Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump vapor from 4.67.4 to 4.77.2 #1

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump vapor from 4.67.4 to 4.77.2 #1

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jul 25, 2023

Bumps vapor from 4.67.4 to 4.77.2.

Release notes

Sourced from vapor's releases.

4.77.2 - Update dependencies with known CVEs to the latest versions

This patch was released by @​0xTim.

What's Changed

Update dependencies with known CVEs to the latest versions by @​0xTim in #3038

Async HTTP Client and SwiftNIO and SwiftNIO extras have CVEs that have been patched. We still depend on versions that are vulnerable, so this updates that.

Full Changelog: vapor/vapor@4.77.1...4.77.2

Improve error reporting for EncodingError and DecodingError

This patch was authored by @​grahamburgsma and released by @​0xTim.

As EncodingError and DecodingError both conform to LocalizedError, error reporting uses their localizedDescription which is just a generic error message.

So this changes the error reporting from:

The operation could not be completed. The data isn’t in the correct format.

To a description much more useful (for example):

invalidValue(inf, Swift.EncodingError.Context(codingPath: [...], debugDescription: "Unable to encode Double.inf directly in JSON.", underlyingError: nil))

Add ContentContainer.decode(_:as:)

This patch was authored by @​MahdiBM and released by @​0xTim.

Adds ContentContainer.decode(_:as:) to compliment ContentContainer.encode(_:as:) to make it easy to override the Content-Type if calling an API or decoding a request that returns erroneous headers for the body type.

Fixed drain handler call order in case of asynchronous buffer handling

This patch was authored by @​salpieiev and released by @​0xTim.

During request body drain each chunk of data may be handled asynchronously. This may lead to a call of handler with .end parameter before previous call with .buffer(buffer) finished it's execution.

For example:

  1. Open new file descriptor
  2. During .collected stage write ByteBuffer on disc using this file descriptor
  3. During .end stage close file descriptor

This fix ensures that file descriptor won't be closed until disc write completes

Don't use UnsafeRawBufferPointer.withMemoryRebound(to:_:) before Swift 5.7.2

This patch was authored and released by @​gwynne.

This API did not exist yet in Swift 5.7.0. It will now only be called in 5.7.2 or later.

(This being said, those still using Xcode 14.0.x - the only known affected version - should upgrade to 14.2 (if still running Monterey) or 14.3 (if running Ventura).)

Fix Range: bytes=0-0 header not working properly

This patch was authored by @​ptoffy and released by @​0xTim.

... (truncated)

Commits
  • e98077d Update dependencies with known CVEs to the latest versions (#3038)
  • b7c1f9c Create CODEOWNERS
  • 1baf623 Improve error reporting for EncodingError and DecodingError (#2981)
  • 38cb397 Fix incorrect use of non-localhost connection in test
  • 65877a5 Update README with new Sponsor (#3025)
  • 9a340de Add ContentContainer.decode(_:as:) (#3023)
  • f0aed18 Fixed drain handler call order in case of asynchronous buffer handling (#3009)
  • 3b34bc4 Update README with new Sponsor (#3024)
  • e181d2d Update README with new Sponsor (#3020)
  • 8b79ff0 Don't use UnsafeRawBufferPointer.withMemoryRebound(to:_:) before Swift 5.7.2 ...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump vapor from 4.67.4 to 4.77.2
deac113 
Bumps [vapor](https://github.com/vapor/vapor) from 4.67.4 to 4.77.2.
- [Release notes](https://github.com/vapor/vapor/releases)
- [Commits](vapor/vapor@4.67.4...4.77.2)

---
updated-dependencies:
- dependency-name: vapor
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jul 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants