Merge staging-next into staging

nixos/doc/manual/md-to-db.sh

@@ -6,7 +6,7 @@
 # into DocBook files in the from_md folder.
 
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
-pushd $DIR
+pushd "$DIR"
 
 # NOTE: Keep in sync with Nixpkgs manual (/doc/Makefile).
 # TODO: Remove raw-attribute when we can get rid of DocBook altogether.
@@ -29,7 +29,7 @@ mapfile -t MD_FILES < <(find . -type f -regex '.*\.md$')
 
 for mf in ${MD_FILES[*]}; do
   if [ "${mf: -11}" == ".section.md" ]; then
-    mkdir -p $(dirname "$OUT/$mf")
+    mkdir -p "$(dirname "$OUT/$mf")"
     OUTFILE="$OUT/${mf%".section.md"}.section.xml"
     pandoc "$mf" "${pandoc_flags[@]}" \
       -o "$OUTFILE"
@@ -37,7 +37,7 @@ for mf in ${MD_FILES[*]}; do
   fi
 
   if [ "${mf: -11}" == ".chapter.md" ]; then
-    mkdir -p $(dirname "$OUT/$mf")
+    mkdir -p "$(dirname "$OUT/$mf")"
     OUTFILE="$OUT/${mf%".chapter.md"}.chapter.xml"
     pandoc "$mf" "${pandoc_flags[@]}" \
       --top-level-division=chapter \

pkgs/applications/audio/mopidy/youtube.nix

@@ -1,29 +1,56 @@
-{ lib, python3Packages, mopidy }:
+{ lib
+, fetchFromGitHub
+, python3
+, mopidy
+}:
 
-python3Packages.buildPythonApplication rec {
+python3.pkgs.buildPythonApplication rec {
   pname = "mopidy-youtube";
   version = "3.4";
 
-  src = python3Packages.fetchPypi {
-    inherit version;
-    pname = "Mopidy-YouTube";
-    sha256 = "sha256-996MNByMcKq1woDGK6jsmAHS9TOoBrwSGgPmcShvTRw=";
+  disabled = python3.pythonOlder "3.7";
+
+  src = fetchFromGitHub {
+    owner = "natumbri";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "0lm6nn926qkrwzvj64yracdixfrnv5zk243msjskrnlzkhgk01rk";
   };
 
-  postPatch = "sed s/bs4/beautifulsoup4/ -i setup.cfg";
-
-  propagatedBuildInputs = with python3Packages; [
+  propagatedBuildInputs = with python3.pkgs; [
     beautifulsoup4
     cachetools
+    pykka
+    requests
     youtube-dl
     ytmusicapi
-  ] ++ [ mopidy ];
+  ] ++ [
+    mopidy
+  ];
 
-  doCheck = false;
+  checkInputs = with python3.pkgs; [
+    vcrpy
+    pytestCheckHook
+  ];
+
+  disabledTests = [
+    # Test requires a YouTube API key
+    "test_get_default_config"
+  ];
+
+  disabledTestPaths = [
+    # Fails with an import error
+    "tests/test_backend.py"
+  ];
+
+  pythonImportsCheck = [
+    "mopidy_youtube"
+  ];
 
   meta = with lib; {
     description = "Mopidy extension for playing music from YouTube";
+    homepage = "https://github.com/natumbri/mopidy-youtube";
     license = licenses.asl20;
-    maintainers = [ maintainers.spwhitt ];
+    maintainers = with maintainers; [ spwhitt ];
   };
 }

pkgs/applications/blockchains/btcpayserver/default.nix

@@ -15,13 +15,13 @@ in
 
 stdenv.mkDerivation rec {
   pname = "btcpayserver";
-  version = "1.2.3";
+  version = "1.2.4";
 
   src = fetchFromGitHub {
     owner = pname;
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-6ktlnbYb+pOXwl52QmnqDsPlXaiF1ghjQg1yfznulqo=";
+    sha256 = "sha256-vjNJ08twsJ036TTFF6srOGshDpP7ZwWCGN0XjrtFT/g=";
   };
 
   nativeBuildInputs = [ dotnetSdk dotnetPackages.Nuget makeWrapper ];

pkgs/applications/blockchains/nbxplorer/default.nix

@@ -15,13 +15,13 @@ in
 
 stdenv.mkDerivation rec {
   pname = "nbxplorer";
-  version = "2.2.5";
+  version = "2.2.11";
 
   src = fetchFromGitHub {
     owner = "dgarage";
     repo = "NBXplorer";
     rev = "v${version}";
-    sha256 = "sha256-EWT/1fQpqEyKBEDHvmguHV/8s30DxweYswy0QvMDzcQ=";
+    sha256 = "sha256-ZDqzkANGMdvv3e5gWCYcacUYKLJRquXRHLr8RAzT9hY=";
   };
 
   nativeBuildInputs = [ dotnetSdk dotnetPackages.Nuget makeWrapper ];

pkgs/applications/blockchains/nbxplorer/deps.nix

@@ -1,8 +1,8 @@
 { fetchNuGet }: [
   (fetchNuGet {
     name = "DBTrie";
-    version = "1.0.38";
-    sha256 = "09n9f2j0pha2np9cpbgjfs19jwvfmrglws89izarq71gl8jia6d9";
+    version = "1.0.39";
+    sha256 = "0kbvl3kf73hrh1w2n3d2wshlxpqsv1pwydhwv2wxigmvs70fn1xp";
   })
   (fetchNuGet {
     name = "Microsoft.AspNetCore.JsonPatch";
@@ -181,23 +181,18 @@
   })
   (fetchNuGet {
     name = "NBitcoin.Altcoins";
-    version = "3.0.4";
-    sha256 = "03aia31sznw81jjr9k6dkwgvm9dc38fgp1z8y5i45vlkf5fp89pb";
+    version = "3.0.7";
+    sha256 = "0nrkdbsc4k9fd4588axnkfa9gmif9b59wxw8fnmpg0nf4x8scm4n";
   })
   (fetchNuGet {
     name = "NBitcoin.TestFramework";
-    version = "3.0.3";
-    sha256 = "1j3ajj4jrwqzlhzhkg7vicwab0aq2y50x53rindd8cq09jxvzk62";
+    version = "3.0.5";
+    sha256 = "09cgjzbkxvsi65qzns0ignp0x89z630vqacsgwj3b1h30dycwqdr";
   })
   (fetchNuGet {
     name = "NBitcoin";
-    version = "6.0.6";
-    sha256 = "1kf2rjrnh97zlh00affsv95f94bwgr2h7b00njqac4qgv9cac7sa";
-  })
-  (fetchNuGet {
-    name = "NBitcoin";
-    version = "6.0.8";
-    sha256 = "1f90zyrd35fzx0vgvd83jhd6hczd4037h2k198xiyxj04l4m3wm5";
+    version = "6.0.10";
+    sha256 = "00m0j74pqyjqal1wc28j6734rfd9zd7ajqb1p3fsdpqr16kfg56s";
   })
   (fetchNuGet {
     name = "NETStandard.Library";

pkgs/build-support/release/debian-build.nix

@@ -3,7 +3,7 @@
 
 { name ? "debian-build"
 , diskImage
-, src, stdenv, vmTools, checkinstall
+, src, lib, stdenv, vmTools, checkinstall
 , fsTranslation ? false
 , # Features provided by this package.
   debProvides ? []

pkgs/data/themes/marwaita/default.nix

@@ -9,13 +9,13 @@
 
 stdenv.mkDerivation rec {
   pname = "marwaita";
-  version = "10.3";
+  version = "11.1";
 
   src = fetchFromGitHub {
     owner = "darkomarko42";
     repo = pname;
     rev = version;
-    sha256 = "0v9sxjy4x03y3hcgbkn9lj010kd5csiyc019dwxzvx5kg8xh8qca";
+    sha256 = "0jzjrx21i9bny4117nlwkrvjc4cg2w6r42ra66hxzaazcs9hvny2";
   };
 
   buildInputs = [

pkgs/development/libraries/opendht/default.nix

@@ -1,6 +1,22 @@
-{ lib, stdenv, fetchFromGitHub, darwin
-, cmake, pkg-config
-, asio, nettle, gnutls, msgpack, readline, libargon2
+{ lib
+, stdenv
+, fetchFromGitHub
+, Security
+, cmake
+, pkg-config
+, asio
+, nettle
+, gnutls
+, msgpack
+, readline
+, libargon2
+, jsoncpp
+, restinio
+, http-parser
+, openssl
+, fmt
+, enableProxyServerAndClient ? false
+, enablePushNotifications ? false
 }:
 
 stdenv.mkDerivation rec {
@@ -14,29 +30,42 @@ stdenv.mkDerivation rec {
     sha256 = "sha256-Os5PRYTZMVekQrbwNODWsHANTx6RSC5vzGJ5JoYtvtE=";
   };
 
-  nativeBuildInputs =
-    [ cmake
-      pkg-config
-    ];
+  nativeBuildInputs = [
+    cmake
+    pkg-config
+  ];
 
-  buildInputs =
-    [ asio
-      nettle
-      gnutls
-      msgpack
-      readline
-      libargon2
-    ] ++ lib.optionals stdenv.isDarwin [
-      darwin.apple_sdk.frameworks.Security
-    ];
+  buildInputs = [
+    asio
+    nettle
+    gnutls
+    msgpack
+    readline
+    libargon2
+  ] ++ lib.optionals enableProxyServerAndClient [
+    jsoncpp
+    restinio
+    http-parser
+    openssl
+    fmt
+  ] ++ lib.optionals stdenv.isDarwin [
+    Security
+  ];
+
+  cmakeFlags = lib.optionals enableProxyServerAndClient [
+    "-DOPENDHT_PROXY_SERVER=ON"
+    "-DOPENDHT_PROXY_CLIENT=ON"
+  ] ++ lib.optionals enablePushNotifications [
+    "-DOPENDHT_PUSH_NOTIFICATIONS=ON"
+  ];
 
   outputs = [ "out" "lib" "dev" "man" ];
 
   meta = with lib; {
     description = "A C++11 Kademlia distributed hash table implementation";
-    homepage    = "https://github.com/savoirfairelinux/opendht";
-    license     = licenses.gpl3Plus;
+    homepage = "https://github.com/savoirfairelinux/opendht";
+    license = licenses.gpl3Plus;
     maintainers = with maintainers; [ taeer olynch thoughtpolice ];
-    platforms   = platforms.unix;
+    platforms = platforms.unix;
   };
 }

pkgs/development/python-modules/apache-airflow/default.nix

@@ -64,13 +64,13 @@
 }:
 let
 
-  version = "2.1.2";
+  version = "2.1.4";
 
   airflow-src = fetchFromGitHub rec {
     owner = "apache";
     repo = "airflow";
     rev = version;
-    sha256 = "sha256-Q0l2c1tuxcoE65zgdxnv/j1TIoQzaNoEFCYHvqN+Bzk=";
+    sha256 = "12nxjaz4afkq30s42x3rbsci8jiw2k5zjngsc8i190fasbacbnbs";
   };
 
   # airflow bundles a web interface, which is built using webpack by an undocumented shell script in airflow's source tree.
@@ -193,7 +193,9 @@ buildPythonPackage rec {
       --replace "sqlalchemy>=1.3.18, <1.4" "sqlalchemy" \
       --replace "sqlalchemy_jsonfield~=1.0" "sqlalchemy-jsonfield" \
       --replace "werkzeug~=1.0, >=1.0.1" "werkzeug" \
-      --replace "itsdangerous>=1.1.0, <2.0" "itsdangerous"
+      --replace "itsdangerous>=1.1.0, <2.0" "itsdangerous" \
+      --replace "python-slugify>=3.0.0,<5.0" "python-slugify" \
+      --replace "colorlog>=4.0.2, <6.0" "colorlog"
 
     substituteInPlace tests/core/test_core.py \
       --replace "/bin/bash" "${stdenv.shell}"

pkgs/development/python-modules/commoncode/default.nix

@@ -1,24 +1,29 @@
 { lib
-, fetchPypi
-, buildPythonPackage
-, setuptools-scm
-, click
-, requests
 , attrs
-, intbitset
-, saneyaml
-, text-unidecode
 , beautifulsoup4
-, pytestCheckHook
+, buildPythonPackage
+, click
+, fetchPypi
+, intbitset
 , pytest-xdist
+, pytestCheckHook
+, pythonOlder
+, requests
+, saneyaml
+, setuptools-scm
+, text-unidecode
+, typing
 }:
+
 buildPythonPackage rec {
   pname = "commoncode";
-  version = "21.8.31";
+  version = "30.0.0";
+
+  disabled = pythonOlder "3.6";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "0e74c61226834393801e921ab125eae3b52361340278fb9a468c5c691d286c32";
+    sha256 = "sha256-6SeU4u6pfDuGCgCYAO5fdbWBxW9XN3WvM8j6DwUlFwM=";
   };
 
   dontConfigure = true;
@@ -28,13 +33,15 @@ buildPythonPackage rec {
   ];
 
   propagatedBuildInputs = [
-    click
-    requests
     attrs
+    beautifulsoup4
+    click
     intbitset
+    requests
     saneyaml
     text-unidecode
-    beautifulsoup4
+  ] ++ lib.optionals (pythonOlder "3.7") [
+    typing
   ];
 
   checkInputs = [

pkgs/development/python-modules/debian-inspector/default.nix

@@ -11,12 +11,12 @@
 
 buildPythonPackage rec {
   pname = "debian-inspector";
-  version = "21.5.25";
+  version = "30.0.0";
 
   src = fetchPypi {
     pname = "debian_inspector";
     inherit version;
-    sha256 = "1d3xaqw00kav85nk29qm2yqb73bkyqf185fs1q0vgd7bnap9wqaw";
+    sha256 = "sha256-0PT5sT6adaqgYQtWjks12ys0z1C3n116aeJaEKR/Wxg=";
   };
 
   nativeBuildInputs = [

pkgs/development/python-modules/extractcode/default.nix

@@ -9,6 +9,7 @@
 , pytestCheckHook
 , pytest-xdist
 }:
+
 buildPythonPackage rec {
   pname = "extractcode";
   version = "21.7.23";
@@ -36,7 +37,7 @@ buildPythonPackage rec {
     pytest-xdist
   ];
 
-  # cli test tests the cli which we can't do until after install
+  # CLI test tests the cli which we can't do until after install
   disabledTestPaths = [
     "tests/test_extractcode_cli.py"
   ];
@@ -45,6 +46,7 @@ buildPythonPackage rec {
   disabledTests = [
     "test_uncompress_lz4_basic"
     "test_extract_tarlz4_basic"
+    "test_extract_rar_with_trailing_data"
     # tries to parse /boot/vmlinuz-*, which is not available in the nix sandbox
     "test_can_extract_qcow2_vm_image_as_tarball"
     "test_can_extract_qcow2_vm_image_not_as_tarball"
@@ -56,7 +58,7 @@ buildPythonPackage rec {
   ];
 
   meta = with lib; {
-    description = "A mostly universal archive extractor using z7zip, libarchve, other libraries and the Python standard library for reliable archive extraction";
+    description = "Universal archive extractor using z7zip, libarchve, other libraries and the Python standard library";
     homepage = "https://github.com/nexB/extractcode";
     license = licenses.asl20;
     maintainers = teams.determinatesystems.members;

pkgs/development/python-modules/greeclimate/default.nix

@@ -10,7 +10,7 @@
 
 buildPythonPackage rec {
   pname = "greeclimate";
-  version = "0.11.8";
+  version = "0.11.9";
 
   disabled = pythonOlder "3.6";
 
@@ -18,7 +18,7 @@ buildPythonPackage rec {
     owner = "cmroche";
     repo = "greeclimate";
     rev = version;
-    sha256 = "1n46klbhl0gpd5x995mrcr1qfd77hrfm501qns1zhvv0zk8mdsf4";
+    sha256 = "sha256-fyIx/w+jKIscPGbK6LqjMtjy43qJtzzITwtUeNurE+o=";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/guppy3/default.nix

@@ -7,14 +7,14 @@
 
 buildPythonPackage rec {
   pname = "guppy3";
-  version = "3.1.1";
+  version = "3.1.2";
   disabled = pythonOlder "3.6";
 
   src = fetchFromGitHub {
     owner = "zhuyifei1999";
     repo = pname;
     rev = "v${version}";
-    sha256 = "14iwah1i4dcn74zjj9sq3av1yh9q5nvgqwccnn71blp7gxcnxnvh";
+    sha256 = "sha256-f7YpaZ85PU/CSsDwSm2IJ/x2ZxzHoMOVbdbzT1i8y/w=";
   };
 
   propagatedBuildInputs = [ tkinter ];

pkgs/development/python-modules/license-expression/default.nix

@@ -1,25 +1,45 @@
-{ lib, buildPythonPackage, fetchFromGitHub
+{ lib
 , boolean-py
+, buildPythonPackage
+, fetchFromGitHub
+, pytestCheckHook
+, pythonOlder
+, setuptools-scm
 }:
 
 buildPythonPackage rec {
   pname = "license-expression";
-  version = "1.2";
+  version = "21.6.14";
+
+  disabled = pythonOlder "3.6";
 
   src = fetchFromGitHub {
     owner = "nexB";
     repo = "license-expression";
     rev = "v${version}";
-    sha256 = "0bbd7d90z58p9sd01b00g0vfd9bmwzksjb7pc8833s2jpja9mxz1";
+    sha256 = "sha256-hwfYKKalo8WYFwPCsRRXNz+/F8/42PXA8jxbIQjJH/g=";
   };
-  postPatch = "patchShebangs ./configure";
 
-  propagatedBuildInputs = [ boolean-py ];
+  dontConfigure = true;
+
+  nativeBuildInputs = [
+    setuptools-scm
+  ];
+
+  propagatedBuildInputs = [
+    boolean-py
+  ];
+
+  checkInputs = [
+    pytestCheckHook
+  ];
+
+  pythonImportsCheck = [ "license_expression" ];
 
   meta = with lib; {
+    description = "Utility library to parse, normalize and compare License expressions for Python";
     homepage = "https://github.com/nexB/license-expression";
-    description = "Utility library to parse, normalize and compare License expressions for Python using a boolean logic engine";
     license = licenses.asl20;
+    maintainers = with maintainers; [ fab ];
   };
-
 }

pkgs/development/python-modules/parameter-expansion-patched/default.nix

@@ -0,0 +1,33 @@
+{ lib
+, buildPythonPackage
+, fetchPypi
+, pytestCheckHook
+, pythonOlder
+}:
+
+buildPythonPackage rec {
+  pname = "parameter-expansion-patched";
+  version = "0.2.1b4";
+
+  disabled = pythonOlder "3.6";
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "1vhshscjifi78qapzwn29gln6p8jhyc7cccszl8ai2jamhcph5zs";
+  };
+
+  checkInputs = [
+    pytestCheckHook
+  ];
+
+  pythonImportsCheck = [
+    "parameter_expansion"
+  ];
+
+  meta = with lib; {
+    description = "POSIX parameter expansion in Python";
+    homepage = "https://github.com/nexB/commoncode";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ fab ];
+  };
+}

pkgs/development/python-modules/pg8000/default.nix

@@ -8,12 +8,12 @@
 
 buildPythonPackage rec {
   pname = "pg8000";
-  version = "1.21.2";
+  version = "1.21.3";
   disabled = pythonOlder "3.6";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "36a3b517408334967c1fa0d29656da03608d63122a372ec92c85f49aed2d24e3";
+    sha256 = "f73f1d477cda12a7b784be73c8a0c06c71e4284ef90cae4883cbc7c524b95fbf";
   };
 
   propagatedBuildInputs = [

pkgs/development/python-modules/pglast/default.nix

@@ -9,11 +9,11 @@
 
 buildPythonPackage rec {
   pname = "pglast";
-  version = "3.5";
+  version = "3.6";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "3bb74df084b149e8bf969380d88b1980fbd1aeda7f7057f4dee6751d854d6ae6";
+    sha256 = "1594d536137b888556b7187d25355ba88b3a14ef0d8aacccef15bfed74cf0af9";
   };
 
   disabled = !isPy3k;

pkgs/development/python-modules/pikepdf/default.nix

@@ -24,12 +24,12 @@
 
 buildPythonPackage rec {
   pname = "pikepdf";
-  version = "3.1.1";
+  version = "3.2.0";
   disabled = ! isPy3k;
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "sha256-klSUszWsIIz7o0/Ql8K4CWYujBH0mAbqyUcabpn1SkQ=";
+    sha256 = "a0582f00440668c07edb8403e82724961c7812c8e6c30655e34825b2645f15cd";
   };
 
   patches = [

pkgs/development/python-modules/pygmars/default.nix

@@ -0,0 +1,42 @@
+{ lib
+, buildPythonPackage
+, fetchFromGitHub
+, pytestCheckHook
+, setuptools-scm
+, pythonOlder
+}:
+
+buildPythonPackage rec {
+  pname = "pygmars";
+  version = "0.7.0";
+
+  disabled = pythonOlder "3.6";
+
+  src = fetchFromGitHub {
+    owner = "nexB";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "0wghk4nzplpl26iwrgvm0n9x88nyxlcxz4ywss4nwdr4hfccl28l";
+  };
+
+  dontConfigure = true;
+
+  nativeBuildInputs = [
+    setuptools-scm
+  ];
+
+  checkInputs = [
+    pytestCheckHook
+  ];
+
+  pythonImportsCheck = [
+    "pygmars"
+  ];
+
+  meta = with lib; {
+    description = "Python lexing and parsing library";
+    homepage = "https://github.com/nexB/pygmars";
+    license = with licenses; [ asl20 ];
+    maintainers = with maintainers; [ fab ];
+  };
+}

pkgs/development/python-modules/pymavlink/default.nix

@@ -2,11 +2,11 @@
 
 buildPythonPackage rec {
   pname = "pymavlink";
-  version = "2.4.16";
+  version = "2.4.17";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "99b77fdc1389dea7c9dbbfb70143fed707238e00c961ada73b79bcf15b21ca19";
+    sha256 = "84e2af4d8099afd37c5d887261a168e7bde4ec2354f12f65c72dad1a4cd8f21d";
   };
 
   propagatedBuildInputs = [ future lxml ];

pkgs/development/python-modules/pyswitchbot/default.nix

@@ -6,13 +6,13 @@
 
 buildPythonPackage rec {
   pname = "pyswitchbot";
-  version = "0.11.0";
+  version = "0.12.0";
 
   src = fetchFromGitHub {
     owner = "Danielhiversen";
     repo = "pySwitchbot";
     rev = version;
-    sha256 = "sha256-YqXR6zL8rM2p6YqK8BX82F9HZHgfpfEU4qBiVSud0hw=";
+    sha256 = "sha256-8u5KeWVaCOksag2CYE7GBl36crB4k9YdLZ5aHD9hlwU=";
   };
 
   propagatedBuildInputs = [ bluepy ];

pkgs/development/python-modules/pytest-rerunfailures/default.nix

@@ -2,13 +2,13 @@
 
 buildPythonPackage rec {
   pname = "pytest-rerunfailures";
-  version = "10.1";
+  version = "10.2";
 
   disabled = pythonOlder "3.5";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "7617c06de13ee6dd2df9add7e275bfb2bcebbaaf3e450f5937cd0200df824273";
+    sha256 = "9e1e1bad51e07642c5bbab809fc1d4ec8eebcb7de86f90f1a26e6ef9de446697";
   };
 
   buildInputs = [ pytest ];
@@ -20,7 +20,7 @@ buildPythonPackage rec {
   '';
 
   meta = with lib; {
-    description = "pytest plugin to re-run tests to eliminate flaky failures";
+    description = "Pytest plugin to re-run tests to eliminate flaky failures";
     homepage = "https://github.com/pytest-dev/pytest-rerunfailures";
     license = licenses.mpl20;
     maintainers = with maintainers; [ das-g ];

pkgs/development/python-modules/scancode-toolkit/default.nix

@@ -1,105 +1,141 @@
 { lib
-, fetchPypi
-, buildPythonPackage
-, isPy3k
-, markupsafe
-, click
-, typecode
-, gemfileparser
-, pefile
-, fingerprints
-, spdx-tools
-, fasteners
-, pycryptodome
-, urlpy
-, dparse
-, jaraco_functools
-, pkginfo
-, debian-inspector
-, extractcode
-, ftfy
-, pyahocorasick
-, colorama
-, jsonstreams
-, packageurl-python
-, pymaven-patch
-, nltk
-, pygments
+, attrs
+, beautifulsoup4
 , bitarray
-, jinja2
-, javaproperties
 , boolean-py
-, license-expression
+, buildPythonPackage
+, chardet
+, click
+, colorama
+, commoncode
+, debian-inspector
+, dparse
+, extractcode
 , extractcode-7z
 , extractcode-libarchive
-, typecode-libmagic
+, fasteners
+, fetchPypi
+, fingerprints
+, ftfy
+, gemfileparser
+, html5lib
+, importlib-metadata
+, intbitset
+, jaraco_functools
+, javaproperties
+, jinja2
+, jsonstreams
+, license-expression
+, lxml
+, markupsafe
+, packageurl-python
+, packaging
+, parameter-expansion-patched
+, pefile
+, pkginfo
+, pluggy
+, plugincode
+, publicsuffix2
+, pyahocorasick
+, pycryptodome
+, pygmars
+, pygments
+, pymaven-patch
 , pytestCheckHook
+, pythonOlder
+, requests
+, saneyaml
+, spdx-tools
+, text-unidecode
+, toml
+, typecode
+, typecode-libmagic
+, typing
+, urlpy
+, xmltodict
+, zipp
 }:
+
 buildPythonPackage rec {
   pname = "scancode-toolkit";
-  version = "21.8.4";
-  disabled = !isPy3k;
+  version = "30.1.0";
+
+  disabled = pythonOlder "3.6";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "c18340067244274c67e166f701c60e747e1d0bccb17efc99f277a4bc0a5a13c6";
+    sha256 = "sha256-UYQf+cBi2FmyZxIbQJo7vLjPuoePIMC8FugvoG1Ebj0=";
   };
 
   dontConfigure = true;
 
-  # https://github.com/nexB/scancode-toolkit/issues/2501
-  # * dparse2 is a "Temp fork for Python 2 support", but pdfminer requires
-  # Python 3, so it's "fine" to leave dparse2 unpackaged and use the "normal"
-  # version
-  # * ftfy was pinned for similar reasons (to support Python 2), but rather than
-  # packaging an older version, I figured it would be better to remove the
-  # erroneous (at least for our usage) version bound
-  # * bitarray's version bound appears to be unnecessary for similar reasons
-  postPatch = ''
-    substituteInPlace setup.cfg \
-      --replace "dparse2" "dparse" \
-      --replace "ftfy <  5.0.0" "ftfy" \
-      --replace "bitarray >= 0.8.1, < 1.0.0" "bitarray"
-  '';
-
   propagatedBuildInputs = [
-    markupsafe
-    click
-    typecode
-    gemfileparser
-    pefile
-    fingerprints
-    spdx-tools
-    fasteners
-    pycryptodome
-    urlpy
-    dparse
-    jaraco_functools
-    pkginfo
-    debian-inspector
-    extractcode
-    ftfy
-    pyahocorasick
-    colorama
-    jsonstreams
-    packageurl-python
-    pymaven-patch
-    nltk
-    pygments
+    attrs
+    beautifulsoup4
     bitarray
-    jinja2
-    javaproperties
     boolean-py
-    license-expression
+    chardet
+    click
+    colorama
+    commoncode
+    debian-inspector
+    dparse
+    extractcode
     extractcode-7z
     extractcode-libarchive
+    fasteners
+    fingerprints
+    ftfy
+    gemfileparser
+    html5lib
+    intbitset
+    jaraco_functools
+    javaproperties
+    jinja2
+    jsonstreams
+    license-expression
+    lxml
+    markupsafe
+    packageurl-python
+    packaging
+    parameter-expansion-patched
+    pefile
+    pkginfo
+    pluggy
+    plugincode
+    publicsuffix2
+    pyahocorasick
+    pycryptodome
+    pygmars
+    pygments
+    pymaven-patch
+    requests
+    saneyaml
+    spdx-tools
+    text-unidecode
+    toml
+    typecode
     typecode-libmagic
+    urlpy
+    xmltodict
+    zipp
+  ] ++ lib.optionals (pythonOlder "3.9") [
+    importlib-metadata
+  ] ++ lib.optionals (pythonOlder "3.7") [
+    typing
   ];
 
   checkInputs = [
     pytestCheckHook
   ];
 
+  postPatch = ''
+    substituteInPlace setup.cfg \
+      --replace "pluggy >= 0.12.0, < 1.0" "pluggy" \
+      --replace "pygmars >= 0.7.0" "pygmars" \
+      --replace "license_expression >= 21.6.14" "license_expression"
+  '';
+
   # Importing scancode needs a writeable home, and preCheck happens in between
   # pythonImportsCheckPhase and pytestCheckPhase.
   postInstall = ''
@@ -114,7 +150,7 @@ buildPythonPackage rec {
   dontStrip = true;
 
   meta = with lib; {
-    description = "A tool to scan code for license, copyright, package and their documented dependencies and other interesting facts";
+    description = "Tool to scan code for license, copyright, package and their documented dependencies and other interesting facts";
     homepage = "https://github.com/nexB/scancode-toolkit";
     license = with licenses; [ asl20 cc-by-40 ];
     maintainers = teams.determinatesystems.members;

pkgs/development/python-modules/spdx-tools/default.nix

@@ -1,39 +1,31 @@
 { lib
 , buildPythonPackage
+, click
 , fetchPypi
-, fetchpatch
-, six
 , pyyaml
 , rdflib
 , ply
 , xmltodict
 , pytestCheckHook
-, pythonAtLeast
+, pythonOlder
 }:
+
 buildPythonPackage rec {
   pname = "spdx-tools";
-  version = "0.6.1";
+  version = "0.7.0a3";
+
+  disabled = pythonOlder "3.6";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "9a1aaae051771e865705dd2fd374c3f73d0ad595c1056548466997551cbd7a81";
+    sha256 = "sha256-afV1W1n5ubHhqfLFpPO5fxaIy5TaZdw9eDy3JYOJ1oE=";
   };
 
-  patches = lib.optionals (pythonAtLeast "3.9") [
-    # https://github.com/spdx/tools-python/pull/159
-    # fixes tests on Python 3.9
-    (fetchpatch {
-      name = "drop-encoding-argument.patch";
-      url = "https://github.com/spdx/tools-python/commit/6c8b9a852f8a787122c0e2492126ee8aa52acff0.patch";
-      sha256 = "RhvLhexsQRjqYqJg10SAM53RsOW+R93G+mns8C9g5E8=";
-    })
-  ];
-
   propagatedBuildInputs = [
-    six
+    click
+    ply
     pyyaml
     rdflib
-    ply
     xmltodict
   ];
 

pkgs/development/python-modules/tasklib/default.nix

@@ -8,11 +8,11 @@ wsl_stub = writeShellScriptBin "wsl" "true";
 
 in buildPythonPackage rec {
   pname = "tasklib";
-  version = "2.4.0";
+  version = "2.4.3";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "3645594147107c92780e19ac437f09eb8b8eac950209fb92d3f71869a721234e";
+    sha256 = "b523bc12893d26c8173a6b8d84b16259c9a9c5acaaf8932bc018117f907b3bc5";
   };
 
   propagatedBuildInputs = [

pkgs/servers/clickhouse/default.nix

@@ -22,10 +22,10 @@ stdenv.mkDerivation rec {
   nativeBuildInputs = [ cmake libtool llvm-bintools ninja ];
   buildInputs = [
     boost brotli capnproto cctz clang-unwrapped double-conversion
-    icu jemalloc libcpuid libxml2 lld llvm lz4 libmysqlclient openssl perl
+    icu jemalloc libxml2 lld llvm lz4 libmysqlclient openssl perl
     poco protobuf python3 rapidjson re2 rdkafka readline sparsehash unixODBC
     xxHash zstd
-  ];
+  ] ++ lib.optional stdenv.hostPlatform.isx86 libcpuid;
 
   postPatch = ''
     patchShebangs src/

pkgs/servers/x11/xorg/default.nix

@@ -1902,11 +1902,11 @@ lib.makeScope newScope (self: with self; {
   # THIS IS A GENERATED FILE.  DO NOT EDIT!
   xev = callPackage ({ stdenv, pkg-config, fetchurl, libX11, xorgproto, libXrandr }: stdenv.mkDerivation {
     pname = "xev";
-    version = "1.2.3";
+    version = "1.2.4";
     builder = ./builder.sh;
     src = fetchurl {
-      url = "mirror://xorg/individual/app/xev-1.2.3.tar.bz2";
-      sha256 = "02ddsdx138g7szhwklpbzi0cxr34871iay3k28kdcihrz8f4zg36";
+      url = "mirror://xorg/individual/app/xev-1.2.4.tar.bz2";
+      sha256 = "1ql592pdhddhkipkrsxn929y9l2nn02a5fh2z3dx47kmzs5y006p";
     };
     hardeningDisable = [ "bindnow" "relro" ];
     nativeBuildInputs = [ pkg-config ];

pkgs/servers/x11/xorg/tarballs.list

@@ -35,7 +35,7 @@ mirror://xorg/individual/app/xcursorgen-1.0.7.tar.bz2
 mirror://xorg/individual/app/xdm-1.1.12.tar.bz2
 mirror://xorg/individual/app/xdpyinfo-1.3.2.tar.bz2
 mirror://xorg/individual/app/xdriinfo-1.0.6.tar.bz2
-mirror://xorg/individual/app/xev-1.2.3.tar.bz2
+mirror://xorg/individual/app/xev-1.2.4.tar.bz2
 mirror://xorg/individual/app/xeyes-1.2.0.tar.bz2
 mirror://xorg/individual/app/xfd-1.1.3.tar.bz2
 mirror://xorg/individual/app/xfontsel-1.0.6.tar.bz2

pkgs/tools/filesystems/lfs/default.nix

@@ -0,0 +1,25 @@
+{ lib
+, fetchFromGitHub
+, rustPlatform
+}:
+
+rustPlatform.buildRustPackage rec {
+  pname = "lfs";
+  version = "1.1.0";
+
+  src = fetchFromGitHub {
+    owner = "Canop";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "gez5q1niIhzWJpsEkbVRuQFILo3tTO8aJq7ewZArJ5M=";
+  };
+
+  cargoSha256 = "2U1xDG4bTimtmjwZ1z9ErlaOcBNJdRcHlEWVaiGg01M=";
+
+  meta = with lib; {
+    description = "Get information on your mounted disks";
+    homepage = "https://github.com/Canop/lfs";
+    license = licenses.mit;
+    maintainers = with maintainers; [ koral ];
+  };
+}

pkgs/tools/misc/mapcidr/default.nix

@@ -0,0 +1,34 @@
+{ lib
+, buildGoModule
+, fetchFromGitHub
+}:
+
+buildGoModule rec {
+  pname = "mapcidr";
+  version = "0.0.8";
+
+  src = fetchFromGitHub {
+    owner = "projectdiscovery";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "sha256-hlMIgSsSqvMx6Y7JnR7L9muTLWPfxDN5raJRezt99G0=";
+  };
+
+  vendorSha256 = "sha256-zp+XaSZgSMwJK+EEiTaJKBTPiKYaYpTtArnGBmHUGzE=";
+
+  modRoot = ".";
+  subPackages = [
+    "cmd/mapcidr"
+  ];
+
+  meta = with lib; {
+    description = "Small utility program to perform multiple operations for a given subnet/CIDR ranges";
+    longDescription = ''
+      mapCIDR is developed to ease load distribution for mass scanning
+      operations, it can be used both as a library and as independent CLI tool.
+    '';
+    homepage = "https://github.com/projectdiscovery/mapcidr";
+    license = licenses.mit;
+    maintainers = with maintainers; [ hanemile ];
+  };
+}

pkgs/tools/misc/synth/default.nix

@@ -0,0 +1,36 @@
+{ lib
+, rustPlatform
+, fetchFromGitHub
+, pkg-config
+, openssl
+, stdenv
+, Security
+}:
+
+rustPlatform.buildRustPackage rec {
+  pname = "synth";
+  version = "0.5.6";
+
+  src = fetchFromGitHub {
+    owner = "getsynth";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "06kgzaja04553gaxrfz6d1rqi3xwa6ijl0q6425fg0mqq9ifv7xk";
+  };
+
+  cargoSha256 = "sha256-bjda4uE5K+cJkS2TsTv7FN3H6q3cElRr674FTKaIexA=";
+
+  nativeBuildInputs = [ pkg-config ];
+
+  buildInputs = [ openssl ] ++ lib.optional stdenv.isDarwin Security;
+
+  # requires unstable rust features
+  RUSTC_BOOTSTRAP = 1;
+
+  meta = with lib; {
+    description = "A tool for generating realistic data using a declarative data model";
+    homepage = "https://github.com/getsynth/synth";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ figsoda ];
+  };
+}

pkgs/tools/security/kubescape/default.nix

@@ -5,16 +5,16 @@
 
 buildGoModule rec {
   pname = "kubescape";
-  version = "1.0.88";
+  version = "1.0.109";
 
   src = fetchFromGitHub {
     owner = "armosec";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-ITN/HsXZWH1v23R5TSEd8vq/DkhiCypJM+hg879ZWlc=";
+    sha256 = "sha256-aPy0FcDFoBK02pCmDTe5T1QyB9+WC++cBuOI7CtaXtY=";
   };
 
-  vendorSha256 = "18mvv70g65pq1c7nn752j26d0vasx6cl2rqp5g1hg3cb61hjbn0n";
+  vendorSha256 = "sha256-vN+ci2vCbtDuEEVzZQiFkdi1QkMgnnbbJgD9g6DS7qs=";
 
   # One test is failing, disabling for now
   doCheck = false;

pkgs/tools/security/scorecard/default.nix

@@ -1,16 +1,33 @@
-{ lib, buildGoModule, fetchFromGitHub, installShellFiles }:
+{ lib, buildGoModule, fetchFromGitHub, fetchgit, installShellFiles }:
 
 buildGoModule rec {
   pname = "scorecard";
-  version = "2.2.8";
+  version = "3.0.1";
 
   src = fetchFromGitHub {
     owner = "ossf";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-U29NCZFXOhu0xLfDlJ1Q7m8TbAm+C6+ecYFhcI5gg6s=";
+    sha256 = "sha256-19XDAgv9ARCZ7eNlWUPcsbGNyKA9vYFry8m6D3+vQP8=";
+    # populate values otherwise taken care of by goreleaser,
+    # unfortunately these require us to use git. By doing
+    # this in postFetch we can delete .git afterwards and
+    # maintain better reproducibility of the src.
+    leaveDotGit = true;
+    postFetch = ''
+      cd "$out"
+
+      commit="$(git rev-parse HEAD)"
+      source_date_epoch=$(git log --date=iso8601-strict -1 --pretty=%ct)
+
+      substituteInPlace "$out/pkg/scorecard_version.go" \
+        --replace 'gitCommit = "unknown"' "gitCommit = \"$commit\"" \
+        --replace 'buildDate = "unknown"' "buildDate = \"$source_date_epoch\""
+
+      find "$out" -name .git -print0 | xargs -0 rm -rf
+    '';
   };
-  vendorSha256 = "sha256-hOATCXjBE0doHnY2BaRKZocQ6SIigL0q4m9eEJGKh6Q=";
+  vendorSha256 = "sha256-ucF26pTEvG8tkzsyC9WNbvl8QCeetKBvBIcQL2NTfjo=";
 
   # Install completions post-install
   nativeBuildInputs = [ installShellFiles ];
@@ -20,8 +37,8 @@ buildGoModule rec {
   ldflags = [
     "-s"
     "-w"
-    "-X github.com/ossf/scorecard/v2/pkg.gitVersion=v${version}"
-    "-X github.com/ossf/scorecard/v2/pkg.gitTreeState=clean"
+    "-X github.com/ossf/scorecard/v${lib.versions.major version}/pkg.gitVersion=v${version}"
+    "-X github.com/ossf/scorecard/v${lib.versions.major version}/pkg.gitTreeState=clean"
   ];
 
   preCheck = ''

pkgs/top-level/all-packages.nix

@@ -894,7 +894,7 @@ with pkgs;
 
   airfield = callPackage ../tools/networking/airfield { };
 
-  apache-airflow = with python37.pkgs; toPythonApplication apache-airflow;
+  apache-airflow = with python3.pkgs; toPythonApplication apache-airflow;
 
   airsonic = callPackage ../servers/misc/airsonic { };
 
@@ -3151,6 +3151,8 @@ with pkgs;
 
   lynis = callPackage ../tools/security/lynis { };
 
+  mapcidr = callPackage ../tools/misc/mapcidr { };
+
   mapproxy = callPackage ../applications/misc/mapproxy { };
 
   marl = callPackage ../development/libraries/marl {};
@@ -3449,6 +3451,10 @@ with pkgs;
 
   sydbox = callPackage ../os-specific/linux/sydbox { };
 
+  synth = callPackage ../tools/misc/synth {
+    inherit (darwin.apple_sdk.frameworks) Security;
+  };
+
   syscall_limiter = callPackage ../os-specific/linux/syscall_limiter {};
 
   syslogng = callPackage ../tools/system/syslog-ng { };
@@ -6688,6 +6694,8 @@ with pkgs;
     ffmpeg = ffmpeg-full;
   };
 
+  lfs = callPackage ../tools/filesystems/lfs { };
+
   lksctp-tools = callPackage ../os-specific/linux/lksctp-tools { };
 
   lldpd = callPackage ../tools/networking/lldpd { };
@@ -7972,7 +7980,9 @@ with pkgs;
 
   opendbx = callPackage ../development/libraries/opendbx { };
 
-  opendht = callPackage ../development/libraries/opendht {};
+  opendht = callPackage ../development/libraries/opendht  {
+    inherit (darwin.apple_sdk.frameworks) Security;
+  };
 
   opendkim = callPackage ../development/libraries/opendkim { };
 

pkgs/top-level/perl-packages.nix

@@ -11358,11 +11358,16 @@ let
       url = "mirror://cpan/authors/id/B/BR/BRMILLER/${pname}-${version}.tar.gz";
       sha256 = "1ccvdq7asxq6iw8x8ihwf5xs2mp7fkwm467xy7g8spkznr8wcacm";
     };
+    patches = [
+      (fetchpatch {
+        # https://github.com/brucemiller/LaTeXML/issues/1669
+        name = "downgrade-security-FileTemp.patch";
+        url = "https://github.com/brucemiller/LaTeXML/commit/c3d6b9b88f9eafce6eee52b1634ea33085ba9ec6.patch";
+        sha256 = "12w6nfv0bkj2mr4xwcqzkdngrpbq4fn52n85r9njdg913cvfirm7";
+      })
+    ];
     outputs = [ "out" "tex" ];
     propagatedBuildInputs = [ ArchiveZip DBFile FileWhich IOString ImageMagick ImageSize JSONXS LWP ParseRecDescent PodParser TextUnidecode XMLLibXSLT ];
-    preCheck = ''
-      rm t/931_epub.t # https://github.com/brucemiller/LaTeXML/issues/1669
-    '';
     nativeBuildInputs = [ pkgs.makeWrapper ] ++ lib.optional stdenv.isDarwin shortenPerlShebang;
     makeMakerFlags = "TEXMF=\${tex} NOMKTEXLSR";
     # shebangs need to be patched before executables are copied to $out

pkgs/top-level/python-packages.nix

@@ -5340,6 +5340,8 @@ in {
 
   param = callPackage ../development/python-modules/param { };
 
+  parameter-expansion-patched = callPackage ../development/python-modules/parameter-expansion-patched { };
+
   parameterized = callPackage ../development/python-modules/parameterized { };
 
   paramiko = callPackage ../development/python-modules/paramiko { };
@@ -6326,6 +6328,8 @@ in {
 
   pygls = callPackage ../development/python-modules/pygls { };
 
+  pygmars = callPackage ../development/python-modules/pygmars { };
+
   pygments-better-html = callPackage ../development/python-modules/pygments-better-html { };
 
   pygments = callPackage ../development/python-modules/Pygments { };