nix-env selectors are now regular expressions. For instance, you can do $ nix-env -qa '.*zip.*' to query all packages with a name containing zip. Derivations can specify the new special attribute allowedRequisites, which has a similar meaning to allowedReferences. But instead of only enforcing to explicitly specify the immediate references, it requires the derivation to specify all the dependencies recursively (hence the name, requisites) that are used by the resulting output.