(Update: Swift) (deps): Bump the security-updates group with 4 updates

[dependabot]

Bumps the security-updates group with 4 updates: github.com/apple/swift-log, github.com/vapor/vapor, github.com/swift-server/async-http-client and github.com/soto-project/soto.

Updates github.com/apple/swift-log from 1.6.4 to 1.8.0

Release notes

Sourced from github.com/apple/swift-log's releases.

1.8.0

What's Changed

SemVer Minor

• Conform Logger.Level to CustomStringConvertible and LosslessStringConvertible by @​fpseverino in apple/swift-log#395

Other Changes

• Adapt separate benchmark workflows from swift-nio by @​kukushechkin in apple/swift-log#396
• [SLG-0002]: Compile-time log level elimination using traits by @​kukushechkin in apple/swift-log#391

New Contributors

• @​fpseverino made their first contribution in apple/swift-log#395

Full Changelog: apple/swift-log@1.7.1...1.8.0

1.7.1

What's Changed

SemVer Patch

• Fix Android build error with @preconcurrency import Android by @​MaxDesiatov in apple/swift-log#393
• Make InMemoryLogging available on all platforms by @​hamzahrmalik in apple/swift-log#394

Other Changes

• Move pre-process proposal to the proposals folder by @​kukushechkin in apple/swift-log#392
• Add Wasm builds to pull_request.yml by @​MaxDesiatov in apple/swift-log#371

Full Changelog: apple/swift-log@1.7.0...1.7.1

1.7.0

What's Changed

SemVer Minor

• Add an InMemoryLogHandler by @​hamzahrmalik in apple/swift-log#390
• Drop Swift 5.9 and 5.10 support by @​kukushechkin in apple/swift-log#383

SemVer Patch

• Migrate from XCTest to Swift Testing by @​kukushechkin in apple/swift-log#382

Other Changes

• Enable release mode builds by @​josephnoir in apple/swift-log#368
• Update Logging.swift. Enhance file (fileID) param comment, it is miss… by @​lamtrinhdev in apple/swift-log#369
• chore: restrict GitHub workflow permissions - future-proof by @​incertum in apple/swift-log#379
• Enable Swift 6.2 jobs in CI by @​rnro in apple/swift-log#373
• documentation update and re-organization by @​heckj in apple/swift-log#381
• Add new best practices for structured logging and accepting loggers by @​FranzBusch in apple/swift-log#370
• Logging instructions and allocations benchmarks by @​kukushechkin in apple/swift-log#386
• Introduce proposals process to SwiftLog by @​kukushechkin in apple/swift-log#388

New Contributors

• @​josephnoir made their first contribution in apple/swift-log#368

... (truncated)

Commits

• bc386b9 [SLG-0002]: Compile-time log level elimination using traits (#391)
• 6856e42 Adapt separate benchmark workflows from swift-nio (#396)
• cdaa5ac Conform Logger.Level to CustomStringConvertible and `LosslessStringConver...
• b1fa4ef Make InMemoryLogging available on all platforms (#394)
• 63eaca6 Add Wasm builds to pull_request.yml (#371)
• f3a82f1 Fix Android build error with @preconcurrency import Android (#393)
• 6b380c9 Move pre-process proposal to the proposals folder (#392)
• ca53814 Add an InMemoryLogHandler (#390)
• 3612813 Introduce proposals process to SwiftLog (#388)
• 95a70b9 Logging instructions and allocations benchmarks (#386)
• Additional commits viewable in compare view

Updates github.com/vapor/vapor from 4.119.0 to 4.120.0

Release notes

Sourced from github.com/vapor/vapor's releases.

4.119.2 - Fix parallel build failures on platforms with Glibc

What's Changed

Fix parallel build failures on platforms with Glibc by @​simonjbeaumont in #3393

Motivation

Since adding MemberImportVisibility, when Vapor is compiled in highly parallel environments it fails with high probability:

% git rev-parse HEAD
ac3aeb7730b63f4f54248603c38137b551b465c7
% rm -rf .build ~/.cache/org.swift.swiftpm/manifests/ && swift build -j 64
...
Building for debugging...
/pwd/Sources/Vapor/Utilities/String+IsIPAddress.swift:10:24: error: initializer 'init()' is not available due to missing import of defining module 'CNIOLinux' [#Membe
rImportVisibility]
1 | import Foundation
2 | import NIOCore
3 | #if canImport(Android)
| - note: add import of module 'CNIOLinux' 4 | import Android 5 | #endif : 8 |     func isIPAddress() -> Bool { 9 |         // We need some scratch space to let inet_pton write into. 10 |         var ipv4Addr = in_addr() |                        - error: initializer 'init()' is not available due to missing import of defining module 'CNIOLinux' [#MemberImportVisibility]
11 |         var ipv6Addr = in6_addr()
12 |
---[ similar error for in6_addr t…

This patch was released by @​0xTim

Full Changelog: vapor/vapor@4.119.1...4.119.2

4.119.1 - Fix a couple of import issues

What's Changed

Fix a couple of import issues by @​0xTim in #3390

Fixes a couple of import issues seen recently:

• Sendable error with TOTP types on old macOS SDKs - CryptoKit types have Sendable annotations from Xcode 16.3 (Swift 6.1). If trying to compile on older versions of Xcode, which we support you get an error in Swift 6 mode
• Some UBI9 based images complain about a missing import for CNIOLinux

... (truncated)

Commits

• f7090db Fix compatibility with swift-log 1.8.0 and later (#3412)
• 8d47c18 Bump actions/checkout from 5 to 6 in the dependencies group (#3402)
• 6b7a70a Fix parallel build failures on platforms with Glibc (#3393)
• ac3aeb7 Fix a couple of import issues (#3390)
• See full diff in compare view

Updates github.com/swift-server/async-http-client from 1.29.0 to 1.30.2

Release notes

Sourced from github.com/swift-server/async-http-client's releases.

1.30.2

What's Changed

SemVer Patch

• Remove CollectEverythingLogHandler implementation in favour of InMemoryLogHandler from swift-log by @​hamzahrmalik in swift-server/async-http-client#874

Full Changelog: swift-server/async-http-client@1.30.1...1.30.2

1.30.1

What's Changed

SemVer Patch

• Don't hold a lock over a continuation in Transaction by @​glbrntt in swift-server/async-http-client#871
• Fix Connection Creation Crash by @​fabianfett in swift-server/async-http-client#873

Other Changes

• Don't hold a lock over a continuation in test helpers by @​glbrntt in swift-server/async-http-client#872

Full Changelog: swift-server/async-http-client@1.30.0...1.30.1

Async HTTP Client 1.30.0

What's Changed

SemVer Minor

• Drop Swift 5.10 by @​Lukasa in swift-server/async-http-client#870

Other Changes

• Add explicit read permissions to workflows by @​rnro in swift-server/async-http-client#867

Full Changelog: swift-server/async-http-client@1.29.1...1.30.0

AsyncHTTP Client 1.29.1

What's Changed

SemVer Patch

• [Tracing] Default tracer to global bootstrapped tracer by @​ktoso in swift-server/async-http-client#861
• [Tracing] Implement trace header context propagation by @​ktoso in swift-server/async-http-client#862
• Avoid delays when inserting HTTP/2 handlers. by @​Lukasa in swift-server/async-http-client#864

Other Changes

• Resolve SendableMetatype issues by @​Lukasa in swift-server/async-http-client#865

Full Changelog: swift-server/async-http-client@1.29.0...1.29.1

Commits

• 5dd84c7 Remove CollectEverythingLogHandler implementation in favour of InMemoryLogHan...
• c464bf9 Don't hold a lock over a continuation in test helpers (#872)
• 3c45dbd Fix Connection Creation Crash (#873)
• ce04df0 Don't hold a lock over a continuation in Transaction (#871)
• b2faff9 Drop Swift 5.10 (#870)
• b2ae845 Add explicit read permissions to workflows (#867)
• efb14fe Resolve SendableMetatype issues (#865)
• 0ce87cb Avoid delays when inserting HTTP/2 handlers. (#864)
• 353bbc8 [Tracing] Implement trace header context propagation (#862)
• c2a3a2c [Tracing] Default tracer to global bootstrapped tracer (#861)
• See full diff in compare view

Updates github.com/soto-project/soto from 6.8.0 to 7.12.0

Release notes

Sourced from github.com/soto-project/soto's releases.

v7.12.0

Using Soto-core v7.10.0 SDK files generated by soto-codegenerator v7.8.3

v7.11.0

Using Soto-core v7.10.0 SDK files generated by soto-codegenerator v7.8.2

v7.10.0

Using soto-core v7.9.0

Minor release changes

• Soto requires Swift 6.0

Other changes

• Update tests to compile in swift 6 mode

v7.9.0

Minor release updates

• Updated service files
  • New service include BedrockAgentCore, BedrockAgentCoreControl, S3Vectors

v7.8.0

Using soto-core v7.8.0

Patch release changes

• Push attribute to stack for custom dynamodb date decoding. #775

Other changes

• Build service files from model files found in api-models-aws.git. #771
• Remove models folder from Soto, replace with file containing commit hash of models that built the current service files. #771

v7.7.0

Using soto-core v7.7.1 Using AWS models from aws-sdk-go-v2 release-2025-05-23

Minor release changes

• Add Android support. #767 from @​gevartosky

v7.6.1

Actually use soto-core 7.6.0

v7.6.0

Using soto-core v7.6.0 Using AWS models from aws-sdk-go-v2 release-2025-04-14

Minor release changes

• Add error code to error type map for extended error information. #763

v7.5.0

... (truncated)

Commits

• e675598 Update models from api-models-aws.git} (#783)
• 3548aac Update models from api-models-aws.git} (#780)
• b672cea Use soto-core 7.10.0
• bdfcc97 Update models from api-models-aws.git (#778)
• 794b42e Update for swift 6.2 (#779)
• 051706f Update models from api-models-aws.git} (#776)
• e0e8e0e Update Package.mustache to use Soto-core v7.8.0
• 355462f Use soto-core v7.8.0
• 1f7fd0f Update models from api-models-aws.git} (#774)
• f4da90b Remove unused models
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: swift. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.