: Remove optional `xbr` dependencies python312Packages.hkdf: drop i2pd: 2.52.0 -> 2.54.0 spotube: 3.8.2 -> 3.8.3 figma-linux: 0.11.4 -> 0.11.5 https://github.com/Figma-Linux/figma-linux/releases/tag/v0.11.5 ergo: 5.0.22 -> 5.0.23 libirecovery: 1.2.0 -> 1.2.1 lxgw-wenkai-screen: 1.330 -> 1.501 python312Packages.opower: 0.8.2 -> 0.8.3 Diff: https://github.com/tronikos/opower/compare/refs/tags/v0.8.2...v0.8.3 Changelog: https://github.com/tronikos/opower/releases/tag/v0.8.3 python312Packages.aioautomower: 2024.9.3 -> 2024.10.0 Diff: https://github.com/Thomas55555/aioautomower/compare/refs/tags/2024.9.3...2024.10.0 Changelog: https://github.com/Thomas55555/aioautomower/releases/tag/2024.10.0 python312Packages.inotify: drop nose dependency python312Packages.inotify: modernize python312Packages.mitogen: 0.3.12 -> 0.3.13 Diff: https://github.com/mitogen-hq/mitogen/compare/refs/tags/v0.3.12...v0.3.13 Changelog: https://github.com/mitogen-hq/mitogen/blob/v0.3.13/docs/changelog.rst vimPlugins.telescope-git-conflicts-nvim: init at 2024-01-14 python312Packages.propcache: 0.1.0 -> 0.2.0 Diff: https://github.com/aio-libs/propcache/compare/refs/tags/v0.1.0...v0.2.0 Changelog: https://github.com/aio-libs/propcache/blob/refs/tags/v0.2.0/CHANGES.rst python312Packages.lxml-html-clean: 0.2.2 -> 0.3.1 Diff: https://github.com/fedora-python/lxml_html_clean/compare/refs/tags/0.2.2...0.3.1 Changelog: https://github.com/fedora-python/lxml_html_clean/blob/0.3.1/CHANGES.rst python312Packages.dissect-cstruct: 4.1 -> 4.2 xmake-core-sv: remove kubernetes-controller-tools: 0.16.3 -> 0.16.4 cargo-component: 0.16.0 -> 0.17.0 temporal: 1.25.0 -> 1.25.1 phrase-cli: 2.32.0 -> 2.33.1 python312Packages.playwrightcapture: 1.26.0 -> 1.26.1 alt-tab-macos: 6.71.0 -> 6.73.0 Changelog: https://github.com/lwouis/alt-tab-macos/releases/tag/v6.73.0 Diff: https://github.com/lwouis/alt-tab-macos/compare/v6.71.0...v6.73.0 dropbox: add libGL to the FHS environment dropbox v209 has stopped shipping libGL.so, which causes a crash on startup if it's missing and $DISPLAY is set. frostwire: 6.9.8 -> 6.13.3 https://github.com/frostwire/frostwire/releases/tag/frostwire-desktop-6.13.3-build-322 ci/request-reviews: Fix for branches starting with "pr" Turns out if :<something> is passed, a local branch is updated, which can conflict if the PR branch starts with "pr". I tried to avoid that with the original code but apparently that didn't work! https://github.com/NixOS/nixpkgs/actions/runs/11284183639/job/31384967152?pr=347822 Fetching the PR commit history From https://github.com/linj-fork/nixpkgs * [new branch] pr/kanata-add-version-check -> fork/pr error: cannot lock ref 'refs/remotes/fork/pr/kanata-add-version-check': 'refs/remotes/fork/pr' exists; cannot create 'refs/remotes/fork/pr/kanata-add-version-check' ! [new branch] pr/kanata-add-version-check -> fork/pr/kanata-add-version-check (unable to update local ref) error: some local refs could not be updated; try running thunderbird-bin: 128.2.3esr -> 128.3.1esr gerrit: 3.10.1 -> 3.10.2 https://www.gerritcodereview.com/3.10.html#3102 Signed-off-by: Felix Singer <[email protected]> mihomo-party: init at 1.4.5 cgal: propagate correct package to Python packages cgal was shadowed by the corresponding Python package after #344966 nixos/gamemode: use listsAsDuplicateKeys for settings This allows settings multiple scripts in `.custom.start` and `.custom.end`, as Gamemode reads them back out into a list. This is slightly annoying, as *any* duplicate keys will appear multiple times, while gamemode will only accept the last one for most keys (clobbering previous ones). Ideally, it would be possible to only enable `listsAsDuplicateKeys` for scripts, but this does not seem to be possible in `pkgs.formats.ini`. cpplint: move to by-name cpplint: format cpplint: 1.7.0 -> 2.0.0 Diff: https://github.com/cpplint/cpplint/compare/8f62396aff6dc850415cbe5ed7edf9dc95f4a731...2.0.0 Changelog: https://github.com/cpplint/cpplint/releases/tag/2.0.0 rPackages.sf: fix build on darwin rPackages.terra: fix build on darwin rPackages.vapour: fix build on darwin qdiskinfo: add themes qdiskinfo: refactor themes legcord: init at 1.0.0 https://github.com/Legcord/Legcord/releases/tag/v1.0.0 armcord: remove, add throw with migration details https://github.com/Legcord/Legcord/releases/tag/v1.0.0 ci/request-reviews: fix headRef to point to the PR head Previously, headRef points to the master branch of Nixpkgs, which basically means no code owner review will be requested. The problem can be verified using the following command. $ DRY_MODE=1 ./ci/request-reviews/request-reviews.sh NixOS/nixpkgs 347973 ci/OWNERS [...] This PR touches 0 files Requesting reviews from: { "reviewers": [] } [...] Additionally, the comment about conflicts is removed thanks to the unambiguous way of specifying ref. protonvpn-gui_legacy: deprecate application The source code for this project was removed a while ago and there is no method to build this from scratch anymore. The erase decission was probably done by the Proton developers as they are currently focussing all efforts on the protonvpn-gui app. alire: 2.0.1 -> 2.0.2 kanata: add a version check using versionCheckHook python312Packages.pyfaidx: 0.8.1.2 -> 0.8.1.3 tailscale: 1.74.1 -> 1.76.0 Diff: https://github.com/tailscale/tailscale/compare/v1.74.1...v1.76.0 Changelog: https://github.com/tailscale/tailscale/releases/tag/v1.76.0 Signed-off-by: Muhammad Falak R Wani <[email protected]> lls: 0.2.0 -> 0.3.0 lls: add self as maintainer buildDartApplication: include dart SDK builder by default flutter326: init at 3.26.0-0.1pre maintainers/team-list: add AndersonTorres and linj to emacs team OWNERS: reference the Emacs team for Emacs stuff OWNERS: make the Emacs team own Emacs docs ci/request-reviews: Avoid duplicates with different casings It's possible to have different casings in OWNERS, so we need to handle that ao: move to aliases python312Packages.aioautomower: 2024.9.3 -> 2024.10.0 https://github.com/Thomas55555/aioautomower/releases/tag/2024.10.0 python312Packages.ayla-iot-unofficial: 1.4.1 -> 1.4.2 https://github.com/rewardone/ayla-iot-unofficial/releases/tag/v1.4.2 python312Packages.opower: 0.8.2 -> 0.8.3 https://github.com/tronikos/opower/releases/tag/v0.8.3 python312Packages.pysmlight: 0.1.2 -> 0.1.3 https://github.com/smlight-tech/pysmlight/releases/tag/v0.1.3 python312Packages.python-kasa: 0.7.4 -> 0.7.5 https://github.com/python-kasa/python-kasa/blob/0.7.5/CHANGELOG.md python312Packages.python-linkplay: 0.0.14 -> 0.0.15 https://github.com/Velleman/python-linkplay/releases/tag/v0.0.15 python312Packages.pytouchlinesl: 0.1.7 -> 0.1.8 https://github.com/jnsgruk/pytouchlinesl/releases/tag/0.1.8 home-assistant: 2024.10.1 -> 2024.10.2 https://github.com/home-assistant/core/releases/tag/2024.10.2 home-assistant.python.pkgs.pytest-homeassistant-custom-component: 0.13.154 -> 0.13.172 https://github.com/MatthewFlamm/pytest-homeassistant-custom-component/blob/refs/tags/0.13.172/CHANGELOG.md home-assistant-custom-components.mass: 2024.8.1 -> 2024.9.1 python312Packages.homeassistant-stubs: 2024.10.1 -> 2024.10.2 https://github.com/KapJI/homeassistant-stubs/releases/tag/2024.10.2 welle-io: 2.4 -> 2.5 welle-io: apply nixfmt welle-io: remove nested "with lib" in meta. python312Packages.python-jsonrpc-server: refactor burpsuite: 2024.8.2 -> 2024.8.4 python312Packages.python-kasa: 0.7.4 -> 0.7.5 Diff: https://github.com/python-kasa/python-kasa/compare/refs/tags/0.7.4...0.7.5 Changelog: https://github.com/python-kasa/python-kasa/blob/0.7.5/CHANGELOG.md metasploit: 6.4.29 -> 6.4.30 python312Packages.asn1tools: 0.166.0 -> 0.167.0 Diff: https://github.com/eerimoq/asn1tools/compare/refs/tags/0.166.0...0.167.0 Changelog: https://github.com/eerimoq/asn1tools/releases/tag/0.167.0 python312Packages.asn1tools: refactor python312Packages.dissect-cstruct: 4.1 -> 4.2 Diff: https://github.com/fox-it/dissect.cstruct/compare/refs/tags/4.1...4.2 Changelog: https://github.com/fox-it/dissect.cstruct/releases/tag/4.2 python312Packages.dissect-cobaltstrike: 1.0.0 -> 1.2.0 Diff: https://github.com/fox-it/dissect.cobaltstrike/compare/refs/tags/v1.0.0...v1.2.0 Changelog: https://github.com/fox-it/dissect.cobaltstrike/releases/tag/1.2.0 python312Packages.dvc-task: 0.40.1 -> 0.40.2 Diff: https://github.com/iterative/dvc-task/compare/refs/tags/0.40.1...0.40.2 Changelog: https://github.com/iterative/dvc-task/releases/tag/0.40.2 python312Packages.pylitejet: init at 0.3.0 Library for interfacing with the LiteJet lighting system https://github.com/joncar/pylitejet home-assistant: update component-packages python312Packages.pylitejet: 0.3.0 -> 0.6.3 Diff: https://github.com/joncar/pylitejet/compare/refs/tags/v0.3.0...v0.6.3 Changelog: https://github.com/joncar/pylitejet/releases/tag/v0.6.3 aider-chat: 0.57.0 -> 0.59.0 https://github.com/Aider-AI/aider/releases/tag/v0.59.0 webkitgtk: refactor top-level to deprecate default ABI version treewide: replace webkitgtk to webkitgtk_4_0 sed -i 's/ webkitgtk\b/ webkitgtk_4_0/g' pkgs/**.nix sed -i 's/(webkitgtk\b/(webkitgtk_4_0/g' pkgs/**.nix sed -i 's/\.webkitgtk\b/.webkitgtk_4_0/g' pkgs/**.nix webkitgtk is currently pointing to that specific ABI version but the alias is going to start warning webkitgtk: move webkitgtk to aliases with a warning cachix: 1.7.4 -> 1.7.5 python312Packages.pynmeagps: 1.0.42 -> 1.0.43 python312Packages.reflex: 0.6.1 -> 0.6.2 Changelog: https://github.com/reflex-dev/reflex/releases/tag/v0.6.2 python312Packages.reflex: 0.6.2 -> 0.6.2.post1 Diff: https://github.com/reflex-dev/reflex/compare/refs/tags/v0.6.2...v0.6.2.post1 Changelog: https://github.com/reflex-dev/reflex/releases/tag/v0.6.2.post1 arti: 1.2.7 -> 1.2.8 Update the package to the latest version. Remove from skipped 1 test that was fixed. terraform-providers.deno: init at 0.1.0 telegraf: 1.32.0 -> 1.32.1 Diff: https://github.com/influxdata/telegraf/compare/v1.32.0...v1.32.1 Changelog: https://github.com/influxdata/telegraf/blob/v1.32.1/CHANGELOG.md panoply: 5.5.2 -> 5.5.3 nextjs-ollama-llm-ui: 1.0.1 -> 1.1.0 nextjs-ollama-llm-ui: fix nextjs cache dir (#344316) nixos/automatic-timezoned: set time.timeZone to null to avoid silent overriding Currently if a timezone was selected explicitly, the service will silently override the value, essentially ignoring what is meant to be a a deliberate choice of option. This may cause confusion as to why the option is not doing anything when this service is enabled, particularly in more complex set-ups after some time. This will simply make the choice deliberate from the user's part, either by having to remove the option or lowering its priority as a recognition that it may be ignored. This change was inspired by the `services.tzupdate` module, which does the same. [1]: <https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/misc/tzupdate.nix#L24> cheat: fix zsh completion weechatScripts.wee-slack: 2.10.2 -> 2.11.0 The can now drop the fetchpatch, as that fix landed in 2.11.0. userborn: add meta.changelog userborn: platforms.linux -> platform.unix userborn: 0.2.0 -> 0.3.0 nfs-ganesha: build man pages nfs-ganesha: apply nixfmt, src.sha256 -> hash kmod-blacklist-ubuntu: 30+20230519-1ubuntu3 -> 31+20240202-2ubuntu8 osu-lazer-bin: fix hash for the second time gogs: remove Upstream development has stalled and several critical vulnerabilities that weren't addressed within a year[1][2]. Back then it was fair to mark it as insecure, but given nothing has happened since, it's time to remove it. [1] https://forgejo.org/2023-11-release-v1-20-5-1/ [2] https://github.com/gogs/gogs/is…
Description of changes
sha-to-sri.py
's heuristics to avoid autogeneratedgemset.nix
filespkgs/by-name
usingsha-to-sri.py
A couple packages had to be excluded and would need manual intervention. See the commit message for repro instructions.
cargo-profiler
,corefonts
,fluxcd
,solana-cli
.This isn't nearly treewide, but
pkgs/by-name
seemed like a decent cross-section of nixpkgs for testing how robustsha-to-sri.py
is (and shoring up its limitations) while remaining small-enough to triage the issues by hand.Things done
nix.conf
? (See Nix manual)sandbox = relaxed
(useddarwin-build-box.nix-community.org
to re-eval nixpkgs)nixpkgs-review
Add a 👍 reaction to pull requests you find important.