Skip to content

(Update: Swift) (deps): Bump the security-updates group with 4 updates#89

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/swift/security-updates-032099bc1c
Open

(Update: Swift) (deps): Bump the security-updates group with 4 updates#89
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/swift/security-updates-032099bc1c

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Dec 22, 2025
edited
Loading

Bumps the security-updates group with 4 updates: github.com/apple/swift-log, github.com/vapor/vapor, github.com/swift-server/async-http-client and github.com/soto-project/soto.

Updates github.com/apple/swift-log from 1.6.4 to 1.8.0

Release notes

Sourced from github.com/apple/swift-log's releases.

1.8.0

What's Changed

SemVer Minor

Other Changes

New Contributors

Full Changelog: apple/swift-log@1.7.1...1.8.0

1.7.1

What's Changed

SemVer Patch

Other Changes

Full Changelog: apple/swift-log@1.7.0...1.7.1

1.7.0

What's Changed

SemVer Minor

SemVer Patch

Other Changes

New Contributors

... (truncated)

Commits
  • bc386b9 [SLG-0002]: Compile-time log level elimination using traits (#391)
  • 6856e42 Adapt separate benchmark workflows from swift-nio (#396)
  • cdaa5ac Conform Logger.Level to CustomStringConvertible and `LosslessStringConver...
  • b1fa4ef Make InMemoryLogging available on all platforms (#394)
  • 63eaca6 Add Wasm builds to pull_request.yml (#371)
  • f3a82f1 Fix Android build error with @preconcurrency import Android (#393)
  • 6b380c9 Move pre-process proposal to the proposals folder (#392)
  • ca53814 Add an InMemoryLogHandler (#390)
  • 3612813 Introduce proposals process to SwiftLog (#388)
  • 95a70b9 Logging instructions and allocations benchmarks (#386)
  • Additional commits viewable in compare view

Updates github.com/vapor/vapor from 4.119.0 to 4.120.0

Release notes

Sourced from github.com/vapor/vapor's releases.

4.119.2 - Fix parallel build failures on platforms with Glibc

What's Changed

Fix parallel build failures on platforms with Glibc by @​simonjbeaumont in #3393

Motivation

Since adding MemberImportVisibility, when Vapor is compiled in highly parallel environments it fails with high probability:

% git rev-parse HEAD
ac3aeb7730b63f4f54248603c38137b551b465c7
% rm -rf .build ~/.cache/org.swift.swiftpm/manifests/ && swift build -j 64
...
Building for debugging...
/pwd/Sources/Vapor/Utilities/String+IsIPAddress.swift:10:24: error: initializer 'init()' is not available due to missing import of defining module 'CNIOLinux' [#Membe
rImportVisibility]
1 | import Foundation
2 | import NIOCore
3 | #if canImport(Android)
| - note: add import of module 'CNIOLinux' 4 | import Android 5 | #endif : 8 |     func isIPAddress() -> Bool { 9 |         // We need some scratch space to let inet_pton write into. 10 |         var ipv4Addr = in_addr() |                        - error: initializer 'init()' is not available due to missing import of defining module 'CNIOLinux' [#MemberImportVisibility]
11 |         var ipv6Addr = in6_addr()
12 |
---[ similar error for in6_addr t…

This patch was released by @​0xTim

Full Changelog: vapor/vapor@4.119.1...4.119.2

4.119.1 - Fix a couple of import issues

What's Changed

Fix a couple of import issues by @​0xTim in #3390

Fixes a couple of import issues seen recently:

  • Sendable error with TOTP types on old macOS SDKs - CryptoKit types have Sendable annotations from Xcode 16.3 (Swift 6.1). If trying to compile on older versions of Xcode, which we support you get an error in Swift 6 mode
  • Some UBI9 based images complain about a missing import for CNIOLinux

... (truncated)

Commits

Updates github.com/swift-server/async-http-client from 1.29.0 to 1.30.2

Release notes

Sourced from github.com/swift-server/async-http-client's releases.

1.30.2

What's Changed

SemVer Patch

Full Changelog: swift-server/async-http-client@1.30.1...1.30.2

1.30.1

What's Changed

SemVer Patch

Other Changes

Full Changelog: swift-server/async-http-client@1.30.0...1.30.1

Async HTTP Client 1.30.0

What's Changed

SemVer Minor

Other Changes

Full Changelog: swift-server/async-http-client@1.29.1...1.30.0

AsyncHTTP Client 1.29.1

What's Changed

SemVer Patch

Other Changes

Full Changelog: swift-server/async-http-client@1.29.0...1.29.1

Commits
  • 5dd84c7 Remove CollectEverythingLogHandler implementation in favour of InMemoryLogHan...
  • c464bf9 Don't hold a lock over a continuation in test helpers (#872)
  • 3c45dbd Fix Connection Creation Crash (#873)
  • ce04df0 Don't hold a lock over a continuation in Transaction (#871)
  • b2faff9 Drop Swift 5.10 (#870)
  • b2ae845 Add explicit read permissions to workflows (#867)
  • efb14fe Resolve SendableMetatype issues (#865)
  • 0ce87cb Avoid delays when inserting HTTP/2 handlers. (#864)
  • 353bbc8 [Tracing] Implement trace header context propagation (#862)
  • c2a3a2c [Tracing] Default tracer to global bootstrapped tracer (#861)
  • See full diff in compare view

Updates github.com/soto-project/soto from 6.8.0 to 7.12.0

Release notes

Sourced from github.com/soto-project/soto's releases.

v7.12.0

Using Soto-core v7.10.0 SDK files generated by soto-codegenerator v7.8.3

v7.11.0

Using Soto-core v7.10.0 SDK files generated by soto-codegenerator v7.8.2

v7.10.0

Using soto-core v7.9.0

Minor release changes

  • Soto requires Swift 6.0

Other changes

  • Update tests to compile in swift 6 mode

v7.9.0

Minor release updates

  • Updated service files
    • New service include BedrockAgentCore, BedrockAgentCoreControl, S3Vectors

v7.8.0

Using soto-core v7.8.0

Patch release changes

  • Push attribute to stack for custom dynamodb date decoding. #775

Other changes

  • Build service files from model files found in api-models-aws.git. #771
  • Remove models folder from Soto, replace with file containing commit hash of models that built the current service files. #771

v7.7.0

Using soto-core v7.7.1 Using AWS models from aws-sdk-go-v2 release-2025-05-23

Minor release changes

v7.6.1

Actually use soto-core 7.6.0

v7.6.0

Using soto-core v7.6.0 Using AWS models from aws-sdk-go-v2 release-2025-04-14

Minor release changes

  • Add error code to error type map for extended error information. #763

v7.5.0

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
(Update: Swift) (deps): Bump the security-updates group with 4 updates
a4d9026 
Bumps the security-updates group with 4 updates: [github.com/apple/swift-log](https://github.com/apple/swift-log), [github.com/vapor/vapor](https://github.com/vapor/vapor), [github.com/swift-server/async-http-client](https://github.com/swift-server/async-http-client) and [github.com/soto-project/soto](https://github.com/soto-project/soto).


Updates `github.com/apple/swift-log` from 1.6.4 to 1.8.0
- [Release notes](https://github.com/apple/swift-log/releases)
- [Commits](apple/swift-log@1.6.4...1.8.0)

Updates `github.com/vapor/vapor` from 4.119.0 to 4.120.0
- [Release notes](https://github.com/vapor/vapor/releases)
- [Commits](vapor/vapor@4.119.0...4.120.0)

Updates `github.com/swift-server/async-http-client` from 1.29.0 to 1.30.2
- [Release notes](https://github.com/swift-server/async-http-client/releases)
- [Commits](swift-server/async-http-client@1.29.0...1.30.2)

Updates `github.com/soto-project/soto` from 6.8.0 to 7.12.0
- [Release notes](https://github.com/soto-project/soto/releases)
- [Commits](soto-project/soto@6.8.0...7.12.0)

---
updated-dependencies:
- dependency-name: github.com/apple/swift-log
  dependency-version: 1.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security-updates
- dependency-name: github.com/vapor/vapor
  dependency-version: 4.120.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security-updates
- dependency-name: github.com/swift-server/async-http-client
  dependency-version: 1.30.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: security-updates
- dependency-name: github.com/soto-project/soto
  dependency-version: 7.12.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: security-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Dec 22, 2025

Labels

The following labels could not be found: swift. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@KrisSimon KrisSimon

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@KrisSimon