diff --git a/hosts/common/programs/avahi.nix b/hosts/common/programs/avahi.nix
index 4e342e61a..5f6d55433 100644
--- a/hosts/common/programs/avahi.nix
+++ b/hosts/common/programs/avahi.nix
@@ -73,34 +73,7 @@ in
     serviceConfig.User = "avahi";
     serviceConfig.Group = "avahi";
     serviceConfig.AmbientCapabilities = "";
-    serviceConfig.CapabilityBoundingSet = "";
-    serviceConfig.LockPersonality = true;
-    serviceConfig.MemoryDenyWriteExecute = true;
-    serviceConfig.NoNewPrivileges = true;
-    serviceConfig.PrivateDevices = true;
-    serviceConfig.PrivateMounts = true;
-    serviceConfig.PrivateTmp = true;
-    serviceConfig.PrivateUsers = true;
-    serviceConfig.ProcSubset = "all";
-    serviceConfig.ProtectClock = true;
-    serviceConfig.ProtectControlGroups = true;
-    serviceConfig.ProtectHome = true;
-    serviceConfig.ProtectHostname = true;
-    serviceConfig.ProtectKernelLogs = true;
-    serviceConfig.ProtectKernelModules = true;
-    serviceConfig.ProtectKernelTunables = true;
-    serviceConfig.ProtectProc = "noaccess";
-    serviceConfig.ProtectSystem = "strict";
-    serviceConfig.RemoveIPC = true;  #< this *might* slow down the initial connection?
-    serviceConfig.RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK";
-    serviceConfig.RestrictRealtime = true;
-    serviceConfig.RestrictSUIDSGID = true;
-    serviceConfig.SystemCallArchitectures = "native";
-    serviceConfig.SystemCallFilter = [
-      "@system-service"
-      "@mount"
-      "~@resources"
-      # "~@privileged"
-    ];
+    serviceConfig.CapabilityBoundingSet = lib.mkForce "";
+    serviceConfig.PrivateUsers = lib.mkForce true;
   };
 }
diff --git a/hosts/common/programs/nwg-panel/default.nix b/hosts/common/programs/nwg-panel/default.nix
index 491e6c625..c119027d8 100644
--- a/hosts/common/programs/nwg-panel/default.nix
+++ b/hosts/common/programs/nwg-panel/default.nix
@@ -121,12 +121,6 @@ in
           name = "playerctl: add settings to control which elements are displayed";
           hash = "sha256-OofS46wAI3EDE3JbYs/Nn+Vkw9TP1mwSFvk+vBERg2s=";
         })
-        (pkgs.fetchpatch {
-          # upstreaming: <https://github.com/nwg-piotr/nwg-panel/pull/328>
-          url = "https://git.uninsane.org/colin/nwg-panel/commit/c70c0ffc9aaeab3a3ef9d547c6c9f81ce5568ff9.patch";
-          name = "controls/PopupWindow: refresh parent outputs as part of our refresh";
-          hash = "sha256-kq+XvG9Ed5g3nIatNTdfC9NYc2AudPtxIK5XWOoHgfU=";
-        })
       ];
 
       # - disable the drop-down chevron by the controls.
diff --git a/pkgs/by-name/nixpkgs-bootstrap/master.nix b/pkgs/by-name/nixpkgs-bootstrap/master.nix
index 55a6f5643..d987d194d 100644
--- a/pkgs/by-name/nixpkgs-bootstrap/master.nix
+++ b/pkgs/by-name/nixpkgs-bootstrap/master.nix
@@ -2,8 +2,8 @@
   mkNixpkgs ? import ./mkNixpkgs.nix {}
 }:
 mkNixpkgs {
-  rev = "c3db199ef6f9717ab1a1c62c161aa424c10cc1d6";
-  sha256 = "sha256-DA8i/zkynCrVHDVNU/hNy0eFnf+7/U+/aZdnN2uqVfA=";
-  version = "0-unstable-2024-10-26";
+  rev = "72bc35e74bc68177f92740d941cc62111c1df051";
+  sha256 = "sha256-bz8XFlUYIQhyn2dMS7dBMGvqXDWcNn2qaOLcSkzSjSE=";
+  version = "0-unstable-2024-10-30";
   branch = "master";
 }
diff --git a/pkgs/by-name/nixpkgs-bootstrap/staging-next.nix b/pkgs/by-name/nixpkgs-bootstrap/staging-next.nix
index 2042cf144..fc763edab 100644
--- a/pkgs/by-name/nixpkgs-bootstrap/staging-next.nix
+++ b/pkgs/by-name/nixpkgs-bootstrap/staging-next.nix
@@ -2,8 +2,8 @@
   mkNixpkgs ? import ./mkNixpkgs.nix {}
 }:
 mkNixpkgs {
-  rev = "1889ebd947f76f0df7d5c4b3fd524749efc0e337";
-  sha256 = "sha256-jQIvTKyDaqoeQ2UQfwlrMAkE5uXsTH0QUgBKoYko9Ls=";
-  version = "0-unstable-2024-10-26";
+  rev = "a37eba4c96ca51a50a2fb9ce70729f928a18034a";
+  sha256 = "sha256-C7X9FpnbjhFfDYXXsOCTEVRmiB3xXT9k1NjJSB5O77Y=";
+  version = "0-unstable-2024-10-30";
   branch = "staging-next";
 }
diff --git a/pkgs/by-name/nixpkgs-bootstrap/staging.nix b/pkgs/by-name/nixpkgs-bootstrap/staging.nix
index 17c13bef2..d5fabf89f 100644
--- a/pkgs/by-name/nixpkgs-bootstrap/staging.nix
+++ b/pkgs/by-name/nixpkgs-bootstrap/staging.nix
@@ -2,8 +2,8 @@
   mkNixpkgs ? import ./mkNixpkgs.nix {}
 }:
 mkNixpkgs {
-  rev = "88df199edfc3beab07c25b357159cd3b32dbc013";
-  sha256 = "sha256-YWNChIijbTEtmqvJJirkjg/1IVe6AEp4Pmy56dceexw=";
-  version = "0-unstable-2024-10-26";
+  rev = "27e5ad03d2c54cbfbd29616dca1a75d4291beb5f";
+  sha256 = "sha256-4vh9lG10A9VTKScLQI+VIaQ4g6606kBJ4zuVbDYW8Kk=";
+  version = "0-unstable-2024-10-30";
   branch = "staging";
 }