🏹 Bow is a cross-platform library for Typed Functional Programming in Swift

Bow

Last update: Dec 20, 2022

Overview

Bow is a cross-platform library for Typed Functional Programming in Swift.

Documentation

All documentation and API reference is published in our website. Some links to key aspects of the library:

Modules

Bow is split into multiple modules that can be consumed independently. These modules are:

Bow: core library. Contains Higher Kinded Types emulation, function manipulation utilities, Typeclasses, Data Types, Monad Transformers, and instances for primitive types.
BowOptics: module to work with different optics.
BowRecursionSchemes: module to work with recursion schemes.
BowFree: module to work with Free Monads.
BowGeneric: module to work with generic data types.
BowEffects: module to work with effects.
BowRx: module to provide an integration with RxSwift.

There are also some modules for testing:

BowLaws: laws for type classes in the core module.
BowOpticsLaws: laws for optics.
BowEffectsLaws: laws for effects.
BowGenerators: generators for Property-based Testing for data types in the core module.
BowFreeGenerators: generators for Property-based Testing for data types in BowFree.
BowEffectsGenerators: generators for Property-based Testing for data types in BowEffects.
BowRxGenerators: generators for Property-based Testing for data types in BowRx.

Bow is available using Swift Package Manager, CocoaPods, and Carthage.

Swift Package Manager

Starting on Xcode 11, you can use the integration in the IDE with Swift Package manager to bring the dependencies into your project. You only need the repository URL: https://github.com/bow-swift/bow.git. For earlier versions of Xcode, create a Package.swift file similar to the next one and use the dependencies at your convenience.

// swift-tools-version:5.0

import PackageDescription

let package = Package(
    name: "BowTestProject",
    dependencies: [
        .package(url: "https://github.com/bow-swift/bow.git", from: "{version}")
    ],
    targets: [
        .target(name: "BowTestProject",
                dependencies: [
                    "Bow",
                    "BowOptics",
                    "BowRecursionSchemes",
                    "BowFree",
                    "BowGeneric",
                    "BowEffects",
                    "BowRx"]),
        .testTarget(name: "BowTestProjectTests",
                    dependencies: [
                        // Type class laws
                        "BowLaws",
                        "BowOpticsLaws",
                        "BowEffectsLaws",

                        // Generators for PBT with SwiftCheck
                        "BowGenerators",
                        "BowFreeGenerators",
                        "BowEffectsGenerators",
                        "BowRxGenerators"])
    ]
)

To build it, just run:

$ swift build

CocoaPods

You can consume each Bow module as a separate pod. You can add these lines to your Podfile at your convenience:

pod "Bow",                 "~> {version}"
pod "BowOptics",           "~> {version}"
pod "BowRecursionSchemes", "~> {version}"
pod "BowFree",             "~> {version}"
pod "BowGeneric",          "~> {version}"
pod "BowEffects",          "~> {version}"
pod "BowRx",               "~> {version}"

Testing laws:

pod "BowLaws",        "~> {version}"
pod "BowOpticsLaws",  "~> {version}"
pod "BowEffectsLaws", "~> {version}"

Generators for property-based testing with SwiftCheck:

pod "BowGenerators",              "~> {version}"
pod "BowFreeGenerators",          "~> {version}"
pod "BowEffectsGenerators",       "~> {version}"
pod "BowRxGenerators",            "~> {version}"

Carthage

Carthage will download the whole Bow project, but it will compile individual frameworks for each module that you can use separately. Add this line to your Cartfile:

github "bow-swift/Bow" ~> {version}

Contributing

If you want to contribute to this library, you can check the Issues to see some of the pending tasks.

How to run the project

Open Bow.xcodeproj in Xcode 11 (or newer) and you are ready to go. Bow uses the Swift Package Manager to handle its dependencies.

How to run the documentation project

Go to the root directory.
Run nef compile --project Documentation.app to get all dependencies.
Open Documentation.app and run the project.

For further information, refer to our Contribution guidelines.

How to create a new release

You can create a new release by running bundle exec fastlane release version_number:. For example, bundle exec fastlane ios release version_number: "0.8.0".

The following steps would be run:

Update the version in *.podspec files.
Create a tag with message added in the CHANGELOG file.
Deploy podspec files and make them publicly available.

License

Copyright (C) 2018-2020 The Bow Authors

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Comments

Fix Carthage from Bow v0.6.0
Description

If you create a Carfile and try to add Bow dependency, you will alert Carthage cannot resolve the dependencies. It is between other things because it is trying to resolve Documentation targets and it needs to set up some schemes.

Potential implementation

Fix main project schemes to help to Carthage to resolve the Bow dependencies properly.

Remove Documentation targets and check CI continues working.

How Carthage works?

In a general way, Carthage goes to the repository and does the next steps:

It finds the internal Cartfile and resolves its dependencies.

In the project (xcodeproj), It finds the whole schemes set as shared and tries to build them.

An example of how Carthage goes to find wich schemes should compile
opened by miguelangel-dev 12
Docs Bow version selector

This PR closes #315

This changes enables versioning of the docs for users to be able to retrieve the correct docs for the version they are using.

We will keep all the versions, but buttons will show just PREVIOUS, STABLE and NEXT . Clicking in documentation in the nav bar will show all the versions, we have got the same in the docs sidebar.

We need to discuss about previous and next releases since in this moment there is just a Bow version deployed and some changes would be neccessary in every version deployed for every new version release.
website

opened by AntonioMateoGomez 10
Naming changes: Kind and fix()
This PR changes naming to align with the conventions in Arrow, addressing part of issue #17. The main changes that have been done are:

HK has been renamed to Kind. Similarly, HKn to Kindn, for n = 2..5

Witnesses ended in F have been renamed to start with For-; e.g. MaybeF is now ForMaybe.

Static methods and extension methods named ev before are now fix.

Data classes ending in KW now end in K.

Aliases for higher kinds have been introduced; e.g. Kind<ForMaybe, A> is MaybeOf<A>.
opened by truizlop 9
Nef integration
Goal

Automate documentation verification and deployment.

Add initial pages for documentation.

Implementation details

nef has been used to compile docs written in Swift Playground format. A Swift project has been added to contents/Documentation with initial playgrounds for each page. Also, a main page has been added. Contents for this pages has been extracted from the README or the Bow release article.

The landing page for the site has been modified to include a link to this docs, as can be seen in this screenshot:

Travis

For the Travis configuration to work, Homebrew installable dependencies have been set as part of the gobal configuration, which we've found to be the best approach regarding this.

documentation
opened by truizlop 7
Confusion about Maybe and Option

My iOS friends are about to try Bow but we are a little bit confused about naming of Option/Maybe. Arrow for Kotlin is using Option, Bow is using Maybeand name Option is used for nullable types T? Maybeis also in conflict with RxSwift's Maybe.

What are the reasons for using Maybeinstead of Optionin Bow?

Thanks for any hint!

opened by xsveda 7
["Request"] Monad, Applicative and Functor instances for Trampoline

Description

Trampoline already has a flatMap function. By giving the class instances for Monad, Applicative and Functor we gain all the helper functions and combinators that come with this typeclasses.

I believe this has the potential to make tailRecM implementations easier to understand, by allowing us to build smaller Trampolines. For example we will be able to cosntruct two or more Trampolines and combine them with Applicatives' map.

Modules

Bow

Breaking changes

I believe none.

opened by ferranpujolcamins 6
Make travis build all four targets to make sure no file is missing

The previous Travis configuration was building only the main target (for iOS). With the new configuration, Travis will build additionally the targets for macOS, watchOS and tvOS, making sure all files are included in all targets and preventing issues like #38.

opened by truizlop 6
Permalinks trailing slash additions

Goal

I'm not sure if this is the way to proceed, or that information is being read from another place through nef, but when writing permalinks for Jekyll is better to always write them ending at / slash. That way the files/path generated in the end could be navigated through bow-swift.io/docs and bow-swift.io/docs/. Without it, a path not ending in a slash will give you a 404 😵

Do you think there could be more elsewhere? Thanks!
website

opened by calvellido 5
Operator issues
A few issues with how Bow uses operators:

All the custom operators introduced use the same precedence group that ships with Swift (AdditionPrecedence). This prevents them from playing nicely with one another. For example, a Kleisli chain with pure compositions requires parenthesizing when >>> should take precedence over >=>.

f >>> impureG >=> pureH >>> impureI >=> impureJ

Data defines infix operator >>=, but Swift already ships with >>= for bitwise shift assignment. Swift libraries tend to define >>- or >>>= instead as a result. In general, >>= seems less useful in Swift because you can define flatMap as an infix method, preserving readability where bind creates nesting.

Optics overloads + for composition. It might make more sense to use <<< or introduce a new operator. PureScript's profunctor package once defined .., though they use plain-ole <<< these days.
opened by stephencelis 5
"ap" is backwards?
Swift can define ap in a much more readable (left-to-right, non-nested) format that matches Haskell. By introducing a generic at function scope we can constrain F's A to be a function between generics:

-public func ap<B>(_ ff: F<(A) -> B>) -> F<B> +public func ap<A1, B>(_ fa: F<A1>) -> F<B> where A == (A1) -> B

And in practice:

Option.pure(add).ap(one).ap(two) // vs. the right-to-left, awkwardly nested: two.ap(one.ap(Option.pure(add)))

FWIW many functional libraries in Swift introduce the <*> operator, as another option. That could be an alternate consideration if the inconsistency with Arrow is an issue, though I assume Bow should be optimized for Swift syntax in general.
opened by stephencelis 5
BiFunctor.Lift and Either

This PR adds the function lift to BiFunctor and adds BiFunctor to Either

I must confess that I don't understand much about Arrow, high order kind/type. I was just talking with my friend about Arrow and Bow and we decided to create this PR.

Let me know if I need to do anything else, like conforming to some CLA, or change something in the code.

opened by pietrocaselani 5

Updates for 2022

Related issues

#665

Goal

Update the project for 2022.

Implementation details

Update RxSwift 5 to 6
Target Swift 5.6
Remove xcodeproj, use Package.swift
Remove obsolete Support Files
Remove test plan, use swift test
Remove CocoaPods support, use SPM
Remove Carthage support, use SPM

Testing details

I use swift test instead of a test plan.

Notes

Formatting

I want to format the entire code base using some formatter after we're done here, but that should be a last step before everything else is discussed and approved. Ideally, I want the indentation to be 2 spaces, instead of 4, and target 80 columns instead of 120+ as it is right now.

Documentation and Nef

I'm having trouble building/updating the documentation using Nef.

Nef is very obscure, and the documentation is hard for me to understand. It seems almost like Nef itself only exists because of Bow. Who uses Nef anywhere else?
I wanted to add a SPM plugin to build documentation without explicitly installing Nef using Homebrew or some other way. But I can't add Nef as a "dev dependency" to Bow, because Nef itself depends on Bow, it's a circular dependency.
When I try to generate the documentation using Nef, it just hangs. I can't figure out what it's trying to do, because there's no logs.

~/C/bow ❯❯❯ nef compile --project Documentation.app
Getting playgrounds in MacOS ✓
Getting pages in playground Quick start ✓
	• Processing page Getting started ✓
	• Processing page Modules ✓
	• Processing page Resources ✓
Getting pages in playground FP concepts ✓
	• Processing page Glossary ✓
	• Processing page Functions vs Procedures ✓
	• Processing page Higher Kinded Types ✓
	• Processing page Type classes ✓
	• Processing page Data types ✓
	• Processing page Rank-N polymorphism ✓
Getting pages in playground Composition ✓
	• Processing page Composition Overview ✓
	• Processing page Composing functions ✓
	• Processing page Combining values of the same type ✓
	• Processing page Transforming data ✓
	• Processing page Lifting values to an effect ✓
	• Processing page Combining independent computations ✓
	• Processing page Sequencing dependent computations ✓
	• Processing page Transforming multiple effects ✓
Getting pages in playground Dependency management ✓
	• Processing page Dependency management Overview ✓
	• Processing page Partial application ✓
	• Processing page Constructor-based dependency injection ✓
	• Processing page Reader ✓
	• Processing page Side-effectful dependency management ✓
Getting pages in playground Patterns ✓
	• Processing page Error handling ✓
	• Processing page Monad comprehensions ✓
	• Processing page Tail recursion ✓
	• Processing page State-based computations ✓
	• Processing page Polymorphic programs ✓
Getting pages in playground Optics ✓
	• Processing page Optics Overview ✓
	• Processing page Writing your own optics ✓
	• Processing page Automatic derivation ✓
	• Processing page Composition ✓
Getting pages in playground Effects ✓
	• Processing page Effects Overview ✓
	• Processing page Suspending side effects ✓
	• Processing page Manipulating side effects ✓
	• Processing page Handling errors ✓
	• Processing page Concurrency ✓
	• Processing page Running side effects ✓
	• Processing page Retrying and repeating effects ✓
	• Processing page Handling resources ✓
	• Processing page Foundation extensions ✓
Getting pages in playground Testing ✓
	• Processing page Testing Overview ✓
	• Processing page Testing type class instances ✓
	• Processing page Testing side effectful code ✓
Getting pages in playground Integrations ✓
	• Processing page RxSwift streams ✓
Getting pages in playground Legal ✓
	• Processing page Credits ✓
	• Processing page License ✓
[hangs forever]

opened by denizdogan 0

Bump addressable from 2.7.0 to 2.8.1
Bumps addressable from 2.7.0 to 2.8.1.

Changelog

Sourced from addressable's changelog.

Addressable 2.8.1

refactor Addressable::URI.normalize_path to address linter offenses (#430)

remove redundant colon in Addressable::URI::CharacterClasses::AUTHORITY regex (#438)

update gemspec to reflect supported Ruby versions (#466, #464, #463)

compatibility w/ public_suffix 5.x (#466, #465, #460)

fixes "invalid byte sequence in UTF-8" exception when unencoding URLs containing non UTF-8 characters (#459)

Ractor compatibility (#449)

use the whole string instead of a single line for template match (#431)

force UTF-8 encoding only if needed (#341)

#460: sporkmonger/addressable#460 #463: sporkmonger/addressable#463 #464: sporkmonger/addressable#464 #465: sporkmonger/addressable#465 #466: sporkmonger/addressable#466

Addressable 2.8.0

fixes ReDoS vulnerability in Addressable::Template#match

no longer replaces + with spaces in queries for non-http(s) schemes

fixed encoding ipv6 literals

the :compacted flag for normalized_query now dedupes parameters

fix broken escape_component alias

dropping support for Ruby 2.0 and 2.1

adding Ruby 3.0 compatibility for development tasks

drop support for rack-mount and remove Addressable::Template#generate

performance improvements

switch CI/CD to GitHub Actions

Commits

8657465 Update version, gemspec, and CHANGELOG for 2.8.1 (#474)

4fc5bb6 CI: remove Ubuntu 18.04 job (#473)

860fede Force UTF-8 encoding only if needed (#341)

99810af Merge pull request #431 from ojab/ct-_do_not_parse_multiline_strings

7ce0f48 Merge branch 'main' into ct-_do_not_parse_multiline_strings

7ecf751 Merge pull request #449 from okeeblow/freeze_concatenated_strings

41f12dd Merge branch 'main' into freeze_concatenated_strings

068f673 Merge pull request #459 from jarthod/iso-encoding-problem

b4c9882 Merge branch 'main' into iso-encoding-problem

08d27e8 Merge pull request #471 from sporkmonger/sporkmonger-enable-codeql

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump addressable from 2.7.0 to 2.8.1 in /docs
Bumps addressable from 2.7.0 to 2.8.1.

Changelog

Sourced from addressable's changelog.

Addressable 2.8.1

refactor Addressable::URI.normalize_path to address linter offenses (#430)

remove redundant colon in Addressable::URI::CharacterClasses::AUTHORITY regex (#438)

update gemspec to reflect supported Ruby versions (#466, #464, #463)

compatibility w/ public_suffix 5.x (#466, #465, #460)

fixes "invalid byte sequence in UTF-8" exception when unencoding URLs containing non UTF-8 characters (#459)

Ractor compatibility (#449)

use the whole string instead of a single line for template match (#431)

force UTF-8 encoding only if needed (#341)

#460: sporkmonger/addressable#460 #463: sporkmonger/addressable#463 #464: sporkmonger/addressable#464 #465: sporkmonger/addressable#465 #466: sporkmonger/addressable#466

Addressable 2.8.0

fixes ReDoS vulnerability in Addressable::Template#match

no longer replaces + with spaces in queries for non-http(s) schemes

fixed encoding ipv6 literals

the :compacted flag for normalized_query now dedupes parameters

fix broken escape_component alias

dropping support for Ruby 2.0 and 2.1

adding Ruby 3.0 compatibility for development tasks

drop support for rack-mount and remove Addressable::Template#generate

performance improvements

switch CI/CD to GitHub Actions

Commits

8657465 Update version, gemspec, and CHANGELOG for 2.8.1 (#474)

4fc5bb6 CI: remove Ubuntu 18.04 job (#473)

860fede Force UTF-8 encoding only if needed (#341)

99810af Merge pull request #431 from ojab/ct-_do_not_parse_multiline_strings

7ce0f48 Merge branch 'main' into ct-_do_not_parse_multiline_strings

7ecf751 Merge pull request #449 from okeeblow/freeze_concatenated_strings

41f12dd Merge branch 'main' into freeze_concatenated_strings

068f673 Merge pull request #459 from jarthod/iso-encoding-problem

b4c9882 Merge branch 'main' into iso-encoding-problem

08d27e8 Merge pull request #471 from sporkmonger/sporkmonger-enable-codeql

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump tzinfo from 1.2.5 to 1.2.10
Bumps tzinfo from 1.2.5 to 1.2.10.

Release notes

Sourced from tzinfo's releases.

v1.2.10

Fixed a relative path traversal bug that could cause arbitrary files to be loaded with require when used with RubyDataSource. Please refer to https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx for details. CVE-2022-31163.

Ignore the SECURITY file from Arch Linux's tzdata package. #134.

TZInfo v1.2.10 on RubyGems.org

v1.2.9

Fixed an incorrect InvalidTimezoneIdentifier exception raised when loading a zoneinfo file that includes rules specifying an additional transition to the final defined offset (for example, Africa/Casablanca in version 2018e of the Time Zone Database). #123.

TZInfo v1.2.9 on RubyGems.org

v1.2.8

Added support for handling "slim" format zoneinfo files that are produced by default by zic version 2020b and later. The POSIX-style TZ string is now used calculate DST transition times after the final defined transition in the file. The 64-bit section is now always used regardless of whether Time has support for 64-bit times. #120.

Rubinius is no longer supported.

TZInfo v1.2.8 on RubyGems.org

v1.2.7

Fixed 'wrong number of arguments' errors when running on JRuby 9.0. #114.

Fixed warnings when running on Ruby 2.8. #112.

TZInfo v1.2.7 on RubyGems.org

v1.2.6

Timezone#strftime('%s', time) will now return the correct number of seconds since the epoch. #91.

Removed the unused TZInfo::RubyDataSource::REQUIRE_PATH constant.

Fixed "SecurityError: Insecure operation - require" exceptions when loading data with recent Ruby releases in safe mode.

Fixed warnings when running on Ruby 2.7. #106 and #111.

TZInfo v1.2.6 on RubyGems.org

Changelog

Sourced from tzinfo's changelog.

Version 1.2.10 - 19-Jul-2022

Fixed a relative path traversal bug that could cause arbitrary files to be loaded with require when used with RubyDataSource. Please refer to https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx for details. CVE-2022-31163.

Ignore the SECURITY file from Arch Linux's tzdata package. #134.

Version 1.2.9 - 16-Dec-2020

Fixed an incorrect InvalidTimezoneIdentifier exception raised when loading a zoneinfo file that includes rules specifying an additional transition to the final defined offset (for example, Africa/Casablanca in version 2018e of the Time Zone Database). #123.

Version 1.2.8 - 8-Nov-2020

Added support for handling "slim" format zoneinfo files that are produced by default by zic version 2020b and later. The POSIX-style TZ string is now used calculate DST transition times after the final defined transition in the file. The 64-bit section is now always used regardless of whether Time has support for 64-bit times. #120.

Rubinius is no longer supported.

Version 1.2.7 - 2-Apr-2020

Fixed 'wrong number of arguments' errors when running on JRuby 9.0. #114.

Fixed warnings when running on Ruby 2.8. #112.

Version 1.2.6 - 24-Dec-2019

Timezone#strftime('%s', time) will now return the correct number of seconds since the epoch. #91.

Removed the unused TZInfo::RubyDataSource::REQUIRE_PATH constant.

Fixed "SecurityError: Insecure operation - require" exceptions when loading data with recent Ruby releases in safe mode.

Fixed warnings when running on Ruby 2.7. #106 and #111.

Commits

0814dcd Fix the release date.

fd05e2a Preparing v1.2.10.

b98c32e Merge branch 'fix-directory-traversal-1.2' into 1.2

ac3ee68 Remove unnecessary escaping of + within regex character classes.

9d49bf9 Fix relative path loading tests.

394c381 Remove private_constant for consistency and compatibility.

5e9f990 Exclude Arch Linux's SECURITY file from the time zone index.

17fc9e1 Workaround for 'Permission denied - NUL' errors with JRuby on Windows.

6bd7a51 Update copyright years.

9905ca9 Fix directory traversal in Timezone.get when using Ruby data source

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Bump tzinfo from 1.2.5 to 1.2.10 in /docs
Bumps tzinfo from 1.2.5 to 1.2.10.

Release notes

Sourced from tzinfo's releases.

v1.2.10

Fixed a relative path traversal bug that could cause arbitrary files to be loaded with require when used with RubyDataSource. Please refer to https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx for details. CVE-2022-31163.

Ignore the SECURITY file from Arch Linux's tzdata package. #134.

TZInfo v1.2.10 on RubyGems.org

v1.2.9

Fixed an incorrect InvalidTimezoneIdentifier exception raised when loading a zoneinfo file that includes rules specifying an additional transition to the final defined offset (for example, Africa/Casablanca in version 2018e of the Time Zone Database). #123.

TZInfo v1.2.9 on RubyGems.org

v1.2.8

Added support for handling "slim" format zoneinfo files that are produced by default by zic version 2020b and later. The POSIX-style TZ string is now used calculate DST transition times after the final defined transition in the file. The 64-bit section is now always used regardless of whether Time has support for 64-bit times. #120.

Rubinius is no longer supported.

TZInfo v1.2.8 on RubyGems.org

v1.2.7

Fixed 'wrong number of arguments' errors when running on JRuby 9.0. #114.

Fixed warnings when running on Ruby 2.8. #112.

TZInfo v1.2.7 on RubyGems.org

v1.2.6

Timezone#strftime('%s', time) will now return the correct number of seconds since the epoch. #91.

Removed the unused TZInfo::RubyDataSource::REQUIRE_PATH constant.

Fixed "SecurityError: Insecure operation - require" exceptions when loading data with recent Ruby releases in safe mode.

Fixed warnings when running on Ruby 2.7. #106 and #111.

TZInfo v1.2.6 on RubyGems.org

Changelog

Sourced from tzinfo's changelog.

Version 1.2.10 - 19-Jul-2022

Fixed a relative path traversal bug that could cause arbitrary files to be loaded with require when used with RubyDataSource. Please refer to https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx for details. CVE-2022-31163.

Ignore the SECURITY file from Arch Linux's tzdata package. #134.

Version 1.2.9 - 16-Dec-2020

Fixed an incorrect InvalidTimezoneIdentifier exception raised when loading a zoneinfo file that includes rules specifying an additional transition to the final defined offset (for example, Africa/Casablanca in version 2018e of the Time Zone Database). #123.

Version 1.2.8 - 8-Nov-2020

Added support for handling "slim" format zoneinfo files that are produced by default by zic version 2020b and later. The POSIX-style TZ string is now used calculate DST transition times after the final defined transition in the file. The 64-bit section is now always used regardless of whether Time has support for 64-bit times. #120.

Rubinius is no longer supported.

Version 1.2.7 - 2-Apr-2020

Fixed 'wrong number of arguments' errors when running on JRuby 9.0. #114.

Fixed warnings when running on Ruby 2.8. #112.

Version 1.2.6 - 24-Dec-2019

Timezone#strftime('%s', time) will now return the correct number of seconds since the epoch. #91.

Removed the unused TZInfo::RubyDataSource::REQUIRE_PATH constant.

Fixed "SecurityError: Insecure operation - require" exceptions when loading data with recent Ruby releases in safe mode.

Fixed warnings when running on Ruby 2.7. #106 and #111.

Commits

0814dcd Fix the release date.

fd05e2a Preparing v1.2.10.

b98c32e Merge branch 'fix-directory-traversal-1.2' into 1.2

ac3ee68 Remove unnecessary escaping of + within regex character classes.

9d49bf9 Fix relative path loading tests.

394c381 Remove private_constant for consistency and compatibility.

5e9f990 Exclude Arch Linux's SECURITY file from the time zone index.

17fc9e1 Workaround for 'Permission denied - NUL' errors with JRuby on Windows.

6bd7a51 Update copyright years.

9905ca9 Fix directory traversal in Timezone.get when using Ruby data source

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
Project status

Hi!

I see that the repo hasn't really received a meaningful update for about 2 years now. Is this project abandoned or is it still planned on being maintained sometime in the future?

Continuing to push functional programming in Swift would be awesome! 🙌

Thanks!

opened by kee-oth 3

Releases(0.8.0)

0.8.0(May 4, 2020)
What's new

Swift 5.2 support: use KeyPaths as functions and callAsFunction with types like Kleisli.

Linux support.

Trampolining for stack safety.

Comonads, Comonads everywhere!

Source code(tar.gz)
Source code(zip)
0.7.0(Dec 16, 2019)
What's new

Retrial and repeat scheduling policies for effects (Read more)

New type classes in the Contravariant hierarchy, with instances, in the core module.

Source code(tar.gz)
Source code(zip)
0.6.0(Oct 2, 2019)
What's new

A new Effects module with a powerful data type IO. (Read more)

Enhanced integration with RxSwift. (Read more)

New syntax for Monad Comprehensions. (Read more)

Source code(tar.gz)
Source code(zip)
0.5.0(Jul 11, 2019)
What's new

Revamped optics module. (Read more)

More complete core module

Source code(tar.gz)
Source code(zip)
0.4.0(May 7, 2019)
What's new

New simulation for Higher Kinded Types. (Read more)

New encoding for type classes. (Read more)

Enhanced data types in the core module. (Read more)

Source code(tar.gz)
Source code(zip)

🏹 Bow is a cross-platform library for Typed Functional Programming in Swift

Related tags

Overview

Documentation

Modules

Swift Package Manager

CocoaPods

Carthage

Contributing

How to run the project

How to run the documentation project

How to create a new release

License

Comments

Description

Potential implementation

How Carthage works?

Goal

Implementation details

Travis

Description

Modules

Breaking changes

Goal

Related issues

Goal

Implementation details

Testing details

Notes

Formatting

Documentation and Nef

Addressable 2.8.1

Addressable 2.8.0

Addressable 2.8.1

Addressable 2.8.0

v1.2.10

v1.2.9

v1.2.8

v1.2.7

v1.2.6

Version 1.2.10 - 19-Jul-2022

Version 1.2.9 - 16-Dec-2020

Version 1.2.8 - 8-Nov-2020

Version 1.2.7 - 2-Apr-2020

Version 1.2.6 - 24-Dec-2019

v1.2.10

v1.2.9

v1.2.8

v1.2.7

v1.2.6

Version 1.2.10 - 19-Jul-2022

Version 1.2.9 - 16-Dec-2020

Version 1.2.8 - 8-Nov-2020

Version 1.2.7 - 2-Apr-2020

Version 1.2.6 - 24-Dec-2019

Releases(0.8.0)

0.8.0(May 4, 2020)

What's new

0.7.0(Dec 16, 2019)

What's new

0.6.0(Oct 2, 2019)

What's new

0.5.0(Jul 11, 2019)

What's new

0.4.0(May 7, 2019)

What's new

Owner

Bow

Swift µframework of simple functional programming tools

Functional programming in Swift

Functional programming in Swift

Functional JSON parsing library for Swift

Functional chaining and promises in Swift

Collection of must-have functional Swift tools

A functional utility belt implemented as Swift 2.0 protocol extensions.

Functional data types and functions for any project

Swift µframework with extensions for the Optional Type

Infix operators for monadic functions in Swift

A set of Swift extensions for standard types and classes.

🏹 Bow is a cross-platform library for Typed Functional Programming in Swift

How `Carthage` works?