about summary refs log tree commit diff
path: root/pkgs/tools
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools')
-rw-r--r--pkgs/tools/admin/lxd/wrapper.nix11
-rw-r--r--pkgs/tools/misc/audible-cli/default.nix1
-rw-r--r--pkgs/tools/misc/ksnip/default.nix13
-rw-r--r--pkgs/tools/misc/mise/default.nix6
-rw-r--r--pkgs/tools/misc/ollama/default.nix17
-rw-r--r--pkgs/tools/misc/parallel/default.nix4
-rw-r--r--pkgs/tools/misc/rauc/default.nix4
-rw-r--r--pkgs/tools/misc/wit-bindgen/default.nix33
-rw-r--r--pkgs/tools/networking/muffet/default.nix6
-rw-r--r--pkgs/tools/networking/netbird/default.nix14
-rw-r--r--pkgs/tools/package-management/poetry/default.nix6
-rw-r--r--pkgs/tools/package-management/poetry/unwrapped.nix50
-rw-r--r--pkgs/tools/security/cryptomator/default.nix6
-rw-r--r--pkgs/tools/security/exploitdb/default.nix4
-rw-r--r--pkgs/tools/security/sn0int/default.nix50
-rw-r--r--pkgs/tools/security/terrascan/default.nix6
-rw-r--r--pkgs/tools/virtualization/multipass/default.nix5
17 files changed, 61 insertions, 175 deletions
diff --git a/pkgs/tools/admin/lxd/wrapper.nix b/pkgs/tools/admin/lxd/wrapper.nix
index b197cd496b1aa..9edfefd57ccd7 100644
--- a/pkgs/tools/admin/lxd/wrapper.nix
+++ b/pkgs/tools/admin/lxd/wrapper.nix
@@ -76,20 +76,11 @@ let
 
   ovmf-2mb = OVMF.override {
     secureBoot = true;
-    csmSupport = false;
     fdSize2MB = true;
   };
 
   ovmf-4mb = OVMF.override {
     secureBoot = true;
-    csmSupport = false;
-    fdSize4MB = true;
-  };
-
-  ovmf-4mb-csm = OVMF.override {
-    secureBoot = true;
-    csmSupport = false;
-    fdSize2MB = false;
     fdSize4MB = true;
   };
 
@@ -99,13 +90,11 @@ let
   # also found in /snap/lxd/current/share/qemu/ on a snap install
   ovmf = linkFarm "lxd-ovmf" [
     { name = "OVMF_CODE.2MB.fd"; path = "${ovmf-2mb.fd}/FV/${ovmf-prefix}_CODE.fd"; }
-    { name = "OVMF_CODE.4MB.CSM.fd"; path = "${ovmf-4mb-csm.fd}/FV/${ovmf-prefix}_CODE.fd"; }
     { name = "OVMF_CODE.4MB.fd"; path = "${ovmf-4mb.fd}/FV/${ovmf-prefix}_CODE.fd"; }
     { name = "OVMF_CODE.fd"; path = "${ovmf-2mb.fd}/FV/${ovmf-prefix}_CODE.fd"; }
 
     { name = "OVMF_VARS.2MB.fd"; path = "${ovmf-2mb.fd}/FV/${ovmf-prefix}_VARS.fd"; }
     { name = "OVMF_VARS.2MB.ms.fd"; path = "${ovmf-2mb.fd}/FV/${ovmf-prefix}_VARS.fd"; }
-    { name = "OVMF_VARS.4MB.CSM.fd"; path = "${ovmf-4mb-csm.fd}/FV/${ovmf-prefix}_VARS.fd"; }
     { name = "OVMF_VARS.4MB.fd"; path = "${ovmf-4mb.fd}/FV/${ovmf-prefix}_VARS.fd"; }
     { name = "OVMF_VARS.4MB.ms.fd"; path = "${ovmf-4mb.fd}/FV/${ovmf-prefix}_VARS.fd"; }
     { name = "OVMF_VARS.fd"; path = "${ovmf-2mb.fd}/FV/${ovmf-prefix}_VARS.fd"; }
diff --git a/pkgs/tools/misc/audible-cli/default.nix b/pkgs/tools/misc/audible-cli/default.nix
index 297917b6a92a9..4d0134e8eaee8 100644
--- a/pkgs/tools/misc/audible-cli/default.nix
+++ b/pkgs/tools/misc/audible-cli/default.nix
@@ -27,6 +27,7 @@ python3Packages.buildPythonApplication rec {
     packaging
     pillow
     questionary
+    setuptools
     tabulate
     toml
     tqdm
diff --git a/pkgs/tools/misc/ksnip/default.nix b/pkgs/tools/misc/ksnip/default.nix
index 60ba06a299305..8e5cc40740cc3 100644
--- a/pkgs/tools/misc/ksnip/default.nix
+++ b/pkgs/tools/misc/ksnip/default.nix
@@ -3,6 +3,7 @@
 , cmake
 , extra-cmake-modules
 , fetchFromGitHub
+, fetchpatch
 , kcolorpicker
 , kimageannotator
 , wrapQtAppsHook
@@ -22,6 +23,18 @@ stdenv.mkDerivation rec {
     sha256 = "sha256-n7YwDXd73hyrzb6L8utZFuHh9HnjVtkU6CC4jfWPj/I=";
   };
 
+  patches = [
+    # Fix build with latest kImageAnnotator
+    (fetchpatch {
+      url = "https://github.com/ksnip/ksnip/commit/76f4b381971eead6ff31b8bf3bb64bb5717469c3.patch";
+      hash = "sha256-JWoI974qDNZIzr/8oksI8m6g3XNWEaQRGsqSfvQrmao=";
+    })
+  ];
+
+  postPatch = ''
+    substituteInPlace src/CMakeLists.txt --replace-fail "kColorPicker::kColorPicker" "kColorPicker::kColorPicker-Qt5"
+  '';
+
   nativeBuildInputs = [
     cmake
     extra-cmake-modules
diff --git a/pkgs/tools/misc/mise/default.nix b/pkgs/tools/misc/mise/default.nix
index 4afa360df25b7..959be1430da5d 100644
--- a/pkgs/tools/misc/mise/default.nix
+++ b/pkgs/tools/misc/mise/default.nix
@@ -17,16 +17,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "mise";
-  version = "2024.2.18";
+  version = "2024.2.19";
 
   src = fetchFromGitHub {
     owner = "jdx";
     repo = "mise";
     rev = "v${version}";
-    hash = "sha256-YidcjhPgaDODtz0EpktIsRmnRMryvGJKQ2vx/MEQG9s=";
+    hash = "sha256-SDGXSjCDdtjKn474s2SQm9YDHofMOmHuodLS2iu10Co=";
   };
 
-  cargoHash = "sha256-QXtjM2yGOCf1nGOvrJCcLlI+MAGiu6bfsc/hSENNd1k=";
+  cargoHash = "sha256-4MEBIZOXjcLEyW0TB+AXWsEc24VZz8bGCkduHqbazuo=";
 
   nativeBuildInputs = [ installShellFiles pkg-config ];
   buildInputs = [ openssl ] ++ lib.optionals stdenv.isDarwin [ Security SystemConfiguration ];
diff --git a/pkgs/tools/misc/ollama/default.nix b/pkgs/tools/misc/ollama/default.nix
index 32b7f5fcbfc34..7a0fea0c116b6 100644
--- a/pkgs/tools/misc/ollama/default.nix
+++ b/pkgs/tools/misc/ollama/default.nix
@@ -24,7 +24,14 @@
 
 let
   pname = "ollama";
-  version = "0.1.26";
+  version = "0.1.27";
+  src = fetchFromGitHub {
+    owner = "jmorganca";
+    repo = "ollama";
+    rev = "v${version}";
+    hash = "sha256-+ayby+yVknFHLTyLjMAPMnOTMSzTKqzi9caN/TppcEg=";
+    fetchSubmodules = true;
+  };
 
   validAccel = lib.assertOneOf "ollama.acceleration" acceleration [ null "rocm" "cuda" ];
 
@@ -74,14 +81,6 @@ let
       buildGoModule.override { stdenv = overrideCC stdenv gcc12; }
     else
       buildGoModule;
-
-  src = fetchFromGitHub {
-    owner = "jmorganca";
-    repo = "ollama";
-    rev = "v${version}";
-    hash = "sha256-Kw3tt9ayEMgI2V6OeaOkWfNwqfCL7MDD/nN5iXk5LnY=";
-    fetchSubmodules = true;
-  };
   preparePatch = patch: hash: fetchpatch {
     url = "file://${src}/llm/patches/${patch}";
     inherit hash;
diff --git a/pkgs/tools/misc/parallel/default.nix b/pkgs/tools/misc/parallel/default.nix
index d196de07f648f..488039c807639 100644
--- a/pkgs/tools/misc/parallel/default.nix
+++ b/pkgs/tools/misc/parallel/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "parallel";
-  version = "20240122";
+  version = "20240222";
 
   src = fetchurl {
     url = "mirror://gnu/parallel/${pname}-${version}.tar.bz2";
-    sha256 = "sha256-hZaIy7VkHNe2sWsrlgviSqTjfmVcyP/NivlxzX1bRJ8=";
+    sha256 = "sha256-66Cban4jj2Iik/fUYVl/NQdctW8XDQpzFI9T0lnshVY=";
   };
 
   outputs = [ "out" "man" "doc" ];
diff --git a/pkgs/tools/misc/rauc/default.nix b/pkgs/tools/misc/rauc/default.nix
index d6e8486681acc..8f244839803c1 100644
--- a/pkgs/tools/misc/rauc/default.nix
+++ b/pkgs/tools/misc/rauc/default.nix
@@ -17,13 +17,13 @@
 
 stdenv.mkDerivation rec {
   pname = "rauc";
-  version = "1.11.1";
+  version = "1.11.2";
 
   src = fetchFromGitHub {
     owner = pname;
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-xvuBMOAXnuRYCkripjwfv64BCTLySNxebyHF3sB8EQw=";
+    sha256 = "sha256-IWfYjn8CCgYK2hna59Awr5tzWnXCtR6c1XpV5fCiSE4=";
   };
 
   passthru = {
diff --git a/pkgs/tools/misc/wit-bindgen/default.nix b/pkgs/tools/misc/wit-bindgen/default.nix
deleted file mode 100644
index 9f0fbe1f45654..0000000000000
--- a/pkgs/tools/misc/wit-bindgen/default.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{ lib
-, rustPlatform
-, fetchFromGitHub
-}:
-
-rustPlatform.buildRustPackage rec {
-  pname = "wit-bindgen";
-  version = "0.17.0";
-
-  src = fetchFromGitHub {
-    owner = "bytecodealliance";
-    repo = "wit-bindgen";
-    rev = "wit-bindgen-cli-${version}";
-    hash = "sha256-eFJkr/RqQdULPquCVbjhR8843aGjeEnUCF/Ws2U5fQk=";
-  };
-
-  cargoHash = "sha256-934lHOXzE2cLW6LMM0AQl/GJt4wSIKZlY1C7gmjGVrc=";
-
-  # Some tests fail because they need network access to install the `wasm32-unknown-unknown` target.
-  # However, GitHub Actions ensures a proper build.
-  # See also:
-  #   https://github.com/bytecodealliance/wit-bindgen/actions
-  #   https://github.com/bytecodealliance/wit-bindgen/blob/main/.github/workflows/main.yml
-  doCheck = false;
-
-  meta = with lib; {
-    description = "A language binding generator for WebAssembly interface types";
-    homepage = "https://github.com/bytecodealliance/wit-bindgen";
-    license = licenses.asl20;
-    maintainers = with maintainers; [ xrelkd ];
-    mainProgram = "wit-bindgen";
-  };
-}
diff --git a/pkgs/tools/networking/muffet/default.nix b/pkgs/tools/networking/muffet/default.nix
index c363df34e8f75..a9fe4398afd74 100644
--- a/pkgs/tools/networking/muffet/default.nix
+++ b/pkgs/tools/networking/muffet/default.nix
@@ -5,16 +5,16 @@
 
 buildGoModule rec {
   pname = "muffet";
-  version = "2.9.3";
+  version = "2.10.0";
 
   src = fetchFromGitHub {
     owner = "raviqqe";
     repo = "muffet";
     rev = "v${version}";
-    hash = "sha256-w9PoKGxZdP/sKdlTlnWBMqDPDLUvcYubkCyNHUm3AAc=";
+    hash = "sha256-kwEHabQYAaxC8nKewc5XHZnSvUSEQRw7qg0jtJoOw9g=";
   };
 
-  vendorHash = "sha256-2an4xj1gqQqj9NrSdTAss7hn6SiWoiq3RQ2xxUlSuaE=";
+  vendorHash = "sha256-GNwyQHqyfuzKnNAv5gpZFmhSq+jIHdfeceLSD9UphdA=";
 
   meta = with lib; {
     description = "A website link checker which scrapes and inspects all pages in a website recursively";
diff --git a/pkgs/tools/networking/netbird/default.nix b/pkgs/tools/networking/netbird/default.nix
index 590ee909d0599..dbbfc6b74c4d3 100644
--- a/pkgs/tools/networking/netbird/default.nix
+++ b/pkgs/tools/networking/netbird/default.nix
@@ -31,16 +31,16 @@ let
 in
 buildGoModule rec {
   pname = "netbird";
-  version = "0.26.0";
+  version = "0.26.1";
 
   src = fetchFromGitHub {
     owner = "netbirdio";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-hZnxemBoMAol0m9XZPMEh/Lf0woxoLNH97bRyg8xtv4=";
+    hash = "sha256-FZ6bPn4birCjvWm43clu3lAES38IooLP7PhUfRMO5+0=";
   };
 
-  vendorHash = "sha256-csa83P74Y9fHsPg5VgPfR9WMg4VKOXcIR0pOMzh0QoA=";
+  vendorHash = "sha256-Zp8LAaADpSa/wfnLAQVJ8cG3bMkC7ZU1BT+Dz214c34=";
 
   nativeBuildInputs = [ installShellFiles ] ++ lib.optional ui pkg-config;
 
@@ -73,9 +73,9 @@ buildGoModule rec {
   postPatch = ''
     # make it compatible with systemd's RuntimeDirectory
     substituteInPlace client/cmd/root.go \
-      --replace 'unix:///var/run/netbird.sock' 'unix:///var/run/netbird/sock'
+      --replace-fail 'unix:///var/run/netbird.sock' 'unix:///var/run/netbird/sock'
     substituteInPlace client/ui/client_ui.go \
-      --replace 'unix:///var/run/netbird.sock' 'unix:///var/run/netbird/sock'
+      --replace-fail 'unix:///var/run/netbird.sock' 'unix:///var/run/netbird/sock'
   '';
 
   postInstall = lib.concatStringsSep "\n"
@@ -90,13 +90,13 @@ buildGoModule rec {
       '')
       modules) + lib.optionalString (stdenv.isLinux && ui) ''
     mkdir -p $out/share/pixmaps
-    cp $src/client/ui/netbird-systemtray-default.png $out/share/pixmaps/netbird.png
+    cp $src/client/ui/netbird-systemtray-connected.png $out/share/pixmaps/netbird.png
 
     mkdir -p $out/share/applications
     cp $src/client/ui/netbird.desktop $out/share/applications/netbird.desktop
 
     substituteInPlace $out/share/applications/netbird.desktop \
-      --replace "Exec=/usr/bin/netbird-ui" "Exec=$out/bin/netbird-ui"
+      --replace-fail "Exec=/usr/bin/netbird-ui" "Exec=$out/bin/netbird-ui"
   '';
 
   passthru = {
diff --git a/pkgs/tools/package-management/poetry/default.nix b/pkgs/tools/package-management/poetry/default.nix
index 75cede5df7d35..d7442d74674f4 100644
--- a/pkgs/tools/package-management/poetry/default.nix
+++ b/pkgs/tools/package-management/poetry/default.nix
@@ -12,12 +12,12 @@ let
       # We keep the override around even when the versions match, as
       # it's likely to become relevant again after the next Poetry update.
       poetry-core = super.poetry-core.overridePythonAttrs (old: rec {
-        version = "1.8.1";
+        version = "1.9.0";
         src = fetchFromGitHub {
           owner = "python-poetry";
           repo = "poetry-core";
-          rev = version;
-          hash = "sha256-RnCJ67jaL2knwv+Uo7p0zOejHAT73f40weaJnfqOYoM=";
+          rev = "refs/tags/${version}";
+          hash = "sha256-vvwKbzGlvv2LTbXfJxQVM3nUXFGntgJxsku6cbRxCzw=";
         };
       });
     } // (plugins self);
diff --git a/pkgs/tools/package-management/poetry/unwrapped.nix b/pkgs/tools/package-management/poetry/unwrapped.nix
index f13a7715464be..cf4b0334dcd61 100644
--- a/pkgs/tools/package-management/poetry/unwrapped.nix
+++ b/pkgs/tools/package-management/poetry/unwrapped.nix
@@ -4,7 +4,6 @@
 , pythonOlder
 , fetchFromGitHub
 , installShellFiles
-, pythonRelaxDepsHook
 , build
 , cachecontrol
 , cleo
@@ -29,41 +28,30 @@
 , xattr
 , tomli
 , importlib-metadata
-, cachy
 , deepdiff
-, flatdict
 , pytestCheckHook
 , httpretty
 , pytest-mock
 , pytest-xdist
-, pythonAtLeast
 , darwin
 }:
 
 buildPythonPackage rec {
   pname = "poetry";
-  version = "1.7.1";
+  version = "1.8.1";
   format = "pyproject";
 
   disabled = pythonOlder "3.8";
 
   src = fetchFromGitHub {
     owner = "python-poetry";
-    repo = pname;
+    repo = "poetry";
     rev = "refs/tags/${version}";
-    hash = "sha256-PM3FIZYso7p0Oe0RpiPuxHrQrgnMlkT5SVeaJPK/J94=";
+    hash = "sha256-tHtd5vO3TMjO0gqyECuS0FUAcE90nkKZwOm3ne6poFQ=";
   };
 
   nativeBuildInputs = [
     installShellFiles
-    pythonRelaxDepsHook
-  ];
-
-  pythonRelaxDeps = [
-    # platformdirs 4.x is backwards compatible; https://github.com/python-poetry/poetry/commit/eb80d10846f7336b0b2a66ce2964e72dffee9a1c
-    "platformdirs"
-    # xattr 1.0 is backwards compatible modulo dropping Python 2 support: https://github.com/xattr/xattr/compare/v0.10.0...v1.0.0
-    "xattr"
   ];
 
   propagatedBuildInputs = [
@@ -104,9 +92,7 @@ buildPythonPackage rec {
   '';
 
   nativeCheckInputs = [
-    cachy
     deepdiff
-    flatdict
     pytestCheckHook
     httpretty
     pytest-mock
@@ -127,32 +113,14 @@ buildPythonPackage rec {
   '';
 
   disabledTests = [
+    "test_builder_should_execute_build_scripts"
     "test_env_system_packages_are_relative_to_lib"
+    "test_executor_known_hashes"
     "test_install_warning_corrupt_root"
-    "test_installer_with_pypi_repository"
-    # touches network
-    "git"
-    "solver"
-    "load"
-    "vcs"
-    "prereleases_if_they_are_compatible"
-    "test_builder_setup_generation_runs_with_pip_editable"
-    "test_executor"
-    # requires git history to work correctly
-    "default_with_excluded_data"
-    # toml ordering has changed
-    "lock"
-    # fs permission errors
-    "test_builder_should_execute_build_scripts"
-    # poetry.installation.chef.ChefBuildError: Backend 'poetry.core.masonry.api' is not available.
-    "test_isolated_env_install_success"
-    "test_prepare_sdist"
-    "test_prepare_directory"
-    "test_prepare_directory_with_extensions"
-    "test_prepare_directory_editable"
-  ] ++ lib.optionals (pythonAtLeast "3.10") [
-    # RuntimeError: 'auto_spec' might be a typo; use unsafe=True if this is intended
-    "test_info_setup_complex_pep517_error"
+  ];
+
+  pytestFlagsArray = [
+    "-m 'not network'"
   ];
 
   # Allow for package to use pep420's native namespaces
diff --git a/pkgs/tools/security/cryptomator/default.nix b/pkgs/tools/security/cryptomator/default.nix
index bf6f5c3c05879..85ce0c8797924 100644
--- a/pkgs/tools/security/cryptomator/default.nix
+++ b/pkgs/tools/security/cryptomator/default.nix
@@ -14,17 +14,17 @@ in
 assert stdenv.isLinux; # better than `called with unexpected argument 'enableJavaFX'`
 mavenJdk.buildMavenPackage rec {
   pname = "cryptomator";
-  version = "1.11.1";
+  version = "1.12.3";
 
   src = fetchFromGitHub {
     owner = "cryptomator";
     repo = "cryptomator";
     rev = version;
-    hash = "sha256-Y+oG2NF4Vsklp1W22Xv+XrkY6vwn23FkzAXG/5828Og=";
+    hash = "sha256-pVQ3xlNgJIDz8dnNoiLJaG6y4kNHNLL7zYq1sl6rleY=";
   };
 
   mvnParameters = "-Dmaven.test.skip=true -Plinux";
-  mvnHash = "sha256-cXmnJHgKW6SGnhHFuFJP/DKNmFacfHbC3nQ2uVdIvUE=";
+  mvnHash = "sha256-Zx2HhgmebF8UOp+2JKl2+FGA98aPRSUTIduHPTtgAjI=";
 
   preBuild = ''
     VERSION=${version}
diff --git a/pkgs/tools/security/exploitdb/default.nix b/pkgs/tools/security/exploitdb/default.nix
index 117a02a040e39..6e7a553cf1671 100644
--- a/pkgs/tools/security/exploitdb/default.nix
+++ b/pkgs/tools/security/exploitdb/default.nix
@@ -6,13 +6,13 @@
 
 stdenv.mkDerivation rec {
   pname = "exploitdb";
-  version = "2024-02-22";
+  version = "2024-02-27";
 
   src = fetchFromGitLab {
     owner = "exploit-database";
     repo = pname;
     rev = "refs/tags/${version}";
-    hash = "sha256-+5N7qe7YuNNBiizzI2aBKZCsl64ODkit5Y9QlhNWVMw=";
+    hash = "sha256-bFCh1kNm7D71PoRoSHdm1qYGGNvYnEb9cLbZerVy5vw=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/tools/security/sn0int/default.nix b/pkgs/tools/security/sn0int/default.nix
deleted file mode 100644
index 66f89f77e8eae..0000000000000
--- a/pkgs/tools/security/sn0int/default.nix
+++ /dev/null
@@ -1,50 +0,0 @@
-{ lib
-, fetchFromGitHub
-, rustPlatform
-, libseccomp
-, libsodium
-, pkg-config
-, pkgs
-, sqlite
-, stdenv
-}:
-
-rustPlatform.buildRustPackage rec {
-  pname = "sn0int";
-  version = "0.26.0";
-
-  src = fetchFromGitHub {
-    owner = "kpcyrd";
-    repo = pname;
-    rev = "refs/tags/v${version}";
-    hash = "sha256-ze4OFKUuc/t6tXgmoWFFDjpAQraSY6RIekkcDBctPJo=";
-  };
-
-  cargoHash = "sha256-PAKmoifqB1YC02fVF2SRbXAAGrMcB+Wlvr3FwuqmPVU=";
-
-  nativeBuildInputs = [
-    pkg-config
-  ];
-
-  buildInputs = [
-    libsodium
-    sqlite
-  ] ++ lib.optionals stdenv.isLinux [
-    libseccomp
-  ] ++ lib.optionals stdenv.isDarwin [
-    pkgs.darwin.apple_sdk.frameworks.Security
-  ];
-
-  # One of the dependencies (chrootable-https) tries to read "/etc/resolv.conf"
-  # in "checkPhase", hence fails in sandbox of "nix".
-  doCheck = false;
-
-  meta = with lib; {
-    description = "Semi-automatic OSINT framework and package manager";
-    homepage = "https://github.com/kpcyrd/sn0int";
-    changelog = "https://github.com/kpcyrd/sn0int/releases/tag/v${version}";
-    license = with licenses; [ gpl3Plus ];
-    maintainers = with maintainers; [ fab xrelkd ];
-    platforms = platforms.linux ++ platforms.darwin;
-  };
-}
diff --git a/pkgs/tools/security/terrascan/default.nix b/pkgs/tools/security/terrascan/default.nix
index 91470205666b0..3331c9c4b33f3 100644
--- a/pkgs/tools/security/terrascan/default.nix
+++ b/pkgs/tools/security/terrascan/default.nix
@@ -5,16 +5,16 @@
 
 buildGoModule rec {
   pname = "terrascan";
-  version = "1.18.11";
+  version = "1.18.12";
 
   src = fetchFromGitHub {
     owner = "accurics";
     repo = pname;
     rev = "refs/tags/v${version}";
-    hash = "sha256-BICXMSkfGDXOqBH+4UlJmqkUSV+oZa1wg7c20EtJ3WI=";
+    hash = "sha256-NTk/tCIArucJ12RR173bQ/VoP74oROYwmMrQizE+5iU=";
   };
 
-  vendorHash = "sha256-9zD81p/UjH43B0aeqlItP9vrGMaT/zhVYv60ot153Gc=";
+  vendorHash = "sha256-Hk7dkhb1GiCY9CkKZ1dMQc+s97VRUli7WAoneJVNK08=";
 
   # Tests want to download a vulnerable Terraform project
   doCheck = false;
diff --git a/pkgs/tools/virtualization/multipass/default.nix b/pkgs/tools/virtualization/multipass/default.nix
index e7875f00bb6a1..c746639e98eeb 100644
--- a/pkgs/tools/virtualization/multipass/default.nix
+++ b/pkgs/tools/virtualization/multipass/default.nix
@@ -70,8 +70,8 @@ stdenv.mkDerivation
 
     # Patch the patch of the OVMF binaries to use paths from the nix store.
     substituteInPlace ./src/platform/backends/qemu/linux/qemu_platform_detail_linux.cpp \
-      --replace "OVMF.fd" "${OVMF.fd}/FV/OVMF.fd" \
-      --replace "QEMU_EFI.fd" "${OVMF.fd}/FV/QEMU_EFI.fd"
+      --replace "OVMF.fd" "${OVMF.firmware}" \
+      --replace "QEMU_EFI.fd" "${OVMF.firmware}"
 
     # Copy the grpc submodule we fetched into the source code.
     cp -r --no-preserve=mode ${grpc_src} 3rd-party/grpc
@@ -122,7 +122,6 @@ stdenv.mkDerivation
       dnsmasq
       iproute2
       iptables
-      OVMF.fd
       qemu
       qemu-utils
       xterm
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-05 17:24:58 +0000