Merge remote-tracking branch 'origin/master' into staging-next

80 files changed, 421 insertions, 207 deletions

diff --git a/nixos/doc/manual/configuration/customizing-packages.section.md b/nixos/doc/manual/configuration/customizing-packages.section.md
index 709a07b09ce..76413b7d84f 100644
--- a/nixos/doc/manual/configuration/customizing-packages.section.md
+++ b/nixos/doc/manual/configuration/customizing-packages.section.md
@@ -1,11 +1,7 @@
 # Customising Packages {#sec-customising-packages}
 
 Some packages in Nixpkgs have options to enable or disable optional
-functionality or change other aspects of the package. For instance, the
-Firefox wrapper package (which provides Firefox with a set of plugins
-such as the Adobe Flash player) has an option to enable the Google Talk
-plugin. It can be set in `configuration.nix` as follows:
-`nixpkgs.config.firefox.enableGoogleTalkPlugin = true;`
+functionality or change other aspects of the package.
 
 ::: {.warning}
 Unfortunately, Nixpkgs currently lacks a way to query available
@@ -13,7 +9,7 @@ configuration options.
 :::
 
 ::: {.note}
-Alternatively, many packages come with extensions one might add.
+For example, many packages come with extensions one might add.
 Examples include:
 - [`passExtensions.pass-otp`](https://search.nixos.org/packages/query=passExtensions.pass-otp)
 - [`python310Packages.requests`](https://search.nixos.org/packages/query=python310Packages.requests)
diff --git a/nixos/doc/manual/release-notes/rl-2311.section.md b/nixos/doc/manual/release-notes/rl-2311.section.md
index 9d0f9b93b93..f7f746a6e3b 100644
--- a/nixos/doc/manual/release-notes/rl-2311.section.md
+++ b/nixos/doc/manual/release-notes/rl-2311.section.md
@@ -261,6 +261,8 @@
 
 - The `services.mtr-exporter.target` has been removed in favor of `services.mtr-exporter.jobs` which allows specifying multiple targets.
 
+- Setting `nixpkgs.config` options while providing an external `pkgs` instance will now raise an error instead of silently ignoring the options. NixOS modules no longer set `nixpkgs.config` to accomodate this. This specifically affects `services.locate`, `services.xserver.displayManager.lightdm.greeters.tiny` and `programs.firefox` NixOS modules. No manual intervention should be required in most cases, however, configurations relying on those modules affecting packages outside the system environment should switch to explicit overlays.
+
 ## Other Notable Changes {#sec-release-23.11-notable-changes}
 
 - The Cinnamon module now enables XDG desktop integration by default. If you are experiencing collisions related to xdg-desktop-portal-gtk you can safely remove `xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];` from your NixOS configuration.
diff --git a/nixos/modules/hardware/video/amdgpu-pro.nix b/nixos/modules/hardware/video/amdgpu-pro.nix
index 299a30b0629..605aa6ef8b8 100644
--- a/nixos/modules/hardware/video/amdgpu-pro.nix
+++ b/nixos/modules/hardware/video/amdgpu-pro.nix
@@ -20,9 +20,6 @@ in
 {
 
   config = mkIf enabled {
-
-    nixpkgs.config.xorg.abiCompat = "1.20";
-
     services.xserver.drivers = singleton
       { name = "amdgpu"; modules = [ package ]; display = true; };
 
diff --git a/nixos/modules/misc/locate.nix b/nixos/modules/misc/locate.nix
index acf441cda62..482d12fe0ca 100644
--- a/nixos/modules/misc/locate.nix
+++ b/nixos/modules/misc/locate.nix
@@ -230,9 +230,7 @@ in
         plocate = (mkIf isPLocate (mkMerge [ common plocate ]));
       };
 
-    nixpkgs.config = { locate.dbfile = cfg.output; };
-
-    environment.systemPackages = [ cfg.locate ];
+    environment.systemPackages = [ (cfg.locate.override { dbfile = cfg.output; }) ];
 
     environment.variables = mkIf (!isMorPLocate) { LOCATE_PATH = cfg.output; };
 
diff --git a/nixos/modules/misc/nixpkgs.nix b/nixos/modules/misc/nixpkgs.nix
index cc5f5742109..bfcae9c7a93 100644
--- a/nixos/modules/misc/nixpkgs.nix
+++ b/nixos/modules/misc/nixpkgs.nix
@@ -379,6 +379,16 @@ in
           the legacy definitions.
         '';
       }
+      {
+        assertion = opt.pkgs.isDefined -> cfg.config == {};
+        message = ''
+          Your system configures nixpkgs with an externally created instance.
+          `nixpkgs.config` options should be passed when creating the instance instead.
+
+          Current value:
+          ${lib.generators.toPretty { multiline = true; } opt.config}
+        '';
+      }
     ];
   };
 
diff --git a/nixos/modules/programs/browserpass.nix b/nixos/modules/programs/browserpass.nix
index 346d38e5e88..abd99056ff3 100644
--- a/nixos/modules/programs/browserpass.nix
+++ b/nixos/modules/programs/browserpass.nix
@@ -27,6 +27,6 @@ with lib;
       "opt/brave/native-messaging-hosts/${appId}".source = source "hosts/chromium";
       "opt/brave/policies/managed/${appId}".source = source "policies/chromium";
     };
-    nixpkgs.config.firefox.enableBrowserpass = true;
+    programs.firefox.wrapperConfig.enableBrowserpass = true;
   };
 }
diff --git a/nixos/modules/programs/firefox.nix b/nixos/modules/programs/firefox.nix
index 8653f066cf8..43cf64cf1d8 100644
--- a/nixos/modules/programs/firefox.nix
+++ b/nixos/modules/programs/firefox.nix
@@ -36,6 +36,12 @@ in
       ];
     };
 
+    wrapperConfig = mkOption {
+      type = types.attrs;
+      default = {};
+      description = mdDoc "Arguments to pass to Firefox wrapper";
+    };
+
     policies = mkOption {
       type = policyFormat.type;
       default = { };
@@ -227,17 +233,23 @@ in
         ] ++ optionals nmh.passff [
           passff-host
         ];
+        cfg = let
+          # copy-pasted from the wrapper; TODO: figure out fix
+          applicationName = cfg.package.binaryName or (lib.getName cfg.package);
+
+          nixpkgsConfig = config.nixpkgs.config.${applicationName} or {};
+          optionConfig = cfg.wrapperConfig;
+          nmhConfig = {
+            enableBrowserpass = nmh.browserpass;
+            enableBukubrow = nmh.bukubrow;
+            enableTridactylNative = nmh.tridactyl;
+            enableUgetIntegrator = nmh.ugetIntegrator;
+            enableFXCastBridge = nmh.fxCast;
+          };
+        in nixpkgsConfig // optionConfig // nmhConfig;
       })
     ];
 
-    nixpkgs.config.firefox = {
-      enableBrowserpass = nmh.browserpass;
-      enableBukubrow = nmh.bukubrow;
-      enableTridactylNative = nmh.tridactyl;
-      enableUgetIntegrator = nmh.ugetIntegrator;
-      enableFXCastBridge = nmh.fxCast;
-    };
-
     environment.etc =
       let
         policiesJSON = policyFormat.generate "firefox-policies.json" { inherit (cfg) policies; };
diff --git a/nixos/modules/services/desktops/gnome/gnome-browser-connector.nix b/nixos/modules/services/desktops/gnome/gnome-browser-connector.nix
index 5d4ddce9422..9a45d839629 100644
--- a/nixos/modules/services/desktops/gnome/gnome-browser-connector.nix
+++ b/nixos/modules/services/desktops/gnome/gnome-browser-connector.nix
@@ -42,6 +42,6 @@ in
 
     services.dbus.packages = [ pkgs.gnome-browser-connector ];
 
-    nixpkgs.config.firefox.enableGnomeExtensions = true;
+    programs.firefox.wrapperConfig.enableGnomeExtensions = true;
   };
 }
diff --git a/nixos/modules/services/x11/desktop-managers/gnome.nix b/nixos/modules/services/x11/desktop-managers/gnome.nix
index fecdd86deb8..a5c7cb16b9d 100644
--- a/nixos/modules/services/x11/desktop-managers/gnome.nix
+++ b/nixos/modules/services/x11/desktop-managers/gnome.nix
@@ -282,9 +282,6 @@ in
 
       # Override GSettings schemas
       environment.sessionVariables.NIX_GSETTINGS_OVERRIDES_DIR = "${nixos-gsettings-desktop-schemas}/share/gsettings-schemas/nixos-gsettings-overrides/glib-2.0/schemas";
-
-       # If gnome is installed, build vim for gtk3 too.
-      nixpkgs.config.vim.gui = "gtk3";
     })
 
     (mkIf flashbackEnabled {
diff --git a/nixos/modules/services/x11/desktop-managers/plasma5.nix b/nixos/modules/services/x11/desktop-managers/plasma5.nix
index 282a34f6b01..758a71b6345 100644
--- a/nixos/modules/services/x11/desktop-managers/plasma5.nix
+++ b/nixos/modules/services/x11/desktop-managers/plasma5.nix
@@ -379,7 +379,7 @@ in
       # Update the start menu for each user that is currently logged in
       system.userActivationScripts.plasmaSetup = activationScript;
 
-      nixpkgs.config.firefox.enablePlasmaBrowserIntegration = true;
+      programs.firefox.wrapperConfig.enablePlasmaBrowserIntegration = true;
     })
 
     (mkIf (cfg.kwinrc != {}) {
diff --git a/nixos/modules/services/x11/display-managers/lightdm-greeters/tiny.nix b/nixos/modules/services/x11/display-managers/lightdm-greeters/tiny.nix
index 8d6bfa98a7e..dede7680ecb 100644
--- a/nixos/modules/services/x11/display-managers/lightdm-greeters/tiny.nix
+++ b/nixos/modules/services/x11/display-managers/lightdm-greeters/tiny.nix
@@ -61,7 +61,7 @@ in
 
     services.xserver.displayManager.lightdm.greeters.gtk.enable = false;
 
-    nixpkgs.config.lightdm-tiny-greeter.conf =
+    services.xserver.displayManager.lightdm.greeter =
     let
       configHeader = ''
         #include <gtk/gtk.h>
@@ -69,13 +69,11 @@ in
         static const char *pass_text = "${cfg.label.pass}";
         static const char *session = "${dmcfg.defaultSession}";
       '';
+      config = optionalString (cfg.extraConfig != "") (configHeader + cfg.extraConfig);
+      package = pkgs.lightdm-tiny-greeter.override { conf = config; };
     in
-      optionalString (cfg.extraConfig != "")
-        (configHeader + cfg.extraConfig);
-
-    services.xserver.displayManager.lightdm.greeter =
       mkDefault {
-        package = pkgs.lightdm-tiny-greeter.xgreeters;
+        package = package.xgreeters;
         name = "lightdm-tiny-greeter";
       };
 
diff --git a/pkgs/applications/display-managers/lightdm-tiny-greeter/default.nix b/pkgs/applications/display-managers/lightdm-tiny-greeter/default.nix
index 53f004c2a36..bb70fa299d1 100644
--- a/pkgs/applications/display-managers/lightdm-tiny-greeter/default.nix
+++ b/pkgs/applications/display-managers/lightdm-tiny-greeter/default.nix
@@ -1,5 +1,5 @@
 { lib, stdenv, linkFarm, lightdm-tiny-greeter, fetchFromGitHub
-, pkg-config, lightdm, gtk3, glib, wrapGAppsHook, conf ? "" }:
+, pkg-config, lightdm, gtk3, glib, wrapGAppsHook, config, conf ? config.lightdm-tiny-greeter.conf or "" }:
 
 stdenv.mkDerivation rec {
   pname = "lightdm-tiny-greeter";
diff --git a/pkgs/applications/emulators/ppsspp/default.nix b/pkgs/applications/emulators/ppsspp/default.nix
index bdca27eec69..db76473250c 100644
--- a/pkgs/applications/emulators/ppsspp/default.nix
+++ b/pkgs/applications/emulators/ppsspp/default.nix
@@ -34,14 +34,14 @@ stdenv.mkDerivation (finalAttrs: {
           + lib.optionalString enableQt "-qt"
           + lib.optionalString (!enableQt) "-sdl"
           + lib.optionalString forceWayland "-wayland";
-  version = "1.16.2";
+  version = "1.16.5";
 
   src = fetchFromGitHub {
     owner = "hrydgard";
     repo = "ppsspp";
     rev = "v${finalAttrs.version}";
     fetchSubmodules = true;
-    sha256 = "sha256-Ygi7ioLOBQbD+QTD7pO2hIATV8HUDyrdhw7gBSSiHmc=";
+    sha256 = "sha256-R4XJ/Rn1e7tWjYMztE/YQFlTEVGmt2izaLvLdycVCXQ=";
   };
 
   postPatch = ''
diff --git a/pkgs/applications/graphics/structorizer/default.nix b/pkgs/applications/graphics/structorizer/default.nix
index ca58271425d..d1f796e42fe 100755
--- a/pkgs/applications/graphics/structorizer/default.nix
+++ b/pkgs/applications/graphics/structorizer/default.nix
@@ -5,11 +5,12 @@
 , makeDesktopItem
 , makeWrapper
 , copyDesktopItems
+, nix-update-script
 }:
 
 stdenv.mkDerivation rec {
   pname = "structorizer";
-  version = "3.32-11";
+  version = "3.32-12";
 
   desktopItems = [
     (makeDesktopItem {
@@ -37,7 +38,7 @@ stdenv.mkDerivation rec {
     owner = "fesch";
     repo = "Structorizer.Desktop";
     rev = version;
-    hash = "sha256-rGyeOcGm6uBplgTjMIOy/xRekfHacwDy9kkMigmRSdk=";
+    hash = "sha256-DZktq07MoXBg2AwHOoPLTbON/giSqDZOfmaMkZl1w1g=";
   };
 
   patches = [ ./makeStructorizer.patch ./makeBigJar.patch ];
@@ -94,11 +95,14 @@ stdenv.mkDerivation rec {
     runHook postInstall
   '';
 
+  passthru.updateScript = nix-update-script { };
+
   meta = with lib; {
     description = "Create Nassi-Shneiderman diagrams (NSD)";
     homepage = "https://structorizer.fisch.lu";
     license = licenses.gpl3Plus;
     platforms = platforms.all;
     maintainers = with maintainers; [ annaaurora ];
+    mainProgram = "structorizer";
   };
 }
diff --git a/pkgs/applications/misc/nwg-dock/default.nix b/pkgs/applications/misc/nwg-dock/default.nix
index c480a1481a7..b2154db0d79 100644
--- a/pkgs/applications/misc/nwg-dock/default.nix
+++ b/pkgs/applications/misc/nwg-dock/default.nix
@@ -8,13 +8,13 @@
 
 buildGoModule rec {
   pname = "nwg-dock";
-  version = "0.3.7";
+  version = "0.3.9";
 
   src = fetchFromGitHub {
     owner = "nwg-piotr";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-Ci+221sXlaqr164OYVhj8sqGSwlpFln2RRUiGoTO8Fk=";
+    sha256 = "sha256-/iUtVym+fNnbBeLlrYIiO5tV9eeAVBh6Nw+d3GCJ/F8=";
   };
 
   vendorHash = "sha256-GW+shKOCwU8yprEfBeAPx1RDgjA7cZZzXDG112bdZ6k=";
diff --git a/pkgs/applications/networking/cluster/werf/default.nix b/pkgs/applications/networking/cluster/werf/default.nix
index 53f4c831f02..3b165ab6fa6 100644
--- a/pkgs/applications/networking/cluster/werf/default.nix
+++ b/pkgs/applications/networking/cluster/werf/default.nix
@@ -10,16 +10,16 @@
 
 buildGoModule rec {
   pname = "werf";
-  version = "1.2.259";
+  version = "1.2.263";
 
   src = fetchFromGitHub {
     owner = "werf";
     repo = "werf";
     rev = "v${version}";
-    hash = "sha256-A5sK+M/mjAsDMuqPvBNKML7rDzYMPKtN5VW4pX/sWCM=";
+    hash = "sha256-eWiUn6v7XZZH7rudvCMLa3rUBmMsiSUKcwoDCFxRlFE=";
   };
 
-  vendorHash = "sha256-gfh55taGIuigMCJw0hZuSA0q39V19LCPAUYqZiTinB4=";
+  vendorHash = "sha256-0bxM0Y4K6wxg6Ka1A9MusptiSMshTUWJItXoVDpo7lI=";
 
   proxyVendor = true;
 
diff --git a/pkgs/applications/radio/sdrangel/default.nix b/pkgs/applications/radio/sdrangel/default.nix
index 5cd8819445b..f55371fd689 100644
--- a/pkgs/applications/radio/sdrangel/default.nix
+++ b/pkgs/applications/radio/sdrangel/default.nix
@@ -52,13 +52,13 @@
 
 stdenv.mkDerivation (finalAttrs: {
   pname = "sdrangel";
-  version = "7.15.4";
+  version = "7.16.0";
 
   src = fetchFromGitHub {
     owner = "f4exb";
     repo = "sdrangel";
     rev = "v${finalAttrs.version}";
-    hash = "sha256-oSFnoNmoXvdb5lpx/j3DVVhOfbsDZlGNZNcvud1w8Ks=";
+    hash = "sha256-k35TZ2H8GX3gSYyb27hTY6gHHnxPkFwp1v4OJXhvV7A=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/applications/window-managers/fvwm/3.nix b/pkgs/applications/window-managers/fvwm/3.nix
index 95532bde0f6..611749c7e9b 100644
--- a/pkgs/applications/window-managers/fvwm/3.nix
+++ b/pkgs/applications/window-managers/fvwm/3.nix
@@ -31,13 +31,13 @@
 
 stdenv.mkDerivation (finalAttrs: {
   pname = "fvwm3";
-  version = "1.0.7";
+  version = "1.0.8";
 
   src = fetchFromGitHub {
     owner = "fvwmorg";
     repo = "fvwm3";
     rev = finalAttrs.version;
-    hash = "sha256-CPEGwZuYDh0zDXVKLn806c4DfZZJVaMlmIsVAZl20S4=";
+    hash = "sha256-nIxFoKo2HTF2qCawxN0WySwfjaNqtfBg1BMo0P6ZY88=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/build-support/build-fhsenv-bubblewrap/default.nix b/pkgs/build-support/build-fhsenv-bubblewrap/default.nix
index 5e8894d7cb3..f4942290af4 100644
--- a/pkgs/build-support/build-fhsenv-bubblewrap/default.nix
+++ b/pkgs/build-support/build-fhsenv-bubblewrap/default.nix
@@ -31,7 +31,7 @@ assert (pname != null || version != null) -> (name == null && pname != null); #
 
 with builtins;
 let
-  pname = if args.name != null then args.name else args.pname;
+  pname = if args ? name && args.name != null then args.name else args.pname;
   versionStr = lib.optionalString (version != null) ("-" + version);
   name = pname + versionStr;
 
diff --git a/pkgs/tools/admin/eksctl/default.nix b/pkgs/by-name/ek/eksctl/package.nix
index 7bf5120f77b..8b26b891829 100644
--- a/pkgs/tools/admin/eksctl/default.nix
+++ b/pkgs/by-name/ek/eksctl/package.nix
@@ -6,16 +6,16 @@
 
 buildGoModule rec {
   pname = "eksctl";
-  version = "0.158.0";
+  version = "0.160.0";
 
   src = fetchFromGitHub {
     owner = "weaveworks";
     repo = pname;
     rev = version;
-    hash = "sha256-FFBWC/zgLSTrNJYx9t0lS5iPe33Zm/iIoAKmrLyaeOw=";
+    hash = "sha256-fhsv4iiUO69TenK4MIGfQcVCBeYkKBcAEVZJPoNAixk=";
   };
 
-  vendorHash = "sha256-KqrDKAU16iubJTCUQBk2T5QKbSIrcUE+ib5AEHqnpNI=";
+  vendorHash = "sha256-LiRzPJ7DBV0gsE9pJQ18l2grgk2WLkD8i83Fvr9asMM=";
 
   doCheck = false;
 
diff --git a/pkgs/data/fonts/iosevka/default.nix b/pkgs/data/fonts/iosevka/default.nix
index 83dca924516..8e33e721f97 100644
--- a/pkgs/data/fonts/iosevka/default.nix
+++ b/pkgs/data/fonts/iosevka/default.nix
@@ -55,16 +55,16 @@ assert (extraParameters != null) -> set != null;
 
 buildNpmPackage rec {
   pname = if set != null then "iosevka-${set}" else "iosevka";
-  version = "27.0.0";
+  version = "27.1.0";
 
   src = fetchFromGitHub {
     owner = "be5invis";
     repo = "iosevka";
     rev = "v${version}";
-    hash = "sha256-LXQ7F+hEsPfve9yKEYav1O+ZN7uZqK8YmMT0Pr5FQpc=";
+    hash = "sha256-KXF+ePMEwEUh0fs0cOELRmxOp9hHibDLfRdbffLcZDs=";
   };
 
-  npmDepsHash = "sha256-SAdKtX+BuU0/me4ECzrKLRJRW6LzGZO2ehAB9iWRVF8=";
+  npmDepsHash = "sha256-NfR7OUVguMZVmeumf8oRaQK28G42zy6p6K+Hx4e1Kgw=";
 
   nativeBuildInputs = [
     remarshal
diff --git a/pkgs/data/fonts/sarasa-gothic/default.nix b/pkgs/data/fonts/sarasa-gothic/default.nix
index 8d56554939f..73f2142e1e3 100644
--- a/pkgs/data/fonts/sarasa-gothic/default.nix
+++ b/pkgs/data/fonts/sarasa-gothic/default.nix
@@ -2,13 +2,13 @@
 
 stdenvNoCC.mkDerivation rec {
   pname = "sarasa-gothic";
-  version = "0.41.10";
+  version = "0.42.0";
 
   src = fetchurl {
     # Use the 'ttc' files here for a smaller closure size.
     # (Using 'ttf' files gives a closure size about 15x larger, as of November 2021.)
     url = "https://github.com/be5invis/Sarasa-Gothic/releases/download/v${version}/sarasa-gothic-ttc-${version}.7z";
-    hash = "sha256-RxXLjlWJEWaWph8jz1L1zZABYOm75MoxcI0cZJGBDvg=";
+    hash = "sha256-BZWOQQhkK+bQhS5MFIJ81unGDevp8WptPA/dOmf12xs=";
   };
 
   sourceRoot = ".";
diff --git a/pkgs/development/compilers/edk2/default.nix b/pkgs/development/compilers/edk2/default.nix
index 304ca30b522..d34ae7b8143 100644
--- a/pkgs/development/compilers/edk2/default.nix
+++ b/pkgs/development/compilers/edk2/default.nix
@@ -68,7 +68,9 @@ edk2 = stdenv.mkDerivation rec {
 
   makeFlags = [ "-C BaseTools" ];
 
-  env.NIX_CFLAGS_COMPILE = "-Wno-return-type" + lib.optionalString (stdenv.cc.isGNU) " -Wno-error=stringop-truncation";
+  env.NIX_CFLAGS_COMPILE = "-Wno-return-type"
+    + lib.optionalString (stdenv.cc.isGNU) " -Wno-error=stringop-truncation"
+    + lib.optionalString (stdenv.isDarwin) " -Wno-error=macro-redefined";
 
   hardeningDisable = [ "format" "fortify" ];
 
diff --git a/pkgs/development/libraries/cgreen/default.nix b/pkgs/development/libraries/cgreen/default.nix
index 86908c87138..60d5bc1289a 100644
--- a/pkgs/development/libraries/cgreen/default.nix
+++ b/pkgs/development/libraries/cgreen/default.nix
@@ -6,13 +6,13 @@
 
 stdenv.mkDerivation (finalAttrs: {
   pname = "cgreen";
-  version = "1.6.2";
+  version = "1.6.3";
 
   src = fetchFromGitHub {
     owner = "cgreen-devs";
     repo = "cgreen";
     rev = finalAttrs.version;
-    sha256 = "sha256-beaCoyDCERb/bdKcKS7dRQHlI0auLOStu3cZr1dhubg=";
+    sha256 = "sha256-qcOj+NlgbHCYuNsM6ngNI2fNhkCwLL6mIVkNSv9hRE8=";
   };
 
   postPatch = ''
diff --git a/pkgs/development/libraries/protobuf/3.19.nix b/pkgs/development/libraries/protobuf/3.19.nix
deleted file mode 100644
index 7ee378d8ed3..00000000000
--- a/pkgs/development/libraries/protobuf/3.19.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{ callPackage, ... } @ args:
-
-callPackage ./generic-v3.nix ({
-  version = "3.19.6";
-  sha256 = "sha256-+ul9F8tyrwk2p25Dd9ragqwpYzdxdeGjpXhLAwKYWfM=";
-} // args)
diff --git a/pkgs/development/libraries/science/math/or-tools/default.nix b/pkgs/development/libraries/science/math/or-tools/default.nix
index 55438c63a5e..8f0c930eff6 100644
--- a/pkgs/development/libraries/science/math/or-tools/default.nix
+++ b/pkgs/development/libraries/science/math/or-tools/default.nix
@@ -45,6 +45,9 @@ stdenv.mkDerivation rec {
       url = "https://github.com/google/or-tools/commit/edd1544375bd55f79168db315151a48faa548fa0.patch";
       hash = "sha256-S//1YM3IoRCp3Ghg8zMF0XXgIpVmaw4gH8cVb9eUbqM=";
     })
+    # Don't use non-existent member of string_view. Partial patch from commit
+    # https://github.com/google/or-tools/commit/c5a2fa1eb673bf652cb9ad4f5049d054b8166e17.patch
+    ./fix-stringview-compile.patch
   ];
 
   # or-tools normally attempts to build Protobuf for the build platform when
diff --git a/pkgs/development/libraries/science/math/or-tools/fix-stringview-compile.patch b/pkgs/development/libraries/science/math/or-tools/fix-stringview-compile.patch
new file mode 100644
index 00000000000..760ab80a38e
--- /dev/null
+++ b/pkgs/development/libraries/science/math/or-tools/fix-stringview-compile.patch
@@ -0,0 +1,36 @@
+diff --git a/ortools/lp_data/lp_parser.cc b/ortools/lp_data/lp_parser.cc
+index 58286306e5..bd26c019ab 100644
+--- a/ortools/lp_data/lp_parser.cc
++++ b/ortools/lp_data/lp_parser.cc
+@@ -185,7 +185,7 @@ bool LPParser::ParseIntegerVariablesList(StringPiece line) {
+ 
+ bool LPParser::ParseConstraint(StringPiece constraint) {
+   const StatusOr<ParsedConstraint> parsed_constraint_or_status =
+-      ::operations_research::glop::ParseConstraint(constraint.as_string());
++      ::operations_research::glop::ParseConstraint(constraint);
+   if (!parsed_constraint_or_status.ok()) return false;
+   const ParsedConstraint& parsed_constraint =
+       parsed_constraint_or_status.value();
+@@ -342,10 +342,9 @@ TokenType LPParser::ConsumeToken(StringPiece* sp) {
+ 
+ }  // namespace
+ 
+-StatusOr<ParsedConstraint> ParseConstraint(absl::string_view constraint_view) {
++StatusOr<ParsedConstraint> ParseConstraint(absl::string_view constraint) {
+   ParsedConstraint parsed_constraint;
+   // Get the name, if present.
+-  StringPiece constraint{constraint_view};
+   StringPiece constraint_copy{constraint};
+   std::string consumed_name;
+   Fractional consumed_coeff;
+@@ -413,8 +412,8 @@ StatusOr<ParsedConstraint> ParseConstraint(absl::string_view constraint_view) {
+     right_bound = consumed_coeff;
+     if (ConsumeToken(&constraint, &consumed_name, &consumed_coeff) !=
+         TokenType::END) {
+-      return absl::InvalidArgumentError(absl::StrCat(
+-          "End of input was expected, found: ", constraint.as_string()));
++      return absl::InvalidArgumentError(
++          absl::StrCat("End of input was expected, found: ", constraint));
+     }
+   }
+ 
diff --git a/pkgs/development/libraries/tdlib/default.nix b/pkgs/development/libraries/tdlib/default.nix
index b3802c3a451..118dc26f2f5 100644
--- a/pkgs/development/libraries/tdlib/default.nix
+++ b/pkgs/development/libraries/tdlib/default.nix
@@ -2,7 +2,7 @@
 
 stdenv.mkDerivation rec {
   pname = "tdlib";
-  version = "1.8.16";
+  version = "1.8.19";
 
   src = fetchFromGitHub {
     owner = "tdlib";
@@ -11,8 +11,8 @@ stdenv.mkDerivation rec {
     # The tdlib authors do not set tags for minor versions, but
     # external programs depending on tdlib constrain the minor
     # version, hence we set a specific commit with a known version.
-    rev = "cde095db6c75827fe4bd237039574aad373ad96b";
-    hash = "sha256-m/RN6g0GxPiSvDZbiOaJFcT2j0K7sIaVGaxKWMVn6v8=";
+    rev = "2589c3fd46925f5d57e4ec79233cd1bd0f5d0c09";
+    hash = "sha256-mbhxuJjrV3nC8Ja7N0WWF9ByHovJLmoLLuuzoU4khjU=";
   };
 
   buildInputs = [ gperf openssl readline zlib ];
diff --git a/pkgs/development/php-packages/composer/default.nix b/pkgs/development/php-packages/composer/default.nix
index d9d431aeccc..fd26cc0e484 100644
--- a/pkgs/development/php-packages/composer/default.nix
+++ b/pkgs/development/php-packages/composer/default.nix
@@ -1,4 +1,4 @@
-{ lib, callPackage, fetchFromGitHub, php, unzip, _7zz, xz, git, curl, cacert, makeBinaryWrapper }:
+{ lib, callPackage, fetchgit, php, unzip, _7zz, xz, git, curl, cacert, makeBinaryWrapper }:
 
 php.buildComposerProject (finalAttrs: {
   composer = callPackage ../../../build-support/php/pkgs/composer-phar.nix { };
@@ -6,11 +6,14 @@ php.buildComposerProject (finalAttrs: {
   pname = "composer";
   version = "2.6.4";
 
-  src = fetchFromGitHub {
-    owner = "composer";
-    repo = "composer";
+
+  # We use `fetchgit` instead of `fetchFromGitHub` to ensure the existence
+  # of the `composer.lock` file, which is omitted in the archive downloaded
+  # via `fetchFromGitHub`.
+  src = fetchgit {
+    url = "https://github.com/composer/composer.git";
     rev = finalAttrs.version;
-    hash = "sha256-o7z2GBiYjTwDQR9ZFuOOV8zsKUuGqyA52dvwTzo4hVA=";
+    hash = "sha256-8lylMfTARff+gBZpIRqttmE0jeXdJnLHZKVmqHY3p+s=";
   };
 
   nativeBuildInputs = [ makeBinaryWrapper ];
@@ -20,7 +23,7 @@ php.buildComposerProject (finalAttrs: {
       --prefix PATH : ${lib.makeBinPath [ _7zz cacert curl git unzip xz ]}
   '';
 
-  vendorHash = "sha256-S6LprixkLIbD+qqvg+eYjWsDe+jFl9NO1qWztWYKPXs=";
+  vendorHash = "sha256-SG5RsKaP7zqJY2vjvULuNdf7w6tAGh7/dlxx2Pkfj2A=";
 
   meta = {
     changelog = "https://github.com/composer/composer/releases/tag/${finalAttrs.version}";
diff --git a/pkgs/development/python-modules/auditok/default.nix b/pkgs/development/python-modules/auditok/default.nix
new file mode 100644
index 00000000000..459662df15d
--- /dev/null
+++ b/pkgs/development/python-modules/auditok/default.nix
@@ -0,0 +1,44 @@
+{ buildPythonPackage
+, fetchPypi
+, lib
+, matplotlib
+, numpy
+, pyaudio
+, pydub
+, pythonOlder
+, unittestCheckHook
+}:
+
+buildPythonPackage rec {
+  pname = "auditok";
+  version = "0.1.5";
+  format = "setuptools";
+
+  disabled = pythonOlder "3.7";
+
+  src = fetchPypi {
+    inherit version;
+    pname = "auditok";
+    hash = "sha256-HNsw9VLP7XEgs8E2X6p7ygDM47AwWxMYjptipknFig4=";
+  };
+
+  propagatedBuildInputs = [ matplotlib numpy pyaudio pydub ];
+
+  nativeCheckInputs = [ unittestCheckHook ];
+
+  unittestFlagsArray = [ "-s" "tests" ];
+
+  pythonImportsCheck = [ "auditok" ];
+
+  # The most recent version is 0.2.0, but the only dependent package is
+  # ffsubsync, which is pinned at 0.1.5.
+  passthru.skipBulkUpdate = true;
+
+  meta = with lib; {
+    description = "Audio Activity Detection tool that can process online data as well as audio files";
+    homepage = "https://github.com/amsehili/auditok/";
+    changelog = "https://github.com/amsehili/auditok/blob/v${version}/CHANGELOG";
+    license = licenses.mit;
+    maintainers = with maintainers; [ Benjamin-L ];
+  };
+}
diff --git a/pkgs/development/python-modules/coinmetrics-api-client/default.nix b/pkgs/development/python-modules/coinmetrics-api-client/default.nix
index b935abdaeb0..967bcab909d 100644
--- a/pkgs/development/python-modules/coinmetrics-api-client/default.nix
+++ b/pkgs/development/python-modules/coinmetrics-api-client/default.nix
@@ -18,7 +18,7 @@
 
 buildPythonPackage rec {
   pname = "coinmetrics-api-client";
-  version = "2023.9.11.14";
+  version = "2023.9.29.14";
   format = "pyproject";
 
   disabled = pythonOlder "3.9";
@@ -28,7 +28,7 @@ buildPythonPackage rec {
   src = fetchPypi {
     inherit version;
     pname = "coinmetrics_api_client";
-    hash = "sha256-hp1z8XvK02M+AMMKB9pox6yVWBhxcxtiZEL3oPkj/7k=";
+    hash = "sha256-88tNPg/0U5ZC2OvH8Bh9EzKzRFF2YClS2tyrswBaUZw=";
   };
 
   pythonRelaxDeps = [
diff --git a/pkgs/development/python-modules/dctorch/default.nix b/pkgs/development/python-modules/dctorch/default.nix
new file mode 100644
index 00000000000..d44d00629cf
--- /dev/null
+++ b/pkgs/development/python-modules/dctorch/default.nix
@@ -0,0 +1,42 @@
+{ lib
+, buildPythonPackage
+, fetchPypi
+, poetry-core
+, numpy
+, scipy
+, torch
+}:
+
+buildPythonPackage rec {
+  pname = "dctorch";
+  version = "0.1.2";
+  pyproject = true;
+
+  src = fetchPypi {
+    inherit pname version;
+    hash = "sha256-TmfLAkiofrQNWYBhIlY4zafbZPgFftISCGloO/rlEG4=";
+  };
+
+  nativeBuildInputs = [
+    poetry-core
+  ];
+
+  propagatedBuildInputs = [
+    numpy
+    scipy
+    torch
+  ];
+
+  pythonImportsCheck = [
+    "dctorch"
+  ];
+
+  doCheck = false; # no tests
+
+  meta = with lib; {
+    description = "Fast discrete cosine transforms for pytorch";
+    homepage = "https://pypi.org/project/dctorch/";
+    license = licenses.mit;
+    maintainers = teams.tts.members;
+  };
+}
diff --git a/pkgs/development/python-modules/garth/default.nix b/pkgs/development/python-modules/garth/default.nix
index a0cdc5fd973..c67a6bf1861 100644
--- a/pkgs/development/python-modules/garth/default.nix
+++ b/pkgs/development/python-modules/garth/default.nix
@@ -12,14 +12,14 @@
 
 buildPythonPackage rec {
   pname = "garth";
-  version = "0.4.32";
+  version = "0.4.34";
   format = "pyproject";
 
   disabled = pythonOlder "3.9";
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-SVd+yWapVIQnSG5W6u83XpIK8iugXTc6b0zO7+U572c=";
+    hash = "sha256-R8HuC+Eg1GuasxtFGqEjyTYxZJMTp8GTnD2bk6pntA0=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/development/python-modules/hahomematic/default.nix b/pkgs/development/python-modules/hahomematic/default.nix
index 65af6047339..d1e3a50a0b4 100644
--- a/pkgs/development/python-modules/hahomematic/default.nix
+++ b/pkgs/development/python-modules/hahomematic/default.nix
@@ -2,6 +2,7 @@
 , aiohttp
 , buildPythonPackage
 , fetchFromGitHub
+, freezegun
 , orjson
 , pydevccu
 , pytest-aiohttp
@@ -17,7 +18,7 @@
 
 buildPythonPackage rec {
   pname = "hahomematic";
-  version = "2023.9.5";
+  version = "2023.9.8";
   format = "pyproject";
 
   disabled = pythonOlder "3.11";
@@ -26,7 +27,7 @@ buildPythonPackage rec {
     owner = "danielperna84";
     repo = pname;
     rev = "refs/tags/${version}";
-    hash = "sha256-bs9rAlEgRYjQ2vEPfGxWo4sAn48hiC3IFh9VKVY33KY=";
+    hash = "sha256-g8ddWQzfwvKx2bLh8c+RRwlk/QJWbCxOqseZE+AcTXg=";
   };
 
   postPatch = ''
@@ -48,6 +49,7 @@ buildPythonPackage rec {
   ];
 
   nativeCheckInputs = [
+    freezegun
     pydevccu
     pytest-aiohttp
     pytestCheckHook
diff --git a/pkgs/development/python-modules/k-diffusion/default.nix b/pkgs/development/python-modules/k-diffusion/default.nix
index 55a3ce36f80..272f2d5fc48 100644
--- a/pkgs/development/python-modules/k-diffusion/default.nix
+++ b/pkgs/development/python-modules/k-diffusion/default.nix
@@ -3,13 +3,15 @@
 , buildPythonPackage
 , clean-fid
 , clip-anytorch
+, dctorch
 , einops
 , fetchFromGitHub
 , jsonmerge
 , kornia
 , pillow
 , pythonOlder
-, resize-right
+, rotary-embedding-torch
+, safetensors
 , scikit-image
 , scipy
 , torch
@@ -22,7 +24,7 @@
 
 buildPythonPackage rec {
   pname = "k-diffusion";
-  version = "0.0.16";
+  version = "0.1.0";
   format = "setuptools";
 
   disabled = pythonOlder "3.7";
@@ -31,20 +33,22 @@ buildPythonPackage rec {
     owner = "crowsonkb";
     repo = "k-diffusion";
     rev = "refs/tags/v${version}";
-    hash = "sha256-tOWDFt0/hGZF5HENiHPb9a2pBlXdSvDvCNTsCMZljC4=";
+    hash = "sha256-jcIA0HfEnVHk9XDXPevGBw81GsXlm1Ztp8ceNirShEA=";
   };
 
   propagatedBuildInputs = [
     accelerate
     clean-fid
     clip-anytorch
+    dctorch
     einops
     jsonmerge
     kornia
     pillow
-    resize-right
+    rotary-embedding-torch
     scikit-image
     scipy
+    safetensors
     torch
     torchdiffeq
     torchsde
diff --git a/pkgs/development/python-modules/mecab-python3/default.nix b/pkgs/development/python-modules/mecab-python3/default.nix
index e5943b186dd..878f85600dd 100644
--- a/pkgs/development/python-modules/mecab-python3/default.nix
+++ b/pkgs/development/python-modules/mecab-python3/default.nix
@@ -9,14 +9,14 @@
 
 buildPythonPackage rec {
   pname = "mecab-python3";
-  version = "1.0.7";
+  version = "1.0.8";
   format = "setuptools";
 
   disabled = pythonOlder "3.7";
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-2ZM79P2UQmD1i0Ifhjm7wRIEE9Hz/N6MVQlyIdwT1R0=";
+    hash = "sha256-cJiLqyY2lkVvddPYkQx1rqR3qdCAVK1++FvlRw3T9ls=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/development/python-modules/millheater/default.nix b/pkgs/development/python-modules/millheater/default.nix
index adf1eca9d57..7f2fe358c2f 100644
--- a/pkgs/development/python-modules/millheater/default.nix
+++ b/pkgs/development/python-modules/millheater/default.nix
@@ -8,7 +8,7 @@
 
 buildPythonPackage rec {
   pname = "millheater";
-  version = "0.11.5";
+  version = "0.11.6";
   format = "setuptools";
 
   disabled = pythonOlder "3.10";
@@ -17,7 +17,7 @@ buildPythonPackage rec {
     owner = "Danielhiversen";
     repo = "pymill";
     rev = "refs/tags/${version}";
-    hash = "sha256-rDEzMxXsbHvxAmPx1IFC5S8jG8LO8TNuNq/ISkdPWsU=";
+    hash = "sha256-qd9JuZv1utwL523eiQ79P3hXuVQ8+teTatOJCtI6v00=";
   };
 
   propagatedBuildInputs = [
diff --git a/pkgs/development/python-modules/oauthenticator/default.nix b/pkgs/development/python-modules/oauthenticator/default.nix
index 37f7a1e44c2..dce4276d57c 100644
--- a/pkgs/development/python-modules/oauthenticator/default.nix
+++ b/pkgs/development/python-modules/oauthenticator/default.nix
@@ -14,14 +14,14 @@
 
 buildPythonPackage rec {
   pname = "oauthenticator";
-  version = "16.0.7";
+  version = "16.1.0";
   format = "setuptools";
 
   disabled = pythonOlder "3.7";
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-opF7HdTJX4M7gTgB0VyWyyG/DO7lrVTvTcxMBX3a6UE=";
+    hash = "sha256-7JkV4idZ/euYGGPTg6I+pw2nNOuttmGJMlz3NvJO9Rw=";
   };
 
   postPatch = ''
diff --git a/pkgs/development/python-modules/pyctr/default.nix b/pkgs/development/python-modules/pyctr/default.nix
index 990d2457087..7f1a8d6d01b 100644
--- a/pkgs/development/python-modules/pyctr/default.nix
+++ b/pkgs/development/python-modules/pyctr/default.nix
@@ -1,24 +1,35 @@
-{ lib, buildPythonPackage, fetchPypi, pythonOlder
-, pycryptodomex }:
+{ lib
+, buildPythonPackage
+, fetchPypi
+, pythonOlder
+, pycryptodomex
+}:
 
 buildPythonPackage rec {
   pname = "pyctr";
-  version = "0.7.0";
+  version = "0.7.1";
+  format = "setuptools";
+
   disabled = pythonOlder "3.7";
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-N5jRGLwALhv6uzaw1E8vQwut4qpnJ+u5PdsCX2T0pcA=";
+    hash = "sha256-SnCps5nzrl+dkbloRbjhaOGDzKOsi8OHX2JXgoJ/XG0=";
   };
 
-  propagatedBuildInputs = [ pycryptodomex ];
+  propagatedBuildInputs = [
+    pycryptodomex
+  ];
 
-  pythonImportsCheck = [ "pyctr" ];
+  pythonImportsCheck = [
+    "pyctr"
+  ];
 
   meta = with lib; {
     description = "Python library to interact with Nintendo 3DS files";
+    homepage = "https://github.com/ihaveamac/pyctr";
+    changelog = "https://github.com/ihaveamac/pyctr/blob/v${version}/CHANGELOG.md";
     license = licenses.mit;
     maintainers = with maintainers; [ rileyinman ];
-    homepage = "https://github.com/ihaveamac/pyctr";
   };
 }
diff --git a/pkgs/development/python-modules/pymyq/default.nix b/pkgs/development/python-modules/pymyq/default.nix
index a95451182ca..23400825527 100644
--- a/pkgs/development/python-modules/pymyq/default.nix
+++ b/pkgs/development/python-modules/pymyq/default.nix
@@ -10,7 +10,7 @@
 
 buildPythonPackage rec {
   pname = "pymyq";
-  version = "3.1.9";
+  version = "3.1.10";
   pyproject = true;
 
   disabled = pythonOlder "3.8";
@@ -19,7 +19,7 @@ buildPythonPackage rec {
     owner = "Python-MyQ";
     repo = "Python-MyQ";
     rev = "refs/tags/v${version}";
-    hash = "sha256-7fGm7VGE9D6vmQkNmiB52+il3GE/rTqTqxqAORy88l4=";
+    hash = "sha256-rHe7iBk+u+HHnBPdN+fX9FdFhBMYjtit1Z9AYXZ9EHI=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/development/python-modules/pytablewriter/default.nix b/pkgs/development/python-modules/pytablewriter/default.nix
index d78fd1e7f18..8dff8bd886b 100644
--- a/pkgs/development/python-modules/pytablewriter/default.nix
+++ b/pkgs/development/python-modules/pytablewriter/default.nix
@@ -23,7 +23,7 @@
 
 buildPythonPackage rec {
   pname = "pytablewriter";
-  version = "1.0.0";
+  version = "1.1.0";
   format = "pyproject";
 
   disabled = pythonOlder "3.7";
@@ -32,7 +32,7 @@ buildPythonPackage rec {
     owner = "thombashi";
     repo = pname;
     rev = "refs/tags/v${version}";
-    hash = "sha256-VDx7/kKRBho4oWvUXYe5K9CC4vUCDs91G05Wlpa47OE=";
+    hash = "sha256-bxqSZUEG3upWoXt1mo8GI9yd8FHAm111mOGSCCMRVYI=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/development/python-modules/python-roborock/default.nix b/pkgs/development/python-modules/python-roborock/default.nix
index 037fc14b1c7..f5a5eefd5c9 100644
--- a/pkgs/development/python-modules/python-roborock/default.nix
+++ b/pkgs/development/python-modules/python-roborock/default.nix
@@ -20,7 +20,7 @@
 
 buildPythonPackage rec {
   pname = "python-roborock";
-  version = "0.34.0";
+  version = "0.34.5";
   format = "pyproject";
 
   disabled = pythonOlder "3.10";
@@ -29,7 +29,7 @@ buildPythonPackage rec {
     owner = "humbertogontijo";
     repo = "python-roborock";
     rev = "refs/tags/v${version}";
-    hash = "sha256-WLnMc2UQyjHaHRms6SEdF/TSum3Cf5NC3SGXHtGj6d0=";
+    hash = "sha256-BJZ24TfdIybSzLLWn7+vRMaxnBKVZSzCNLzKFaFvhok=";
   };
 
   postPatch = ''
diff --git a/pkgs/development/python-modules/python-utils/default.nix b/pkgs/development/python-modules/python-utils/default.nix
index 499a7660664..30803442d08 100644
--- a/pkgs/development/python-modules/python-utils/default.nix
+++ b/pkgs/development/python-modules/python-utils/default.nix
@@ -11,7 +11,7 @@
 
 buildPythonPackage rec {
   pname = "python-utils";
-  version = "3.7.0";
+  version = "3.8.1";
   format = "setuptools";
 
   disabled = pythonOlder "3.8";
@@ -20,7 +20,7 @@ buildPythonPackage rec {
     owner = "WoLpH";
     repo = pname;
     rev = "refs/tags/v${version}";
-    hash = "sha256-WSP5LQQZnm9k0v/xbsUHgQiwmhcb2Uw9BQurC1ieMjI=";
+    hash = "sha256-HoKdMDs67lsuVRb5d51wx6qyEjEM973yD6O6qMO+7MI=";
   };
 
   postPatch = ''
diff --git a/pkgs/development/python-modules/rapidfuzz/default.nix b/pkgs/development/python-modules/rapidfuzz/default.nix
index f1551478dfa..f640012d9a5 100644
--- a/pkgs/development/python-modules/rapidfuzz/default.nix
+++ b/pkgs/development/python-modules/rapidfuzz/default.nix
@@ -55,9 +55,9 @@ buildPythonPackage rec {
     "-fno-lto"  # work around https://github.com/NixOS/nixpkgs/issues/19098
   ]);
 
-  propagatedBuildInputs = [
-    numpy
-  ];
+  passthru.optional-dependencies = {
+    full = [ numpy ];
+  };
 
   preCheck = ''
     export RAPIDFUZZ_IMPLEMENTATION=cpp
diff --git a/pkgs/development/python-modules/rotary-embedding-torch/default.nix b/pkgs/development/python-modules/rotary-embedding-torch/default.nix
new file mode 100644
index 00000000000..83b21e5b782
--- /dev/null
+++ b/pkgs/development/python-modules/rotary-embedding-torch/default.nix
@@ -0,0 +1,48 @@
+{ lib
+, buildPythonPackage
+, fetchFromGitHub
+
+# build-system
+, setuptools
+, wheel
+
+# dependencies
+, einops
+, torch
+}:
+
+buildPythonPackage rec {
+  pname = "rotary-embedding-torch";
+  version = "0.3.0";
+  pyproject = true;
+
+  src = fetchFromGitHub {
+    owner = "lucidrains";
+    repo = "rotary-embedding-torch";
+    rev = version;
+    hash = "sha256-fGyBBPfvVq1iZ2m2NNjmHSK+iy76N/09Pt11YDyOyN4=";
+  };
+
+  nativeBuildInputs = [
+    setuptools
+    wheel
+  ];
+
+  propagatedBuildInputs = [
+    einops
+    torch
+  ];
+
+  pythonImportsCheck = [
+    "rotary_embedding_torch"
+  ];
+
+  doCheck = false; # no tests
+
+  meta = with lib; {
+    description = "Implementation of Rotary Embeddings, from the Roformer paper, in Pytorch";
+    homepage = "https://github.com/lucidrains/rotary-embedding-torch";
+    license = licenses.mit;
+    maintainers = teams.tts.members;
+  };
+}
diff --git a/pkgs/development/python-modules/srsly/default.nix b/pkgs/development/python-modules/srsly/default.nix
index b9abe30062b..c3549ca3df0 100644
--- a/pkgs/development/python-modules/srsly/default.nix
+++ b/pkgs/development/python-modules/srsly/default.nix
@@ -15,14 +15,14 @@
 
 buildPythonPackage rec {
   pname = "srsly";
-  version = "2.4.7";
+  version = "2.4.8";
   format = "pyproject";
 
   disabled = pythonOlder "3.6";
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-k8LMRYh3gmHMsj3QVDsk3tgQFd2KtOwTfNfQSWUDXQg=";
+    hash = "sha256-sk2VplAJwkR+C0nNoEOsU/7PTwnjWNh6V0RkWPkbipE=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/development/python-modules/steamodd/default.nix b/pkgs/development/python-modules/steamodd/default.nix
index 7db250e5ac3..edc489b297e 100644
--- a/pkgs/development/python-modules/steamodd/default.nix
+++ b/pkgs/development/python-modules/steamodd/default.nix
@@ -1,17 +1,19 @@
 { lib
 , buildPythonPackage
-, fetchPypi
+, fetchFromGitHub
 }:
 
 buildPythonPackage rec {
   pname = "steamodd";
-  version = "4.23";
+  version = "5.0";
 
   format = "setuptools";
 
-  src = fetchPypi {
-    inherit pname version;
-    sha256 = "b95b288a8249937b9183539eef76563a6b1df286a1db04f25141e46d8814eae9";
+  src = fetchFromGitHub {
+    owner = "Lagg";
+    repo = "steamodd";
+    rev = "refs/tags/v${version}";
+    hash = "sha256-ySAyCOI1ISuBQ/5+UHSQVji76ZDRGjdVwlBAY9tnSmE=";
   };
 
   # tests require API key
diff --git a/pkgs/development/python-modules/tempest/default.nix b/pkgs/development/python-modules/tempest/default.nix
index 8f6b8c7552f..3c8217239f2 100644
--- a/pkgs/development/python-modules/tempest/default.nix
+++ b/pkgs/development/python-modules/tempest/default.nix
@@ -30,14 +30,14 @@
 
 buildPythonPackage rec {
   pname = "tempest";
-  version = "35.0.0";
+  version = "36.0.0";
   format = "setuptools";
 
   disabled = pythonOlder "3.8";
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-TKGgOAOqa+1f3yXIkWxt2bVx4UT/IfQpc9rNB4fLkw0=";
+    hash = "sha256-97Z5C7IluOXSkkUamFuljzzvD3QxdHZ/p8mXE9jW/2I=";
   };
 
   propagatedBuildInputs = [
diff --git a/pkgs/development/python-modules/tifffile/default.nix b/pkgs/development/python-modules/tifffile/default.nix
index 95ccd7185fd..1b9582a71c8 100644
--- a/pkgs/development/python-modules/tifffile/default.nix
+++ b/pkgs/development/python-modules/tifffile/default.nix
@@ -55,6 +55,9 @@ buildPythonPackage rec {
     "tifffile"
   ];
 
+  # flaky, often killed due to OOM or timeout
+  env.SKIP_LARGE = "1";
+
   meta = with lib; {
     description = "Read and write image data from and to TIFF files";
     homepage = "https://github.com/cgohlke/tifffile/";
diff --git a/pkgs/development/python-modules/types-requests/default.nix b/pkgs/development/python-modules/types-requests/default.nix
index 79e7ca35db6..0bbee57a78e 100644
--- a/pkgs/development/python-modules/types-requests/default.nix
+++ b/pkgs/development/python-modules/types-requests/default.nix
@@ -6,12 +6,12 @@
 
 buildPythonPackage rec {
   pname = "types-requests";
-  version = "2.31.0.6";
+  version = "2.31.0.7";
   format = "setuptools";
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-zXTOO1PEYfEiipt4OSmsc6ZmZY8iPijtKXU3cUd7O9A=";
+    hash = "sha256-TZMNyrvCRS49cHKOWBrErIwtE/YlCa2RFGc/VCr4y04=";
   };
 
   propagatedBuildInputs = [
diff --git a/pkgs/development/python-modules/webauthn/default.nix b/pkgs/development/python-modules/webauthn/default.nix
index 2ef7d52e2a3..57c7857ca71 100644
--- a/pkgs/development/python-modules/webauthn/default.nix
+++ b/pkgs/development/python-modules/webauthn/default.nix
@@ -11,7 +11,7 @@
 
 buildPythonPackage rec {
   pname = "webauthn";
-  version = "1.10.1";
+  version = "1.11.0";
   format = "setuptools";
 
   disabled = pythonOlder "3.7";
@@ -20,7 +20,7 @@ buildPythonPackage rec {
     owner = "duo-labs";
     repo = "py_webauthn";
     rev = "refs/tags/v${version}";
-    hash = "sha256-ZfHFyjdZeKuKX/aokhB6L93HbBFnlrvuJZ2V4uRmNck=";
+    hash = "sha256-mZBnTmjlmR9jOOmu6uY114UZpm05ny2ZMEF0NXhVrME=";
   };
 
   propagatedBuildInputs = [
diff --git a/pkgs/development/tools/analysis/flow/default.nix b/pkgs/development/tools/analysis/flow/default.nix
index 8aa6e7e0744..47b28f3b019 100644
--- a/pkgs/development/tools/analysis/flow/default.nix
+++ b/pkgs/development/tools/analysis/flow/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "flow";
-  version = "0.217.0";
+  version = "0.217.2";
 
   src = fetchFromGitHub {
     owner = "facebook";
     repo = "flow";
     rev = "v${version}";
-    sha256 = "sha256-QMgxic8fx7/Beahu8xyE247syLWgq1LZb3I5UdZp2XM=";
+    sha256 = "sha256-0Zu4uPxNDUUeyOLrjdQaCdiRbngtCtHx1qIqtLBmCdA=";
   };
 
   postPatch = ''
diff --git a/pkgs/development/tools/build-managers/buck2/default.nix b/pkgs/development/tools/build-managers/buck2/default.nix
index 24a7db6b224..7fa99a96226 100644
--- a/pkgs/development/tools/build-managers/buck2/default.nix
+++ b/pkgs/development/tools/build-managers/buck2/default.nix
@@ -38,7 +38,7 @@ let
   buildHashes = builtins.fromJSON (builtins.readFile ./hashes.json);
 
   # our version of buck2; this should be a git tag
-  version = "2023-09-15";
+  version = "2023-10-01";
 
   # the platform-specific, statically linked binary — which is also
   # zstd-compressed
@@ -63,7 +63,7 @@ let
   # tooling
   prelude-src =
     let
-      prelude-hash = "1cdbe261a4e669d9bb25bac5617b17919b2bb05c";
+      prelude-hash = "75aa81a92edd2bf477538f9a3f0fe6a47e811842";
       name = "buck2-prelude-${version}.tar.gz";
       hash = buildHashes."_prelude";
       url = "https://github.com/facebook/buck2-prelude/archive/${prelude-hash}.tar.gz";
diff --git a/pkgs/development/tools/build-managers/buck2/hashes.json b/pkgs/development/tools/build-managers/buck2/hashes.json
index 8fafcf99bc5..53df40eb622 100644
--- a/pkgs/development/tools/build-managers/buck2/hashes.json
+++ b/pkgs/development/tools/build-managers/buck2/hashes.json
@@ -1,7 +1,7 @@
 { "_comment": "@generated by pkgs/development/tools/build-managers/buck2/update.sh"
-, "_prelude": "sha256-M+QlMVemxkdajUEnsLzvkFyZ6rW59n2uFafftDze0tc="
-, "x86_64-linux": "sha256-cMHNeR6jdYiumJZgNQviCNtzv3DfvJISG6AbWdQYquo="
-, "x86_64-darwin": "sha256-03QD4rXmBgEY95b63Yzimhj7sRoeEomT3N5n0xYzweU="
-, "aarch64-linux": "sha256-nATdxVVNH7RVJ7ck3tDjcf4Ask0aZkH1sy/2eKtJpKM="
-, "aarch64-darwin": "sha256-+l0W5918KRYwBi/5pqSr10RaVH79QT5qx/cZRDaZ0EY="
+, "_prelude": "sha256-SshYnziEP/2jdoeLZYkQOvH56VBOJZaf0TUt++tLO1U="
+, "x86_64-linux": "sha256-eztjSDjgtXZWeDSPsKNSUGlIR+g8DsByIjDpcGNXB2s="
+, "x86_64-darwin": "sha256-buC0mShgDPU1+oeuNdjP6hNq1MoJDIPaEHCGL+Rcsr8="
+, "aarch64-linux": "sha256-52Ld12TzC51OutjZY+idpd7GhFr2tPksz1pda4F9Zag="
+, "aarch64-darwin": "sha256-b9peYBF9FZbSdMiwC8E/+y15pWlFe37/Euj5v8q3v1E="
 }
diff --git a/pkgs/development/tools/fsautocomplete/default.nix b/pkgs/development/tools/fsautocomplete/default.nix
index beb21a02749..8b5d1477919 100644
--- a/pkgs/development/tools/fsautocomplete/default.nix
+++ b/pkgs/development/tools/fsautocomplete/default.nix
@@ -5,13 +5,13 @@ let
 in
 buildDotnetModule rec {
   pname = "fsautocomplete";
-  version = "0.63.1";
+  version = "0.64.0";
 
   src = fetchFromGitHub {
     owner = "fsharp";
     repo = "FsAutoComplete";
     rev = "v${version}";
-    sha256 = "sha256-+ymdt0FPrhZu5mUjRHhfzMtROX0eBVYsAOiB6g06mn0=";
+    sha256 = "sha256-C01CsGHRy0/FFEofEN8xLM/QgnMI8aq2tr4qkEbxlsQ=";
   };
 
   nugetDeps = ./deps.nix;
diff --git a/pkgs/development/tools/fsautocomplete/deps.nix b/pkgs/development/tools/fsautocomplete/deps.nix
index 3833946651c..ecf2396eb9d 100644
--- a/pkgs/development/tools/fsautocomplete/deps.nix
+++ b/pkgs/development/tools/fsautocomplete/deps.nix
@@ -39,7 +39,7 @@
   (fetchNuGet { pname = "Fake.IO.Zip"; version = "5.23.1"; sha256 = "0iac86jlxb5bwgiich3zzvr7bz5aw8xq53ly263mwxhv9lrsd815"; })
   (fetchNuGet { pname = "Fake.Net.Http"; version = "5.23.1"; sha256 = "1g0dpxi5b78qh7myz09pmjxzb0iblj3rqx5mpaammbppbbazvzdk"; })
   (fetchNuGet { pname = "Fake.Tools.Git"; version = "5.23.1"; sha256 = "0cg1sbp7zl1d18cjhbs94ix8580hr6gyaxjw17q246lbaj9bfg8l"; })
-  (fetchNuGet { pname = "fantomas"; version = "6.1.0"; sha256 = "0qk983ybs66infm6q60qsn6sl9i17i6rjavsygcld6w3vfzza9kx"; })
+  (fetchNuGet { pname = "fantomas"; version = "6.2.0"; sha256 = "0jmr63c2a4maf1blcsiyxz9najrc31xk1ignc7j7l2sswis6hx7k"; })
   (fetchNuGet { pname = "Fantomas.Client"; version = "0.9.0"; sha256 = "1zixwk61fyk7y9q6f8266kwxi6byr8fmyp1lf57qhbbvhq2waj9d"; })
   (fetchNuGet { pname = "Fantomas.Core"; version = "6.2.0"; sha256 = "07yl2hr06zk1nl66scm24di3nf1zbrnd6329prwirnv370rz4q92"; })
   (fetchNuGet { pname = "Fantomas.FCS"; version = "6.2.0"; sha256 = "1hhsa7hbxsm2d8ap4sqzwlzjmf4wsgg74i731rprr0nshjvd8ic7"; })
diff --git a/pkgs/development/tools/misc/terramate/default.nix b/pkgs/development/tools/misc/terramate/default.nix
index 92de3805149..b6efe2732dc 100644
--- a/pkgs/development/tools/misc/terramate/default.nix
+++ b/pkgs/development/tools/misc/terramate/default.nix
@@ -6,13 +6,13 @@
 
 buildGoModule rec {
   pname = "terramate";
-  version = "0.4.1";
+  version = "0.4.2";
 
   src = fetchFromGitHub {
     owner = "terramate-io";
     repo = "terramate";
     rev = "v${version}";
-    hash = "sha256-bi/O4yG9m8uefY9CSn3yFmotxlFZz53cJG8SI1Zk1/4=";
+    hash = "sha256-aOKUC1FtDDhdUbPUSLW6GrSwh6r29Y2ObC6y487W4Zc=";
   };
 
   vendorHash = "sha256-gl5xsaSkGXlh+MfieVBPHGAbYZVF3GBbIkmvVhlJvqw=";
diff --git a/pkgs/development/tools/regclient/default.nix b/pkgs/development/tools/regclient/default.nix
index 383410de870..81969db7771 100644
--- a/pkgs/development/tools/regclient/default.nix
+++ b/pkgs/development/tools/regclient/default.nix
@@ -4,16 +4,16 @@ let bins = [ "regbot" "regctl" "regsync" ]; in
 
 buildGoModule rec {
   pname = "regclient";
-  version = "0.5.1";
+  version = "0.5.2";
   tag = "v${version}";
 
   src = fetchFromGitHub {
     owner = "regclient";
     repo = "regclient";
     rev = tag;
-    sha256 = "sha256-mlwEUVMUXK2V8jzwDb51xjJElHhqioAsbq65R7rNS/Q=";
+    sha256 = "sha256-PC3eHTmhjNjf3ENeP3ODrR2Ynlzg4FqJL6L8cKvD67A=";
   };
-  vendorHash = "sha256-AeC5Zv30BLkqaAPnWDrpGaJnhFoNJ9UgQaLEUmqXgb0=";
+  vendorHash = "sha256-OPB/xGdaq1yv4ATrKbLcqqJj84s0cYrJdmKFHZ3EkHY=";
 
   outputs = [ "out" ] ++ bins;
 
diff --git a/pkgs/development/tools/zsv/default.nix b/pkgs/development/tools/zsv/default.nix
index 7c262ba2035..64782c22523 100644
--- a/pkgs/development/tools/zsv/default.nix
+++ b/pkgs/development/tools/zsv/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "zsv";
-  version = "0.3.6-alpha";
+  version = "0.3.7-alpha";
 
   src = fetchFromGitHub {
     owner = "liquidaty";
     repo = "zsv";
     rev = "v${version}";
-    hash = "sha256-P4xgWmNPBmuB87jsQvoyuRFCYkD4n/mTd04ZPfaf5ZE=";
+    hash = "sha256-1eyGy6StFKFisyxTV9EuAwV1ZhuGnN0/STwVo/xmXNw=";
   };
 
   nativeBuildInputs = [ perl ];
@@ -22,6 +22,7 @@ stdenv.mkDerivation rec {
   meta = with lib; {
     description = "World's fastest (simd) CSV parser, with an extensible CLI";
     homepage = "https://github.com/liquidaty/zsv";
+    changelog = "https://github.com/liquidaty/zsv/releases/tag/v${version}";
     license = licenses.mit;
     maintainers = with maintainers; [ marsam ];
     platforms = platforms.all;
diff --git a/pkgs/os-specific/linux/kernel/xanmod-kernels.nix b/pkgs/os-specific/linux/kernel/xanmod-kernels.nix
index a9aa8cb95b0..ed9501f91fb 100644
--- a/pkgs/os-specific/linux/kernel/xanmod-kernels.nix
+++ b/pkgs/os-specific/linux/kernel/xanmod-kernels.nix
@@ -3,14 +3,14 @@
 let
   # These names are how they are designated in https://xanmod.org.
   ltsVariant = {
-    version = "6.1.54";
-    hash = "sha256-sAVWtpR0fzBcLR82MFREG4Qv/JEXyJ+5MZ/XDVE0fu8=";
+    version = "6.1.55";
+    hash = "sha256-kmiMbzH1hyteicjk1WfCQPYhLsVAbl1t5LJ83rUNZ1k=";
     variant = "lts";
   };
 
   mainVariant = {
-    version = "6.5.4";
-    hash = "sha256-zT+aU/pOtKgzVOH5Xg4qd88RcDVBmO4af/rgrkUrnfw=";
+    version = "6.5.5";
+    hash = "sha256-XjSuhZ5ooXOVllKc29Pd+PlOK6OtcgVMVFzxOx5nkIw=";
     variant = "main";
   };
 
diff --git a/pkgs/os-specific/linux/kernel/zen-kernels.nix b/pkgs/os-specific/linux/kernel/zen-kernels.nix
index 13c8ca22c4e..2006b8f1e6d 100644
--- a/pkgs/os-specific/linux/kernel/zen-kernels.nix
+++ b/pkgs/os-specific/linux/kernel/zen-kernels.nix
@@ -12,8 +12,8 @@ let
   # ./update-zen.py lqx
   lqxVariant = {
     version = "6.5.5"; #lqx
-    suffix = "lqx1"; #lqx
-    sha256 = "1sr23yjwl7sh58s5f9yy9ld163c5lm0qbn0gqg8bnkshx08r39h8"; #lqx
+    suffix = "lqx2"; #lqx
+    sha256 = "18gji7l3mgm8z0vi99q5xzrmpmw7jm1sqm2mc6abs51bi5vwir09"; #lqx
     isLqx = true;
   };
   zenKernelsFor = { version, suffix, sha256, isLqx }: buildLinux (args // {
diff --git a/pkgs/servers/http/dufs/default.nix b/pkgs/servers/http/dufs/default.nix
index 77425c08b5b..89058fd2171 100644
--- a/pkgs/servers/http/dufs/default.nix
+++ b/pkgs/servers/http/dufs/default.nix
@@ -1,6 +1,7 @@
 { lib
 , rustPlatform
 , fetchFromGitHub
+, installShellFiles
 , stdenv
 , darwin
 }:
@@ -18,6 +19,8 @@ rustPlatform.buildRustPackage rec {
 
   cargoHash = "sha256-HZiWmqIh21b12DP+hnx1pWBWgSa5j71kp6GCRKGMHv0=";
 
+  nativeBuildInputs = [ installShellFiles ];
+
   buildInputs = lib.optionals stdenv.isDarwin [
     darwin.apple_sdk.frameworks.Security
   ];
@@ -30,6 +33,13 @@ rustPlatform.buildRustPackage rec {
     "--skip=validate_printed_urls"
   ];
 
+  postInstall = ''
+    installShellCompletion --cmd dufs \
+      --bash <($out/bin/dufs --completions bash) \
+      --fish <($out/bin/dufs --completions fish) \
+      --zsh <($out/bin/dufs --completions zsh)
+  '';
+
   meta = with lib; {
     description = "A file server that supports static serving, uploading, searching, accessing control, webdav";
     homepage = "https://github.com/sigoden/dufs";
diff --git a/pkgs/servers/monitoring/nagios/plugins/check_ssl_cert.nix b/pkgs/servers/monitoring/nagios/plugins/check_ssl_cert.nix
index be77ae10240..8a42cec07a8 100644
--- a/pkgs/servers/monitoring/nagios/plugins/check_ssl_cert.nix
+++ b/pkgs/servers/monitoring/nagios/plugins/check_ssl_cert.nix
@@ -17,13 +17,13 @@
 
 stdenv.mkDerivation rec {
   pname = "check_ssl_cert";
-  version = "2.74.0";
+  version = "2.75.0";
 
   src = fetchFromGitHub {
     owner = "matteocorti";
     repo = "check_ssl_cert";
     rev = "refs/tags/v${version}";
-    hash = "sha256-LOvJXF8J11uL70fPs2r48mGFkxqjIgMvtDn0Xrt5myE=";
+    hash = "sha256-Tz1ogwht6MCRUM4Knr7Ka0VNN2yUmh/lQrJNdPEUMiI=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/servers/monitoring/prometheus/wireguard-exporter.nix b/pkgs/servers/monitoring/prometheus/wireguard-exporter.nix
index 14920ea035f..d810633c17f 100644
--- a/pkgs/servers/monitoring/prometheus/wireguard-exporter.nix
+++ b/pkgs/servers/monitoring/prometheus/wireguard-exporter.nix
@@ -13,6 +13,11 @@ rustPlatform.buildRustPackage rec {
 
   cargoSha256 = "sha256-NsxGpjuZPpz4gCJRp5IOcfRFh8DTud47nV2bE0/kc2Q=";
 
+  postPatch = ''
+    # drop hardcoded linker names, fixing static build
+    rm .cargo/config.toml
+  '';
+
   buildInputs = lib.optionals stdenv.isDarwin [ libiconv Security ];
 
   passthru.tests = { inherit (nixosTests.prometheus-exporters) wireguard; };
diff --git a/pkgs/servers/polaris/default.nix b/pkgs/servers/polaris/default.nix
index 647b278e39b..fc3141d4644 100644
--- a/pkgs/servers/polaris/default.nix
+++ b/pkgs/servers/polaris/default.nix
@@ -5,6 +5,7 @@
 , nix-update-script
 , polaris-web
 , darwin
+, nixosTests
 }:
 
 rustPlatform.buildRustPackage rec {
@@ -58,6 +59,7 @@ rustPlatform.buildRustPackage rec {
 
   __darwinAllowLocalNetworking = true;
 
+  passthru.tests = nixosTests.polaris;
   passthru.updateScript = nix-update-script {
     attrPath = pname;
   };
diff --git a/pkgs/servers/polaris/web.nix b/pkgs/servers/polaris/web.nix
index d0c310c2ad8..19d35103281 100644
--- a/pkgs/servers/polaris/web.nix
+++ b/pkgs/servers/polaris/web.nix
@@ -5,16 +5,16 @@
 
 buildNpmPackage rec {
   pname = "polaris-web";
-  version = "67";
+  version = "68";
 
   src = fetchFromGitHub {
     owner = "agersant";
     repo = "polaris-web";
     rev = "build-${version}";
-    hash = "sha256-mhrgHNbqxLhhLWP4eu1A3ytrx9Q3X0EESL2LuTfgsBE=";
+    hash = "sha256-YvVNTqv/DQzRyMuDgDdtCyoQbt4EqVztGa0NO92pO/Q=";
   };
 
-  npmDepsHash = "sha256-lScXbxkJiRq5LLFkoz5oZsmKz8I/t1rZJVonfct9r+0=";
+  npmDepsHash = "sha256-c11CWJB76gX+Bxmqac3VxWjJxQVzYCaaf+pmQQpnOds=";
 
   env.CYPRESS_INSTALL_BINARY = "0";
 
diff --git a/pkgs/servers/spicedb/zed.nix b/pkgs/servers/spicedb/zed.nix
index 96b1afec993..cc385362470 100644
--- a/pkgs/servers/spicedb/zed.nix
+++ b/pkgs/servers/spicedb/zed.nix
@@ -5,16 +5,16 @@
 
 buildGoModule rec {
   pname = "zed";
-  version = "0.12.1";
+  version = "0.14.0";
 
   src = fetchFromGitHub {
     owner = "authzed";
     repo = "zed";
     rev = "v${version}";
-    hash = "sha256-3aG47DeYVwDj0tX26oOWVE8yq8sVtxA4uw+LOIjKNuI=";
+    hash = "sha256-+u8qrF/P8a19Bc085upT65xVPGIVR3My/k/enhdUJmQ=";
   };
 
-  vendorHash = "sha256-kUMCbRIhSb5Bqo1P9J08xVUJmUdxaq5iU34sR+nuol4=";
+  vendorHash = "sha256-f0UNUOi0WXm06dko+7O00C0dla/JlfGlXaZ00TMX0WU=";
 
   meta = with lib; {
     description = "Command line for managing SpiceDB";
diff --git a/pkgs/servers/x11/xorg/overrides.nix b/pkgs/servers/x11/xorg/overrides.nix
index 2c168a659a8..a66cf9ce133 100644
--- a/pkgs/servers/x11/xorg/overrides.nix
+++ b/pkgs/servers/x11/xorg/overrides.nix
@@ -1,5 +1,4 @@
-{ abiCompat ? null,
-  callPackage,
+{ callPackage,
   lib, stdenv, makeWrapper, fetchurl, fetchpatch, fetchFromGitLab, buildPackages,
   automake, autoconf, libiconv, libtool, intltool, gettext, python3, perl,
   freetype, tradcpp, fontconfig, meson, ninja, ed, fontforge,
@@ -738,24 +737,18 @@ self: super:
   });
 
   xorgserver = with xorg; super.xorgserver.overrideAttrs (attrs_passed:
-    # exchange attrs if abiCompat is set
     let
-      version = lib.getVersion attrs_passed;
-      attrs =
-        if (abiCompat == null || lib.hasPrefix abiCompat version) then
-          attrs_passed // {
-            buildInputs = attrs_passed.buildInputs ++
-              lib.optional (libdrm != null) libdrm.dev;
-            postPatch = ''
-              for i in dri3/*.c
-              do
-                sed -i -e "s|#include <drm_fourcc.h>|#include <libdrm/drm_fourcc.h>|" $i
-              done
-            '';
-            meta = attrs_passed.meta // { mainProgram = "X"; };
-          }
-        else throw "unsupported xorg abiCompat ${abiCompat} for ${attrs_passed.name}";
-
+      attrs = attrs_passed // {
+        buildInputs = attrs_passed.buildInputs ++
+          lib.optional (libdrm != null) libdrm.dev;
+        postPatch = ''
+          for i in dri3/*.c
+          do
+            sed -i -e "s|#include <drm_fourcc.h>|#include <libdrm/drm_fourcc.h>|" $i
+          done
+        '';
+        meta = attrs_passed.meta // { mainProgram = "X"; };
+      };
     in attrs //
     (let
       version = lib.getVersion attrs;
diff --git a/pkgs/tools/backup/awsbck/default.nix b/pkgs/tools/backup/awsbck/default.nix
index f0ef8367e0e..d8d54dad392 100644
--- a/pkgs/tools/backup/awsbck/default.nix
+++ b/pkgs/tools/backup/awsbck/default.nix
@@ -8,21 +8,21 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "awsbck";
-  version = "0.3.4";
+  version = "0.3.5";
 
   src = fetchFromGitHub {
     owner = "beeb";
     repo = "awsbck";
     rev = "v${version}";
-    hash = "sha256-MDlFCbBAvGovhCO5uxXRQhIN4Fw9wav0afIBNzz3Mow=";
+    hash = "sha256-BitR4f1VzYs5L7hT5OCbBbe4JvPIOPDQ9byKEkfBDBY=";
   };
 
+  cargoHash = "sha256-J5BI6Gv20iAe2XCt1riLATCnlOg+pcj7q2Gzo2ZN0ms=";
+
   nativeBuildInputs = [ installShellFiles ];
 
   buildInputs = lib.optionals stdenv.isDarwin [ Security ];
 
-  cargoSha256 = "sha256-p7t/QtihdP6dyJ7tKpNkqcyYJvFJG8+fPqSGH7DNAtg=";
-
   doCheck = false;
 
   meta = with lib; {
diff --git a/pkgs/tools/misc/goreleaser/default.nix b/pkgs/tools/misc/goreleaser/default.nix
index 1d6feba4cde..58056f2f77a 100644
--- a/pkgs/tools/misc/goreleaser/default.nix
+++ b/pkgs/tools/misc/goreleaser/default.nix
@@ -7,13 +7,13 @@
 }:
 buildGoModule rec {
   pname = "goreleaser";
-  version = "1.21.1";
+  version = "1.21.2";
 
   src = fetchFromGitHub {
     owner = "goreleaser";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-OBdo33A+pLEuHsCzFDLL0bzWqLPFzny/pcSJNIyW8jo=";
+    hash = "sha256-dH5Fh3F+UJRS/zZkxhZ7TzLWo0ncUNKbLZdjbnBPloE=";
   };
 
   vendorHash = "sha256-Ua1Eey0trzha1WyPtwZYvfzOSywb7ThfWcI/VlMgD88=";
diff --git a/pkgs/tools/misc/mlocate/default.nix b/pkgs/tools/misc/mlocate/default.nix
index 12d9f5622cc..b57f109eda0 100644
--- a/pkgs/tools/misc/mlocate/default.nix
+++ b/pkgs/tools/misc/mlocate/default.nix
@@ -1,8 +1,6 @@
-{ lib, stdenv, fetchurl, config }:
+{ lib, stdenv, fetchurl, config, dbfile ? config.locate.dbfile or "/var/cache/locatedb" }:
 
-let
-  dbfile = lib.attrByPath [ "locate" "dbfile" ] "/var/cache/locatedb" config;
-in stdenv.mkDerivation rec {
+stdenv.mkDerivation rec {
   pname = "mlocate";
   version = "0.26";
 
diff --git a/pkgs/tools/misc/plocate/default.nix b/pkgs/tools/misc/plocate/default.nix
index 356d58ccbc3..a49ff5d1838 100644
--- a/pkgs/tools/misc/plocate/default.nix
+++ b/pkgs/tools/misc/plocate/default.nix
@@ -8,10 +8,8 @@
 , systemd
 , liburing
 , zstd
+, dbfile ? config.locate.dbfile or "/var/cache/locatedb"
 }:
-let
-  dbfile = lib.attrByPath [ "locate" "dbfile" ] "/var/cache/locatedb" config;
-in
 stdenv.mkDerivation rec {
   pname = "plocate";
   version = "1.1.19";
diff --git a/pkgs/tools/networking/godns/default.nix b/pkgs/tools/networking/godns/default.nix
index edbeaa64cfa..a75fae9f724 100644
--- a/pkgs/tools/networking/godns/default.nix
+++ b/pkgs/tools/networking/godns/default.nix
@@ -6,13 +6,13 @@
 
 buildGoModule rec {
   pname = "godns";
-  version = "2.9.9";
+  version = "3.0.1";
 
   src = fetchFromGitHub {
     owner = "TimothyYe";
     repo = "godns";
     rev = "refs/tags/v${version}";
-    hash = "sha256-R5f2h8bodP/9MP5gqGWBEbC/rLPEV4gEDoc5sMgmoLs=";
+    hash = "sha256-MmjPcJxz8wAgBwPg8UaYVniypDeY05yDxehkTL8zjro=";
   };
 
   vendorHash = "sha256-iAU62/0MjzxwuMvIobhIZEqDJUpRqwEabnazH7jBRTE=";
diff --git a/pkgs/tools/networking/netbird/default.nix b/pkgs/tools/networking/netbird/default.nix
index 6e90bd64a43..3b080725e95 100644
--- a/pkgs/tools/networking/netbird/default.nix
+++ b/pkgs/tools/networking/netbird/default.nix
@@ -30,13 +30,13 @@ let
 in
 buildGoModule rec {
   pname = "netbird";
-  version = "0.23.1";
+  version = "0.23.6";
 
   src = fetchFromGitHub {
     owner = "netbirdio";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-YCCkVNFRFoHkBGZ67VHOrw/hxMrwi3lkdbHwMCLE6Hg=";
+    sha256 = "sha256-foyHV3+8fh7q3jCQqHAznlVLmBTwIiLyxVJraoJ5+P4=";
   };
 
   vendorHash = "sha256-CwozOBAPFSsa1XzDOHBgmFSwGiNekWT8t7KGR2KOOX4=";
diff --git a/pkgs/tools/security/step-ca/default.nix b/pkgs/tools/security/step-ca/default.nix
index 008a87841a1..7e149ad143b 100644
--- a/pkgs/tools/security/step-ca/default.nix
+++ b/pkgs/tools/security/step-ca/default.nix
@@ -12,16 +12,16 @@
 
 buildGoModule rec {
   pname = "step-ca";
-  version = "0.24.2";
+  version = "0.25.0";
 
   src = fetchFromGitHub {
     owner = "smallstep";
     repo = "certificates";
     rev = "refs/tags/v${version}";
-    hash = "sha256-499gPucDfABpajrPPLLyPLwFSlPsY+m4hUvaur39+ug=";
+    hash = "sha256-CO9Qjx4D6qNGjOdva88KRCJOQq85r5U5nwmXC1G94dY=";
   };
 
-  vendorHash = "sha256-aqDjL0bPRmEGmYU0XERvfxhk2IKWhs/GDCvh/PecIBw=";
+  vendorHash = "sha256-Weq8sS+8gsfdoVSBDm8E2DCrngfNsolqQR2/yd9etPo=";
 
   ldflags = [ "-buildid=" ];
 
diff --git a/pkgs/tools/system/nsc/default.nix b/pkgs/tools/system/nsc/default.nix
index ef5fd5b3b7c..d69791553d5 100644
--- a/pkgs/tools/system/nsc/default.nix
+++ b/pkgs/tools/system/nsc/default.nix
@@ -7,13 +7,13 @@
 
 buildGoModule rec {
   pname = "nsc";
-  version = "2.8.0";
+  version = "2.8.1";
 
   src = fetchFromGitHub {
     owner = "nats-io";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-8TBg5ByR4d/AvJOiADW068W40wN7ggRT8LbZFfHeqz4=";
+    hash = "sha256-kNfA/MQuXauQPWQhUspreqo4oOKb+qBqh9NdmQM1Q+A=";
   };
 
   ldflags = [
@@ -23,7 +23,7 @@ buildGoModule rec {
     "-X main.builtBy=nixpkgs"
   ];
 
-  vendorHash = "sha256-Yywurr+RM96qJGH/WvuLDtf6bLzw9C5hG2d0ID9w1pQ=";
+  vendorHash = "sha256-8cTegiNVtGSZdf9O+KVoOgnjjMIv8w7YBSkFhk7gHfk=";
 
   nativeBuildInputs = [ installShellFiles ];
 
diff --git a/pkgs/tools/virtualization/jumppad/default.nix b/pkgs/tools/virtualization/jumppad/default.nix
index 45a3e30603f..a993fe9484d 100644
--- a/pkgs/tools/virtualization/jumppad/default.nix
+++ b/pkgs/tools/virtualization/jumppad/default.nix
@@ -2,15 +2,15 @@
 
 buildGoModule rec {
   pname = "jumppad";
-  version = "0.5.38";
+  version = "0.5.51";
 
   src = fetchFromGitHub {
     owner = "jumppad-labs";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-s779QQ1fzVKFIMoj7X3MLLo1Z3NBSGPoKoDi3xM0fr8=";
+    hash = "sha256-Az/rNkGwwrYZfay+KjINjIT2PNsoGDNCwZnXZTeKqM4=";
   };
-  vendorHash = "sha256-37j7taSmWhs9NQbv41aljR07HCTRrLd3ddiktV/XKBs=";
+  vendorHash = "sha256-onUs7ZbnzJGbs+Q+1jvqUp9y9ecOxhtcdx/fkxZntmc=";
 
   ldflags = [
     "-s" "-w" "-X main.version=${version}"
diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix
index 534b0af4b33..7b6f8aa04ad 100644
--- a/pkgs/top-level/aliases.nix
+++ b/pkgs/top-level/aliases.nix
@@ -1472,6 +1472,7 @@ mapAliases ({
   protobuf3_7 = throw "protobuf3_7 does not receive updates anymore and has been removed"; # Added 2022-10-03
   protobuf3_11 = throw "protobuf3_11 does not receive updates anymore and has been removed"; # Added 2022-09-28
   protobuf3_17 = throw "protobuf3_17 does not receive updates anymore and has been removed"; # Added 2023-05-21
+  protobuf3_19 = throw "protobuf3_19 does not receive updates anymore and has been removed"; # Added 2023-10-01
   protonup = protonup-ng; # Added 2022-11-06
   proxmark3-rrg = proxmark3; # Added 2023-07-25
   proxmark3-unstable = throw "removed in favor of rfidresearchgroup fork"; # Added 2023-07-25
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 5b65243c1a9..aa37cc083dc 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -5206,8 +5206,6 @@ with pkgs;
 
   ekam = callPackage ../development/tools/build-managers/ekam { };
 
-  eksctl = callPackage ../tools/admin/eksctl { };
-
   electronplayer = callPackage ../applications/video/electronplayer/electronplayer.nix { };
 
   electron-mail = callPackage ../applications/networking/mailreaders/electron-mail { };
@@ -24752,9 +24750,6 @@ with pkgs;
   protobuf3_20 = callPackage ../development/libraries/protobuf/3.20.nix {
     abseil-cpp = abseil-cpp_202103;
   };
-  protobuf3_19 = callPackage ../development/libraries/protobuf/3.19.nix {
-    abseil-cpp = abseil-cpp_202103;
-  };
 
   protobufc = callPackage ../development/libraries/protobufc { };
 
@@ -27668,7 +27663,6 @@ with pkgs;
       inherit (buildPackages.darwin) bootstrap_cmds;
       udev = if stdenv.isLinux then udev else null;
       libdrm = if stdenv.isLinux then libdrm else null;
-      abiCompat = config.xorg.abiCompat or null; # `config` because we have no `xorg.override`
     };
 
     generatedPackages = lib.callPackageWith __splicedPackages ../servers/x11/xorg/default.nix { };
@@ -35616,9 +35610,7 @@ with pkgs;
 
   lightdm-mobile-greeter = callPackage ../applications/display-managers/lightdm-mobile-greeter { };
 
-  lightdm-tiny-greeter = callPackage ../applications/display-managers/lightdm-tiny-greeter {
-    conf = config.lightdm-tiny-greeter.conf or "";
-  };
+  lightdm-tiny-greeter = callPackage ../applications/display-managers/lightdm-tiny-greeter { };
 
   ly = callPackage ../applications/display-managers/ly { };
 
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index 994e30b1af2..dc4956c4ba0 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -872,6 +872,8 @@ self: super: with self; {
     inherit (pkgs.darwin.apple_sdk.frameworks) AudioToolbox AudioUnit CoreServices;
   };
 
+  auditok = callPackage ../development/python-modules/auditok { };
+
   augeas = callPackage ../development/python-modules/augeas {
     inherit (pkgs) augeas;
   };
@@ -2615,6 +2617,8 @@ self: super: with self; {
 
   dcmstack = callPackage ../development/python-modules/dcmstack { };
 
+  dctorch = callPackage ../development/python-modules/dctorch { };
+
   ddt = callPackage ../development/python-modules/ddt { };
 
   deal = callPackage ../development/python-modules/deal { };
@@ -11533,6 +11537,8 @@ self: super: with self; {
 
   ropper = callPackage ../development/python-modules/ropper { };
 
+  rotary-embedding-torch = callPackage ../development/python-modules/rotary-embedding-torch { };
+
   rouge-score = callPackage ../development/python-modules/rouge-score { };
 
   routeros-api = callPackage ../development/python-modules/routeros-api { };