diff --git a/lib/tests/misc.nix b/lib/tests/misc.nix
index cf7fa9f2e2849..3059878ba0695 100644
--- a/lib/tests/misc.nix
+++ b/lib/tests/misc.nix
@@ -1959,6 +1959,18 @@ runTests {
     expr = (with types; int).description;
     expected = "signed integer";
   };
+  testTypeDescriptionIntsPositive = {
+    expr = (with types; ints.positive).description;
+    expected = "positive integer, meaning >0";
+  };
+  testTypeDescriptionIntsPositiveOrEnumAuto = {
+    expr = (with types; either ints.positive (enum ["auto"])).description;
+    expected = ''positive integer, meaning >0, or value "auto" (singular enum)'';
+  };
+  testTypeDescriptionListOfPositive = {
+    expr = (with types; listOf ints.positive).description;
+    expected = "list of (positive integer, meaning >0)";
+  };
   testTypeDescriptionListOfInt = {
     expr = (with types; listOf int).description;
     expected = "list of signed integer";
diff --git a/lib/types.nix b/lib/types.nix
index 4378568c141f6..cea63c5983217 100644
--- a/lib/types.nix
+++ b/lib/types.nix
@@ -113,9 +113,14 @@ rec {
     , # Description of the type, defined recursively by embedding the wrapped type if any.
       description ? null
       # A hint for whether or not this description needs parentheses. Possible values:
-      #  - "noun": a simple noun phrase such as "positive integer"
-      #  - "conjunction": a phrase with a potentially ambiguous "or" connective.
+      #  - "noun": a noun phrase
+      #    Example description: "positive integer",
+      #  - "conjunction": a phrase with a potentially ambiguous "or" connective
+      #    Example description: "int or string"
       #  - "composite": a phrase with an "of" connective
+      #    Example description: "list of string"
+      #  - "nonRestrictiveClause": a noun followed by a comma and a clause
+      #    Example description: "positive integer, meaning >0"
       # See the `optionDescriptionPhrase` function.
     , descriptionClass ? null
     , # DO NOT USE WITHOUT KNOWING WHAT YOU ARE DOING!
@@ -338,10 +343,12 @@ rec {
         unsigned = addCheck types.int (x: x >= 0) // {
           name = "unsignedInt";
           description = "unsigned integer, meaning >=0";
+          descriptionClass = "nonRestrictiveClause";
         };
         positive = addCheck types.int (x: x > 0) // {
           name = "positiveInt";
           description = "positive integer, meaning >0";
+          descriptionClass = "nonRestrictiveClause";
         };
         u8 = unsign 8 256;
         u16 = unsign 16 65536;
@@ -383,10 +390,12 @@ rec {
       nonnegative = addCheck number (x: x >= 0) // {
         name = "numberNonnegative";
         description = "nonnegative integer or floating point number, meaning >=0";
+        descriptionClass = "nonRestrictiveClause";
       };
       positive = addCheck number (x: x > 0) // {
         name = "numberPositive";
         description = "positive integer or floating point number, meaning >0";
+        descriptionClass = "nonRestrictiveClause";
       };
     };
 
@@ -463,6 +472,7 @@ rec {
     passwdEntry = entryType: addCheck entryType (str: !(hasInfix ":" str || hasInfix "\n" str)) // {
       name = "passwdEntry ${entryType.name}";
       description = "${optionDescriptionPhrase (class: class == "noun") entryType}, not containing newlines or colons";
+      descriptionClass = "nonRestrictiveClause";
     };
 
     attrs = mkOptionType {
@@ -870,7 +880,13 @@ rec {
     # Either value of type `t1` or `t2`.
     either = t1: t2: mkOptionType rec {
       name = "either";
-      description = "${optionDescriptionPhrase (class: class == "noun" || class == "conjunction") t1} or ${optionDescriptionPhrase (class: class == "noun" || class == "conjunction" || class == "composite") t2}";
+      description =
+        if t1.descriptionClass or null == "nonRestrictiveClause"
+        then
+          # Plain, but add comma
+          "${t1.description}, or ${optionDescriptionPhrase (class: class == "noun" || class == "conjunction") t2}"
+        else
+          "${optionDescriptionPhrase (class: class == "noun" || class == "conjunction") t1} or ${optionDescriptionPhrase (class: class == "noun" || class == "conjunction" || class == "composite") t2}";
       descriptionClass = "conjunction";
       check = x: t1.check x || t2.check x;
       merge = loc: defs:
diff --git a/nixos/modules/config/no-x-libs.nix b/nixos/modules/config/no-x-libs.nix
index 63a491e27a69b..0f5888f5ea3b0 100644
--- a/nixos/modules/config/no-x-libs.nix
+++ b/nixos/modules/config/no-x-libs.nix
@@ -34,6 +34,7 @@ with lib;
       ffmpeg_5 = super.ffmpeg_5.override { ffmpegVariant = "headless"; };
       # dep of graphviz, libXpm is optional for Xpm support
       gd = super.gd.override { withXorg = false; };
+      ghostscript = super.ghostscript.override { cupsSupport = false; x11Support = false; };
       gobject-introspection = super.gobject-introspection.override { x11Support = false; };
       gpsd = super.gpsd.override { guiSupport = false; };
       graphviz = super.graphviz-nox;
diff --git a/nixos/modules/virtualisation/lxd-agent.nix b/nixos/modules/virtualisation/lxd-agent.nix
index 41d08b5156487..8a2a1530eeb79 100644
--- a/nixos/modules/virtualisation/lxd-agent.nix
+++ b/nixos/modules/virtualisation/lxd-agent.nix
@@ -58,7 +58,9 @@ in {
     systemd.services.lxd-agent = {
       enable = true;
       wantedBy = [ "multi-user.target" ];
-      before = [ "shutdown.target" ];
+      before = [ "shutdown.target" ] ++ lib.optionals config.services.cloud-init.enable [
+        "cloud-init.target" "cloud-init.service" "cloud-init-local.service"
+      ];
       conflicts = [ "shutdown.target" ];
       path = [
         pkgs.kmod
@@ -78,7 +80,6 @@ in {
         Description = "LXD - agent";
         Documentation = "https://documentation.ubuntu.com/lxd/en/latest";
         ConditionPathExists = "/dev/virtio-ports/org.linuxcontainers.lxd";
-        Before = lib.optionals config.services.cloud-init.enable [ "cloud-init.target" "cloud-init.service" "cloud-init-local.service" ];
         DefaultDependencies = "no";
         StartLimitInterval = "60";
         StartLimitBurst = "10";
diff --git a/pkgs/applications/editors/micro/default.nix b/pkgs/applications/editors/micro/default.nix
index 31ac4567b61fb..e20a7942719ad 100644
--- a/pkgs/applications/editors/micro/default.nix
+++ b/pkgs/applications/editors/micro/default.nix
@@ -25,7 +25,7 @@ buildGoModule rec {
   ];
 
   preBuild = ''
-    go generate ./runtime
+    GOOS= GOARCH= go generate ./runtime
   '';
 
   postInstall = ''
diff --git a/pkgs/applications/editors/vim/plugins/overrides.nix b/pkgs/applications/editors/vim/plugins/overrides.nix
index f12855e77d41f..96c831bb26bca 100644
--- a/pkgs/applications/editors/vim/plugins/overrides.nix
+++ b/pkgs/applications/editors/vim/plugins/overrides.nix
@@ -1067,12 +1067,12 @@
 
   sniprun =
     let
-      version = "1.3.9";
+      version = "1.3.10";
       src = fetchFromGitHub {
         owner = "michaelb";
         repo = "sniprun";
         rev = "refs/tags/v${version}";
-        hash = "sha256-g2zPGAJIjMDWn8FCsuRPZyYHDk+ZHCd04lGlYHvb4OI=";
+        hash = "sha256-7tDREZ8ZXYySHrXVOh+ANT23CknJQvZJ8WtU5r0pOOQ=";
       };
       sniprun-bin = rustPlatform.buildRustPackage {
         pname = "sniprun-bin";
@@ -1082,7 +1082,7 @@
           darwin.apple_sdk.frameworks.Security
         ];
 
-        cargoHash = "sha256-h/NhDFp+Yiyx37Tlfu0W9rMnd+ZmQp5gt+qhY3PB7DE=";
+        cargoHash = "sha256-n/HW+q4Xrme/ssS9Th5uFEUsDgkxRxKt2wSR8k08uHY=";
 
         nativeBuildInputs = [ makeWrapper ];
 
diff --git a/pkgs/applications/editors/vscode/extensions/default.nix b/pkgs/applications/editors/vscode/extensions/default.nix
index d7df2dac1b5a3..78fb1c232c55c 100644
--- a/pkgs/applications/editors/vscode/extensions/default.nix
+++ b/pkgs/applications/editors/vscode/extensions/default.nix
@@ -1151,8 +1151,8 @@ let
         mktplcRef = {
           name = "theme-dracula";
           publisher = "dracula-theme";
-          version = "2.24.2";
-          sha256 = "sha256-YNqWEIvlEI29mfPxOQVdd4db9G2qNodhz8B0MCAAWK8=";
+          version = "2.24.3";
+          sha256 = "sha256-3B18lEu8rXVXySdF3+xsPnAyruIuEQJDhlNw82Xm6b0=";
         };
         meta = {
           changelog = "https://marketplace.visualstudio.com/items/dracula-theme.theme-dracula/changelog";
@@ -3111,8 +3111,8 @@ let
         mktplcRef = {
           name = "crates";
           publisher = "serayuzgur";
-          version = "0.6.0";
-          sha256 = "080zd103vjrz86vllr1ricq2vi3hawn4534n492m7xdcry9l9dpc";
+          version = "0.6.5";
+          sha256 = "sha256-HgqM4PKGk3R5MLY4cVjKxv79p5KlOkVDeDbv7/6FmpM=";
         };
         meta = {
           license = lib.licenses.mit;
diff --git a/pkgs/applications/emulators/ryujinx/default.nix b/pkgs/applications/emulators/ryujinx/default.nix
index 18f28b03d9e04..94a6988a7fc28 100644
--- a/pkgs/applications/emulators/ryujinx/default.nix
+++ b/pkgs/applications/emulators/ryujinx/default.nix
@@ -28,13 +28,13 @@
 
 buildDotnetModule rec {
   pname = "ryujinx";
-  version = "1.1.1100"; # Based off of the official github actions builds: https://github.com/Ryujinx/Ryujinx/actions/workflows/release.yml
+  version = "1.1.1102"; # Based off of the official github actions builds: https://github.com/Ryujinx/Ryujinx/actions/workflows/release.yml
 
   src = fetchFromGitHub {
     owner = "Ryujinx";
     repo = "Ryujinx";
-    rev = "06bff0159c9eddc5111859d1ca315708152ac61b";
-    sha256 = "1fxslad3i6cbd4kcjal1pzbr472az834ahyg7k8yf34b7syljswq";
+    rev = "f11d663df73f68350820dfa65aa51a8a9b9ffd0f";
+    sha256 = "15yai8zwwy2537ng6iqyg2jhv0q2w1c9rahkdkbvgkwiycsl7rjy";
   };
 
   dotnet-sdk = dotnetCorePackages.sdk_8_0;
diff --git a/pkgs/applications/graphics/goxel/default.nix b/pkgs/applications/graphics/goxel/default.nix
index cf3a31a1d4bf1..64b2112b56755 100644
--- a/pkgs/applications/graphics/goxel/default.nix
+++ b/pkgs/applications/graphics/goxel/default.nix
@@ -3,13 +3,13 @@
 
 stdenv.mkDerivation rec {
   pname = "goxel";
-  version = "0.12.0";
+  version = "0.13.0";
 
   src = fetchFromGitHub {
     owner = "guillaumechereau";
     repo = "goxel";
     rev = "v${version}";
-    hash = "sha256-taDe5xJU6ijikHaSMDYs/XE2O66X3J7jOKWzbj7hrN0=";
+    hash = "sha256-mB4ln2uIhK/hsX+hUpeZ8H4aumaAUl5vaFkqolJtLRg=";
   };
 
   nativeBuildInputs = [ scons pkg-config wrapGAppsHook ];
diff --git a/pkgs/applications/misc/far2l/default.nix b/pkgs/applications/misc/far2l/default.nix
index ee17568c0118c..bca4a1d86a726 100644
--- a/pkgs/applications/misc/far2l/default.nix
+++ b/pkgs/applications/misc/far2l/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub, makeWrapper, cmake, ninja, pkg-config, m4, bash
+{ lib, stdenv, fetchFromGitHub, makeWrapper, cmake, ninja, pkg-config, m4, perl, bash
 , xdg-utils, zip, unzip, gzip, bzip2, gnutar, p7zip, xz
 , IOKit, Carbon, Cocoa, AudioToolbox, OpenGL, System
 , withTTYX ? true, libX11
@@ -14,18 +14,16 @@
 
 stdenv.mkDerivation rec {
   pname = "far2l";
-  version = "2.4.1";
+  version = "2.5.3";
 
   src = fetchFromGitHub {
     owner = "elfmz";
     repo = "far2l";
     rev = "v_${version}";
-    sha256 = "sha256-0t1ND6LmDcivfrZ8RaEr1vjeS5JtaeWkoHkl2e7Xr5s=";
+    sha256 = "sha256-aK6+7ChFAkeDiEYU2llBb//PBej2Its/wBeuG7ys/ew=";
   };
 
-  patches = [ ./python_prebuild.patch ];
-
-  nativeBuildInputs = [ cmake ninja pkg-config m4 makeWrapper ];
+  nativeBuildInputs = [ cmake ninja pkg-config m4 perl makeWrapper ];
 
   buildInputs = lib.optional withTTYX libX11
     ++ lib.optional withGUI wxGTK32
@@ -39,21 +37,21 @@ stdenv.mkDerivation rec {
 
   postPatch = ''
     patchShebangs python/src/prebuild.sh
-    substituteInPlace far2l/src/vt/vtcompletor.cpp \
-      --replace '"/bin/bash"' '"${bash}/bin/bash"'
-    substituteInPlace far2l/src/cfg/config.cpp \
-      --replace '"/bin/bash"' '"${bash}/bin/bash"'
+    patchShebangs far2l/bootstrap/view.sh
   '';
 
-  cmakeFlags = lib.mapAttrsToList (k: v: "-D${k}=${if v then "yes" else "no"}") {
-    TTYX = withTTYX;
-    USEWX = withGUI;
-    USEUCD = withUCD;
-    COLORER = withColorer;
-    MULTIARC = withMultiArc;
-    NETROCKS = withNetRocks;
-    PYTHON = withPython;
-  };
+  cmakeFlags = [
+    (lib.cmakeBool "TTYX" withTTYX)
+    (lib.cmakeBool "USEWX" withGUI)
+    (lib.cmakeBool "USEUCD" withUCD)
+    (lib.cmakeBool "COLORER" withColorer)
+    (lib.cmakeBool "MULTIARC" withMultiArc)
+    (lib.cmakeBool "NETROCKS" withNetRocks)
+    (lib.cmakeBool "PYTHON" withPython)
+  ] ++ lib.optionals withPython [
+    (lib.cmakeFeature "VIRTUAL_PYTHON" "python")
+    (lib.cmakeFeature "VIRTUAL_PYTHON_VERSION" "python")
+  ];
 
   runtimeDeps = [ unzip zip p7zip xz gzip bzip2 gnutar ];
 
diff --git a/pkgs/applications/misc/far2l/python_prebuild.patch b/pkgs/applications/misc/far2l/python_prebuild.patch
deleted file mode 100644
index 87762da52e054..0000000000000
--- a/pkgs/applications/misc/far2l/python_prebuild.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-diff --git i/python/src/prebuild.sh w/python/src/prebuild.sh
-index d2847ee5..aa1ecc53 100755
---- i/python/src/prebuild.sh
-+++ w/python/src/prebuild.sh
-@@ -12,9 +12,6 @@ mkdir -p "$DST/incpy"
- if [ ! -f "$DST/python/.prepared" ]; then
- 	echo "Preparing python virtual env at $DST/python using $PYTHON"
- 	mkdir -p "$DST/python"
--	$PYTHON -m venv --system-site-packages "$DST/python"
--	"$DST/python/bin/python" -m pip install --upgrade pip || true
--	"$DST/python/bin/python" -m pip install --ignore-installed cffi debugpy pcpp
- 	$PREPROCESSOR "$SRC/python/src/consts.gen" | sh > "${DST}/incpy/consts.h"
- 
- 	echo "1" > "$DST/python/.prepared"
-@@ -26,4 +23,4 @@ cp -f -R \
- 	"$SRC/python/configs/plug/far2l/"* \
- 	"$DST/incpy/"
- 
--"$DST/python/bin/python" "$SRC/python/src/pythongen.py" "${SRC}" "${DST}/incpy"
-+"python" "$SRC/python/src/pythongen.py" "${SRC}" "${DST}/incpy"
diff --git a/pkgs/applications/misc/octoprint/plugins.nix b/pkgs/applications/misc/octoprint/plugins.nix
index b80bf1c09569f..6effd4b50ec31 100644
--- a/pkgs/applications/misc/octoprint/plugins.nix
+++ b/pkgs/applications/misc/octoprint/plugins.nix
@@ -480,5 +480,5 @@ in
     };
   };
 } // lib.optionalAttrs config.allowAliases {
-  octoprint-dashboard = self.dashboard;
+  octoprint-dashboard = super.dashboard;
 }
diff --git a/pkgs/applications/misc/revanced-cli/default.nix b/pkgs/applications/misc/revanced-cli/default.nix
index c63e5e2ec6003..96c8f43a7249e 100644
--- a/pkgs/applications/misc/revanced-cli/default.nix
+++ b/pkgs/applications/misc/revanced-cli/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "revanced-cli";
-  version = "4.3.0";
+  version = "4.4.0";
 
   src = fetchurl {
     url = "https://github.com/revanced/revanced-cli/releases/download/v${version}/revanced-cli-${version}-all.jar";
-    hash = "sha256-D/4zR5PvcZqv8yyNIzbnYnGoHDrPQAeHyrN/G4QsTB0=";
+    hash = "sha256-ydP9iPClWNKlbBhsNC1bzqfJYRyit1WsxIgwbQQbgi8=";
   };
 
   nativeBuildInputs = [ makeWrapper ];
diff --git a/pkgs/applications/misc/sqls/default.nix b/pkgs/applications/misc/sqls/default.nix
index 53785539adc7b..b6d4f3f180ebe 100644
--- a/pkgs/applications/misc/sqls/default.nix
+++ b/pkgs/applications/misc/sqls/default.nix
@@ -2,23 +2,23 @@
 
 buildGoModule rec {
   pname = "sqls";
-  version = "0.2.22";
+  version = "0.2.28";
 
   src = fetchFromGitHub {
-    owner = "lighttiger2505";
-    repo = pname;
+    owner = "sqls-server";
+    repo = "sqls";
     rev = "v${version}";
-    sha256 = "sha256-xtvm/NVL98dRzQL1id/WwT/NdsnB7qTRVR7jfrRsabY=";
+    hash = "sha256-b3zLyj2n+eKOPBRooS68GfM0bsiTVXDblYKyBYKiYug=";
   };
 
-  vendorHash = "sha256-sowzyhvNr7Ek3ex4BP415HhHSKnqPHy5EbnECDVZOGw=";
+  vendorHash = "sha256-6IFJvdT7YLnWsg7Icd3nKXXHM6TZKZ+IG9nEBosRCwA=";
 
   ldflags = [ "-s" "-w" "-X main.version=${version}" "-X main.revision=${src.rev}" ];
 
   doCheck = false;
 
   meta = with lib; {
-    homepage = "https://github.com/lighttiger2505/sqls";
+    homepage = "https://github.com/sqls-server/sqls";
     description = "SQL language server written in Go";
     license = licenses.mit;
     maintainers = [ maintainers.marsam ];
diff --git a/pkgs/applications/networking/cluster/minishift/default.nix b/pkgs/applications/networking/cluster/minishift/default.nix
deleted file mode 100644
index bee4d47852933..0000000000000
--- a/pkgs/applications/networking/cluster/minishift/default.nix
+++ /dev/null
@@ -1,66 +0,0 @@
-{ lib, buildGoPackage, fetchFromGitHub, go-bindata, pkg-config, makeWrapper
-, glib, gtk3, libappindicator-gtk3, gpgme, openshift, ostree, libselinux, btrfs-progs
-, lvm2, docker-machine-kvm
-}:
-
-let
-  version = "1.34.3";
-
-  # Update these on version bumps according to Makefile
-  centOsIsoVersion = "v1.17.0";
-  openshiftVersion = "v3.11.0";
-
-in buildGoPackage rec {
-  pname = "minishift";
-  inherit version;
-
-  src = fetchFromGitHub {
-    owner = "minishift";
-    repo = "minishift";
-    rev = "v${version}";
-    sha256 = "0yhln3kyc0098hbnjyxhbd915g6j7s692c0z8yrhh9gdpc5cr2aa";
-  };
-
-  nativeBuildInputs = [ pkg-config go-bindata makeWrapper ];
-  buildInputs = [ glib gtk3 libappindicator-gtk3 gpgme ostree libselinux btrfs-progs lvm2 ];
-
-  goPackagePath = "github.com/minishift/minishift";
-  subPackages = [ "cmd/minishift" ];
-
-  postPatch = ''
-    # minishift downloads openshift if not found therefore set the cache to /nix/store/...
-    substituteInPlace pkg/minishift/cache/oc_caching.go \
-      --replace 'filepath.Join(oc.MinishiftCacheDir, OC_CACHE_DIR, oc.OpenShiftVersion, runtime.GOOS)' '"${openshift}/bin"' \
-      --replace '"runtime"' ""
-  '';
-
-  ldflags = [
-    "-X ${goPackagePath}/pkg/version.minishiftVersion=${version}"
-    "-X ${goPackagePath}/pkg/version.centOsIsoVersion=${centOsIsoVersion}"
-    "-X ${goPackagePath}/pkg/version.openshiftVersion=${openshiftVersion}"
-  ];
-
-  preBuild = ''
-    (cd go/src/github.com/minishift/minishift
-      mkdir -p out/bindata
-      go-bindata -prefix addons -o out/bindata/addon_assets.go -pkg bindata addons/...)
-  '';
-
-  postInstall = ''
-    wrapProgram "$out/bin/minishift" \
-      --prefix PATH ':' '${lib.makeBinPath [ docker-machine-kvm openshift ]}'
-  '';
-
-  meta = with lib; {
-    description = "Run OpenShift locally";
-    longDescription = ''
-      Minishift is a tool that helps you run OpenShift locally by running
-      a single-node OpenShift cluster inside a VM. You can try out OpenShift
-      or develop with it, day-to-day, on your local host.
-    '';
-    homepage = "https://github.com/minishift/minishift";
-    maintainers = with maintainers; [ vdemeester ];
-    platforms = platforms.linux;
-    license = licenses.asl20;
-  };
-}
diff --git a/pkgs/applications/networking/cluster/talosctl/default.nix b/pkgs/applications/networking/cluster/talosctl/default.nix
index f93cea7f25101..72954741b614b 100644
--- a/pkgs/applications/networking/cluster/talosctl/default.nix
+++ b/pkgs/applications/networking/cluster/talosctl/default.nix
@@ -2,16 +2,16 @@
 
 buildGoModule rec {
   pname = "talosctl";
-  version = "1.6.0";
+  version = "1.6.1";
 
   src = fetchFromGitHub {
     owner = "siderolabs";
     repo = "talos";
     rev = "v${version}";
-    hash = "sha256-Mcc9lfnhSbVA5tNHUtBgfQEGVyen4KZ/V9OeV8PxAYQ=";
+    hash = "sha256-xJKYnKJ0qvgVZ2I7O+qYO/ujuW03B+DykXO/ZYLgoyU=";
   };
 
-  vendorHash = "sha256-VeUDyiJ0R27Xrf+79f0soELKvR2xaK5ocbvhCzP9eFk=";
+  vendorHash = "sha256-CIDCUIk0QFSHM2gc1XpD6Ih11zXbCDDeSf5vf6loI9w=";
 
   ldflags = [ "-s" "-w" ];
 
diff --git a/pkgs/applications/networking/ids/zeek/broker/default.nix b/pkgs/applications/networking/ids/zeek/broker/default.nix
index cfb8cc685a109..ef37f4c2ed06e 100644
--- a/pkgs/applications/networking/ids/zeek/broker/default.nix
+++ b/pkgs/applications/networking/ids/zeek/broker/default.nix
@@ -14,8 +14,8 @@ let
   src-cmake = fetchFromGitHub {
     owner = "zeek";
     repo = "cmake";
-    rev = "b191c36167bc0d6bd9f059b01ad4c99be98488d9";
-    hash = "sha256-h6xPCcdTnREeDsGQhWt2w4yJofpr7g4a8xCOB2e0/qQ=";
+    rev = "1be78cc8a889d95db047f473a0f48e0baee49f33";
+    hash = "sha256-zcXWP8CHx0RSDGpRTrYD99lHlqSbvaliXrtFowPfhBk=";
   };
   src-3rdparty = fetchFromGitHub {
     owner = "zeek";
@@ -37,9 +37,9 @@ let
     doCheck = false;
   });
 in
-stdenv.mkDerivation {
+stdenv.mkDerivation rec {
   pname = "zeek-broker";
-  version = "unstable-2023-02-01";
+  version = "2.7.0";
   outputs = [ "out" "py" ];
 
   strictDeps = true;
@@ -47,8 +47,8 @@ stdenv.mkDerivation {
   src = fetchFromGitHub {
     owner = "zeek";
     repo = "broker";
-    rev = "3df8d35732d51e3bd41db067260998e79e93f366";
-    hash = "sha256-37JIgbG12zd13YhfgVb4egzi80fUcZVj/s+yvsjcP7E=";
+    rev = "v${version}";
+    hash = "sha256-fwLqw7PPYUDm+eJxDpCtY/W6XianqBDPHOhzDQoooYo=";
   };
   postUnpack = ''
     rmdir $sourceRoot/cmake $sourceRoot/3rdparty
@@ -64,6 +64,10 @@ stdenv.mkDerivation {
     ./0001-Fix-include-path-in-exported-CMake-targets.patch
   ];
 
+  postPatch = lib.optionalString stdenv.isDarwin ''
+    substituteInPlace bindings/python/CMakeLists.txt --replace " -u -r" ""
+  '';
+
   nativeBuildInputs = [ cmake ];
   buildInputs = [ openssl python3.pkgs.pybind11 ];
   propagatedBuildInputs = [ caf' ];
diff --git a/pkgs/applications/networking/ids/zeek/default.nix b/pkgs/applications/networking/ids/zeek/default.nix
index 3922b95fbac2c..7970a090407c4 100644
--- a/pkgs/applications/networking/ids/zeek/default.nix
+++ b/pkgs/applications/networking/ids/zeek/default.nix
@@ -26,11 +26,11 @@ let
 in
 stdenv.mkDerivation rec {
   pname = "zeek";
-  version = "6.0.2";
+  version = "6.1.0";
 
   src = fetchurl {
     url = "https://download.zeek.org/zeek-${version}.tar.gz";
-    sha256 = "sha256-JCGYmtzuain0io9ycvcZ7b6VTWbC6G46Uuecrhd/iHw=";
+    sha256 = "sha256-+3VvS5eAl1W13sOJJ8SUd/8GqmR9/NK4gCWxvhtqNY4=";
   };
 
   strictDeps = true;
diff --git a/pkgs/applications/networking/ids/zeek/fix-installation.patch b/pkgs/applications/networking/ids/zeek/fix-installation.patch
index 63c213e3a69e4..135e8c3146780 100644
--- a/pkgs/applications/networking/ids/zeek/fix-installation.patch
+++ b/pkgs/applications/networking/ids/zeek/fix-installation.patch
@@ -2,7 +2,7 @@ diff --git a/CMakeLists.txt b/CMakeLists.txt
 index 4d3da0c90..d37931c1b 100644
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
-@@ -503,11 +503,6 @@ if (NOT MSVC)
+@@ -508,11 +508,6 @@ if (NOT MSVC)
      set(HAVE_SUPERVISOR true)
  endif ()
  
@@ -11,11 +11,11 @@ index 4d3da0c90..d37931c1b 100644
 -install(DIRECTORY DESTINATION ${ZEEK_SPOOL_DIR})
 -install(DIRECTORY DESTINATION ${ZEEK_LOG_DIR})
 -
- configure_file(zeek-path-dev.in ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev)
+ configure_file(cmake_templates/zeek-path-dev.in ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev)
  
  file(
-@@ -1198,7 +1193,7 @@ if (INSTALL_ZKG)
-                    @ONLY)
+@@ -1201,7 +1201,7 @@ if (INSTALL_ZKG)
+                    ${CMAKE_CURRENT_BINARY_DIR}/zkg-config @ONLY)
  
      install(DIRECTORY DESTINATION var/lib/zkg)
 -    install(FILES ${CMAKE_CURRENT_BINARY_DIR}/zkg-config DESTINATION ${ZEEK_ZKG_CONFIG_DIR}
@@ -37,7 +37,7 @@ index 1ebe7c2..1435509 100644
  
  ########################################################################
  ## Dependency Configuration
-@@ -200,38 +200,9 @@ else ()
+@@ -186,38 +186,9 @@ else ()
      set(LOGS ${VAR}/logs)
  endif ()
  
diff --git a/pkgs/applications/version-management/stgit/default.nix b/pkgs/applications/version-management/stgit/default.nix
index c88e5a219aaf0..69515f71dc254 100644
--- a/pkgs/applications/version-management/stgit/default.nix
+++ b/pkgs/applications/version-management/stgit/default.nix
@@ -18,15 +18,15 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "stgit";
-  version = "2.4.1";
+  version = "2.4.2";
 
   src = fetchFromGitHub {
     owner = "stacked-git";
     repo = "stgit";
     rev = "v${version}";
-    hash = "sha256-5fMGWqvGbpRVAgarNO0zV8ID+X/RnguGHF927syCXGg=";
+    hash = "sha256-Rdpi20FRtSYQtYfBvLr+2hghpHKSSDoUZBQqm2nxZxk=";
   };
-  cargoHash = "sha256-U63r0tcxBTQMONHJp6WswqxTUH7uzw6a7Vc4Np1bATY=";
+  cargoHash = "sha256-vd2y6XYBlFU9gxd8hNj0srWqEuJAuXTOzt9GPD9q0yc=";
 
   nativeBuildInputs = [
     pkg-config installShellFiles makeWrapper asciidoc xmlto docbook_xsl
diff --git a/pkgs/applications/video/obs-studio/plugins/obs-move-transition.nix b/pkgs/applications/video/obs-studio/plugins/obs-move-transition.nix
index b8e294be14a04..a5d63ec687468 100644
--- a/pkgs/applications/video/obs-studio/plugins/obs-move-transition.nix
+++ b/pkgs/applications/video/obs-studio/plugins/obs-move-transition.nix
@@ -7,13 +7,13 @@
 
 stdenv.mkDerivation rec {
   pname = "obs-move-transition";
-  version = "2.9.6";
+  version = "2.9.8";
 
   src = fetchFromGitHub {
     owner = "exeldro";
     repo = "obs-move-transition";
     rev = version;
-    sha256 = "sha256-A3R78JvjOdYE9/ZZ+KbZ5Ula9HC5E/u7BrqE2i6VwYs=";
+    sha256 = "sha256-GOLmwXAK2g8IyI+DFH2sBOR2iknYdgYevytZpt3Cc7Q=";
   };
 
   nativeBuildInputs = [ cmake ];
diff --git a/pkgs/by-name/br/bruno/package.nix b/pkgs/by-name/br/bruno/package.nix
index 1d8476c1142ca..01f3642fc5772 100644
--- a/pkgs/by-name/br/bruno/package.nix
+++ b/pkgs/by-name/br/bruno/package.nix
@@ -15,11 +15,11 @@
 
 stdenv.mkDerivation rec {
   pname = "bruno";
-  version = "1.5.0";
+  version = "1.5.1";
 
   src = fetchurl {
     url = "https://github.com/usebruno/bruno/releases/download/v${version}/bruno_${version}_amd64_linux.deb";
-    hash = "sha256-ptrayWDnRXGUC/mgSnQ/8sIEdey+6uoa3LGBGPQYuY8=";
+    hash = "sha256-kJfS3yORwvh7rMGgDV5Bn2L7+7ZMa8ZBpRI1P5y+ShQ=";
   };
 
   nativeBuildInputs = [ autoPatchelfHook dpkg wrapGAppsHook ];
@@ -52,10 +52,11 @@ stdenv.mkDerivation rec {
   passthru.updateScript = nix-update-script { };
 
   meta = with lib; {
-    description = "Open-source IDE For exploring and testing APIs.";
+    description = "Open-source IDE For exploring and testing APIs";
     homepage = "https://www.usebruno.com";
     license = licenses.mit;
     maintainers = with maintainers; [ water-sucks lucasew kashw2 ];
     platforms = [ "x86_64-linux" ];
+    sourceProvenance = with sourceTypes; [ binaryNativeCode ];
   };
 }
diff --git a/pkgs/by-name/ht/htmx-lsp/package.nix b/pkgs/by-name/ht/htmx-lsp/package.nix
new file mode 100644
index 0000000000000..4116d168f7ead
--- /dev/null
+++ b/pkgs/by-name/ht/htmx-lsp/package.nix
@@ -0,0 +1,26 @@
+{ lib
+, rustPlatform
+, fetchFromGitHub
+}:
+
+rustPlatform.buildRustPackage rec {
+  pname = "htmx-lsp";
+  version = "0.1.0";
+
+  src = fetchFromGitHub {
+    owner = "ThePrimeagen";
+    repo = "htmx-lsp";
+    rev = version;
+    hash = "sha256-CvQ+vgo3+qUOj0SS6/NrapzXkP98tpiZbGhRHJxEqeo=";
+  };
+
+  cargoHash = "sha256-qKiFUnNUOBakfK3Vplr/bLR+4L/vIViHJYgw9+RoRZQ=";
+
+  meta = with lib; {
+    description = "Language server implementation for htmx";
+    homepage = "https://github.com/ThePrimeagen/htmx-lsp";
+    license = licenses.mit;
+    maintainers = with maintainers; [ vinnymeller ];
+    mainProgram = "htmx-lsp";
+  };
+}
diff --git a/pkgs/development/hare-third-party/hare-toml/default.nix b/pkgs/development/hare-third-party/hare-toml/default.nix
new file mode 100644
index 0000000000000..98cc670ef941e
--- /dev/null
+++ b/pkgs/development/hare-third-party/hare-toml/default.nix
@@ -0,0 +1,61 @@
+{ stdenv
+, hare
+, scdoc
+, lib
+, fetchFromGitea
+, fetchpatch
+, nix-update-script
+}:
+stdenv.mkDerivation (finalAttrs: {
+  pname = "hare-toml";
+  version = "0.1.0";
+
+  src = fetchFromGitea {
+    domain = "codeberg.org";
+    owner = "lunacb";
+    repo = "hare-toml";
+    rev = "v${finalAttrs.version}";
+    hash = "sha256-JKK5CcDmAW7FH7AzFwgsr9i13eRSXDUokWfZix7f4yY=";
+  };
+
+  patches = [
+    # Remove `abort()` calls from never returning expressions.
+    (fetchpatch {
+      name = "remove-abort-from-never-returning-expressions.patch";
+      url = "https://codeberg.org/lunacb/hare-toml/commit/f26e7cdfdccd2e82c9fce7e9fca8644b825b40f1.patch";
+      hash = "sha256-DFbrxiaV4lQlFmMzo5GbMubIQ4hU3lXgsJqoyeFWf2g=";
+    })
+    # Fix make's install target to install the correct files
+    (fetchpatch {
+      name = "install-correct-files-with-install-target.patch";
+      url = "https://codeberg.org/lunacb/hare-toml/commit/b79021911fe7025a8f5ddd97deb2c4d18c67b25e.patch";
+      hash = "sha256-IL+faumX6BmdyePXTzsSGgUlgDBqOXXzShupVAa7jlQ=";
+    })
+  ];
+
+  nativeBuildInputs = [
+    scdoc
+    hare
+  ];
+
+  makeFlags = [
+    "HARECACHE=.harecache"
+    "PREFIX=${builtins.placeholder "out"}"
+  ];
+
+  checkTarget = "check_local";
+
+  doCheck = true;
+
+  dontConfigure = true;
+
+  passthru.updateScript = nix-update-script { };
+
+  meta = {
+    description = "A TOML implementation for Hare";
+    homepage = "https://codeberg.org/lunacb/hare-toml";
+    license = lib.licenses.mit;
+    maintainers = with lib.maintainers; [ onemoresuza ];
+    inherit (hare.meta) platforms badPlatforms;
+  };
+})
diff --git a/pkgs/development/interpreters/lua-5/wrapper.nix b/pkgs/development/interpreters/lua-5/wrapper.nix
index 9431522b71e5d..bd97e7186b97f 100644
--- a/pkgs/development/interpreters/lua-5/wrapper.nix
+++ b/pkgs/development/interpreters/lua-5/wrapper.nix
@@ -60,8 +60,8 @@ let
     passthru = lua.passthru // {
       interpreter = "${env}/bin/lua";
       inherit lua;
-      luaPath = lua.pkgs.lib.genLuaPathAbsStr env;
-      luaCpath = lua.pkgs.lib.genLuaCPathAbsStr env;
+      luaPath = lua.pkgs.luaLib.genLuaPathAbsStr env;
+      luaCpath = lua.pkgs.luaLib.genLuaCPathAbsStr env;
       env = stdenv.mkDerivation {
         name = "interactive-${lua.name}-environment";
         nativeBuildInputs = [ env ];
diff --git a/pkgs/development/interpreters/zuo/default.nix b/pkgs/development/interpreters/zuo/default.nix
index d4ad9811ed5a2..b4527a37686af 100644
--- a/pkgs/development/interpreters/zuo/default.nix
+++ b/pkgs/development/interpreters/zuo/default.nix
@@ -1,20 +1,18 @@
-{ lib, stdenv, fetchFromGitHub, unstableGitUpdater }:
+{ lib, stdenv, fetchFromGitHub }:
 
 stdenv.mkDerivation rec {
   pname = "zuo";
-  version = "unstable-2023-11-23";
+  version = "1.9";
 
   src = fetchFromGitHub {
     owner = "racket";
     repo = "zuo";
-    rev = "4d85edb4f221de8a1748ee38dcc6963d8d2da33a";
-    hash = "sha256-pFEXkByZpVnQgXK1DeFSEnalvhCTwOy75WrRojBM78U=";
+    rev = "v${version}";
+    hash = "sha256-F7ba/4VVVhNDK/wqk+kgJKYxETS2pR9ZiDh0O0aOWn0=";
   };
 
   doCheck = true;
 
-  passthru.updateScript = unstableGitUpdater { };
-
   meta = with lib; {
     description = "A Tiny Racket for Scripting";
     homepage = "https://github.com/racket/zuo";
diff --git a/pkgs/development/java-modules/jna/default.nix b/pkgs/development/java-modules/jna/default.nix
index 00f4cd5fba83d..1b4f3bb9ad905 100644
--- a/pkgs/development/java-modules/jna/default.nix
+++ b/pkgs/development/java-modules/jna/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "jna";
-  version = "5.13.0";
+  version = "5.14.0";
 
   src = fetchFromGitHub {
     owner = "java-native-access";
     repo = pname;
     rev = version;
-    hash = "sha256-EIOVmzQcnbL1NmxAaUVCMDvs9wpKqhP5iHAPoBVs3ho=";
+    hash = "sha256-a5l9khKLWfvTHv53utfbw344/UNQOnIU93+wZNQ0ji4=";
   };
 
   nativeBuildInputs = [ ant jdk8 ];
diff --git a/pkgs/development/julia-modules/python/extract_artifacts.py b/pkgs/development/julia-modules/python/extract_artifacts.py
index ecbdf10ed7148..f811c6624e851 100755
--- a/pkgs/development/julia-modules/python/extract_artifacts.py
+++ b/pkgs/development/julia-modules/python/extract_artifacts.py
@@ -5,10 +5,33 @@
 import subprocess
 import sys
 import toml
+from urllib.parse import urlparse
 import yaml
 
 import dag
 
+# This should match the behavior of the default unpackPhase.
+# See https://github.com/NixOS/nixpkgs/blob/59fa082abdbf462515facc8800d517f5728c909d/pkgs/stdenv/generic/setup.sh#L1044
+archive_extensions = [
+  # xz extensions
+  ".tar.xz",
+  ".tar.lzma",
+  ".txz",
+
+  # *.tar or *.tar.*
+  ".tar",
+  ".tar.Z",
+  ".tar.bz2",
+  ".tar.gz",
+
+  # Other tar extensions
+  ".tgz",
+  ".tbz2",
+  ".tbz",
+
+  ".zip"
+  ]
+
 dependencies_path = Path(sys.argv[1])
 closure_yaml_path = Path(sys.argv[2])
 julia_path = Path(sys.argv[3])
@@ -33,33 +56,14 @@
     if contents.get("depends_on"):
       closure_dependencies_dag.add_node(uuid, dependencies=contents["depends_on"].values())
 
-with open(out_path, "w") as f:
-  f.write("{ lib, fetchurl, glibc, pkgs, stdenv }:\n\n")
-  f.write("rec {\n")
-
-  def process_item(item):
-    uuid, src = item
-    lines = []
-    artifacts = toml.loads(subprocess.check_output([julia_path, extract_artifacts_script, uuid, src]).decode())
-    if not artifacts: return f'  uuid-{uuid} = {{}};\n'
-
-    lines.append(f'  uuid-{uuid} = {{')
-
-    for artifact_name, details in artifacts.items():
-      if len(details["download"]) == 0: continue
-      download = details["download"][0]
-      url = download["url"]
-      sha256 = download["sha256"]
-
-      git_tree_sha1 = details["git-tree-sha1"]
-
-      depends_on = set()
-      if closure_dependencies_dag.has_node(uuid):
-        depends_on = set(closure_dependencies_dag.get_dependencies(uuid)).intersection(dependency_uuids)
+def get_archive_derivation(uuid, artifact_name, url, sha256):
+  depends_on = set()
+  if closure_dependencies_dag.has_node(uuid):
+    depends_on = set(closure_dependencies_dag.get_dependencies(uuid)).intersection(dependency_uuids)
 
-      other_libs = extra_libs.get(uuid, [])
+  other_libs = extra_libs.get(uuid, [])
 
-      fixup = f"""fixupPhase = let
+  fixup = f"""fixupPhase = let
           libs = lib.concatMap (lib.mapAttrsToList (k: v: v.path))
                                [{" ".join(["uuid-" + x for x in depends_on])}];
           in ''
@@ -69,7 +73,7 @@ def process_item(item):
               patchelf --set-interpreter ${{glibc}}/lib/ld-linux-x86-64.so.2 {{}} \;
           ''"""
 
-      derivation = f"""{{
+  return f"""stdenv.mkDerivation {{
         name = "{artifact_name}";
         src = fetchurl {{
           url = "{url}";
@@ -82,9 +86,41 @@ def process_item(item):
         {fixup};
       }}"""
 
+def get_plain_derivation(url, sha256):
+  return f"""fetchurl {{
+        url = "{url}";
+        sha256 = "{sha256}";
+      }}"""
+
+with open(out_path, "w") as f:
+  f.write("{ lib, fetchurl, glibc, pkgs, stdenv }:\n\n")
+  f.write("rec {\n")
+
+  def process_item(item):
+    uuid, src = item
+    lines = []
+    artifacts = toml.loads(subprocess.check_output([julia_path, extract_artifacts_script, uuid, src]).decode())
+    if not artifacts: return f'  uuid-{uuid} = {{}};\n'
+
+    lines.append(f'  uuid-{uuid} = {{')
+
+    for artifact_name, details in artifacts.items():
+      if len(details["download"]) == 0: continue
+      download = details["download"][0]
+      url = download["url"]
+      sha256 = download["sha256"]
+
+      git_tree_sha1 = details["git-tree-sha1"]
+
+      parsed_url = urlparse(url)
+      if any(parsed_url.path.endswith(x) for x in archive_extensions):
+        derivation = get_archive_derivation(uuid, artifact_name, url, sha256)
+      else:
+        derivation = get_plain_derivation(url, sha256)
+
       lines.append(f"""    "{artifact_name}" = {{
       sha1 = "{git_tree_sha1}";
-      path = stdenv.mkDerivation {derivation};
+      path = {derivation};
     }};\n""")
 
     lines.append('  };\n')
diff --git a/pkgs/development/libraries/jellyfin-ffmpeg/default.nix b/pkgs/development/libraries/jellyfin-ffmpeg/default.nix
index ff2fca37fba47..a33a55d63e7dd 100644
--- a/pkgs/development/libraries/jellyfin-ffmpeg/default.nix
+++ b/pkgs/development/libraries/jellyfin-ffmpeg/default.nix
@@ -39,5 +39,6 @@
     homepage = "https://github.com/jellyfin/jellyfin-ffmpeg";
     license = licenses.gpl3;
     maintainers = with maintainers; [ justinas ];
+    pkgConfigModules = [ "libavutil" ];
   };
 })
diff --git a/pkgs/development/libraries/tdlib/default.nix b/pkgs/development/libraries/tdlib/default.nix
index f1c1c85caf0b1..f1c6a3d1b7288 100644
--- a/pkgs/development/libraries/tdlib/default.nix
+++ b/pkgs/development/libraries/tdlib/default.nix
@@ -2,7 +2,7 @@
 
 stdenv.mkDerivation rec {
   pname = "tdlib";
-  version = "1.8.22";
+  version = "1.8.23";
 
   src = fetchFromGitHub {
     owner = "tdlib";
@@ -11,8 +11,8 @@ stdenv.mkDerivation rec {
     # The tdlib authors do not set tags for minor versions, but
     # external programs depending on tdlib constrain the minor
     # version, hence we set a specific commit with a known version.
-    rev = "24893faf75d84b2b885f3f7aeb9d5a3c056fa7be";
-    hash = "sha256-4cfnre71+rQSuPrtFJMzIEPYVCZH/W142b4Pn2NxvqI=";
+    rev = "27c3eaeb4964bd5f18d8488e354abde1a4383e49";
+    hash = "sha256-TxgzZn/OF5b5FWzwnOWIozH+1d7O0RG3h+WKV10rxpE=";
   };
 
   buildInputs = [ gperf openssl readline zlib ];
diff --git a/pkgs/development/python-modules/bravado-core/default.nix b/pkgs/development/python-modules/bravado-core/default.nix
index 86c7f7b57c914..9699e1cc04fb8 100644
--- a/pkgs/development/python-modules/bravado-core/default.nix
+++ b/pkgs/development/python-modules/bravado-core/default.nix
@@ -2,6 +2,7 @@
 , buildPythonPackage
 , fetchFromGitHub
 , pythonOlder
+, setuptools
   # build inputs
 , jsonref
 , jsonschema
@@ -20,8 +21,8 @@
 
 buildPythonPackage rec {
   pname = "bravado-core";
-  version = "6.1.0";
-  format = "setuptools";
+  version = "6.6.1";
+  pyproject = true;
 
   disabled = pythonOlder "3.7";
 
@@ -29,12 +30,16 @@ buildPythonPackage rec {
     owner = "Yelp";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-/ePs3znbwamMHHzb/PD4UHq+7v0j1r1X3J3Bnb4S2VU=";
+    hash = "sha256-kyHmZNPl5lLKmm5i3TSi8Tfi96mQHqaiyBfceBJcOdw=";
   };
 
+  nativeBuildInputs = [
+    setuptools
+  ];
+
   propagatedBuildInputs = [
     jsonref
-    jsonschema # with optional dependencies for format
+    jsonschema # jsonschema[format-nongpl]
     python-dateutil
     pyyaml
     requests
@@ -43,7 +48,7 @@ buildPythonPackage rec {
     swagger-spec-validator
     pytz
     msgpack
-  ] ++ jsonschema.optional-dependencies.format;
+  ] ++ jsonschema.optional-dependencies.format-nongpl;
 
   nativeCheckInputs = [
     pytestCheckHook
diff --git a/pkgs/development/python-modules/pint/default.nix b/pkgs/development/python-modules/pint/default.nix
index 9252a2a5fbe1d..3dfe10c8d9bc2 100644
--- a/pkgs/development/python-modules/pint/default.nix
+++ b/pkgs/development/python-modules/pint/default.nix
@@ -13,6 +13,7 @@
 # tests
 , pytestCheckHook
 , pytest-subtests
+, pytest-benchmark
 , numpy
 , matplotlib
 , uncertainties
@@ -20,7 +21,7 @@
 
 buildPythonPackage rec {
   pname = "pint";
-  version = "0.22";
+  version = "0.23";
   format = "pyproject";
 
   disabled = pythonOlder "3.6";
@@ -28,7 +29,7 @@ buildPythonPackage rec {
   src = fetchPypi {
     inherit version;
     pname = "Pint";
-    hash = "sha256-LROfarvPMBbK19POwFcH/pCKxPmc9Zrt/W7mZ7emRDM=";
+    hash = "sha256-4VCbkWBtvFJSfGAKTvdP+sEv/3Boiv8g6QckCTRuybQ=";
   };
 
   nativeBuildInputs = [
@@ -43,6 +44,7 @@ buildPythonPackage rec {
   nativeCheckInputs = [
     pytestCheckHook
     pytest-subtests
+    pytest-benchmark
     numpy
     matplotlib
     uncertainties
@@ -53,8 +55,8 @@ buildPythonPackage rec {
   '';
 
   disabledTests = [
-    # https://github.com/hgrecco/pint/issues/1825
-    "test_equal_zero_nan_NP"
+    # https://github.com/hgrecco/pint/issues/1898
+    "test_load_definitions_stage_2"
   ];
 
   meta = with lib; {
diff --git a/pkgs/development/python-modules/pymc/default.nix b/pkgs/development/python-modules/pymc/default.nix
index 746525e7030c2..d6dfaaa2cca25 100644
--- a/pkgs/development/python-modules/pymc/default.nix
+++ b/pkgs/development/python-modules/pymc/default.nix
@@ -23,7 +23,7 @@ buildPythonPackage rec {
     owner = "pymc-devs";
     repo = "pymc";
     rev = "refs/tags/v${version}";
-    hash = "sha256-cVmIxwO1TQ8H+Sm828sxaZ6InvIkdCRhFSH5k52W1DI=";
+    hash = "sha256-3y8ORRyWjr4KT818ktXrgX4jB0Rkrnf4DQaNkyXGrts=";
   };
 
   propagatedBuildInputs = [
diff --git a/pkgs/development/python-modules/skodaconnect/default.nix b/pkgs/development/python-modules/skodaconnect/default.nix
index ab64765f3083f..f47dada7b631c 100644
--- a/pkgs/development/python-modules/skodaconnect/default.nix
+++ b/pkgs/development/python-modules/skodaconnect/default.nix
@@ -12,24 +12,18 @@
 
 buildPythonPackage rec {
   pname = "skodaconnect";
-  version = "1.3.8";
+  version = "1.3.9";
   pyproject = true;
 
-  disabled = pythonOlder "3.8";
+  disabled = pythonOlder "3.11";
 
   src = fetchFromGitHub {
     owner = "lendy007";
-    repo = pname;
+    repo = "skodaconnect";
     rev = "refs/tags/${version}";
-    hash = "sha256-Isnji6hXkTuTmbMpSuim9uG5ECSDX6A8QZ13sTCU9t0=";
+    hash = "sha256-7QDelJzyRnYNqVP9IuREpCm5s+qJ8cxSEn1YcqnYepA=";
   };
 
-  postPatch = ''
-    # https://github.com/skodaconnect/skodaconnect/pull/103
-    substituteInPlace pyproject.toml \
-      --replace "Bug Tracker" '"Bug Tracker"'
-  '';
-
   nativeBuildInputs = [
     flit-core
   ];
diff --git a/pkgs/development/python-modules/tplink-omada-client/default.nix b/pkgs/development/python-modules/tplink-omada-client/default.nix
index 8dcb2cda2cea4..4006c002d52cd 100644
--- a/pkgs/development/python-modules/tplink-omada-client/default.nix
+++ b/pkgs/development/python-modules/tplink-omada-client/default.nix
@@ -10,7 +10,7 @@
 
 buildPythonPackage rec {
   pname = "tplink-omada-client";
-  version = "1.3.6";
+  version = "1.3.7";
   format = "pyproject";
 
   disabled = pythonOlder "3.9";
@@ -18,7 +18,7 @@ buildPythonPackage rec {
   src = fetchPypi {
     pname = "tplink_omada_client";
     inherit version;
-    hash = "sha256-8NP+5qBdWiBUPf5DJWMrHJfZwpRNkCewjrjTbvgD3AA=";
+    hash = "sha256-iSCrFrcj6csslIkd8yt0wvvOSTCHRiMnsMOeUDcsE4U=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/development/python-modules/velbus-aio/default.nix b/pkgs/development/python-modules/velbus-aio/default.nix
index 6808c1d906d60..8c02198e9b5a1 100644
--- a/pkgs/development/python-modules/velbus-aio/default.nix
+++ b/pkgs/development/python-modules/velbus-aio/default.nix
@@ -11,7 +11,7 @@
 
 buildPythonPackage rec {
   pname = "velbus-aio";
-  version = "2023.11.0";
+  version = "2023.12.0";
   pyproject = true;
 
   disabled = pythonOlder "3.7";
@@ -20,7 +20,7 @@ buildPythonPackage rec {
     owner = "Cereal2nd";
     repo = pname;
     rev = "refs/tags/${version}";
-    hash = "sha256-j0NGeuxhtxmlpal9MpnlHqGv47uTVx1Lyfy9u0cEtYg=";
+    hash = "sha256-cYqEF2Odouu7U0DiU+n/gKUYJia8I4Qs1l+UI6JrWTM=";
     fetchSubmodules = true;
   };
 
diff --git a/pkgs/development/tools/database/surrealdb-migrations/Cargo.lock b/pkgs/development/tools/database/surrealdb-migrations/Cargo.lock
index a0d486280bc12..7865c0cea6bf2 100644
--- a/pkgs/development/tools/database/surrealdb-migrations/Cargo.lock
+++ b/pkgs/development/tools/database/surrealdb-migrations/Cargo.lock
@@ -656,9 +656,9 @@ dependencies = [
 
 [[package]]
 name = "clap"
-version = "4.4.8"
+version = "4.4.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2275f18819641850fa26c89acc84d465c1bf91ce57bc2748b28c420473352f64"
+checksum = "bfaff671f6b22ca62406885ece523383b9b64022e341e53e009a62ebc47a45f2"
 dependencies = [
  "clap_builder",
  "clap_derive 4.4.7",
@@ -666,9 +666,9 @@ dependencies = [
 
 [[package]]
 name = "clap_builder"
-version = "4.4.8"
+version = "4.4.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "07cdf1b148b25c1e1f7a42225e30a0d99a615cd4637eae7365548dd4529b95bc"
+checksum = "a216b506622bb1d316cd51328dce24e07bdff4a6128a47c7e7fad11878d5adbb"
 dependencies = [
  "anstream",
  "anstyle",
@@ -3228,9 +3228,9 @@ dependencies = [
 
 [[package]]
 name = "sqlparser"
-version = "0.39.0"
+version = "0.40.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "743b4dc2cbde11890ccb254a8fc9d537fa41b36da00de2a1c5e9848c9bc42bd7"
+checksum = "7c80afe31cdb649e56c0d9bb5503be9166600d68a852c38dd445636d126858e5"
 dependencies = [
  "log",
 ]
@@ -3293,9 +3293,9 @@ checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc"
 
 [[package]]
 name = "surrealdb"
-version = "1.0.0"
+version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "46fb62fbf4b5f0f28c52e919c7a0f5eb4aa4cd6b92b1e25f2e71a7f2d9f92524"
+checksum = "58fbfc165921b5ecd488df676d6d64f3559771acad92f1643823791e3dccf66b"
 dependencies = [
  "addr",
  "any_ascii",
@@ -3393,13 +3393,13 @@ dependencies = [
 
 [[package]]
 name = "surrealdb-migrations"
-version = "1.0.0"
+version = "1.0.1"
 dependencies = [
  "assert_cmd",
  "assert_fs",
  "chrono",
  "chrono-human-duration",
- "clap 4.4.8",
+ "clap 4.4.11",
  "cli-table",
  "color-eyre",
  "convert_case",
@@ -3579,9 +3579,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
 
 [[package]]
 name = "tokio"
-version = "1.34.0"
+version = "1.35.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d0c014766411e834f7af5b8f4cf46257aab4036ca95e9d2c144a10f59ad6f5b9"
+checksum = "841d45b238a16291a4e1584e61820b8ae57d696cc5015c459c229ccc6990cc1c"
 dependencies = [
  "backtrace",
  "bytes",
diff --git a/pkgs/development/tools/database/surrealdb-migrations/default.nix b/pkgs/development/tools/database/surrealdb-migrations/default.nix
index 0e1497e3369ef..2adc3133839fd 100644
--- a/pkgs/development/tools/database/surrealdb-migrations/default.nix
+++ b/pkgs/development/tools/database/surrealdb-migrations/default.nix
@@ -10,7 +10,7 @@
 
 let
   pname = "surrealdb-migrations";
-  version = "1.0.0";
+  version = "1.0.1";
 in
 rustPlatform.buildRustPackage rec {
   inherit pname version;
@@ -19,7 +19,7 @@ rustPlatform.buildRustPackage rec {
     owner = "Odonno";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-87lGjGj3qyPe/YDysgR7eiGwwPvErWH2sgg8/jiqq4g=";
+    hash = "sha256-yody0F8Wkizyq7SW9OjT4cV3O9HOUYlBc7+8GwJG2cs=";
   };
 
   cargoLock = {
diff --git a/pkgs/development/tools/just/default.nix b/pkgs/development/tools/just/default.nix
index 424c5f0db2be2..212afd308d4ee 100644
--- a/pkgs/development/tools/just/default.nix
+++ b/pkgs/development/tools/just/default.nix
@@ -11,17 +11,17 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "just";
-  version = "1.20.0";
+  version = "1.21.0";
   outputs = [ "out" "man" "doc" ];
 
   src = fetchFromGitHub {
     owner = "casey";
     repo = pname;
     rev = "refs/tags/${version}";
-    hash = "sha256-MTfxVUr5rQpu5AXJmP/7rOjeHSsX+iQqfBdYb8YWfiU=";
+    hash = "sha256-DAh8uOeZttimAUJS4fyCn8SpZDuJf/pvYd5p0AqwEX4=";
   };
 
-  cargoHash = "sha256-lvqtt6RCy/SqzZXWRR5u2P9UOlHC5Hjg6UhYjxpS3as=";
+  cargoHash = "sha256-sOTTC8mqyiu4BBQgzjPQ+x/VG4KYfu/9idGo4mc1EpQ=";
 
   nativeBuildInputs = [ installShellFiles mdbook ];
   buildInputs = lib.optionals stdenv.isDarwin [ libiconv ];
diff --git a/pkgs/development/tools/rust/rust-analyzer/default.nix b/pkgs/development/tools/rust/rust-analyzer/default.nix
index b159e014978e8..f4bdeb2414ebe 100644
--- a/pkgs/development/tools/rust/rust-analyzer/default.nix
+++ b/pkgs/development/tools/rust/rust-analyzer/default.nix
@@ -13,14 +13,14 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "rust-analyzer-unwrapped";
-  version = "2023-11-13";
-  cargoSha256 = "sha256-Nrq8si+myWLmhaJrvxK+Ki599A5VddNcCd5kQZWTnNs=";
+  version = "2023-12-25";
+  cargoSha256 = "sha256-N4R5wka9gN+jMMoMfsQ9pzrZk0GZqdaywMyDhbiz2wI=";
 
   src = fetchFromGitHub {
     owner = "rust-lang";
     repo = "rust-analyzer";
     rev = version;
-    sha256 = "sha256-gjMqmlCvLVlptL35HHvALrOKrFyxjg5hryXbbpVyoeY=";
+    sha256 = "sha256-GRRhRsZvVgH/Rx2zic0c1Rxt7VumRPqsan6sqculRvU=";
   };
 
   cargoBuildFlags = [ "--bin" "rust-analyzer" "--bin" "rust-analyzer-proc-macro-srv" ];
diff --git a/pkgs/development/tools/supabase-cli/default.nix b/pkgs/development/tools/supabase-cli/default.nix
index 541e82c600548..abc955ed37804 100644
--- a/pkgs/development/tools/supabase-cli/default.nix
+++ b/pkgs/development/tools/supabase-cli/default.nix
@@ -9,13 +9,13 @@
 
 buildGoModule rec {
   pname = "supabase-cli";
-  version = "1.129.0";
+  version = "1.129.1";
 
   src = fetchFromGitHub {
     owner = "supabase";
     repo = "cli";
     rev = "v${version}";
-    hash = "sha256-qbm7ByPZpLx0BB/iZ3UjYFe/g6l7ZuUw4wzrH72Ut7U=";
+    hash = "sha256-/qApBCjwgnuCHP6DsK4LE5KA6RVu8lV84fxGVkrKyOs=";
   };
 
   vendorHash = "sha256-lFholyFVr6uMcfafM/tb8r1/4ysgWZOW5neoy3uL0Vw=";
diff --git a/pkgs/games/shattered-pixel-dungeon/rat-king-adventure.nix b/pkgs/games/shattered-pixel-dungeon/rat-king-adventure.nix
index 34a24a758fde5..c376545ffcefa 100644
--- a/pkgs/games/shattered-pixel-dungeon/rat-king-adventure.nix
+++ b/pkgs/games/shattered-pixel-dungeon/rat-king-adventure.nix
@@ -4,13 +4,13 @@
 
 callPackage ./generic.nix rec {
   pname = "rat-king-adventure";
-  version = "1.5.2a";
+  version = "1.5.3";
 
   src = fetchFromGitHub {
     owner = "TrashboxBobylev";
     repo = "Rat-King-Adventure";
     rev = version;
-    hash = "sha256-UgUm7GIn1frS66YYrx+ax+oqMKnQnDlqpn9e1kWwDzo=";
+    hash = "sha256-Q/smIObu7khcRnwdT8m7+WstpPE1tbDFJcZ4OGYJ338=";
   };
 
   depsHash = "sha256-yE6zuLnFLtNq76AhtyE+giGLF2vcCqF7sfIvcY8W6Lg=";
diff --git a/pkgs/os-specific/linux/batman-adv/default.nix b/pkgs/os-specific/linux/batman-adv/default.nix
index 4300d576b8d96..ac1e1f8038dd3 100644
--- a/pkgs/os-specific/linux/batman-adv/default.nix
+++ b/pkgs/os-specific/linux/batman-adv/default.nix
@@ -1,7 +1,7 @@
 { lib
 , stdenv
 , fetchurl
-, fetchpatch
+, fetchpatch2
 , kernel
 }:
 
@@ -16,6 +16,14 @@ stdenv.mkDerivation rec {
     sha256 = cfg.sha256.${pname};
   };
 
+  patches = [
+    # batman-adv: compat: Fix skb_vlan_eth_hdr conflict in stable kernels
+    (fetchpatch2 {
+      url = "https://git.open-mesh.org/batman-adv.git/commitdiff_plain/be69e50e8c249ced085d41ddd308016c1c692174?hp=74d3c5e1c682a9efe31b75e8986668081a4b5341";
+      sha256 = "sha256-yfEiU74wuMSKal/6mwzgdccqDMEv4P7CkAeiSAEwvjA=";
+    })
+  ];
+
   nativeBuildInputs = kernel.moduleBuildDependencies;
   makeFlags = kernel.makeFlags ++ [
     "KERNELPATH=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
diff --git a/pkgs/servers/gemini/agate/default.nix b/pkgs/servers/gemini/agate/default.nix
index 9bd994dd1ad57..8babfe505deda 100644
--- a/pkgs/servers/gemini/agate/default.nix
+++ b/pkgs/servers/gemini/agate/default.nix
@@ -1,16 +1,25 @@
-{ lib, stdenv, nixosTests, fetchFromGitHub, rustPlatform, libiconv, Security }:
+{ lib, stdenv, nixosTests, fetchFromGitHub, fetchpatch, rustPlatform, libiconv, Security }:
 
 rustPlatform.buildRustPackage rec {
   pname = "agate";
-  version = "3.3.1";
+  version = "3.3.3";
 
   src = fetchFromGitHub {
     owner = "mbrubeck";
     repo = "agate";
     rev = "v${version}";
-    hash = "sha256-gU4Q45Sb+LOmcv0j9R8yw996NUpCOnxdwT6lyvNp2pg=";
+    hash = "sha256-qINtAOPrmLUWfEjZNj11W2WoIFw7Ye3KDk+9ZKtZAvo=";
   };
-  cargoHash = "sha256-6jF4ayzBN4sSk81u3iX0CxMPAsL6D+wpXRYGjgntMUE=";
+
+  cargoPatches = [
+    # Update version in Cargo.lock
+    (fetchpatch {
+      url = "https://github.com/mbrubeck/agate/commit/ac57093d2f73a20d0d4f84b551beef4ac9cb4a24.patch";
+      hash = "sha256-OknfBkaBWm3svSp8LSvyfy2g0y0SkR7VtJQUdAjClFs=";
+    })
+  ];
+
+  cargoHash = "sha256-18V1/d2A3DJmpYX/5Z8M3uAaHrULGIgCT4ntcV4N8l0=";
 
   buildInputs = lib.optionals stdenv.isDarwin [ libiconv Security ];
 
diff --git a/pkgs/servers/mail/dkimproxy/default.nix b/pkgs/servers/mail/dkimproxy/default.nix
index 128a9ae8ff115..b34d3a1ed5665 100644
--- a/pkgs/servers/mail/dkimproxy/default.nix
+++ b/pkgs/servers/mail/dkimproxy/default.nix
@@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
   '';
 
   buildInputs = [ perlPackages.perl ];
-  propagatedBuildInputs = with perlPackages; [ Error MailDKIM MIMETools NetServer ];
+  propagatedBuildInputs = with perlPackages; [ CryptX Error MailDKIM MIMETools NetServer ];
 
   meta = with lib; {
     description = "SMTP-proxy that signs and/or verifies emails";
diff --git a/pkgs/servers/mautrix-telegram/default.nix b/pkgs/servers/mautrix-telegram/default.nix
index 4bb3cabf206c8..349c4e371ffc6 100644
--- a/pkgs/servers/mautrix-telegram/default.nix
+++ b/pkgs/servers/mautrix-telegram/default.nix
@@ -9,11 +9,11 @@ let
   python = python3.override {
     packageOverrides = self: super: {
       tulir-telethon = self.telethon.overridePythonAttrs (oldAttrs: rec {
-        version = "1.33.0a1";
+        version = "1.34.0a2";
         pname = "tulir-telethon";
         src = fetchPypi {
           inherit pname version;
-          hash = "sha256-at/MiVXAKFhMH1N1m+K9HmYvxvzYa7xKhIlpDs7Kk3U=";
+          hash = "sha256-+3mk+H0sQD3ssEPihE/PvWpYVZzkGQMXhFS64m7joJ8=";
         };
         doCheck = false;
       });
@@ -22,14 +22,14 @@ let
 in
 python.pkgs.buildPythonPackage rec {
   pname = "mautrix-telegram";
-  version = "0.15.0";
+  version = "0.15.1";
   disabled = python.pythonOlder "3.8";
 
   src = fetchFromGitHub {
     owner = "mautrix";
     repo = "telegram";
     rev = "refs/tags/v${version}";
-    hash = "sha256-2XPZkBAe15Rf1tv4KGhwRhoRf1wv+moADWDMNmkERtk=";
+    hash = "sha256-9ZXyjfbDRwO0wRPMGstlLIKvztp2xAjoqpTwBYJji/4=";
   };
 
   format = "setuptools";
diff --git a/pkgs/servers/monitoring/mtail/default.nix b/pkgs/servers/monitoring/mtail/default.nix
index 3aa5aa3415501..ce61bb186caa4 100644
--- a/pkgs/servers/monitoring/mtail/default.nix
+++ b/pkgs/servers/monitoring/mtail/default.nix
@@ -1,4 +1,8 @@
-{ lib, fetchFromGitHub, buildGoModule }:
+{ lib
+, stdenv
+, buildGoModule
+, fetchFromGitHub
+}:
 
 buildGoModule rec {
   pname = "mtail";
@@ -13,21 +17,20 @@ buildGoModule rec {
 
   vendorHash = "sha256-KD75KHXrXXm5FMXeFInNTDsVsclyqTfsfQiB3Br+F1A=";
 
-  doCheck = false;
-
-  subPackages = [ "cmd/mtail" ];
-
-  preBuild = ''
-    go generate -x ./internal/vm/
-  '';
-
   ldflags = [
-    "-X main.Version=${version}"
+    "-X=main.Branch=main"
+    "-X=main.Version=${version}"
+    "-X=main.Revision=${src.rev}"
   ];
 
+  # fails on darwin with: write unixgram -> <tmpdir>/rsyncd.log: write: message too long
+  doCheck = !stdenv.isDarwin;
+
   meta = with lib; {
-    license = licenses.asl20;
-    homepage = "https://github.com/google/mtail";
     description = "Tool for extracting metrics from application logs";
+    homepage = "https://github.com/google/mtail";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ nickcao ];
+    mainProgram = "mtail";
   };
 }
diff --git a/pkgs/servers/traefik/default.nix b/pkgs/servers/traefik/default.nix
index f1c40b707350c..22ad9d0d94294 100644
--- a/pkgs/servers/traefik/default.nix
+++ b/pkgs/servers/traefik/default.nix
@@ -16,7 +16,7 @@ buildGoModule rec {
   subPackages = [ "cmd/traefik" ];
 
   preBuild = ''
-    go generate
+    GOOS= GOARCH= CGO_ENABLED=0 go generate
 
     CODENAME=$(awk -F "=" '/CODENAME=/ { print $2}' script/binary)
 
diff --git a/pkgs/tools/admin/qovery-cli/default.nix b/pkgs/tools/admin/qovery-cli/default.nix
index 1aaad9c4ee8cd..a0f6d52123a08 100644
--- a/pkgs/tools/admin/qovery-cli/default.nix
+++ b/pkgs/tools/admin/qovery-cli/default.nix
@@ -8,13 +8,13 @@
 
 buildGoModule rec {
   pname = "qovery-cli";
-  version = "0.77.0";
+  version = "0.79.0";
 
   src = fetchFromGitHub {
     owner = "Qovery";
     repo = "qovery-cli";
     rev = "refs/tags/v${version}";
-    hash = "sha256-247YXfZHxnH3IrCpM/BOmJclKdsC561R2m5seqEknaE=";
+    hash = "sha256-DmAzGT99Ay9d07leezFx11fkqfK7+khT+O64Fye5zaw=";
   };
 
   vendorHash = "sha256-uYmA6dYdCTf/oon202s6RBGNfOaXLllX+mPM8fRkCh0=";
diff --git a/pkgs/tools/admin/tigervnc/default.nix b/pkgs/tools/admin/tigervnc/default.nix
index d1a0d8cf416f0..53d0fe662bfef 100644
--- a/pkgs/tools/admin/tigervnc/default.nix
+++ b/pkgs/tools/admin/tigervnc/default.nix
@@ -147,7 +147,7 @@ stdenv.mkDerivation rec {
 
   propagatedBuildInputs = lib.optional stdenv.isLinux xorg.xorgserver.propagatedBuildInputs;
 
-  passthru.tests.tigervnc = nixosTests.vnc.testTigerVNC;
+  passthru.tests.tigervnc = nixosTests.tigervnc;
 
   meta = {
     homepage = "https://tigervnc.org/";
diff --git a/pkgs/tools/misc/netbootxyz-efi/default.nix b/pkgs/tools/misc/netbootxyz-efi/default.nix
index 55588f46ac9f2..efa16daaeacfd 100644
--- a/pkgs/tools/misc/netbootxyz-efi/default.nix
+++ b/pkgs/tools/misc/netbootxyz-efi/default.nix
@@ -4,12 +4,12 @@
 
 let
   pname = "netboot.xyz-efi";
-  version = "2.0.60";
+  version = "2.0.75";
 in fetchurl {
   name = "${pname}-${version}";
 
   url = "https://github.com/netbootxyz/netboot.xyz/releases/download/${version}/netboot.xyz.efi";
-  sha256 = "sha256-E4NiziF1W1U0FcV2KWj3YVCGtbrKI48RDBpSw2NAMc0=";
+  sha256 = "sha256-VaTUwX3S5Bj5eUZAspXNaVm8Y51hURL3xBb1tRdj6Zw=";
 
   meta = with lib; {
     homepage = "https://netboot.xyz/";
diff --git a/pkgs/tools/misc/sfeed/default.nix b/pkgs/tools/misc/sfeed/default.nix
index 2fa9d806933ef..c12ddec63c948 100644
--- a/pkgs/tools/misc/sfeed/default.nix
+++ b/pkgs/tools/misc/sfeed/default.nix
@@ -2,12 +2,12 @@
 
 stdenv.mkDerivation rec {
   pname = "sfeed";
-  version = "1.9";
+  version = "2.0";
 
   src = fetchgit {
     url = "git://git.codemadness.org/sfeed";
     rev = version;
-    sha256 = "sha256-VZChiJ1m2d0iEM5ATXMqCJVpHZcBIkqIorFvQlY0/mw=";
+    sha256 = "sha256-DbzJWi9wAc7w2Z0bQt5PEFOuu9L3xzNrJvCocvCer34=";
   };
 
   buildInputs = [ ncurses ];
diff --git a/pkgs/tools/misc/twm/default.nix b/pkgs/tools/misc/twm/default.nix
index 8e79293477c98..c750619f8fbdc 100644
--- a/pkgs/tools/misc/twm/default.nix
+++ b/pkgs/tools/misc/twm/default.nix
@@ -9,16 +9,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "twm";
-  version = "0.8.1";
+  version = "0.8.2";
 
   src = fetchFromGitHub {
     owner = "vinnymeller";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-4+1+9SdaYxqFmXB3F1vEfVq8bGiR6s8bVLrnjQNf/DY=";
+    sha256 = "sha256-r9l5gNWoIkKHzjHOCK7qnPLfg6O+km7OX+6pHQKhN6g=";
   };
 
-  cargoHash = "sha256-5F3jjNv1oJeYoGEuu2IC/7yiWWigVvxsjmHKcs1mESE=";
+  cargoHash = "sha256-0nCMgfnEqr0D3HpocUN/Hc9tG9byu2CYvBy/8vIU+bI=";
 
   nativeBuildInputs = [ pkg-config ];
   buildInputs = [ openssl ] ++ lib.optionals stdenv.isDarwin [ Security ];
@@ -27,7 +27,7 @@ rustPlatform.buildRustPackage rec {
     description = "A customizable workspace manager for tmux";
     homepage = "https://github.com/vinnymeller/twm";
     changelog = "https://github.com/vinnymeller/twm/releases/tag/v${version}";
-    license = licenses.gpl2Only;
+    license = licenses.mit;
     maintainers = with maintainers; [ vinnymeller ];
     mainProgram = "twm";
   };
diff --git a/pkgs/tools/networking/sing-box/default.nix b/pkgs/tools/networking/sing-box/default.nix
index 5ba7917de049f..0310829c5c291 100644
--- a/pkgs/tools/networking/sing-box/default.nix
+++ b/pkgs/tools/networking/sing-box/default.nix
@@ -11,16 +11,16 @@
 
 buildGoModule rec {
   pname = "sing-box";
-  version = "1.7.6";
+  version = "1.7.7";
 
   src = fetchFromGitHub {
     owner = "SagerNet";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-ZrZ2mqf1/D4L+1SlTx3rwkmk9+RcqH/yuMZie6jtpmc=";
+    hash = "sha256-EiWwy417PFMzk/v6mUCPuTW/xWicq7sqPZKpL+M3ZIo=";
   };
 
-  vendorHash = "sha256-nIVm2+F+5rXTiode240zZXxIAQA4VkNynYnmdvSwEHw=";
+  vendorHash = "sha256-cd0oN11YqgG8wJZJ4PiPaD1krKc2UcB0zngj9nTrpoY=";
 
   tags = [
     "with_quic"
@@ -68,5 +68,6 @@ buildGoModule rec {
     description = "The universal proxy platform";
     license = licenses.gpl3Plus;
     maintainers = with maintainers; [ nickcao ];
+    mainProgram = "sing-box";
   };
 }
diff --git a/pkgs/tools/package-management/nix-du/default.nix b/pkgs/tools/package-management/nix-du/default.nix
index fcd7aca5714bd..a3a1f0d97108a 100644
--- a/pkgs/tools/package-management/nix-du/default.nix
+++ b/pkgs/tools/package-management/nix-du/default.nix
@@ -12,16 +12,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "nix-du";
-  version = "1.1.1";
+  version = "1.2.0";
 
   src = fetchFromGitHub {
     owner = "symphorien";
     repo = "nix-du";
     rev = "v${version}";
-    sha256 = "sha256-LI9XWqi3ihcmUBjScQVQbn30e5eLaCYwkmnbj7Y8kuU=";
+    sha256 = "sha256-HfmMZVlsdg9hTWGUihl6OlQAp/n1XRvPLfAKJ8as8Ew=";
   };
 
-  cargoSha256 = "sha256-AM89yYeEsYOcHtbSiQgz5qVQhFvDibVxA0ACaE8Gw2Y=";
+  cargoSha256 = "sha256-oUxxuBqec4aI2h8BAn1WSA44UU7f5APkv0DIwuSun0M=";
 
   doCheck = true;
   nativeCheckInputs = [ nix graphviz ];
@@ -34,6 +34,11 @@ rustPlatform.buildRustPackage rec {
 
   nativeBuildInputs = [ pkg-config rustPlatform.bindgenHook ];
 
+  # Workaround for https://github.com/NixOS/nixpkgs/issues/166205
+  env = lib.optionalAttrs stdenv.cc.isClang {
+    NIX_LDFLAGS = "-l${stdenv.cc.libcxx.cxxabi.libName}";
+  };
+
   meta = with lib; {
     description = "A tool to determine which gc-roots take space in your nix store";
     homepage = "https://github.com/symphorien/nix-du";
diff --git a/pkgs/tools/security/sequoia-sq/default.nix b/pkgs/tools/security/sequoia-sq/default.nix
index d8bac3e707259..e77f50a5f4862 100644
--- a/pkgs/tools/security/sequoia-sq/default.nix
+++ b/pkgs/tools/security/sequoia-sq/default.nix
@@ -12,16 +12,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "sequoia-sq";
-  version = "0.31.0";
+  version = "0.32.0";
 
   src = fetchFromGitLab {
     owner = "sequoia-pgp";
     repo = "sequoia-sq";
     rev = "v${version}";
-    hash = "sha256-rrNN52tDM3CEGyNvsT3x4GmfWIpU8yoT2XsgOhPyLjo=";
+    hash = "sha256-2a6LIW5ohSi7fbMwk/wmNJ0AOz5JIXiXJI7EoVKv1Sk=";
   };
 
-  cargoHash = "sha256-B+gtUzUB99At+kusupsN/v6sCbpXs36/EbpTL3gUxnc=";
+  cargoHash = "sha256-beA0viJVDjfANsPegkc/x2syVp8uGKTMnrPcM7jcvG4=";
 
   nativeBuildInputs = [
     pkg-config
diff --git a/pkgs/tools/security/yubihsm-connector/default.nix b/pkgs/tools/security/yubihsm-connector/default.nix
index ab2a298083804..aee210beabac6 100644
--- a/pkgs/tools/security/yubihsm-connector/default.nix
+++ b/pkgs/tools/security/yubihsm-connector/default.nix
@@ -24,7 +24,7 @@ buildGoModule rec {
   ldflags = [ "-s" "-w" ];
 
   preBuild = ''
-    go generate
+    GOOS= GOARCH= go generate
   '';
 
   meta = with lib; {
diff --git a/pkgs/tools/text/gtree/default.nix b/pkgs/tools/text/gtree/default.nix
index 19f53e5f0e0a5..436185e754a30 100644
--- a/pkgs/tools/text/gtree/default.nix
+++ b/pkgs/tools/text/gtree/default.nix
@@ -7,16 +7,16 @@
 
 buildGoModule rec {
   pname = "gtree";
-  version = "1.10.4";
+  version = "1.10.7";
 
   src = fetchFromGitHub {
     owner = "ddddddO";
     repo = "gtree";
     rev = "v${version}";
-    hash = "sha256-2x84nPSXNPM6MtHa90rg9V5aQIplBDW4WTzRyYUqT8A=";
+    hash = "sha256-RdbUTYdHRjLal/4o6JlIZ9PZsGiO0VWArpIQQI5NkMI=";
   };
 
-  vendorHash = "sha256-rvVrVv73gW26UUy1MyxKDjUgX1mrMMii+l8qU2hLOek=";
+  vendorHash = "sha256-s6TT7baF07U12owOV/BiUJaXxyybfSy4Tr4euYCjlec=";
 
   subPackages = [
     "cmd/gtree"
diff --git a/pkgs/tools/wayland/wl-mirror/default.nix b/pkgs/tools/wayland/wl-mirror/default.nix
index eaaec0f0bb29d..a1640a8a0cef0 100644
--- a/pkgs/tools/wayland/wl-mirror/default.nix
+++ b/pkgs/tools/wayland/wl-mirror/default.nix
@@ -28,13 +28,13 @@ in
 
 stdenv.mkDerivation rec {
   pname = "wl-mirror";
-  version = "0.14.2";
+  version = "0.15.0";
 
   src = fetchFromGitHub {
     owner = "Ferdi265";
     repo = "wl-mirror";
     rev = "v${version}";
-    hash = "sha256-dEkTRpeJhqUGDCqTLVsFoDXgHvfEqMYt/9DEldjqv0Y=";
+    hash = "sha256-XZfe3UqcnpXuCsM4xulayB4I+jnLkHuW2EEiWWTOxls=";
   };
 
   strictDeps = true;
@@ -60,7 +60,7 @@ stdenv.mkDerivation rec {
 
   meta = with lib; {
     homepage = "https://github.com/Ferdi265/wl-mirror";
-    description = "Mirrors an output onto a Wayland surface.";
+    description = "A simple Wayland output mirror client";
     license = licenses.gpl3;
     maintainers = with maintainers; [ synthetica twitchyliquid64 ];
     platforms = platforms.linux;
diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix
index 300b15940cdfe..174f613930dc8 100644
--- a/pkgs/top-level/aliases.nix
+++ b/pkgs/top-level/aliases.nix
@@ -601,6 +601,7 @@ mapAliases ({
   mess = throw "'mess' has been renamed to/replaced by 'mame'"; # Converted to throw 2023-09-10
   microsoft_gsl = microsoft-gsl; # Added 2023-05-26
   migraphx = throw "'migraphx' has been replaced with 'rocmPackages.migraphx'"; # Added 2023-10-08
+  minishift = throw "'minishift' has been removed as it was discontinued upstream. Use 'crc' to setup a microshift cluster instead"; # Added 2023-12-30
   miopen = throw "'miopen' has been replaced with 'rocmPackages.miopen'"; # Added 2023-10-08
   miopengemm = throw "'miopengemm' has been replaced with 'rocmPackages.miopengemm'"; # Added 2023-10-08
   miopen-hip = throw "'miopen-hip' has been replaced with 'rocmPackages.miopen-hip'"; # Added 2023-10-08
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index b2c33ffe580d4..056bada2b3438 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -33689,8 +33689,6 @@ with pkgs;
     inherit (darwin.apple_sdk.frameworks) vmnet;
   };
 
-  minishift = callPackage ../applications/networking/cluster/minishift { };
-
   minitube = libsForQt5.callPackage ../applications/video/minitube { };
 
   mimic = callPackage ../applications/audio/mimic { };
diff --git a/pkgs/top-level/hare-third-party.nix b/pkgs/top-level/hare-third-party.nix
index ae3cbafda23f4..8cf7cc4a9d8eb 100644
--- a/pkgs/top-level/hare-third-party.nix
+++ b/pkgs/top-level/hare-third-party.nix
@@ -5,8 +5,8 @@ let
   inherit (self) callPackage;
 in
 {
-
   hare-compress = callPackage ../development/hare-third-party/hare-compress { };
   hare-ev = callPackage ../development/hare-third-party/hare-ev { };
   hare-json = callPackage ../development/hare-third-party/hare-json { };
+  hare-toml = callPackage ../development/hare-third-party/hare-toml { };
 })