From e2c74a3743ef00c8946c7a6fa491defae1f69343 Mon Sep 17 00:00:00 2001
From: Katherina Walshe-Grey <git@qenya.tel>
Date: Sun, 27 Apr 2025 11:20:13 +0100
Subject: [PATCH 1/2] flake.lock: Update
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Flake lock file updates:

• Updated input 'agenix':
    'github:ryantm/agenix/e600439ec4c273cf11e06fe4d9d906fb98fa097c' (2025-01-15)
  → 'github:ryantm/agenix/96e078c646b711aee04b82ba01aefbff87004ded' (2025-04-26)
• Updated input 'firefox-addons':
    'gitlab:rycee/nur-expressions/60f50437003e17137a871686dfa3fc4291edd5e5?dir=pkgs/firefox-addons' (2025-04-07)
  → 'gitlab:rycee/nur-expressions/346899a4b3b651ab447c61e0c8e9d8a1454cda72?dir=pkgs/firefox-addons' (2025-04-23)
• Updated input 'home-manager':
    'github:nix-community/home-manager/a9f8b3db211b4609ddd83683f9db89796c7f6ac6' (2025-04-04)
  → 'github:nix-community/home-manager/dd26f75fb4ec1c731d4b1396eaf4439ce40a91c1' (2025-04-25)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/f463902a3f03e15af658e48bcc60b39188ddf734' (2025-04-07)
  → 'github:nix-community/home-manager/2f5819a962489e037a57835f63ed6ff8dbc2d5fb' (2025-04-26)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/7819a0d29d1dd2bc331bec4b327f0776359b1fa6' (2025-04-05)
  → 'github:NixOS/nixpkgs/5630cf13cceac06cefe9fc607e8dfa8fb342dde3' (2025-04-24)
• Updated input 'nixpkgs-small':
    'github:NixOS/nixpkgs/f27c6099cec4fe9b67c7fbc51d8324dcb4b52694' (2025-04-05)
  → 'github:NixOS/nixpkgs/d1e377e4cfcb3da8da4b71dbef631e8317907cd8' (2025-04-26)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/42a1c966be226125b48c384171c44c651c236c22' (2025-04-05)
  → 'github:NixOS/nixpkgs/f771eb401a46846c1aebd20552521b233dd7e18b' (2025-04-24)
• Updated input 'nixpkgs-unstable-small':
    'github:NixOS/nixpkgs/da98c5d529f118c82e80a3f9b4fb01fdeba3cf7a' (2025-04-06)
  → 'github:NixOS/nixpkgs/1ee8b713821882c66f5ecfde5c4e5874b1cb5e2f' (2025-04-27)
• Updated input 'randomcat':
    'github:randomnetcat/nix-configs/335ef83e439cfcb4781d5a8f54f606afb63e9f48' (2025-04-07)
  → 'github:randomnetcat/nix-configs/876f365eaa010988a0908421578c72fb17c28f09' (2025-04-27)
---
 flake.lock | 54 +++++++++++++++++++++++++++---------------------------
 1 file changed, 27 insertions(+), 27 deletions(-)

diff --git a/flake.lock b/flake.lock
index 64b47f4..418db8b 100644
--- a/flake.lock
+++ b/flake.lock
@@ -31,11 +31,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1736955230,
-        "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
+        "lastModified": 1745630506,
+        "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
+        "rev": "96e078c646b711aee04b82ba01aefbff87004ded",
         "type": "github"
       },
       "original": {
@@ -92,11 +92,11 @@
       },
       "locked": {
         "dir": "pkgs/firefox-addons",
-        "lastModified": 1744010161,
-        "narHash": "sha256-6PNBLb/YXVlx2YaDqtljQYpk2MlE0VRjGXcEg1RN/qw=",
+        "lastModified": 1745419403,
+        "narHash": "sha256-pQOOn4UntLSwnL3xZ1JAr3IDhXpL+kTS7Zw8ll59K9Q=",
         "owner": "rycee",
         "repo": "nur-expressions",
-        "rev": "60f50437003e17137a871686dfa3fc4291edd5e5",
+        "rev": "346899a4b3b651ab447c61e0c8e9d8a1454cda72",
         "type": "gitlab"
       },
       "original": {
@@ -180,11 +180,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1743808813,
-        "narHash": "sha256-2lDQBOmlz9ggPxcS7/GvcVdzXMIiT+PpMao6FbLJSr0=",
+        "lastModified": 1745557122,
+        "narHash": "sha256-eqSo9ugzsqhFgaDFYUZj943nurlX4L6f+AW0skJ4W+M=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "a9f8b3db211b4609ddd83683f9db89796c7f6ac6",
+        "rev": "dd26f75fb4ec1c731d4b1396eaf4439ce40a91c1",
         "type": "github"
       },
       "original": {
@@ -201,11 +201,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1744008831,
-        "narHash": "sha256-g3mHJLB8ShKuMaBBZxiGuoftJ22f7Boegiw5xBUnS8E=",
+        "lastModified": 1745703610,
+        "narHash": "sha256-KgaGPlmjJItZ+Xf8mSoRmrsso+sf3K54n9oIP9Q17LY=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "f463902a3f03e15af658e48bcc60b39188ddf734",
+        "rev": "2f5819a962489e037a57835f63ed6ff8dbc2d5fb",
         "type": "github"
       },
       "original": {
@@ -251,11 +251,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1743813633,
-        "narHash": "sha256-BgkBz4NpV6Kg8XF7cmHDHRVGZYnKbvG0Y4p+jElwxaM=",
+        "lastModified": 1745487689,
+        "narHash": "sha256-FQoi3R0NjQeBAsEOo49b5tbDPcJSMWc3QhhaIi9eddw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "7819a0d29d1dd2bc331bec4b327f0776359b1fa6",
+        "rev": "5630cf13cceac06cefe9fc607e8dfa8fb342dde3",
         "type": "github"
       },
       "original": {
@@ -282,11 +282,11 @@
     },
     "nixpkgs-small": {
       "locked": {
-        "lastModified": 1743891346,
-        "narHash": "sha256-QNxnxIi6PJEnwJp7ZXUpxX4/z/cmRJGeIOkIYfYh/8E=",
+        "lastModified": 1745699837,
+        "narHash": "sha256-RqGZeOaAdvaVRibN/x6QF+Ahcuigj/WMsqLkGjq/mUI=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "f27c6099cec4fe9b67c7fbc51d8324dcb4b52694",
+        "rev": "d1e377e4cfcb3da8da4b71dbef631e8317907cd8",
         "type": "github"
       },
       "original": {
@@ -298,11 +298,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1743827369,
-        "narHash": "sha256-rpqepOZ8Eo1zg+KJeWoq1HAOgoMCDloqv5r2EAa9TSA=",
+        "lastModified": 1745526057,
+        "narHash": "sha256-ITSpPDwvLBZBnPRS2bUcHY3gZSwis/uTe255QgMtTLA=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "42a1c966be226125b48c384171c44c651c236c22",
+        "rev": "f771eb401a46846c1aebd20552521b233dd7e18b",
         "type": "github"
       },
       "original": {
@@ -314,11 +314,11 @@
     },
     "nixpkgs-unstable-small": {
       "locked": {
-        "lastModified": 1743948488,
-        "narHash": "sha256-uKcMmNPvGPb58MhAFru/CMDYl69nZRK3A3SLch9ejgA=",
+        "lastModified": 1745731301,
+        "narHash": "sha256-2DZgcq2sylQuml+L6FOh8eWMoMGGbNHM7Ls56iBQPX0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "da98c5d529f118c82e80a3f9b4fb01fdeba3cf7a",
+        "rev": "1ee8b713821882c66f5ecfde5c4e5874b1cb5e2f",
         "type": "github"
       },
       "original": {
@@ -354,11 +354,11 @@
     "randomcat": {
       "flake": false,
       "locked": {
-        "lastModified": 1744004743,
-        "narHash": "sha256-MIWwT/A4IfXmmSMCU3lVVnFJNmkXpYxcK+Fishja6XY=",
+        "lastModified": 1745719427,
+        "narHash": "sha256-g3Xt07uJyj9WO+FvQFrxZe9QA6wauWIvyWzUPEu4g64=",
         "owner": "randomnetcat",
         "repo": "nix-configs",
-        "rev": "335ef83e439cfcb4781d5a8f54f606afb63e9f48",
+        "rev": "876f365eaa010988a0908421578c72fb17c28f09",
         "type": "github"
       },
       "original": {

From 9c39440238f04c1f96d3248d81c9b6b29e96da08 Mon Sep 17 00:00:00 2001
From: Katherina Walshe-Grey <git@qenya.tel>
Date: Sun, 27 Apr 2025 13:30:37 +0100
Subject: [PATCH 2/2] nix: Remove insecure package exception for electron 31

Feishin has updated: https://github.com/jeffvli/feishin/issues/879
---
 common/nix.nix | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/common/nix.nix b/common/nix.nix
index 12ebcf7..bafc8ef 100644
--- a/common/nix.nix
+++ b/common/nix.nix
@@ -10,12 +10,4 @@
   nix.nixPath = [ "nixpkgs=flake:nixpkgs" ];
   nixpkgs.config.allowUnfree = true;
   nix.settings.trusted-users = [ "@wheel" ];
-
-  # this is a dependency of feishin (used in qenya's home-manager). it does not actually have a known vulnerability,
-  # it's just unsuspported because Electron's support cycle is a ludicrously short 6 months.
-  # feishin's dev is going to be rewriting it without Electron (as "audioling").
-  # modern software development was a mistake.
-  nixpkgs.config.permittedInsecurePackages = [
-    "electron-31.7.7"
-  ];
 }