I think that's it for this week, although honestly there have been so many different things going on I've probably missed something.
Oh, I know what I forgot!
cgit ----
I upgraded https://spectrum-os.org/git/ from cgit 1.2.1 to 1.2.3, which involved bumping cgit in Nixpkgs[1].
[1]: https://github.com/NixOS/nixpkgs/pull/87412
Nix ---
This actually happened last week, but I forgot it then too. It also is _technically_ not Spectrum work, but it's an issue with an important Spectrum component that I found while working on Spectrum.
I found and fixed a denial-of-service issue in Nix that would let a malicious derivation permanently break Nix store garbage collection until the administrator manually intervened.
The commit message[2] has an extremely detailed write-up of what went wrong. Thanks to puck for helping me with the reproduction and fix.
[2]: https://github.com/NixOS/nix/commit/c05e20daa1abb3446e378331697938b78af2b3d7