Rebase onto e4ad989506ec7d71f7302cc3067abd82730a4beb HEAD rootfs

Signed-off-by: Alyssa Ross <hi@alyssa.is>
author: Alyssa Ross <hi@alyssa.is> 2023-11-21 16:12:21 +0100
committer: Alyssa Ross <hi@alyssa.is> 2023-11-21 16:12:48 +0100
commit: 048a4cd441a59cbf89defb18bb45c9f0b4429b35 (patch)
tree: f8f5850ff05521ab82d65745894714a8796cbfb6 /pkgs/development/tools/continuous-integration
parent: 030c5028b07afcedce7c5956015c629486cc79d9 (diff)
parent: 4c2d05dd6435d449a3651a6dd314d9411b5f8146 (diff)
download: nixpkgs-rootfs.tar
nixpkgs-rootfs.tar.gz
nixpkgs-rootfs.tar.bz2
nixpkgs-rootfs.tar.lz
nixpkgs-rootfs.tar.xz
nixpkgs-rootfs.tar.zst
nixpkgs-rootfs.zip
16 files changed, 95 insertions, 111 deletions
diff --git a/pkgs/development/tools/continuous-integration/buildbot/master.nix b/pkgs/development/tools/continuous-integration/buildbot/master.nix
index a025de299cc..4195a845303 100644
--- a/pkgs/development/tools/continuous-integration/buildbot/master.nix
+++ b/pkgs/development/tools/continuous-integration/buildbot/master.nix
@@ -24,13 +24,15 @@
 , moto
 , markdown
 , lz4
-, setuptoolsTrial
+, setuptools-trial
 , buildbot-worker
 , buildbot-plugins
 , buildbot-pkg
 , parameterized
 , git
 , openssh
+, setuptools
+, pythonRelaxDepsHook
 , glibcLocales
 , nixosTests
 , callPackage
@@ -66,7 +68,7 @@ let
   package = buildPythonApplication rec {
     pname = "buildbot";
     version = "3.9.2";
-    format = "setuptools";
+    format = "pyproject";
 
     disabled = pythonOlder "3.7";
 
@@ -88,6 +90,7 @@ let
       autobahn
       pyjwt
       pyyaml
+      setuptools
     ]
       # tls
       ++ twisted.optional-dependencies.tls;
@@ -100,7 +103,7 @@ let
       moto
       markdown
       lz4
-      setuptoolsTrial
+      setuptools-trial
       buildbot-worker
       buildbot-pkg
       buildbot-plugins.www
@@ -108,8 +111,11 @@ let
       git
       openssh
       glibcLocales
+      pythonRelaxDepsHook
     ];
 
+    pythonRelaxDeps = [ "Twisted" ];
+
     patches = [
       # This patch disables the test that tries to read /etc/os-release which
       # is not accessible in sandboxed builds.
diff --git a/pkgs/development/tools/continuous-integration/buildbot/worker.nix b/pkgs/development/tools/continuous-integration/buildbot/worker.nix
index 5f3c0efab41..29d0bcf7fb7 100644
--- a/pkgs/development/tools/continuous-integration/buildbot/worker.nix
+++ b/pkgs/development/tools/continuous-integration/buildbot/worker.nix
@@ -15,7 +15,7 @@
 # tests
 , parameterized
 , psutil
-, setuptoolsTrial
+, setuptools-trial
 
 # passthru
 , nixosTests
@@ -36,7 +36,7 @@ buildPythonPackage (rec {
   '';
 
   nativeBuildInputs = [
-    setuptoolsTrial
+    setuptools-trial
   ];
 
   propagatedBuildInputs = [
diff --git a/pkgs/development/tools/continuous-integration/buildkite-agent/default.nix b/pkgs/development/tools/continuous-integration/buildkite-agent/default.nix
index 4caf0cae4a5..9189c596382 100644
--- a/pkgs/development/tools/continuous-integration/buildkite-agent/default.nix
+++ b/pkgs/development/tools/continuous-integration/buildkite-agent/default.nix
@@ -13,16 +13,16 @@
 }:
 buildGoModule rec {
   pname = "buildkite-agent";
-  version = "3.55.0";
+  version = "3.59.0";
 
   src = fetchFromGitHub {
     owner = "buildkite";
     repo = "agent";
     rev = "v${version}";
-    sha256 = "sha256-HvpEEutvdVHyzDtHdlc7ZB9xwnCKYWKbH/A1gAtR+Wk=";
+    sha256 = "sha256-pYaxjXoNn6MOE2oHUSKrBzP5oKhtfJwSHFCkcpkyzas=";
   };
 
-  vendorHash = "sha256-bIOS9Ja+mue6LNXUGmkLobh+lLiJfBDtNrAX3fp0jMY=";
+  vendorHash = "sha256-JSuam9Tn+ZekfLrj78tBncH7Q2aP4CaUgaaDkJ/azEw=";
 
   postPatch = ''
     substituteInPlace clicommand/agent_start.go --replace /bin/bash ${bash}/bin/bash
diff --git a/pkgs/development/tools/continuous-integration/cirrus-cli/default.nix b/pkgs/development/tools/continuous-integration/cirrus-cli/default.nix
index 9defb319111..5dfec9c11a8 100644
--- a/pkgs/development/tools/continuous-integration/cirrus-cli/default.nix
+++ b/pkgs/development/tools/continuous-integration/cirrus-cli/default.nix
@@ -6,16 +6,16 @@
 
 buildGoModule rec {
   pname = "cirrus-cli";
-  version = "0.104.0";
+  version = "0.107.1";
 
   src = fetchFromGitHub {
     owner = "cirruslabs";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-3X/VZirKSYD+y//e8Ft8f0D27vJWekdyUTmVvOgc5bQ=";
+    sha256 = "sha256-PaIjeqL32CADE+m6kq7VIDXMBvEEMVW8eSlXiIwNEJ4=";
   };
 
-  vendorHash = "sha256-0otC2+f0PMBZ+0Xiyq4kBd2YCJjAvDhThB3W9gIjHOY=";
+  vendorHash = "sha256-OHeoa3SXmDiUROxFiprlq/gfnqMjha6PQ8tlkr7Pd00=";
 
   ldflags = [
     "-X github.com/cirruslabs/cirrus-cli/internal/version.Version=v${version}"
diff --git a/pkgs/development/tools/continuous-integration/dagger/default.nix b/pkgs/development/tools/continuous-integration/dagger/default.nix
deleted file mode 100644
index 9b695e53819..00000000000
--- a/pkgs/development/tools/continuous-integration/dagger/default.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-{ lib, stdenv, buildGoModule, fetchFromGitHub, installShellFiles, testers, dagger }:
-
-buildGoModule rec {
-  pname = "dagger";
-  version = "0.8.7";
-
-  src = fetchFromGitHub {
-    owner = "dagger";
-    repo = "dagger";
-    rev = "v${version}";
-    hash = "sha256-vlHLqqUMZAuBgI5D1L2g6u3PDZsUp5oUez4x9ydOUtM=";
-  };
-
-  vendorHash = "sha256-B8Qvyvh9MRGFDBvc/Hu+IitBBdHvEU3QjLJuIy1S04A=";
-  proxyVendor = true;
-
-  subPackages = [
-    "cmd/dagger"
-  ];
-
-  ldflags = [ "-s" "-w" "-X github.com/dagger/dagger/engine.Version=${version}" ];
-
-  nativeBuildInputs = [ installShellFiles ];
-
-  postInstall = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) ''
-    installShellCompletion --cmd dagger \
-      --bash <($out/bin/dagger completion bash) \
-      --fish <($out/bin/dagger completion fish) \
-      --zsh <($out/bin/dagger completion zsh)
-  '';
-
-  passthru.tests.version = testers.testVersion {
-    package = dagger;
-    command = "dagger version";
-    version = "v${version}";
-  };
-
-  meta = with lib; {
-    description = "A portable devkit for CICD pipelines";
-    homepage = "https://dagger.io";
-    license = licenses.asl20;
-    maintainers = with maintainers; [ jfroche sagikazarmark ];
-  };
-}
diff --git a/pkgs/development/tools/continuous-integration/fly/default.nix b/pkgs/development/tools/continuous-integration/fly/default.nix
index cc6d2a70f21..55df9269f92 100644
--- a/pkgs/development/tools/continuous-integration/fly/default.nix
+++ b/pkgs/development/tools/continuous-integration/fly/default.nix
@@ -2,16 +2,16 @@
 
 buildGoModule rec {
   pname = "fly";
-  version = "7.10.0";
+  version = "7.11.0";
 
   src = fetchFromGitHub {
     owner = "concourse";
     repo = "concourse";
     rev = "v${version}";
-    hash = "sha256-KmKIr7Y3CQmv1rXdju6xwUHABqj/dkXpgWc/yNrAza8=";
+    hash = "sha256-lp6EXdwmgmjhFxRQXn2P4iRrtJS1QTvg4225V/6E7MI=";
   };
 
-  vendorHash = "sha256-lc0okniezfTNLsnCBIABQxSgakRUidsprrEnkH8il2g=";
+  vendorHash = "sha256-p3EhXrRjAFG7Ayfj/ArAWO7KL3S/iR/nwFwXcDc+DSs=";
 
   subPackages = [ "fly" ];
 
diff --git a/pkgs/development/tools/continuous-integration/forgejo-actions-runner/default.nix b/pkgs/development/tools/continuous-integration/forgejo-actions-runner/default.nix
index 8b9a108d3db..f32c5b138ab 100644
--- a/pkgs/development/tools/continuous-integration/forgejo-actions-runner/default.nix
+++ b/pkgs/development/tools/continuous-integration/forgejo-actions-runner/default.nix
@@ -7,17 +7,17 @@
 
 buildGoModule rec {
   pname = "forgejo-actions-runner";
-  version = "2.4.0";
+  version = "3.0.1";
 
   src = fetchFromGitea {
     domain = "codeberg.org";
     owner = "forgejo";
     repo = "runner";
     rev = "v${version}";
-    hash = "sha256-EEwXo2MvdBlSMho4rrYD4wXLccS/30NbCuxO0CUktgE=";
+    hash = "sha256-idA74R6kbI7Bk0XvT7BOyctT0IKymsJoFCWgYrtZstU=";
   };
 
-  vendorHash = "sha256-FspNmiphGHSeZFmdlWIDsEUrCc8THfb0Wm67cMCTtHI=";
+  vendorHash = "sha256-HE//SD/doMf42y2KF10JAuUe86hpFhCUM61da2NC5CE=";
 
   ldflags = [
     "-s"
diff --git a/pkgs/development/tools/continuous-integration/github-runner/default.nix b/pkgs/development/tools/continuous-integration/github-runner/default.nix
index 96741dc8b25..c0c15a12173 100644
--- a/pkgs/development/tools/continuous-integration/github-runner/default.nix
+++ b/pkgs/development/tools/continuous-integration/github-runner/default.nix
@@ -15,22 +15,21 @@
 , runtimeShell
   # List of Node.js runtimes the package should support
 , nodeRuntimes ? [ "node20" ]
-, nodejs_16
 , nodejs_20
 }:
 
 # Node.js runtimes supported by upstream
-assert builtins.all (x: builtins.elem x [ "node16" "node20" ]) nodeRuntimes;
+assert builtins.all (x: builtins.elem x [ "node20" ]) nodeRuntimes;
 
 buildDotnetModule rec {
   pname = "github-runner";
-  version = "2.309.0";
+  version = "2.311.0";
 
   src = fetchFromGitHub {
     owner = "actions";
     repo = "runner";
     rev = "v${version}";
-    hash = "sha256-P70kNcd5TjWsHj16y11SEYROGG+JUkpwE9eVpHzvTes=";
+    hash = "sha256-71SwPuX1XZygT/TdAHECudxFxsQuXrl/tcAYVAxfxfI=";
     leaveDotGit = true;
     postFetch = ''
       git -C $out rev-parse --short HEAD > $out/.git-revision
@@ -81,6 +80,14 @@ buildDotnetModule rec {
       url = "https://github.com/actions/runner/commit/5ff0ce1.patch";
       hash = "sha256-2Vg3cKZK3cE/OcPDZkdN2Ro2WgvduYTTwvNGxwCfXas=";
     })
+  ] ++ lib.optionals (nodeRuntimes == [ "node20" ]) [
+    # If the package is built without Node 16, make Node 20 the default internal version
+    # https://github.com/actions/runner/pull/2844
+    (fetchpatch {
+      name = "internal-node-20.patch";
+      url = "https://github.com/actions/runner/commit/acdc6ed.patch";
+      hash = "sha256-3/6yhhJPr9OMWBFc5/NU/DRtn76aTYvjsjQo2u9ZqnU=";
+    })
   ];
 
   postPatch = ''
@@ -202,8 +209,6 @@ buildDotnetModule rec {
 
   preCheck = ''
     mkdir -p _layout/externals
-  '' + lib.optionalString (lib.elem "node16" nodeRuntimes) ''
-    ln -s ${nodejs_16} _layout/externals/node16
   '' + lib.optionalString (lib.elem "node20" nodeRuntimes) ''
     ln -s ${nodejs_20} _layout/externals/node20
   '';
@@ -242,8 +247,6 @@ buildDotnetModule rec {
     # externals/node$version. As opposed to the official releases, we don't
     # link the Alpine Node flavors.
     mkdir -p $out/lib/externals
-  '' + lib.optionalString (lib.elem "node16" nodeRuntimes) ''
-    ln -s ${nodejs_16} $out/lib/externals/node16
   '' + lib.optionalString (lib.elem "node20" nodeRuntimes) ''
     ln -s ${nodejs_20} $out/lib/externals/node20
   '' + ''
diff --git a/pkgs/development/tools/continuous-integration/github-runner/deps.nix b/pkgs/development/tools/continuous-integration/github-runner/deps.nix
index bf6c56d8f85..eef1830e147 100644
--- a/pkgs/development/tools/continuous-integration/github-runner/deps.nix
+++ b/pkgs/development/tools/continuous-integration/github-runner/deps.nix
@@ -12,6 +12,7 @@
   (fetchNuGet { pname = "Microsoft.NETCore.Platforms"; version = "1.0.1"; sha256 = "01al6cfxp68dscl15z7rxfw9zvhm64dncsw09a1vmdkacsa2v6lr"; })
   (fetchNuGet { pname = "Microsoft.NETCore.Platforms"; version = "1.0.1-rc2-24027"; sha256 = "1a0w5fv8slfr4q7m3mh78lb9awdwyz4zv3bb73vybkyq1f6z7lx8"; })
   (fetchNuGet { pname = "Microsoft.NETCore.Platforms"; version = "1.1.0"; sha256 = "08vh1r12g6ykjygq5d3vq09zylgb84l63k49jc4v8faw9g93iqqm"; })
+  (fetchNuGet { pname = "Microsoft.NETCore.Platforms"; version = "1.1.1"; sha256 = "164wycgng4mi9zqi2pnsf1pq6gccbqvw6ib916mqizgjmd8f44pj"; })
   (fetchNuGet { pname = "Microsoft.NETCore.Platforms"; version = "2.0.0"; sha256 = "1fk2fk2639i7nzy58m9dvpdnzql4vb8yl8vr19r2fp8lmj9w2jr0"; })
   (fetchNuGet { pname = "Microsoft.NETCore.Runtime"; version = "1.0.2-rc2-24027"; sha256 = "0ippdn16381l8i2iy63i45nk0p303fjbd4amh7biwvqxgagfbvhh"; })
   (fetchNuGet { pname = "Microsoft.NETCore.Runtime.CoreCLR"; version = "1.0.2-rc2-24027"; sha256 = "05y0jz6vfl9zs0lmmwsz6arf7r0mg2dm93ymizrzmqn706krz45x"; })
@@ -19,6 +20,7 @@
   (fetchNuGet { pname = "Microsoft.NETCore.Targets"; version = "1.0.1"; sha256 = "0ppdkwy6s9p7x9jix3v4402wb171cdiibq7js7i13nxpdky7074p"; })
   (fetchNuGet { pname = "Microsoft.NETCore.Targets"; version = "1.0.1-rc2-24027"; sha256 = "1j1458jska7540ng7fdf5i06k2vy71mxl5dld4x5s8gfndxpdzdj"; })
   (fetchNuGet { pname = "Microsoft.NETCore.Targets"; version = "1.1.0"; sha256 = "193xwf33fbm0ni3idxzbr5fdq3i2dlfgihsac9jj7whj0gd902nh"; })
+  (fetchNuGet { pname = "Microsoft.NETCore.Targets"; version = "1.1.3"; sha256 = "05smkcyxir59rgrmp7d6327vvrlacdgldfxhmyr1azclvga1zfsq"; })
   (fetchNuGet { pname = "Microsoft.NETCore.Windows.ApiSets"; version = "1.0.1-rc2-24027"; sha256 = "034m9p417iq3yzipg393wp4bddsh80di9iad78vvvh7w5difdv0x"; })
   (fetchNuGet { pname = "Microsoft.TestPlatform.ObjectModel"; version = "17.2.0"; sha256 = "0l05smcgjzdfa5f60f9q5lylap3i21aswxbava92s19bgv46w2rv"; })
   (fetchNuGet { pname = "Microsoft.TestPlatform.TestHost"; version = "17.2.0"; sha256 = "1238hx3hdg22s123cxygdfm89h54abw1jv6az6hl8h76ip39ybdp"; })
@@ -51,27 +53,35 @@
   (fetchNuGet { pname = "runtime.any.System.Threading.Tasks"; version = "4.3.0"; sha256 = "03mnvkhskbzxddz4hm113zsch1jyzh2cs450dk3rgfjp8crlw1va"; })
   (fetchNuGet { pname = "runtime.any.System.Threading.Timer"; version = "4.3.0"; sha256 = "0aw4phrhwqz9m61r79vyfl5la64bjxj8l34qnrcwb28v49fg2086"; })
   (fetchNuGet { pname = "runtime.debian.8-x64.runtime.native.System.Security.Cryptography.OpenSsl"; version = "4.3.0"; sha256 = "16rnxzpk5dpbbl1x354yrlsbvwylrq456xzpsha1n9y3glnhyx9d"; })
+  (fetchNuGet { pname = "runtime.debian.8-x64.runtime.native.System.Security.Cryptography.OpenSsl"; version = "4.3.2"; sha256 = "0rwpqngkqiapqc5c2cpkj7idhngrgss5qpnqg0yh40mbyflcxf8i"; })
   (fetchNuGet { pname = "runtime.fedora.23-x64.runtime.native.System.Security.Cryptography.OpenSsl"; version = "4.3.0"; sha256 = "0hkg03sgm2wyq8nqk6dbm9jh5vcq57ry42lkqdmfklrw89lsmr59"; })
+  (fetchNuGet { pname = "runtime.fedora.23-x64.runtime.native.System.Security.Cryptography.OpenSsl"; version = "4.3.2"; sha256 = "1n06gxwlinhs0w7s8a94r1q3lwqzvynxwd3mp10ws9bg6gck8n4r"; })
   (fetchNuGet { pname = "runtime.fedora.24-x64.runtime.native.System.Security.Cryptography.OpenSsl"; version = "4.3.0"; sha256 = "0c2p354hjx58xhhz7wv6div8xpi90sc6ibdm40qin21bvi7ymcaa"; })
-  (fetchNuGet { pname = "runtime.native.System"; version = "4.0.0-rc2-24027"; sha256 = "0n3ndk1g5qdd892sjcz3y2qmg8ki8b001qfgl2fkwv5f52m65pz9"; })
+  (fetchNuGet { pname = "runtime.fedora.24-x64.runtime.native.System.Security.Cryptography.OpenSsl"; version = "4.3.2"; sha256 = "0404wqrc7f2yc0wxv71y3nnybvqx8v4j9d47hlscxy759a525mc3"; })
   (fetchNuGet { pname = "runtime.native.System"; version = "4.3.0"; sha256 = "15hgf6zaq9b8br2wi1i3x0zvmk410nlmsmva9p0bbg73v6hml5k4"; })
   (fetchNuGet { pname = "runtime.native.System.IO.Compression"; version = "4.1.0-rc2-24027"; sha256 = "1qnd05bsrz88cr4wnkq7haf2bwml2zzjcscjk94v8ka4isi1i89b"; })
   (fetchNuGet { pname = "runtime.native.System.IO.Compression"; version = "4.3.0"; sha256 = "1vvivbqsk6y4hzcid27pqpm5bsi6sc50hvqwbcx8aap5ifrxfs8d"; })
-  (fetchNuGet { pname = "runtime.native.System.Net.Http"; version = "4.0.1-rc2-24027"; sha256 = "0dpgj544rfdqlgjc1nwslwbq49mp286wyy6rfnklxlbfgc2mr216"; })
   (fetchNuGet { pname = "runtime.native.System.Net.Http"; version = "4.3.0"; sha256 = "1n6rgz5132lcibbch1qlf0g9jk60r0kqv087hxc0lisy50zpm7kk"; })
-  (fetchNuGet { pname = "runtime.native.System.Security.Cryptography"; version = "4.0.0-rc2-24027"; sha256 = "0pkd72vrqn1jxc20g8h2pgqz02xn2rfbl0m4i7b82xa8bc483jmz"; })
   (fetchNuGet { pname = "runtime.native.System.Security.Cryptography.Apple"; version = "4.3.0"; sha256 = "1b61p6gw1m02cc1ry996fl49liiwky6181dzr873g9ds92zl326q"; })
   (fetchNuGet { pname = "runtime.native.System.Security.Cryptography.OpenSsl"; version = "4.3.0"; sha256 = "18pzfdlwsg2nb1jjjjzyb5qlgy6xjxzmhnfaijq5s2jw3cm3ab97"; })
+  (fetchNuGet { pname = "runtime.native.System.Security.Cryptography.OpenSsl"; version = "4.3.2"; sha256 = "0zy5r25jppz48i2bkg8b9lfig24xixg6nm3xyr1379zdnqnpm8f6"; })
   (fetchNuGet { pname = "runtime.opensuse.13.2-x64.runtime.native.System.Security.Cryptography.OpenSsl"; version = "4.3.0"; sha256 = "0qyynf9nz5i7pc26cwhgi8j62ps27sqmf78ijcfgzab50z9g8ay3"; })
+  (fetchNuGet { pname = "runtime.opensuse.13.2-x64.runtime.native.System.Security.Cryptography.OpenSsl"; version = "4.3.2"; sha256 = "096ch4n4s8k82xga80lfmpimpzahd2ip1mgwdqgar0ywbbl6x438"; })
   (fetchNuGet { pname = "runtime.opensuse.42.1-x64.runtime.native.System.Security.Cryptography.OpenSsl"; version = "4.3.0"; sha256 = "1klrs545awhayryma6l7g2pvnp9xy4z0r1i40r80zb45q3i9nbyf"; })
+  (fetchNuGet { pname = "runtime.opensuse.42.1-x64.runtime.native.System.Security.Cryptography.OpenSsl"; version = "4.3.2"; sha256 = "1dm8fifl7rf1gy7lnwln78ch4rw54g0pl5g1c189vawavll7p6rj"; })
   (fetchNuGet { pname = "runtime.osx.10.10-x64.runtime.native.System.Security.Cryptography.Apple"; version = "4.3.0"; sha256 = "10yc8jdrwgcl44b4g93f1ds76b176bajd3zqi2faf5rvh1vy9smi"; })
   (fetchNuGet { pname = "runtime.osx.10.10-x64.runtime.native.System.Security.Cryptography.OpenSsl"; version = "4.3.0"; sha256 = "0zcxjv5pckplvkg0r6mw3asggm7aqzbdjimhvsasb0cgm59x09l3"; })
+  (fetchNuGet { pname = "runtime.osx.10.10-x64.runtime.native.System.Security.Cryptography.OpenSsl"; version = "4.3.2"; sha256 = "1m9z1k9kzva9n9kwinqxl97x2vgl79qhqjlv17k9s2ymcyv2bwr6"; })
   (fetchNuGet { pname = "runtime.rhel.7-x64.runtime.native.System.Security.Cryptography.OpenSsl"; version = "4.3.0"; sha256 = "0vhynn79ih7hw7cwjazn87rm9z9fj0rvxgzlab36jybgcpcgphsn"; })
+  (fetchNuGet { pname = "runtime.rhel.7-x64.runtime.native.System.Security.Cryptography.OpenSsl"; version = "4.3.2"; sha256 = "1cpx56mcfxz7cpn57wvj18sjisvzq8b5vd9rw16ihd2i6mcp3wa1"; })
   (fetchNuGet { pname = "runtime.ubuntu.14.04-x64.runtime.native.System.Security.Cryptography.OpenSsl"; version = "4.3.0"; sha256 = "160p68l2c7cqmyqjwxydcvgw7lvl1cr0znkw8fp24d1by9mqc8p3"; })
+  (fetchNuGet { pname = "runtime.ubuntu.14.04-x64.runtime.native.System.Security.Cryptography.OpenSsl"; version = "4.3.2"; sha256 = "15gsm1a8jdmgmf8j5v1slfz8ks124nfdhk2vxs2rw3asrxalg8hi"; })
   (fetchNuGet { pname = "runtime.ubuntu.16.04-x64.runtime.native.System.Security.Cryptography.OpenSsl"; version = "4.3.0"; sha256 = "15zrc8fgd8zx28hdghcj5f5i34wf3l6bq5177075m2bc2j34jrqy"; })
+  (fetchNuGet { pname = "runtime.ubuntu.16.04-x64.runtime.native.System.Security.Cryptography.OpenSsl"; version = "4.3.2"; sha256 = "0q0n5q1r1wnqmr5i5idsrd9ywl33k0js4pngkwq9p368mbxp8x1w"; })
   (fetchNuGet { pname = "runtime.ubuntu.16.10-x64.runtime.native.System.Security.Cryptography.OpenSsl"; version = "4.3.0"; sha256 = "1p4dgxax6p7rlgj4q73k73rslcnz4wdcv8q2flg1s8ygwcm58ld5"; })
+  (fetchNuGet { pname = "runtime.ubuntu.16.10-x64.runtime.native.System.Security.Cryptography.OpenSsl"; version = "4.3.2"; sha256 = "1x0g58pbpjrmj2x2qw17rdwwnrcl0wvim2hdwz48lixvwvp22n9c"; })
   (fetchNuGet { pname = "runtime.unix.Microsoft.Win32.Primitives"; version = "4.3.0"; sha256 = "0y61k9zbxhdi0glg154v30kkq7f8646nif8lnnxbvkjpakggd5id"; })
-  (fetchNuGet { pname = "runtime.unix.System.Console"; version = "4.3.0"; sha256 = "1pfpkvc6x2if8zbdzg9rnc5fx51yllprl8zkm5npni2k50lisy80"; })
+  (fetchNuGet { pname = "runtime.unix.System.Console"; version = "4.3.1"; sha256 = "15kfi3761mk2i29zg135ipsvavm50nwm4334cy5m5q7iagzsf73p"; })
   (fetchNuGet { pname = "runtime.unix.System.Diagnostics.Debug"; version = "4.3.0"; sha256 = "1lps7fbnw34bnh3lm31gs5c0g0dh7548wfmb8zz62v0zqz71msj5"; })
   (fetchNuGet { pname = "runtime.unix.System.IO.FileSystem"; version = "4.3.0"; sha256 = "14nbkhvs7sji5r1saj2x8daz82rnf9kx28d3v2qss34qbr32dzix"; })
   (fetchNuGet { pname = "runtime.unix.System.Net.Primitives"; version = "4.3.0"; sha256 = "0bdnglg59pzx9394sy4ic66kmxhqp8q8bvmykdxcbs5mm0ipwwm4"; })
@@ -81,6 +91,7 @@
   (fetchNuGet { pname = "System.AppContext"; version = "4.1.0-rc2-24027"; sha256 = "0c0x3sg12a5zwiamvxs9c4bhdwmmm9by6x5da58fbrzz7afbaaag"; })
   (fetchNuGet { pname = "System.AppContext"; version = "4.3.0"; sha256 = "1649qvy3dar900z3g817h17nl8jp4ka5vcfmsr05kh0fshn7j3ya"; })
   (fetchNuGet { pname = "System.Buffers"; version = "4.0.0-rc2-24027"; sha256 = "1mqnay87pkxih73984jf5fm14d0m6yjq4cv4cqbj37nmgm54ssjp"; })
+  (fetchNuGet { pname = "System.Buffers"; version = "4.3.0"; sha256 = "0fgns20ispwrfqll4q1zc1waqcmylb3zc50ys9x8zlwxh9pmd9jy"; })
   (fetchNuGet { pname = "System.Buffers"; version = "4.5.1"; sha256 = "04kb1mdrlcixj9zh1xdi5as0k0qi8byr5mi3p3jcxx72qz93s2y3"; })
   (fetchNuGet { pname = "System.Collections"; version = "4.0.11"; sha256 = "1ga40f5lrwldiyw6vy67d0sg7jd7ww6kgwbksm19wrvq9hr0bsm6"; })
   (fetchNuGet { pname = "System.Collections"; version = "4.0.11-rc2-24027"; sha256 = "0ijpgf7iy3mcvr9327craxsb0lsznprajqzjy59sspc75gk0yahq"; })
@@ -97,7 +108,6 @@
   (fetchNuGet { pname = "System.Diagnostics.Debug"; version = "4.0.11"; sha256 = "0gmjghrqmlgzxivd2xl50ncbglb7ljzb66rlx8ws6dv8jm0d5siz"; })
   (fetchNuGet { pname = "System.Diagnostics.Debug"; version = "4.0.11-rc2-24027"; sha256 = "11rz0kdzk4bw9yc85jmskxla7i1bs61kladqzvymrg8xn3lk488a"; })
   (fetchNuGet { pname = "System.Diagnostics.Debug"; version = "4.3.0"; sha256 = "00yjlf19wjydyr6cfviaph3vsjzg3d5nvnya26i2fvfg53sknh3y"; })
-  (fetchNuGet { pname = "System.Diagnostics.DiagnosticSource"; version = "4.0.0-rc2-24027"; sha256 = "1cizj1xvaz7dm701r4bl6s08858j1r2794y7xx8abyw8j91c957w"; })
   (fetchNuGet { pname = "System.Diagnostics.DiagnosticSource"; version = "4.3.0"; sha256 = "0z6m3pbiy0qw6rn3n209rrzf9x1k4002zh90vwcrsym09ipm2liq"; })
   (fetchNuGet { pname = "System.Diagnostics.Tools"; version = "4.0.1"; sha256 = "19cknvg07yhakcvpxg3cxa0bwadplin6kyxd8mpjjpwnp56nl85x"; })
   (fetchNuGet { pname = "System.Diagnostics.Tools"; version = "4.0.1-rc2-24027"; sha256 = "080gd86c1pkfkzz67ispkzxc426lfh82zajayiizbgwd6yqa7fv5"; })
@@ -128,14 +138,13 @@
   (fetchNuGet { pname = "System.IO.FileSystem.Primitives"; version = "4.0.1"; sha256 = "1s0mniajj3lvbyf7vfb5shp4ink5yibsx945k6lvxa96r8la1612"; })
   (fetchNuGet { pname = "System.IO.FileSystem.Primitives"; version = "4.0.1-rc2-24027"; sha256 = "04q3sxrfxqgig9scmxblxlb6n6fypv535lby26pi20ixszs19dxc"; })
   (fetchNuGet { pname = "System.IO.FileSystem.Primitives"; version = "4.3.0"; sha256 = "0j6ndgglcf4brg2lz4wzsh1av1gh8xrzdsn9f0yznskhqn1xzj9c"; })
-  (fetchNuGet { pname = "System.IO.FileSystem.Watcher"; version = "4.0.0-rc2-24027"; sha256 = "0g2h4q0w42frdz101z2cxs4n9zpxvzb43wnzawx1f26vpilz7km4"; })
   (fetchNuGet { pname = "System.Linq"; version = "4.1.0"; sha256 = "1ppg83svb39hj4hpp5k7kcryzrf3sfnm08vxd5sm2drrijsla2k5"; })
   (fetchNuGet { pname = "System.Linq"; version = "4.1.0-rc2-24027"; sha256 = "0icbsy0vq07achclz32jvnnfdchkgylsjj67gra3fn5906s40n24"; })
   (fetchNuGet { pname = "System.Linq"; version = "4.3.0"; sha256 = "1w0gmba695rbr80l1k2h4mrwzbzsyfl2z4klmpbsvsg5pm4a56s7"; })
   (fetchNuGet { pname = "System.Linq.Expressions"; version = "4.1.0"; sha256 = "1gpdxl6ip06cnab7n3zlcg6mqp7kknf73s8wjinzi4p0apw82fpg"; })
   (fetchNuGet { pname = "System.Linq.Expressions"; version = "4.3.0"; sha256 = "0ky2nrcvh70rqq88m9a5yqabsl4fyd17bpr63iy2mbivjs2nyypv"; })
-  (fetchNuGet { pname = "System.Net.Http"; version = "4.0.1-rc2-24027"; sha256 = "1j9z5as3k7ydr4yi83lwh09hqj32g2ndpjgj25xvny5a32dl2mhz"; })
   (fetchNuGet { pname = "System.Net.Http"; version = "4.3.0"; sha256 = "1i4gc757xqrzflbk7kc5ksn20kwwfjhw9w7pgdkn19y3cgnl302j"; })
+  (fetchNuGet { pname = "System.Net.Http"; version = "4.3.4"; sha256 = "0kdp31b8819v88l719j6my0yas6myv9d1viql3qz5577mv819jhl"; })
   (fetchNuGet { pname = "System.Net.NameResolution"; version = "4.3.0"; sha256 = "15r75pwc0rm3vvwsn8rvm2krf929mjfwliv0mpicjnii24470rkq"; })
   (fetchNuGet { pname = "System.Net.Primitives"; version = "4.0.11-rc2-24027"; sha256 = "16wv24cb39639i7fcw005hh1rggyz2bgn51dpkdc67aq9lz76ivm"; })
   (fetchNuGet { pname = "System.Net.Primitives"; version = "4.3.0"; sha256 = "0c87k50rmdgmxx7df2khd9qj7q35j9rzdmm2572cc55dygmdk3ii"; })
@@ -170,6 +179,7 @@
   (fetchNuGet { pname = "System.Runtime"; version = "4.1.0"; sha256 = "02hdkgk13rvsd6r9yafbwzss8kr55wnj8d5c7xjnp8gqrwc8sn0m"; })
   (fetchNuGet { pname = "System.Runtime"; version = "4.1.0-rc2-24027"; sha256 = "1g5ghiyfb8njzfz39cswizjbxgaamil7kgkzgab93fhgk7jksmyg"; })
   (fetchNuGet { pname = "System.Runtime"; version = "4.3.0"; sha256 = "066ixvgbf2c929kgknshcxqj6539ax7b9m570cp8n179cpfkapz7"; })
+  (fetchNuGet { pname = "System.Runtime"; version = "4.3.1"; sha256 = "03ch4d2acf6q037a4njxpll2kkx3dwzlg07yxr4z5m6j1kqgmm27"; })
   (fetchNuGet { pname = "System.Runtime.Extensions"; version = "4.1.0"; sha256 = "0rw4rm4vsm3h3szxp9iijc3ksyviwsv6f63dng3vhqyg4vjdkc2z"; })
   (fetchNuGet { pname = "System.Runtime.Extensions"; version = "4.1.0-rc2-24027"; sha256 = "09k4c6is31dpccwgb749055m2ad0b84rnapk69fmj3wjswacg26p"; })
   (fetchNuGet { pname = "System.Runtime.Extensions"; version = "4.3.0"; sha256 = "1ykp3dnhwvm48nap8q23893hagf665k0kn3cbgsqpwzbijdcgc60"; })
@@ -190,21 +200,15 @@
   (fetchNuGet { pname = "System.Runtime.Serialization.Xml"; version = "4.3.0"; sha256 = "1b2cxl2h7s8cydbhbmxhvvq071n9ck61g08npg4gyw7nvg37rfni"; })
   (fetchNuGet { pname = "System.Security.AccessControl"; version = "4.4.0"; sha256 = "0ixqw47krkazsw0ycm22ivkv7dpg6cjz8z8g0ii44bsx4l8gcx17"; })
   (fetchNuGet { pname = "System.Security.Claims"; version = "4.3.0"; sha256 = "0jvfn7j22l3mm28qjy3rcw287y9h65ha4m940waaxah07jnbzrhn"; })
-  (fetchNuGet { pname = "System.Security.Cryptography.Algorithms"; version = "4.1.0-rc2-24027"; sha256 = "183qanczf0jb6njgr9pibyr5jh0m8xwrja3j0pcdnzab0cii3n17"; })
   (fetchNuGet { pname = "System.Security.Cryptography.Algorithms"; version = "4.3.0"; sha256 = "03sq183pfl5kp7gkvq77myv7kbpdnq3y0xj7vi4q1kaw54sny0ml"; })
   (fetchNuGet { pname = "System.Security.Cryptography.Cng"; version = "4.3.0"; sha256 = "1k468aswafdgf56ab6yrn7649kfqx2wm9aslywjam1hdmk5yypmv"; })
   (fetchNuGet { pname = "System.Security.Cryptography.Cng"; version = "4.4.0"; sha256 = "1grg9id80m358crr5y4q4rhhbrm122yw8jrlcl1ybi7nkmmck40n"; })
-  (fetchNuGet { pname = "System.Security.Cryptography.Csp"; version = "4.0.0-rc2-24027"; sha256 = "0nny9yvnhf3l5hjsy3ina8cha6sjln993vzkzdqka9d7rq1z23d5"; })
   (fetchNuGet { pname = "System.Security.Cryptography.Csp"; version = "4.3.0"; sha256 = "1x5wcrddf2s3hb8j78cry7yalca4lb5vfnkrysagbn6r9x6xvrx1"; })
-  (fetchNuGet { pname = "System.Security.Cryptography.Encoding"; version = "4.0.0-rc2-24027"; sha256 = "19f83159vrfnfppzchjclk82w2x1mkvnx1y5yg1f238dpjb2ri8w"; })
   (fetchNuGet { pname = "System.Security.Cryptography.Encoding"; version = "4.3.0"; sha256 = "1jr6w70igqn07k5zs1ph6xja97hxnb3mqbspdrff6cvssgrixs32"; })
-  (fetchNuGet { pname = "System.Security.Cryptography.OpenSsl"; version = "4.0.0-rc2-24027"; sha256 = "1mqw7xkh4pj110f249c4jpv9mg1sd8c2cr6kj2zc0mic325vvg0s"; })
   (fetchNuGet { pname = "System.Security.Cryptography.OpenSsl"; version = "4.3.0"; sha256 = "0givpvvj8yc7gv4lhb6s1prq6p2c4147204a0wib89inqzd87gqc"; })
   (fetchNuGet { pname = "System.Security.Cryptography.Pkcs"; version = "4.4.0"; sha256 = "1bn7d2czpc994qzdph4drv7p1cv4x55j2dhbmr113p0gs4hx33zh"; })
-  (fetchNuGet { pname = "System.Security.Cryptography.Primitives"; version = "4.0.0-rc2-24027"; sha256 = "16zwyw3glsq2flq1crd0c24i336bc42rj28a9rjvvkg428vz4rf8"; })
   (fetchNuGet { pname = "System.Security.Cryptography.Primitives"; version = "4.3.0"; sha256 = "0pyzncsv48zwly3lw4f2dayqswcfvdwq2nz0dgwmi7fj3pn64wby"; })
   (fetchNuGet { pname = "System.Security.Cryptography.ProtectedData"; version = "4.4.0"; sha256 = "1q8ljvqhasyynp94a1d7jknk946m20lkwy2c3wa8zw2pc517fbj6"; })
-  (fetchNuGet { pname = "System.Security.Cryptography.X509Certificates"; version = "4.1.0-rc2-24027"; sha256 = "1gfxc9p73zak46klrfsyxgkcyzbvqnjarsm0wkvmj31n9g4dpjkz"; })
   (fetchNuGet { pname = "System.Security.Cryptography.X509Certificates"; version = "4.3.0"; sha256 = "0valjcz5wksbvijylxijjxb1mp38mdhv03r533vnx1q3ikzdav9h"; })
   (fetchNuGet { pname = "System.Security.Principal"; version = "4.3.0"; sha256 = "12cm2zws06z4lfc4dn31iqv7072zyi4m910d4r6wm8yx85arsfxf"; })
   (fetchNuGet { pname = "System.Security.Principal.Windows"; version = "4.3.0"; sha256 = "00a0a7c40i3v4cb20s2cmh9csb5jv2l0frvnlzyfxh848xalpdwr"; })
@@ -217,14 +221,13 @@
   (fetchNuGet { pname = "System.Text.Encoding.Extensions"; version = "4.0.11"; sha256 = "08nsfrpiwsg9x5ml4xyl3zyvjfdi4mvbqf93kjdh11j4fwkznizs"; })
   (fetchNuGet { pname = "System.Text.Encoding.Extensions"; version = "4.0.11-rc2-24027"; sha256 = "02xic3hhfy48s50bxh25as1l9v3afgrhlxqfnd5ki4qirxly7qs6"; })
   (fetchNuGet { pname = "System.Text.Encoding.Extensions"; version = "4.3.0"; sha256 = "11q1y8hh5hrp5a3kw25cb6l00v5l5dvirkz8jr3sq00h1xgcgrxy"; })
-  (fetchNuGet { pname = "System.Text.RegularExpressions"; version = "4.0.12-rc2-24027"; sha256 = "1111sgvbxrxq9c1i0nziqddlzfdc2bsawd0jcf2nna9nkcn4d6br"; })
   (fetchNuGet { pname = "System.Text.RegularExpressions"; version = "4.1.0"; sha256 = "1mw7vfkkyd04yn2fbhm38msk7dz2xwvib14ygjsb8dq2lcvr18y7"; })
   (fetchNuGet { pname = "System.Text.RegularExpressions"; version = "4.3.0"; sha256 = "1bgq51k7fwld0njylfn7qc5fmwrk2137gdq7djqdsw347paa9c2l"; })
+  (fetchNuGet { pname = "System.Text.RegularExpressions"; version = "4.3.1"; sha256 = "1hr4qqzrij3y2ayi8jj70yfg0i9imf6fpdam1gr8qgp795kh86qg"; })
   (fetchNuGet { pname = "System.Threading"; version = "4.0.11"; sha256 = "19x946h926bzvbsgj28csn46gak2crv2skpwsx80hbgazmkgb1ls"; })
   (fetchNuGet { pname = "System.Threading"; version = "4.0.11-rc2-24027"; sha256 = "0aa4zaqma4yagjd44m2j13gr9qzn8rv8dbz3p9mjdk0dx1zpi4iq"; })
   (fetchNuGet { pname = "System.Threading"; version = "4.3.0"; sha256 = "0rw9wfamvhayp5zh3j7p1yfmx9b5khbf4q50d8k5rk993rskfd34"; })
   (fetchNuGet { pname = "System.Threading.Channels"; version = "4.5.0"; sha256 = "0n6z3wjia7h2a5vl727p97riydnb6jhhkb1pdcnizza02dwkz0nz"; })
-  (fetchNuGet { pname = "System.Threading.Overlapped"; version = "4.0.1-rc2-24027"; sha256 = "1ansaxwkc4xi2ngpiv8gjmv02d75y0nb4lfqzxy73r3radakqvdp"; })
   (fetchNuGet { pname = "System.Threading.Tasks"; version = "4.0.11"; sha256 = "0nr1r41rak82qfa5m0lhk9mp0k93bvfd7bbd9sdzwx9mb36g28p5"; })
   (fetchNuGet { pname = "System.Threading.Tasks"; version = "4.0.11-rc2-24027"; sha256 = "0fsgdzdxm3yj1cym421ymn8x8anhyzgzc1529q5xd1vq4yknwfq0"; })
   (fetchNuGet { pname = "System.Threading.Tasks"; version = "4.3.0"; sha256 = "134z3v9abw3a6jsw17xl3f6hqjpak5l682k2vz39spj4kmydg6k7"; })
@@ -232,7 +235,6 @@
   (fetchNuGet { pname = "System.Threading.Tasks.Extensions"; version = "4.0.0-rc2-24027"; sha256 = "108sdqpy3ga6gzksl59w1k21a3jlrh8x2igyxh3dm3212rca1pyg"; })
   (fetchNuGet { pname = "System.Threading.Tasks.Extensions"; version = "4.3.0"; sha256 = "1xxcx2xh8jin360yjwm4x4cf5y3a2bwpn2ygkfkwkicz7zk50s2z"; })
   (fetchNuGet { pname = "System.Threading.Tasks.Extensions"; version = "4.5.1"; sha256 = "1ikrplvw4m6pzjbq3bfbpr572n4i9mni577zvmrkaygvx85q3myw"; })
-  (fetchNuGet { pname = "System.Threading.Thread"; version = "4.0.0-rc2-24027"; sha256 = "1gv963m4523m3m9gbn819bfzmhxqsv93m5kaqmbv4ijyziby2872"; })
   (fetchNuGet { pname = "System.Threading.ThreadPool"; version = "4.3.0"; sha256 = "027s1f4sbx0y1xqw2irqn6x161lzj8qwvnh2gn78ciiczdv10vf1"; })
   (fetchNuGet { pname = "System.Threading.Timer"; version = "4.0.1-rc2-24027"; sha256 = "06kwi42lgf3zw3b5yw668ammbjl6208y182wyqaaqrxgn5gs4yh7"; })
   (fetchNuGet { pname = "System.Threading.Timer"; version = "4.3.0"; sha256 = "1nx773nsx6z5whv8kaa1wjh037id2f1cxhb69pvgv12hd2b6qs56"; })
diff --git a/pkgs/development/tools/continuous-integration/gitlab-runner/default.nix b/pkgs/development/tools/continuous-integration/gitlab-runner/default.nix
index e50ade55d9b..479f319c542 100644
--- a/pkgs/development/tools/continuous-integration/gitlab-runner/default.nix
+++ b/pkgs/development/tools/continuous-integration/gitlab-runner/default.nix
@@ -1,7 +1,7 @@
 { lib, buildGoModule, fetchFromGitLab, fetchurl, bash }:
 
 let
-  version = "16.3.0";
+  version = "16.6.0";
 in
 buildGoModule rec {
   inherit version;
@@ -17,13 +17,13 @@ buildGoModule rec {
   # For patchShebangs
   buildInputs = [ bash ];
 
-  vendorHash = "sha256-tMhzq9ygUmNi9+mlI9Gvr2nDyG9HQbs8PVusSgadZIE=";
+  vendorHash = "sha256-m0+iAJITX0JfBd5ZboqlcG6eNbPJ35gHa4LV21jX5d8=";
 
   src = fetchFromGitLab {
     owner = "gitlab-org";
     repo = "gitlab-runner";
     rev = "v${version}";
-    sha256 = "sha256-YAnHOIpUN1OuNefjCIccZOLwPNMxVBuCRQgX0Tb5bos=";
+    sha256 = "sha256-4N00+yO7Ps0+jy7WmHhm4Eh4MXt3beH00ScZ1RWNByE=";
   };
 
   patches = [
@@ -69,6 +69,6 @@ buildGoModule rec {
     license = licenses.mit;
     homepage = "https://about.gitlab.com/gitlab-ci/";
     platforms = platforms.unix ++ platforms.darwin;
-    maintainers = with maintainers; [ bachp zimbatm globin ] ++ teams.gitlab.members;
+    maintainers = with maintainers; [ bachp zimbatm ] ++ teams.gitlab.members;
   };
 }
diff --git a/pkgs/development/tools/continuous-integration/hci/default.nix b/pkgs/development/tools/continuous-integration/hci/default.nix
index 5060d0aeda0..1acafb10eab 100644
--- a/pkgs/development/tools/continuous-integration/hci/default.nix
+++ b/pkgs/development/tools/continuous-integration/hci/default.nix
@@ -1,9 +1,25 @@
-{ haskell, haskellPackages, lib, makeWrapper, runc, stdenv }:
+{ haskell, haskellPackages, lib, makeWrapper, runc, stdenv, emptyDirectory }:
 let
-  inherit (haskell.lib.compose) overrideCabal addBuildTools justStaticExecutables;
+  inherit (haskell.lib.compose) overrideCabal addBuildTools justStaticExecutables appendConfigureFlags;
   inherit (lib) makeBinPath;
   bundledBins = lib.optional stdenv.isLinux runc;
 
+  overrides = old: {
+    hercules-ci-agent =
+      overrideCabal
+        (o: {
+          isLibrary = true;
+          isExecutable = false;
+          postInstall = ""; # ignore completions
+          enableSharedExecutables = false;
+          buildTarget = "lib:hercules-ci-agent hercules-ci-agent-unit-tests";
+          configureFlags = o.configureFlags or [ ] ++ [
+            "--bindir=${emptyDirectory}/hercules-ci-built-without-binaries/no-bin"
+          ];
+        })
+        old.hercules-ci-agent;
+  };
+
   pkg =
     # justStaticExecutables is needed due to https://github.com/NixOS/nix/issues/2990
     overrideCabal
@@ -15,7 +31,7 @@ let
           makeWrapper $out/libexec/hci $out/bin/hci --prefix PATH : ${lib.escapeShellArg (makeBinPath bundledBins)}
         '';
       })
-      (addBuildTools [ makeWrapper ] (justStaticExecutables haskellPackages.hercules-ci-cli));
+      (addBuildTools [ makeWrapper ] (justStaticExecutables (haskellPackages.hercules-ci-cli.override overrides)));
 in pkg // {
     meta = pkg.meta // {
       position = toString ./default.nix + ":1";
diff --git a/pkgs/development/tools/continuous-integration/jenkins/default.nix b/pkgs/development/tools/continuous-integration/jenkins/default.nix
index c90845ddcd7..aa4de161d9c 100644
--- a/pkgs/development/tools/continuous-integration/jenkins/default.nix
+++ b/pkgs/development/tools/continuous-integration/jenkins/default.nix
@@ -4,11 +4,11 @@
 
 stdenv.mkDerivation rec {
   pname = "jenkins";
-  version = "2.414.2";
+  version = "2.414.3";
 
   src = fetchurl {
     url = "https://get.jenkins.io/war-stable/${version}/jenkins.war";
-    hash = "sha256-kiu/Ymn92tYUu2VAJB7QzlUjpKUyginhX157t//VZbg=";
+    hash = "sha256-LZMlS8GG3zSbxK0GtrHddXxJMZDwVY0RHb2pUXqEe1k=";
   };
 
   nativeBuildInputs = [ makeWrapper ];
diff --git a/pkgs/development/tools/continuous-integration/woodpecker-plugin-git/default.nix b/pkgs/development/tools/continuous-integration/woodpecker-plugin-git/default.nix
index dfca2742b58..899fdc7d82e 100644
--- a/pkgs/development/tools/continuous-integration/woodpecker-plugin-git/default.nix
+++ b/pkgs/development/tools/continuous-integration/woodpecker-plugin-git/default.nix
@@ -7,13 +7,13 @@
 
 buildGoModule rec {
   pname = "woodpecker-plugin-git";
-  version = "2.1.1";
+  version = "2.2.0";
 
   src = fetchFromGitHub {
     owner = "woodpecker-ci";
     repo = "plugin-git";
     rev = "refs/tags/${version}";
-    hash = "sha256-siPLI463qUQs9tBMlmrMv6G5ry0JrEEIelpid9/cf88=";
+    hash = "sha256-BQG1+icfV21qZCwgNvLQm8+1f5WF8owKnQKTIF7O80A=";
   };
 
   vendorHash = "sha256-ol5k37gGFsyeEnGOVcJaerkIejShHyNCBu4RZ8WyHvU=";
diff --git a/pkgs/development/tools/continuous-integration/woodpecker/common.nix b/pkgs/development/tools/continuous-integration/woodpecker/common.nix
index f44f48d6e2a..cdb54fa07f7 100644
--- a/pkgs/development/tools/continuous-integration/woodpecker/common.nix
+++ b/pkgs/development/tools/continuous-integration/woodpecker/common.nix
@@ -1,9 +1,9 @@
 { lib, fetchFromGitHub }:
 let
-  version = "1.0.2";
-  srcHash = "sha256-OeOKR9lTGXU2qumyXq3s/CI56IX4XiI/ZTRHNoY6MEI=";
-  vendorHash = "sha256-+2wQKNyCb9xtB1TeE1/oSMEvKoXVX9ARZxsNqE2rfrg=";
-  yarnHash = "sha256-QNeQwWU36A05zaARWmqEOhfyZRW68OgF4wTonQLYQfs=";
+  version = "1.0.5";
+  srcHash = "sha256-tkgkhYuLHfmT42P+UMZ7uNB2wBKo0YGiw0a5RoMAu6M=";
+  vendorHash = "sha256-QTTnTPOgP+FlbqXNCGJc9VuBzQcMujpvFB3+DykYTPY=";
+  yarnHash = "sha256-TrcTc5svLLSedRC8gCwIBW7/mtHo+uSNZGImtRiVJ0w=";
 in
 {
   inherit version yarnHash vendorHash;
diff --git a/pkgs/development/tools/continuous-integration/woodpecker/woodpecker-package.json b/pkgs/development/tools/continuous-integration/woodpecker/woodpecker-package.json
index b92624a01c2..565c05aa8c2 100644
--- a/pkgs/development/tools/continuous-integration/woodpecker/woodpecker-package.json
+++ b/pkgs/development/tools/continuous-integration/woodpecker/woodpecker-package.json
@@ -70,7 +70,8 @@
   },
   "pnpm": {
     "overrides": {
-      "semver@<7.5.2": ">=7.5.2"
+      "semver@<7.5.2": ">=7.5.2",
+      "postcss@<8.4.31": ">=8.4.31"
     }
   }
 }
diff --git a/pkgs/development/tools/continuous-integration/woodpecker/yarn.lock b/pkgs/development/tools/continuous-integration/woodpecker/yarn.lock
index 22790763a42..cf7c076e748 100644
--- a/pkgs/development/tools/continuous-integration/woodpecker/yarn.lock
+++ b/pkgs/development/tools/continuous-integration/woodpecker/yarn.lock
@@ -784,7 +784,7 @@
     "@vue/shared" "3.3.4"
     "estree-walker" "2.0.2"
     "magic-string" "0.30.0"
-    "postcss" "8.4.24"
+    "postcss" "8.4.31"
     "source-map-js" "1.0.2"
 
 "@vue/compiler-ssr@3.3.4":
@@ -1548,7 +1548,7 @@
     "eslint" "8.44.0"
     "eslint-utils" "3.0.0"
     "lodash" "4.17.21"
-    "postcss" "8.4.24"
+    "postcss" "8.4.31"
     "postcss-safe-parser" "6.0.0"
     "postcss-scss" "4.0.6"
     "postcss-selector-parser" "6.0.13"
@@ -2583,14 +2583,14 @@
   resolved "https://registry.npmjs.org/postcss-safe-parser/-/postcss-safe-parser-6.0.0.tgz"
   integrity "sha512-FARHN8pwH+WiS2OPCxJI8FuRJpTVnn6ZNFiqAM2aeW2LwTHWWmWgIyKC6cUo0L8aeKiF/14MNvnpls6R2PBeMQ=="
   dependencies:
-    "postcss" "8.4.24"
+    "postcss" "8.4.31"
 
 "postcss-scss@4.0.6":
   version "4.0.6"
   resolved "https://registry.npmjs.org/postcss-scss/-/postcss-scss-4.0.6.tgz"
   integrity "sha512-rLDPhJY4z/i4nVFZ27j9GqLxj1pwxE80eAzUNRMXtcpipFYIeowerzBgG3yJhMtObGEXidtIgbUpQ3eLDsf5OQ=="
   dependencies:
-    "postcss" "8.4.24"
+    "postcss" "8.4.31"
 
 "postcss-selector-parser@6.0.13":
   version "6.0.13"
@@ -2608,13 +2608,13 @@
     "debug" "4.3.4"
     "fast-diff" "1.3.0"
     "lodash.sortedlastindex" "4.1.0"
-    "postcss" "8.4.24"
+    "postcss" "8.4.31"
     "stylus" "0.57.0"
 
-"postcss@8.4.24":
-  version "8.4.24"
-  resolved "https://registry.npmjs.org/postcss/-/postcss-8.4.24.tgz"
-  integrity "sha512-M0RzbcI0sO/XJNucsGjvWU9ERWxb/ytp1w6dKtxTKgixdtQDq4rmx/g8W1hnaheq9jgwL/oyEdH5Bc4WwJKMqg=="
+"postcss@8.4.31":
+  version "8.4.31"
+  resolved "https://registry.npmjs.org/postcss/-/postcss-8.4.31.tgz"
+  integrity "sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ=="
   dependencies:
     "nanoid" "3.3.6"
     "picocolors" "1.0.0"
@@ -3055,7 +3055,7 @@
   dependencies:
     "@types/node" "18.16.19"
     "esbuild" "0.17.19"
-    "postcss" "8.4.24"
+    "postcss" "8.4.31"
     "rollup" "3.26.0"
 
 "vue-demi@0.14.5":
author	Alyssa Ross <hi@alyssa.is>	2023-11-21 16:12:21 +0100
committer	Alyssa Ross <hi@alyssa.is>	2023-11-21 16:12:48 +0100
commit	048a4cd441a59cbf89defb18bb45c9f0b4429b35 (patch)
tree	f8f5850ff05521ab82d65745894714a8796cbfb6 /pkgs/development/tools/continuous-integration
parent	030c5028b07afcedce7c5956015c629486cc79d9 (diff)
parent	4c2d05dd6435d449a3651a6dd314d9411b5f8146 (diff)
download	nixpkgs-rootfs.tar nixpkgs-rootfs.tar.gz nixpkgs-rootfs.tar.bz2 nixpkgs-rootfs.tar.lz nixpkgs-rootfs.tar.xz nixpkgs-rootfs.tar.zst nixpkgs-rootfs.zip