Merge staging-next into staging

4 files changed, 18 insertions, 15 deletions

diff --git a/pkgs/tools/security/age-plugin-tpm/default.nix b/pkgs/tools/security/age-plugin-tpm/default.nix
index 8882a70a1a9..4885aa326dd 100644
--- a/pkgs/tools/security/age-plugin-tpm/default.nix
+++ b/pkgs/tools/security/age-plugin-tpm/default.nix
@@ -2,30 +2,32 @@
 , buildGoModule
 , fetchFromGitHub
 , swtpm
+, openssl
 }:
 
 buildGoModule rec {
   pname = "age-plugin-tpm";
-  version = "0.1.0";
+  version = "0.2.0";
 
   src = fetchFromGitHub {
     owner = "Foxboron";
     repo = "age-plugin-tpm";
     rev = "v${version}";
-    hash = "sha256-Gp7n2/+vgQbsm/En6PQ1to/W6lvFam4Wh3LHdCZnafc=";
+    hash = "sha256-oTvK8U5j+llHgoChhGb+vcUrUf9doVYxd3d5MEuCNz8=";
   };
 
-  vendorHash = "sha256-oZni/n2J0N3ZxNhf+RlUWyWeOFwL4+6KUIk6DQF8YpA=";
+  proxyVendor = true;
 
-  postConfigure = ''
-    substituteInPlace vendor/github.com/foxboron/swtpm_test/swtpm.go \
-      --replace "/usr/share/swtpm/swtpm-create-user-config-files" "${swtpm}/share/swtpm/swtpm-create-user-config-files"
-  '';
+  vendorHash = "sha256-BSb+8p5+RJMfcYc2+BuT4YbhCWCbcYOt9upesD11Ytw=";
 
   nativeCheckInputs = [
     swtpm
   ];
 
+  buildInputs = [
+    openssl
+  ];
+
   ldflags = [
     "-s"
     "-w"
diff --git a/pkgs/tools/security/nsjail/default.nix b/pkgs/tools/security/nsjail/default.nix
index 5abb9012b7d..187674596e1 100644
--- a/pkgs/tools/security/nsjail/default.nix
+++ b/pkgs/tools/security/nsjail/default.nix
@@ -4,14 +4,14 @@
 
 stdenv.mkDerivation rec {
   pname = "nsjail";
-  version = "3.3";
+  version = "3.4";
 
   src = fetchFromGitHub {
     owner           = "google";
     repo            = "nsjail";
     rev             = version;
     fetchSubmodules = true;
-    hash            = "sha256-L5x3rUDd1nXxDjoP/ZErQa02w2MJSkMBlgu00cy1D3M=";
+    hash            = "sha256-/K+qJV5Dq+my45Cpw6czdsWLtO9lnJwZTsOIRt4Iijk=";
   };
 
   nativeBuildInputs = [ autoconf bison flex installShellFiles libtool pkg-config which ];
@@ -32,6 +32,7 @@ stdenv.mkDerivation rec {
   meta = with lib; {
     description = "A light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters";
     homepage    = "https://nsjail.dev/";
+    changelog   = "https://github.com/google/nsjail/releases/tag/${version}";
     license     = licenses.asl20;
     maintainers = with maintainers; [ arturcygan bosu c0bw3b ];
     platforms   = platforms.linux;
diff --git a/pkgs/tools/security/osv-scanner/default.nix b/pkgs/tools/security/osv-scanner/default.nix
index 1397405dd8f..be8fbb2489f 100644
--- a/pkgs/tools/security/osv-scanner/default.nix
+++ b/pkgs/tools/security/osv-scanner/default.nix
@@ -6,16 +6,16 @@
 }:
 buildGoModule rec {
   pname = "osv-scanner";
-  version = "1.4.0";
+  version = "1.4.1";
 
   src = fetchFromGitHub {
     owner = "google";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-UJrqSzJ024IiQwuPOoxNGgTNNfhb00KjtIHQb5qpDPQ=";
+    hash = "sha256-xc9qdzdJYg12twjLAGw1GEkfkFsk8UBgzSyOSg/FB20=";
   };
 
-  vendorHash = "sha256-oT4pjsEfjlPZyVo7Ic0rpTEK/sSUz1ShWk7fOJq+EQ8=";
+  vendorHash = "sha256-e1XG3DZGDBKKcEpMBi0vqKo3f9TnXdFKOUzZ7KZhPAw=";
 
   subPackages = [
     "cmd/osv-scanner"
diff --git a/pkgs/tools/security/trufflehog/default.nix b/pkgs/tools/security/trufflehog/default.nix
index 86346b62010..9978cd6cd53 100644
--- a/pkgs/tools/security/trufflehog/default.nix
+++ b/pkgs/tools/security/trufflehog/default.nix
@@ -7,16 +7,16 @@
 
 buildGoModule rec {
   pname = "trufflehog";
-  version = "3.59.0";
+  version = "3.60.0";
 
   src = fetchFromGitHub {
     owner = "trufflesecurity";
     repo = "trufflehog";
     rev = "refs/tags/v${version}";
-    hash = "sha256-J+hmWEBjTFb7mE9uj0g4uq+VZjKS/3sIOtJyNweYkRw=";
+    hash = "sha256-43KKw9/EdXoD4nzWEvll2LhgI6Ipt3PYN6EpiD8fhQc=";
   };
 
-  vendorHash = "sha256-xsdtqRU3Exeo/EHkA8xars9+FUnrVZRdET0PGtv4ikI=";
+  vendorHash = "sha256-axB0JcvGeiqz1dBKHknNqW3XzQWaLCHk6gsB9QV3PN8=";
 
   ldflags = [
     "-s"