Swift client for Unsplash

Overview

UnsplashKit: Unsplash API Client in Swift

Build Status CocoaPods Compatible codecov

Unsplash API client written in Swift.

Unsplash offers 2 APIs:

JSON API is in progress and will be available soon in this library.

Requirements

  • iOS 8.0+ / Mac OS X 10.9+ / tvOS 9.0+ / watchOS 2.0+
  • Xcode 8.0+

Installation

You can use CocoaPods to integrate the library with your project.

pod "UnsplashKit/API" # Official API
pod "UnsplashKit/Source" # Source API

Usage

import UnsplashKit

Official API

First thing you need is an instance of the client for executing requests and parsing responses from the API:

var token = "xxxx"
var client = UnsplashClient { request -> [String: String] in
    return [ "Authorization": "Bearer \(token)"]
}

Since the client supports providing headers for the requests, we'll use that closure to specify the authenticationt tokent that we want to pass in. UnsplashKit doesn't provide the OAuth2 authentication components, but you can use Paparajote instead.

Resources

Once the client is created you can use models' resources that contain the information about the request and about how to parse the JSON response into models whose properties you can access directly to. Here's an example:

let searchPhotos = Search.photos(query: "mountain")
client.execute(resource: searchPhotos) { (result) in
  print(result)
}

The models that contain resources are, User, Photo, Search, Collection. These resources match the endpoints available from the API. If there's any new endpoint which is not supported, you can either create an issue, open a PR or contact [email protected]

Source API

Source API allows you to get an Unsplash image in different ways.

Results

All the calls return the image through a completion block that returns a Result<Image, Error>.

call() { result in
  switch result {
    case .success(let image): //handle image
    case .failure(let error): //handle error
  }
}

You can also ignore the error and get only the result using

call() { result in
  let image = result.value
}

Random photo

UnsplashSource().randomPhoto() { result in
  // handle the result
}

Random from a category

UnsplashSource().randomPhoto(fromCategory: .nature) { result in
    // handle the result
}

Unsplash offers a list of predefined categories. You can ask for a photo from any of these categories.

.buildings
.food
.nature
.people
.technology
.objects

Random from a specific user

UnsplashSource().randomPhoto(fromUser: "carambalabs") { result in
    // handle the result
}

Random from a user's likes

UnsplashSource().randomPhoto(fromUserLikes: "mkwlsn") { result in
    // handle the image
}

Random from a collection

UnsplashSource().randomPhoto(fromCollection: "176316") { result in
    // handle the result
}

Random search term

UnsplashSource().randomPhoto(fromSearch: ["nature", "water"]) { result in
    // handle the result
}

Specific photo

UnsplashSource().photo("WLUHO9A_xik") { result in
    // handle the result
}

Specific image size

If you want to get an image of a specific size you can use the optional size parameter in any call.

UnsplashSource().randomPhoto(fromCategory: .nature, size: CGSize(width: 600, height: 200)) { result in
    // handle the result
}

Fixed daily/weekly photo

The calls random, search, category and user can also be limited to only updating once per day or week. To do so, simply use the optional filter parameter.

UnsplashSource().randomPhoto(filter: .daily) { result in
    // handle the result
}

About

This project is funded and maintained by Caramba. We 💛 open source software!

Check out our other open source projects, read our blog or say 👋 on twitter @carambalabs.

Contribute

Contributions are welcome 🤘 We encourage developers like you to help us improve the projects we've shared with the community. Please see the Contributing Guide and the Code of Conduct.

License

UnsplashKit is available under the MIT license. See the LICENSE file for more info.

Comments
  • Unable to compile project

    Unable to compile project

    What

    I get the following compile errors on file Source+Calls.swift Cannot convert value of type '(Result<UnsplashImage, NSError>) -> Void' to expected argument type '(Result<(UnsplashImage, URLResponse), NSError>) -> ()'

    Context

    I create new project [(https://github.com/megimix/UnsplashWeatherApp)] and install your pod.

    difficulty:easy priority:high status:ready-development type:bug 
    opened by megimix 3
  • Readme + Swiftlint + Tests

    Readme + Swiftlint + Tests

    • [x] Update Readme to add documentation
    • [x] Update swift classes to remove Swiftlint warnings
    • [x] Add tests for UnsplashKit
    • [x] Add tests for UnsplashKit+Calls
    opened by sergigracia 3
  • Bump nokogiri from 1.8.1 to 1.13.4

    Bump nokogiri from 1.8.1 to 1.13.4

    Bumps nokogiri from 1.8.1 to 1.13.4.

    Release notes

    Sourced from nokogiri's releases.

    1.13.4 / 2022-04-11

    Security

    Dependencies

    • [CRuby] Vendored zlib is updated from 1.2.11 to 1.2.12. (See LICENSE-DEPENDENCIES.md for details on which packages redistribute this library.)
    • [JRuby] Vendored Xerces-J (xerces:xercesImpl) is updated from 2.12.0 to 2.12.2.
    • [JRuby] Vendored nekohtml (org.cyberneko.html) is updated from a fork of 1.9.21 to 1.9.22.noko2. This fork is now publicly developed at https://github.com/sparklemotion/nekohtml

    sha256sum:

    095ff1995ed3dda3ea98a5f08bdc54bef02be1ce4e7c81034c4812e5e7c6e7e3  nokogiri-1.13.4-aarch64-linux.gem
    7ebfc7415c819bcd4e849627e879cef2fb328bec90e802e50d74ccd13a60ec75  nokogiri-1.13.4-arm64-darwin.gem
    41efd87c121991de26ef0393ac713d687e539813c3b79e454a2e3ffeecd107ea  nokogiri-1.13.4-java.gem
    ab547504692ada0cec9d2e4e15afab659677c3f4c1ac3ea639bf5212b65246a1  nokogiri-1.13.4-x64-mingw-ucrt.gem
    fa5c64cfdb71642ed647428e4d0d75ee0f4d189cfb63560c66fd8bdf99eb146b  nokogiri-1.13.4-x64-mingw32.gem
    d6f07cbcbc28b75e8ac5d6e729ffba3602dffa0ad16ffac2322c9b4eb9b971fc  nokogiri-1.13.4-x86-linux.gem
    0f7a4fd13e25abe3f98663fef0d115d58fdeff62cf23fef12d368e42adad2ce6  nokogiri-1.13.4-x86-mingw32.gem
    3eef282f00ad360304fbcd5d72eb1710ff41138efda9513bb49eec832db5fa3e  nokogiri-1.13.4-x86_64-darwin.gem
    3978610354ec67b59c128d23259c87b18374ee1f61cb9ed99de7143a88e70204  nokogiri-1.13.4-x86_64-linux.gem
    0d46044eb39271e3360dae95ed6061ce17bc0028d475651dc48db393488c83bc  nokogiri-1.13.4.gem
    

    1.13.3 / 2022-02-21

    Fixed

    • [CRuby] Revert a HTML4 parser bug in libxml 2.9.13 (introduced in Nokogiri v1.13.2). The bug causes libxml2's HTML4 parser to fail to recover when encountering a bare < character in some contexts. This version of Nokogiri restores the earlier behavior, which is to recover from the parse error and treat the < as normal character data (which will be serialized as &lt; in a text node). The bug (and the fix) is only relevant when the RECOVER parse option is set, as it is by default. [#2461]

    SHA256 checksums:

    025a4e333f6f903072a919f5f75b03a8f70e4969dab4280375b73f9d8ff8d2c0  nokogiri-1.13.3-aarch64-linux.gem
    b9cb59c6a6da8cf4dbee5dbb569c7cc95a6741392e69053544e0f40b15ab9ad5  nokogiri-1.13.3-arm64-darwin.gem
    e55d18cee64c19d51d35ad80634e465dbcdd46ac4233cb42c1e410307244ebae  nokogiri-1.13.3-java.gem
    53e2d68116cd00a873406b8bdb90c78a6f10e00df7ddf917a639ac137719b67b  nokogiri-1.13.3-x64-mingw-ucrt.gem
    b5f39ebb662a1be7d1c61f8f0a2a683f1bb11690a6f00a99a1aa23a071f80145  nokogiri-1.13.3-x64-mingw32.gem
    7c0de5863aace4bbbc73c4766cf084d1f0b7a495591e46d1666200cede404432  nokogiri-1.13.3-x86-linux.gem
    </tr></table> 
    

    ... (truncated)

    Changelog

    Sourced from nokogiri's changelog.

    1.13.4 / 2022-04-11

    Security

    Dependencies

    • [CRuby] Vendored zlib is updated from 1.2.11 to 1.2.12. (See LICENSE-DEPENDENCIES.md for details on which packages redistribute this library.)
    • [JRuby] Vendored Xerces-J (xerces:xercesImpl) is updated from 2.12.0 to 2.12.2.
    • [JRuby] Vendored nekohtml (org.cyberneko.html) is updated from a fork of 1.9.21 to 1.9.22.noko2. This fork is now publicly developed at https://github.com/sparklemotion/nekohtml

    1.13.3 / 2022-02-21

    Fixed

    • [CRuby] Revert a HTML4 parser bug in libxml 2.9.13 (introduced in Nokogiri v1.13.2). The bug causes libxml2's HTML4 parser to fail to recover when encountering a bare < character in some contexts. This version of Nokogiri restores the earlier behavior, which is to recover from the parse error and treat the < as normal character data (which will be serialized as &lt; in a text node). The bug (and the fix) is only relevant when the RECOVER parse option is set, as it is by default. [#2461]

    1.13.2 / 2022-02-21

    Security

    • [CRuby] Vendored libxml2 is updated from 2.9.12 to 2.9.13. This update addresses CVE-2022-23308.
    • [CRuby] Vendored libxslt is updated from 1.1.34 to 1.1.35. This update addresses CVE-2021-30560.

    Please see GHSA-fq42-c5rg-92c2 for more information about these CVEs.

    Dependencies

    1.13.1 / 2022-01-13

    Fixed

    • Fix Nokogiri::XSLT.quote_params regression in v1.13.0 that raised an exception when non-string stylesheet parameters were passed. Non-string parameters (e.g., integers and symbols) are now explicitly supported and both keys and values will be stringified with #to_s. [#2418]
    • Fix CSS selector query regression in v1.13.0 that raised an Nokogiri::XML::XPath::SyntaxError when parsing XPath attributes mixed into the CSS query. Although this mash-up of XPath and CSS syntax previously worked unintentionally, it is now an officially supported feature and is documented as such. [#2419]

    1.13.0 / 2022-01-06

    ... (truncated)

    Commits
    • 4e2c4b2 version bump to v1.13.4
    • 6a20ee4 Merge pull request #2510 from sparklemotion/flavorjones-encoding-reader-perfo...
    • b848031 Merge pull request #2509 from sparklemotion/flavorjones-parse-processing-inst...
    • c0ecf3b test: pend the LIBXML_LOADED_VERSION test on freebsd
    • e444525 fix(perf): HTML4::EncodingReader detection
    • 1eb5580 style(rubocop): allow intentional use of empty initializer
    • 0feac5a fix(dep): HTML parsing of processing instructions
    • db72b90 test: recent nekohtml versions do not consider 'a' to be inline
    • 2af2a87 style(rubocop): allow intentional use of empty initializer
    • ba7a28c Merge pull request #2499 from sparklemotion/2441-xerces-2.12.2-backport-v1.13.x
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump nokogiri from 1.8.1 to 1.13.3

    Bump nokogiri from 1.8.1 to 1.13.3

    Bumps nokogiri from 1.8.1 to 1.13.3.

    Release notes

    Sourced from nokogiri's releases.

    1.13.3 / 2022-02-21

    Fixed

    • [CRuby] Revert a HTML4 parser bug in libxml 2.9.13 (introduced in Nokogiri v1.13.2). The bug causes libxml2's HTML4 parser to fail to recover when encountering a bare < character in some contexts. This version of Nokogiri restores the earlier behavior, which is to recover from the parse error and treat the < as normal character data (which will be serialized as &lt; in a text node). The bug (and the fix) is only relevant when the RECOVER parse option is set, as it is by default. [#2461]

    SHA256 checksums:

    025a4e333f6f903072a919f5f75b03a8f70e4969dab4280375b73f9d8ff8d2c0  nokogiri-1.13.3-aarch64-linux.gem
    b9cb59c6a6da8cf4dbee5dbb569c7cc95a6741392e69053544e0f40b15ab9ad5  nokogiri-1.13.3-arm64-darwin.gem
    e55d18cee64c19d51d35ad80634e465dbcdd46ac4233cb42c1e410307244ebae  nokogiri-1.13.3-java.gem
    53e2d68116cd00a873406b8bdb90c78a6f10e00df7ddf917a639ac137719b67b  nokogiri-1.13.3-x64-mingw-ucrt.gem
    b5f39ebb662a1be7d1c61f8f0a2a683f1bb11690a6f00a99a1aa23a071f80145  nokogiri-1.13.3-x64-mingw32.gem
    7c0de5863aace4bbbc73c4766cf084d1f0b7a495591e46d1666200cede404432  nokogiri-1.13.3-x86-linux.gem
    675cc3e7d7cca0d6790047a062cd3aa3eab59e3cb9b19374c34f98bade588c66  nokogiri-1.13.3-x86-mingw32.gem
    f445596a5a76941a9d1980747535ab50d3399d1b46c32989bc26b7dd988ee498  nokogiri-1.13.3-x86_64-darwin.gem
    3f6340661c2a283b337d227ea224f859623775b2f5c09a6bf197b786563958df  nokogiri-1.13.3-x86_64-linux.gem
    bf1b1bceff910abb0b7ad825535951101a0361b859c2ad1be155c010081ecbdc  nokogiri-1.13.3.gem
    

    1.13.2 / 2022-02-21

    Security

    • [CRuby] Vendored libxml2 is updated from 2.9.12 to 2.9.13. This update addresses CVE-2022-23308.
    • [CRuby] Vendored libxslt is updated from 1.1.34 to 1.1.35. This update addresses CVE-2021-30560.

    Please see GHSA-fq42-c5rg-92c2 for more information about these CVEs.

    Dependencies


    SHA256 checksums:

    63469a9bb56a21c62fbaea58d15f54f8f167ff6fde51c5c2262072f939926fdd  nokogiri-1.13.2-aarch64-linux.gem
    2986617f982f645c06f22515b721e6d2613dd69493e5c41ddd03c4830c3b3065  nokogiri-1.13.2-arm64-darwin.gem
    aca1d66206740b29d0d586b1d049116adcb31e6cdd7c4dd3a96eb77da215a0c4  nokogiri-1.13.2-java.gem
    b9e4eea1a200d9a927a5bc7d662c427e128779cba0098ea49ddbdb3ffc3ddaec  nokogiri-1.13.2-x64-mingw-ucrt.gem
    48d5493fec495867c5516a908a068c1387a1d17c5aeca6a1c98c089d9d9fdcf8  nokogiri-1.13.2-x64-mingw32.gem
    62034d7aaaa83fbfcb8876273cc5551489396841a66230d3200b67919ef76cf9  nokogiri-1.13.2-x86-linux.gem
    e07237b82394017c2bfec73c637317ee7dbfb56e92546151666abec551e46d1d  nokogiri-1.13.2-x86-mingw32.gem
    </tr></table> 
    

    ... (truncated)

    Changelog

    Sourced from nokogiri's changelog.

    1.13.3 / 2022-02-21

    Fixed

    • [CRuby] Revert a HTML4 parser bug in libxml 2.9.13 (introduced in Nokogiri v1.13.2). The bug causes libxml2's HTML4 parser to fail to recover when encountering a bare < character in some contexts. This version of Nokogiri restores the earlier behavior, which is to recover from the parse error and treat the < as normal character data (which will be serialized as &lt; in a text node). The bug (and the fix) is only relevant when the RECOVER parse option is set, as it is by default. [#2461]

    1.13.2 / 2022-02-21

    Security

    • [CRuby] Vendored libxml2 is updated from 2.9.12 to 2.9.13. This update addresses CVE-2022-23308.
    • [CRuby] Vendored libxslt is updated from 1.1.34 to 1.1.35. This update addresses CVE-2021-30560.

    Please see GHSA-fq42-c5rg-92c2 for more information about these CVEs.

    Dependencies

    1.13.1 / 2022-01-13

    Fixed

    • Fix Nokogiri::XSLT.quote_params regression in v1.13.0 that raised an exception when non-string stylesheet parameters were passed. Non-string parameters (e.g., integers and symbols) are now explicitly supported and both keys and values will be stringified with #to_s. [#2418]
    • Fix CSS selector query regression in v1.13.0 that raised an Nokogiri::XML::XPath::SyntaxError when parsing XPath attributes mixed into the CSS query. Although this mash-up of XPath and CSS syntax previously worked unintentionally, it is now an officially supported feature and is documented as such. [#2419]

    1.13.0 / 2022-01-06

    Notes

    Ruby

    This release introduces native gem support for Ruby 3.1. Please note that Windows users should use the x64-mingw-ucrt platform gem for Ruby 3.1, and x64-mingw32 for Ruby 2.6–3.0 (see RubyInstaller 3.1.0 release notes).

    This release ends support for:

    Faster, more reliable installation: Native Gem for ARM64 Linux

    This version of Nokogiri ships experimental native gem support for the aarch64-linux platform, which should support AWS Graviton and other ARM Linux platforms. We don't yet have CI running for this platform, and so we're interested in hearing back from y'all whether this is working, and what problems you're seeing. Please send us feedback here: Feedback: Have you used the aarch64-linux native gem?

    ... (truncated)

    Commits
    • 7d74ced version bump to v1.13.3
    • 5970fd9 fix: revert libxml2 regression with HTML4 recovery
    • 49b8663 version bump to v1.13.2
    • 4729133 Merge pull request #2457 from sparklemotion/flavorjones-libxml-2.9.13-v1.13.x
    • 379f757 dev(package): work around gnome mirrors with expired certs
    • 95cf66c dep: upgrade libxml2 2.9.12 → 2.9.13
    • d37dd02 dep: upgrade libxslt 1.1.34 → 1.1.35
    • 59a9398 dep: upgrade mini_portile 2.7 to 2.8
    • e885463 dev(package): handle either .tar.gz or .tar.xz archive names
    • 7957c7b style: rubocop
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump nokogiri from 1.8.1 to 1.12.5

    Bump nokogiri from 1.8.1 to 1.12.5

    Bumps nokogiri from 1.8.1 to 1.12.5.

    Release notes

    Sourced from nokogiri's releases.

    1.12.5 / 2021-09-27

    Security

    [JRuby] Address CVE-2021-41098 (GHSA-2rr5-8q37-2w7h).

    In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parsers resolve external entities (XXE) by default. This fix turns off entity-resolution-by-default in the JRuby SAX parsers to match the CRuby SAX parsers' behavior.

    CRuby users are not affected by this CVE.

    Fixed

    • [CRuby] Document#to_xhtml properly serializes self-closing tags in libxml > 2.9.10. A behavior change introduced in libxml 2.9.11 resulted in emitting start and and tags (e.g., <br></br>) instead of a self-closing tag (e.g., <br/>) in previous Nokogiri versions. [#2324]

    SHA256 checksums:

    36bfa3a07aced069b3f3c9b39d9fb62cb0728d284d02b079404cd55780beaeff  nokogiri-1.12.5-arm64-darwin.gem
    16b1a9ddbb70a9c998462912a5972097cbc79c3e01eb373906886ef8a469f589  nokogiri-1.12.5-java.gem
    218dcc6edd1b49cc6244b5f88afb978739bb2f3f166c271557fe5f51e4bc713c  nokogiri-1.12.5-x64-mingw32.gem
    e33bb919d64c16d931a5f26dc880969e587d225cfa97e6b56e790fb52179f527  nokogiri-1.12.5-x86-linux.gem
    e13c2ed011b8346fbd589e96fe3542d763158bc2c7ad0f4f55f6d801afd1d9ff  nokogiri-1.12.5-x86-mingw32.gem
    1ed64f7db7c1414b87fce28029f2a10128611d2037e0871ba298d00f9a00edd6  nokogiri-1.12.5-x86_64-darwin.gem
    0868c8d0a147904d4dedaaa05af5f06656f2d3c67e4432601718559bf69d6cea  nokogiri-1.12.5-x86_64-linux.gem
    2b20905942acc580697c8c496d0d1672ab617facb9d30d156b3c7676e67902ec  nokogiri-1.12.5.gem
    

    1.12.4 / 2021-08-29

    Notable fix: Namespace inheritance

    Namespace behavior when reparenting nodes has historically been poorly specified and the behavior diverged between CRuby and JRuby. As a result, making this behavior consistent in v1.12.0 introduced a breaking change.

    This patch release reverts the Builder behavior present in v1.12.0..v1.12.3 but keeps the Document behavior. This release also introduces a Document attribute to allow affected users to easily change this behavior for their legacy code without invasive changes.

    Compensating Feature in XML::Document

    This release of Nokogiri introduces a new Document boolean attribute, namespace_inheritance, which controls whether children should inherit a namespace when they are reparented. Nokogiri::XML:Document defaults this attribute to false meaning "do not inherit," thereby making explicit the behavior change introduced in v1.12.0.

    CRuby users who desire the pre-v1.12.0 behavior may set document.namespace_inheritance = true before reparenting nodes.

    See https://nokogiri.org/rdoc/Nokogiri/XML/Document.html#namespace_inheritance-instance_method for example usage.

    Fix for XML::Builder

    ... (truncated)

    Changelog

    Sourced from nokogiri's changelog.

    1.12.5 / 2021-09-27

    Security

    [JRuby] Address CVE-2021-41098 (GHSA-2rr5-8q37-2w7h).

    In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parsers resolve external entities (XXE) by default. This fix turns off entity-resolution-by-default in the JRuby SAX parsers to match the CRuby SAX parsers' behavior.

    CRuby users are not affected by this CVE.

    Fixed

    • [CRuby] Document#to_xhtml properly serializes self-closing tags in libxml > 2.9.10. A behavior change introduced in libxml 2.9.11 resulted in emitting start and and tags (e.g., <br></br>) instead of a self-closing tag (e.g., <br/>) in previous Nokogiri versions. [#2324]

    1.12.4 / 2021-08-29

    Notable fix: Namespace inheritance

    Namespace behavior when reparenting nodes has historically been poorly specified and the behavior diverged between CRuby and JRuby. As a result, making this behavior consistent in v1.12.0 introduced a breaking change.

    This patch release reverts the Builder behavior present in v1.12.0..v1.12.3 but keeps the Document behavior. This release also introduces a Document attribute to allow affected users to easily change this behavior for their legacy code without invasive changes.

    Compensating Feature in XML::Document

    This release of Nokogiri introduces a new Document boolean attribute, namespace_inheritance, which controls whether children should inherit a namespace when they are reparented. Nokogiri::XML:Document defaults this attribute to false meaning "do not inherit," thereby making explicit the behavior change introduced in v1.12.0.

    CRuby users who desire the pre-v1.12.0 behavior may set document.namespace_inheritance = true before reparenting nodes.

    See https://nokogiri.org/rdoc/Nokogiri/XML/Document.html#namespace_inheritance-instance_method for example usage.

    Fix for XML::Builder

    However, recognizing that we want Builder-created children to inherit namespaces, Builder now will set namespace_inheritance=true on the underlying document for both JRuby and CRuby. This means that, on CRuby, the pre-v1.12.0 behavior is restored.

    Users who want to turn this behavior off may pass a keyword argument to the Builder constructor like so:

    Nokogiri::XML::Builder.new(namespace_inheritance: false)
    

    See https://nokogiri.org/rdoc/Nokogiri/XML/Builder.html#label-Namespace+inheritance for example usage.

    Downstream gem maintainers

    Note that any downstream gems may want to specifically omit Nokogiri v1.12.0--v1.12.3 from their dependency specification if they rely on child namespace inheritance:

    ... (truncated)

    Commits
    • 47f6a46 version bump to v1.12.5
    • 2a0ac88 update CHANGELOG
    • 6b60637 Merge pull request #2329 from sparklemotion/flavorjones-GHSA-2rr5-8q37-2w7h_1...
    • 4bd943c fix(jruby): SAX parser uses an entity resolver
    • f943ee4 refactor(jruby): handle errors more consistently
    • 2790122 format: test files
    • 01e1618 Merge pull request #2327 from sparklemotion/2324-xhtml-self-closing-tags_v1.12.x
    • a0180c7 fix: HTML4::Document.to_xhtml self-closing tags
    • 564ac17 release v1.12.4
    • 4d5754b backport #2320
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump addressable from 2.5.2 to 2.8.0

    Bump addressable from 2.5.2 to 2.8.0

    Bumps addressable from 2.5.2 to 2.8.0.

    Changelog

    Sourced from addressable's changelog.

    Addressable 2.8.0

    • fixes ReDoS vulnerability in Addressable::Template#match
    • no longer replaces + with spaces in queries for non-http(s) schemes
    • fixed encoding ipv6 literals
    • the :compacted flag for normalized_query now dedupes parameters
    • fix broken escape_component alias
    • dropping support for Ruby 2.0 and 2.1
    • adding Ruby 3.0 compatibility for development tasks
    • drop support for rack-mount and remove Addressable::Template#generate
    • performance improvements
    • switch CI/CD to GitHub Actions

    Addressable 2.7.0

    • added :compacted flag to normalized_query
    • heuristic_parse handles mailto: more intuitively
    • dropped explicit support for JRuby 9.0.5.0
    • compatibility w/ public_suffix 4.x
    • performance improvements

    Addressable 2.6.0

    • added tld= method to allow assignment to the public suffix
    • most heuristic_parse patterns are now case-insensitive
    • heuristic_parse handles more file:// URI variations
    • fixes bug in heuristic_parse when uri starts with digit
    • fixes bug in request_uri= with query strings
    • fixes template issues with nil and ? operator
    • frozen_string_literal pragmas added
    • minor performance improvements in regexps
    • fixes to eliminate warnings
    Commits
    • 6469a23 Updating gemspec again
    • 2433638 Merge branch 'main' of github.com:sporkmonger/addressable into main
    • e9c76b8 Merge pull request #378 from ashmaroli/flat-map
    • 56c5cf7 Update the gemspec
    • c1fed1c Require a non-vulnerable rake
    • 0d8a312 Adding note about ReDoS vulnerability
    • 89c7613 Merge branch 'template-regexp' into main
    • cf8884f Note about alias fix
    • bb03f71 Merge pull request #371 from charleystran/add_missing_encode_component_doc_entry
    • 6d1d809 Adding note about :compacted normalization
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump nokogiri from 1.8.1 to 1.11.4

    Bump nokogiri from 1.8.1 to 1.11.4

    Bumps nokogiri from 1.8.1 to 1.11.4.

    Release notes

    Sourced from nokogiri's releases.

    1.11.4 / 2021-05-14

    Security

    [CRuby] Vendored libxml2 upgraded to v2.9.12 which addresses:

    Note that two additional CVEs were addressed upstream but are not relevant to this release. CVE-2021-3516 via xmllint is not present in Nokogiri, and CVE-2020-7595 has been patched in Nokogiri since v1.10.8 (see #1992).

    Please see nokogiri/GHSA-7rrm-v45f-jp64 or #2233 for a more complete analysis of these CVEs and patches.

    Dependencies

    • [CRuby] vendored libxml2 is updated from 2.9.10 to 2.9.12. (Note that 2.9.11 was skipped because it was superseded by 2.9.12 a few hours after its release.)

    1.11.3 / 2021-04-07

    Fixed

    • [CRuby] Passing non-Node objects to Document#root= now raises an ArgumentError exception. Previously this likely segfaulted. [#1900]
    • [JRuby] Passing non-Node objects to Document#root= now raises an ArgumentError exception. Previously this raised a TypeError exception.
    • [CRuby] arm64/aarch64 systems (like Apple's M1) can now compile libxml2 and libxslt from source (though we continue to strongly advise users to install the native gems for the best possible experience)

    1.11.2 / 2021-03-11

    Fixed

    • [CRuby] NodeSet may now safely contain Node objects from multiple documents. Previously the GC lifecycle of the parent Document objects could lead to nodes being GCed while still in scope. [#1952]
    • [CRuby] Patch libxml2 to avoid "huge input lookup" errors on large CDATA elements. (See upstream GNOME/libxml2#200 and GNOME/libxml2!100.) [#2132].
    • [CRuby+Windows] Enable Nokogumbo (and other downstream gems) to compile and link against nokogiri.so by including LDFLAGS in Nokogiri::VERSION_INFO. [#2167]
    • [CRuby] {XML,HTML}::Document.parse now invokes #initialize exactly once. Previously #initialize was invoked twice on each object.
    • [JRuby] {XML,HTML}::Document.parse now invokes #initialize exactly once. Previously #initialize was not called, which was a problem for subclassing such as done by Loofah.

    Improved

    • Reduce the number of object allocations needed when parsing an HTML::DocumentFragment. [#2087] (Thanks, @​ashmaroli!)
    • [JRuby] Update the algorithm used to calculate Node#line to be wrong less-often. The underlying parser, Xerces, does not track line numbers, and so we've always used a hacky solution for this method. [#1223, #2177]
    • Introduce --enable-system-libraries and --disable-system-libraries flags to extconf.rb. These flags provide the same functionality as --use-system-libraries and the NOKOGIRI_USE_SYSTEM_LIBRARIES environment variable, but are more idiomatic. [#2193] (Thanks, @​eregon!)
    • [TruffleRuby] --disable-static is now the default on TruffleRuby when the packaged libraries are used. This is more flexible and compiles faster. (Note, though, that the default on TR is still to use system libraries.) [#2191, #2193] (Thanks, @​eregon!)

    ... (truncated)

    Changelog

    Sourced from nokogiri's changelog.

    1.11.4 / 2021-05-14

    Security

    [CRuby] Vendored libxml2 upgraded to v2.9.12 which addresses:

    Note that two additional CVEs were addressed upstream but are not relevant to this release. CVE-2021-3516 via xmllint is not present in Nokogiri, and CVE-2020-7595 has been patched in Nokogiri since v1.10.8 (see #1992).

    Please see nokogiri/GHSA-7rrm-v45f-jp64 or #2233 for a more complete analysis of these CVEs and patches.

    Dependencies

    • [CRuby] vendored libxml2 is updated from 2.9.10 to 2.9.12. (Note that 2.9.11 was skipped because it was superseded by 2.9.12 a few hours after its release.)

    1.11.3 / 2021-04-07

    Fixed

    • [CRuby] Passing non-Node objects to Document#root= now raises an ArgumentError exception. Previously this likely segfaulted. [#1900]
    • [JRuby] Passing non-Node objects to Document#root= now raises an ArgumentError exception. Previously this raised a TypeError exception.
    • [CRuby] arm64/aarch64 systems (like Apple's M1) can now compile libxml2 and libxslt from source (though we continue to strongly advise users to install the native gems for the best possible experience)

    1.11.2 / 2021-03-11

    Fixed

    • [CRuby] NodeSet may now safely contain Node objects from multiple documents. Previously the GC lifecycle of the parent Document objects could lead to nodes being GCed while still in scope. [#1952]
    • [CRuby] Patch libxml2 to avoid "huge input lookup" errors on large CDATA elements. (See upstream GNOME/libxml2#200 and GNOME/libxml2!100.) [#2132].
    • [CRuby+Windows] Enable Nokogumbo (and other downstream gems) to compile and link against nokogiri.so by including LDFLAGS in Nokogiri::VERSION_INFO. [#2167]
    • [CRuby] {XML,HTML}::Document.parse now invokes #initialize exactly once. Previously #initialize was invoked twice on each object.
    • [JRuby] {XML,HTML}::Document.parse now invokes #initialize exactly once. Previously #initialize was not called, which was a problem for subclassing such as done by Loofah.

    Improved

    • Reduce the number of object allocations needed when parsing an HTML::DocumentFragment. [#2087] (Thanks, @​ashmaroli!)
    • [JRuby] Update the algorithm used to calculate Node#line to be wrong less-often. The underlying parser, Xerces, does not track line numbers, and so we've always used a hacky solution for this method. [#1223, #2177]
    • Introduce --enable-system-libraries and --disable-system-libraries flags to extconf.rb. These flags provide the same functionality as --use-system-libraries and the NOKOGIRI_USE_SYSTEM_LIBRARIES environment variable, but are more idiomatic. [#2193] (Thanks, @​eregon!)
    • [TruffleRuby] --disable-static is now the default on TruffleRuby when the packaged libraries are used. This is more flexible and compiles faster. (Note, though, that the default on TR is still to use system libraries.) [#2191, #2193] (Thanks, @​eregon!)

    ... (truncated)

    Commits
    • 9d69b44 version bump to v1.11.4
    • 058e87f update CHANGELOG with complete CVE information
    • 9285251 Merge pull request #2234 from sparklemotion/2233-upgrade-to-libxml-2-9-12
    • 5436f61 update CHANGELOG
    • 761d320 patch: renumber libxml2 patches
    • 889ee2a test: update behavior of namespaces in HTML
    • 9751d85 test: remove low-value HTML::SAX::PushParser encoding test
    • 9fcb7d2 test: adjust xpath gc test to libxml2's max recursion depth
    • 1c99019 patch: backport libxslt configure.ac change for libxml2 config
    • 82a253f patch: fix isnan/isinf patch to apply cleanly to libxml 2.9.12
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump json from 2.1.0 to 2.3.1

    Bump json from 2.1.0 to 2.3.1

    Bumps json from 2.1.0 to 2.3.1.

    Changelog

    Sourced from json's changelog.

    2020-06-30 (2.3.1)

    • Spelling and grammar fixes for comments. Pull request #191 by Josh Kline.
    • Enhance generic JSON and #generate docs. Pull request #347 by Victor Shepelev.
    • Add :nodoc: for GeneratorMethods. Pull request #349 by Victor Shepelev.
    • Baseline changes to help (JRuby) development. Pull request #371 by Karol Bucek.
    • Add metadata for rubygems.org. Pull request #379 by Alexandre ZANNI.
    • Remove invalid JSON.generate description from JSON module rdoc. Pull request #384 by Jeremy Evans.
    • Test with TruffleRuby in CI. Pull request #402 by Benoit Daloze.
    • Rdoc enhancements. Pull request #413 by Burdette Lamar.
    • Fixtures/ are not being tested... Pull request #416 by Marc-André Lafortune.
    • Use frozen string for hash key. Pull request #420 by Marc-André Lafortune.
    • Added :call-seq: to RDoc for some methods. Pull request #422 by Burdette Lamar.
    • Small typo fix. Pull request #423 by Marc-André Lafortune.

    2019-12-11 (2.3.0)

    • Fix default of create_additions to always be false for JSON(user_input) and JSON.parse(user_input, nil). Note that JSON.load remains with default true and is meant for internal serialization of trusted data. [CVE-2020-10663]
    • Fix passing args all #to_json in json/add/*.
    • Fix encoding issues
    • Fix issues of keyword vs positional parameter
    • Fix JSON::Parser against bigdecimal updates
    • Bug fixes to JRuby port

    2019-02-21 (2.2.0)

    • Adds support for 2.6 BigDecimal and ruby standard library Set datetype.
    Commits
    • 0951d77 Bump version to 2.3.1
    • ddc29e2 Merge pull request #429 from flori/remove-generate-task-for-gemspec
    • cee8020 Removed gemspec task from default task on Rakefile
    • 9fd6371 Use VERSION file instead of hard-coded value
    • dc90bcf Removed explicitly date field in gemspec, it will assign by rubygems.org
    • 4c11a40 Removed task for json_pure.gemspec
    • e794ec9 Merge pull request #426 from marcandre/indent
    • 7cc9301 Merge pull request #428 from marcandre/change_fix
    • 9e2a1fb Make changes more precise #424
    • f8fa987 Merge pull request #424 from marcandre/update_changes
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump nokogiri from 1.8.1 to 1.10.8

    Bump nokogiri from 1.8.1 to 1.10.8

    Bumps nokogiri from 1.8.1 to 1.10.8.

    Release notes

    Sourced from nokogiri's releases.

    1.10.8 / 2020-02-10

    Security

    [MRI] Pulled in upstream patch from libxml that addresses CVE-2020-7595. Full details are available in #1992. Note that this patch is not yet (as of 2020-02-10) in an upstream release of libxml.

    1.10.7 / 2019-12-03

    Bug

    • [MRI] Ensure the patch applied in v1.10.6 works with GNU patch. #1954

    1.10.6 / 2019-12-03

    Bug

    • [MRI] Fix FreeBSD installation of vendored libxml2. [#1941, #1953] (Thanks, @​nurse!)

    1.10.5 / 2019-10-31

    Dependencies

    • [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
    • [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34

    1.10.4 / 2019-08-11

    Security

    Address CVE-2019-5477 (#1915)

    A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being passed untrusted user input.

    This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.

    This CVE's public notice is sparklemotion/nokogiri#1915

    1.10.3 / 2019-04-22

    Security Notes

    ... (truncated)
    Changelog

    Sourced from nokogiri's changelog.

    1.10.8 / 2020-02-10

    Security

    [MRI] Pulled in upstream patch from libxml that addresses CVE-2020-7595. Full details are available in #1992. Note that this patch is not yet (as of 2020-02-10) in an upstream release of libxml.

    1.10.7 / 2019-12-03

    Fixed

    • [MRI] Ensure the patch applied in v1.10.6 works with GNU patch. [#1954]

    1.10.6 / 2019-12-03

    Fixed

    1.10.5 / 2019-10-31

    Security

    [MRI] Vendored libxslt upgraded to v1.1.34 which addresses three CVEs for libxslt:

    • CVE-2019-13117
    • CVE-2019-13118
    • CVE-2019-18197
    • CVE-2019-19956

    More details are available at #1943.

    Dependencies

    • [MRI] vendored libxml2 is updated from 2.9.9 to 2.9.10
    • [MRI] vendored libxslt is updated from 1.1.33 to 1.1.34

    1.10.4 / 2019-08-11

    Security

    Address CVE-2019-5477 (#1915).

    A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being passed untrusted user input.

    This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.

    ... (truncated)
    Commits
    • 6ce10d1 version bump to v1.10.8
    • 2320f5b update CHANGELOG for v1.10.8
    • 4a77fdb remove patches from the hoe Manifest
    • 570b6cb update to use rake-compiler ~1.1.0
    • 2cdb68e backport libxml2 patch for CVE-2020-7595
    • e6b3229 version bump to v1.10.7
    • 4f9d443 update CHANGELOG
    • 80e67ef Fix the patch from #1953 to work with both git and patch
    • 7cf1b85 Fix typo in generated metadata
    • d76180d add gem metadata
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump excon from 0.59.0 to 0.71.0

    Bump excon from 0.59.0 to 0.71.0

    Bumps excon from 0.59.0 to 0.71.0.

    Changelog

    Sourced from excon's changelog.

    0.71.0 2019-12-12

    fix for leftover data with interrupted persistent connections

    0.70.0 2019-12-02

    Update bundled certificates

    0.69.1 2019-11-21

    Fix mistake in proxy connection error handling

    0.69.0 2019-11-21

    Raise better proxy connection errors

    0.68.0 2019-10-25

    Updated bundled certs

    0.67.0 2019-09-24

    Properly redact user/pass info from proxy credentials Update bundled certs

    0.66.0 2019-08-06

    Add remote_ip to datum, enabling usage in middleware redirect follower now raises after following too many redirects (default 10) fixed stub clearing in tests to avoid race conditions

    0.65.0 2019-07-22

    fix yardoc formatting fix creating Proc without a block reduce/refine gem file contents update bundled certs readd bundled certs to gem file contents

    0.64.0 2019-04-15

    ... (truncated)
    Commits
    • 1149d44 v0.71.0
    • ccb57d7 fix for leftover data with interrupted persistent connections
    • f8de8cf v0.70.0
    • 93f4a21 v0.69.1
    • e89bbb7 Merge pull request #709 from jasquat/fix_response_status_check
    • 5647437 fixed response status check when making a request with a valid proxy is set
    • f769176 v0.69.0
    • 20c0748 define ProxyConnectionError
    • f44106a raise on failed proxy connect
    • d7ed5fe be thorough in unsubscribing to notifications in instrumentation tests
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump nokogiri from 1.8.1 to 1.10.4

    Bump nokogiri from 1.8.1 to 1.10.4

    Bumps nokogiri from 1.8.1 to 1.10.4.

    Release notes

    Sourced from nokogiri's releases.

    1.10.4 / 2019-08-11

    Security

    Address CVE-2019-5477 (#1915)

    A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being passed untrusted user input.

    This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.

    This CVE's public notice is sparklemotion/nokogiri#1915

    1.10.3 / 2019-04-22

    Security Notes

    [MRI] Pulled in upstream patch from libxslt that addresses CVE-2019-11068. Full details are available in #1892. Note that this patch is not yet (as of 2019-04-22) in an upstream release of libxslt.

    1.10.2 / 2019-03-24

    Security

    • [MRI] Remove support from vendored libxml2 for future script macros. #1871
    • [MRI] Remove support from vendored libxml2 for server-side includes within attributes. #1877

    Bug fixes

    • [JRuby] Fix node ownership in duplicated documents. #1060
    • [JRuby] Rethrow exceptions caught by Java SAX handler. [#1847, #1872] (Thanks, @​adjam!)

    1.10.1 / 2019-01-13

    Features

    Bug fixes

    • CSS selector :has() now correctly matches against any descendant. Previously this selector matched against only direct children). #350 (Thanks, @​Phrogz!)
    • NodeSet#attr now returns nil if it's empty. Previously this raised a NoMethodError.
    • [MRI] XPath errors are no longer suppressed during XSLT::Stylesheet#transform. Previously these errors were suppressed which led to silent failures and a subsequent segfault. #1802
    ... (truncated)
    Changelog

    Sourced from nokogiri's changelog.

    1.10.4 / 2019-08-11

    Security

    Address CVE-2019-5477 (#1915)

    A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being passed untrusted user input.

    This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.

    This CVE's public notice is sparklemotion/nokogiri#1915

    1.10.3 / 2019-04-22

    Security Notes

    [MRI] Pulled in upstream patch from libxslt that addresses CVE-2019-11068. Full details are available in #1892. Note that this patch is not yet (as of 2019-04-22) in an upstream release of libxslt.

    1.10.2 / 2019-03-24

    Security

    • [MRI] Remove support from vendored libxml2 for future script macros. #1871
    • [MRI] Remove support from vendored libxml2 for server-side includes within attributes. #1877

    Bug fixes

    • [JRuby] Fix node ownership in duplicated documents. #1060
    • [JRuby] Rethrow exceptions caught by Java SAX handler. [#1847, #1872] (Thanks, @​adjam!)

    1.10.1 / 2019-01-13

    Features

    Bug fixes

    • CSS selector :has() now correctly matches against any descendant. Previously this selector matched against only direct children). #350 (Thanks, @​Phrogz!)
    • NodeSet#attr now returns nil if it's empty. Previously this raised a NoMethodError.
    • [MRI] XPath errors are no longer suppressed during XSLT::Stylesheet#transform. Previously these errors were suppressed which led to silent failures and a subsequent segfault. #1802

    1.10.0 / 2019-01-04

    ... (truncated)
    Commits
    • beb832e version bump to v1.10.4
    • 5d30128 Merge branch '1915-css-tokenizer-load-file-vulnerability_v1.10.x' into v1.10.x
    • c86b5fc update CHANGELOG
    • 5fe449f regenerate lexical scanner using rexical 1.0.7
    • 6777008 eliminate eval from Builder#initialize
    • 47a7bc7 rufo formatting
    • 094ecb1 rubocop security scan is run as part of the test rake target
    • d068cd4 add rubocop as a dev dependency
    • 45ee92b adding a temporary pipeline for v1.10.x
    • 8e24af5 version bump to v1.10.3
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • Bump addressable from 2.5.2 to 2.8.1

    Bump addressable from 2.5.2 to 2.8.1

    Bumps addressable from 2.5.2 to 2.8.1.

    Changelog

    Sourced from addressable's changelog.

    Addressable 2.8.1

    • refactor Addressable::URI.normalize_path to address linter offenses (#430)
    • remove redundant colon in Addressable::URI::CharacterClasses::AUTHORITY regex (#438)
    • update gemspec to reflect supported Ruby versions (#466, #464, #463)
    • compatibility w/ public_suffix 5.x (#466, #465, #460)
    • fixes "invalid byte sequence in UTF-8" exception when unencoding URLs containing non UTF-8 characters (#459)
    • Ractor compatibility (#449)
    • use the whole string instead of a single line for template match (#431)
    • force UTF-8 encoding only if needed (#341)

    #460: sporkmonger/addressable#460 #463: sporkmonger/addressable#463 #464: sporkmonger/addressable#464 #465: sporkmonger/addressable#465 #466: sporkmonger/addressable#466

    Addressable 2.8.0

    • fixes ReDoS vulnerability in Addressable::Template#match
    • no longer replaces + with spaces in queries for non-http(s) schemes
    • fixed encoding ipv6 literals
    • the :compacted flag for normalized_query now dedupes parameters
    • fix broken escape_component alias
    • dropping support for Ruby 2.0 and 2.1
    • adding Ruby 3.0 compatibility for development tasks
    • drop support for rack-mount and remove Addressable::Template#generate
    • performance improvements
    • switch CI/CD to GitHub Actions

    Addressable 2.7.0

    • added :compacted flag to normalized_query
    • heuristic_parse handles mailto: more intuitively
    • dropped explicit support for JRuby 9.0.5.0
    • compatibility w/ public_suffix 4.x
    • performance improvements

    Addressable 2.6.0

    • added tld= method to allow assignment to the public suffix
    • most heuristic_parse patterns are now case-insensitive
    • heuristic_parse handles more file:// URI variations
    • fixes bug in heuristic_parse when uri starts with digit
    • fixes bug in request_uri= with query strings
    • fixes template issues with nil and ? operator
    • frozen_string_literal pragmas added
    • minor performance improvements in regexps
    • fixes to eliminate warnings
    Commits
    • 8657465 Update version, gemspec, and CHANGELOG for 2.8.1 (#474)
    • 4fc5bb6 CI: remove Ubuntu 18.04 job (#473)
    • 860fede Force UTF-8 encoding only if needed (#341)
    • 99810af Merge pull request #431 from ojab/ct-_do_not_parse_multiline_strings
    • 7ce0f48 Merge branch 'main' into ct-_do_not_parse_multiline_strings
    • 7ecf751 Merge pull request #449 from okeeblow/freeze_concatenated_strings
    • 41f12dd Merge branch 'main' into freeze_concatenated_strings
    • 068f673 Merge pull request #459 from jarthod/iso-encoding-problem
    • b4c9882 Merge branch 'main' into iso-encoding-problem
    • 08d27e8 Merge pull request #471 from sporkmonger/sporkmonger-enable-codeql
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump tzinfo from 1.2.4 to 1.2.10

    Bump tzinfo from 1.2.4 to 1.2.10

    Bumps tzinfo from 1.2.4 to 1.2.10.

    Release notes

    Sourced from tzinfo's releases.

    v1.2.10

    TZInfo v1.2.10 on RubyGems.org

    v1.2.9

    • Fixed an incorrect InvalidTimezoneIdentifier exception raised when loading a zoneinfo file that includes rules specifying an additional transition to the final defined offset (for example, Africa/Casablanca in version 2018e of the Time Zone Database). #123.

    TZInfo v1.2.9 on RubyGems.org

    v1.2.8

    • Added support for handling "slim" format zoneinfo files that are produced by default by zic version 2020b and later. The POSIX-style TZ string is now used calculate DST transition times after the final defined transition in the file. The 64-bit section is now always used regardless of whether Time has support for 64-bit times. #120.
    • Rubinius is no longer supported.

    TZInfo v1.2.8 on RubyGems.org

    v1.2.7

    • Fixed 'wrong number of arguments' errors when running on JRuby 9.0. #114.
    • Fixed warnings when running on Ruby 2.8. #112.

    TZInfo v1.2.7 on RubyGems.org

    v1.2.6

    • Timezone#strftime('%s', time) will now return the correct number of seconds since the epoch. #91.
    • Removed the unused TZInfo::RubyDataSource::REQUIRE_PATH constant.
    • Fixed "SecurityError: Insecure operation - require" exceptions when loading data with recent Ruby releases in safe mode.
    • Fixed warnings when running on Ruby 2.7. #106 and #111.

    TZInfo v1.2.6 on RubyGems.org

    v1.2.5

    • Support recursively (deep) freezing Country and Timezone instances. #80.
    • Allow negative daylight savings time offsets to be derived when reading from zoneinfo files. The utc_offset and std_offset are now derived correctly for Europe/Dublin in the 2018a and 2018b releases of the Time Zone Database.

    TZInfo v1.2.5 on RubyGems.org

    Changelog

    Sourced from tzinfo's changelog.

    Version 1.2.10 - 19-Jul-2022

    Version 1.2.9 - 16-Dec-2020

    • Fixed an incorrect InvalidTimezoneIdentifier exception raised when loading a zoneinfo file that includes rules specifying an additional transition to the final defined offset (for example, Africa/Casablanca in version 2018e of the Time Zone Database). #123.

    Version 1.2.8 - 8-Nov-2020

    • Added support for handling "slim" format zoneinfo files that are produced by default by zic version 2020b and later. The POSIX-style TZ string is now used calculate DST transition times after the final defined transition in the file. The 64-bit section is now always used regardless of whether Time has support for 64-bit times. #120.
    • Rubinius is no longer supported.

    Version 1.2.7 - 2-Apr-2020

    • Fixed 'wrong number of arguments' errors when running on JRuby 9.0. #114.
    • Fixed warnings when running on Ruby 2.8. #112.

    Version 1.2.6 - 24-Dec-2019

    • Timezone#strftime('%s', time) will now return the correct number of seconds since the epoch. #91.
    • Removed the unused TZInfo::RubyDataSource::REQUIRE_PATH constant.
    • Fixed "SecurityError: Insecure operation - require" exceptions when loading data with recent Ruby releases in safe mode.
    • Fixed warnings when running on Ruby 2.7. #106 and #111.

    Version 1.2.5 - 4-Feb-2018

    • Support recursively (deep) freezing Country and Timezone instances. #80.
    • Allow negative daylight savings time offsets to be derived when reading from zoneinfo files. The utc_offset and std_offset are now derived correctly for Europe/Dublin in the 2018a and 2018b releases of the Time Zone Database.
    Commits
    • 0814dcd Fix the release date.
    • fd05e2a Preparing v1.2.10.
    • b98c32e Merge branch 'fix-directory-traversal-1.2' into 1.2
    • ac3ee68 Remove unnecessary escaping of + within regex character classes.
    • 9d49bf9 Fix relative path loading tests.
    • 394c381 Remove private_constant for consistency and compatibility.
    • 5e9f990 Exclude Arch Linux's SECURITY file from the time zone index.
    • 17fc9e1 Workaround for 'Permission denied - NUL' errors with JRuby on Windows.
    • 6bd7a51 Update copyright years.
    • 9905ca9 Fix directory traversal in Timezone.get when using Ruby data source
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump nokogiri from 1.8.1 to 1.13.6

    Bump nokogiri from 1.8.1 to 1.13.6

    Bumps nokogiri from 1.8.1 to 1.13.6.

    Release notes

    Sourced from nokogiri's releases.

    1.13.6 / 2022-05-08

    Security

    • [CRuby] Address CVE-2022-29181, improper handling of unexpected data types, related to untrusted inputs to the SAX parsers. See GHSA-xh29-r2w5-wx8m for more information.

    Improvements

    • {HTML4,XML}::SAX::{Parser,ParserContext} constructor methods now raise TypeError instead of segfaulting when an incorrect type is passed.

    sha256:

    58417c7c10f78cd1c0e1984f81538300d4ea98962cfd3f46f725efee48f9757a  nokogiri-1.13.6-aarch64-linux.gem
    a2b04ec3b1b73ecc6fac619b41e9fdc70808b7a653b96ec97d04b7a23f158dbc  nokogiri-1.13.6-arm64-darwin.gem
    4437f2d03bc7da8854f4aaae89e24a98cf5c8b0212ae2bc003af7e65c7ee8e27  nokogiri-1.13.6-java.gem
    99d3e212bbd5e80aa602a1f52d583e4f6e917ec594e6aa580f6aacc253eff984  nokogiri-1.13.6-x64-mingw-ucrt.gem
    a04f6154a75b6ed4fe2d0d0ff3ac02f094b54e150b50330448f834fa5726fbba  nokogiri-1.13.6-x64-mingw32.gem
    a13f30c2863ef9e5e11240dd6d69ef114229d471018b44f2ff60bab28327de4d  nokogiri-1.13.6-x86-linux.gem
    63a2ca2f7a4f6bd9126e1695037f66c8eb72ed1e1740ef162b4480c57cc17dc6  nokogiri-1.13.6-x86-mingw32.gem
    2b266e0eb18030763277b30dc3d64337f440191e2bd157027441ac56a59d9dfe  nokogiri-1.13.6-x86_64-darwin.gem
    3fa37b0c3b5744af45f9da3e4ae9cbd89480b35e12ae36b5e87a0452e0b38335  nokogiri-1.13.6-x86_64-linux.gem
    b1512fdc0aba446e1ee30de3e0671518eb363e75fab53486e99e8891d44b8587  nokogiri-1.13.6.gem
    

    1.13.5 / 2022-05-04

    Security

    Dependencies

    • [CRuby] Vendored libxml2 is updated from v2.9.13 to v2.9.14.

    Improvements

    • [CRuby] The libxml2 HTML4 parser no longer exhibits quadratic behavior when recovering some broken markup related to start-of-tag and bare < characters.

    Changed

    • [CRuby] The libxml2 HTML4 parser in v2.9.14 recovers from some broken markup differently. Notably, the XML CDATA escape sequence <![CDATA[ and incorrectly-opened comments will result in HTML text nodes starting with &lt;! instead of skipping the invalid tag. This behavior is a direct result of the quadratic-behavior fix noted above. The behavior of downstream sanitizers relying on this behavior will also change. Some tests describing the changed behavior are in test/html4/test_comments.rb.

    ... (truncated)

    Changelog

    Sourced from nokogiri's changelog.

    1.13.6 / 2022-05-08

    Security

    • [CRuby] Address CVE-2022-29181, improper handling of unexpected data types, related to untrusted inputs to the SAX parsers. See GHSA-xh29-r2w5-wx8m for more information.

    Improvements

    • {HTML4,XML}::SAX::{Parser,ParserContext} constructor methods now raise TypeError instead of segfaulting when an incorrect type is passed.

    1.13.5 / 2022-05-04

    Security

    Dependencies

    • [CRuby] Vendored libxml2 is updated from v2.9.13 to v2.9.14.

    Improvements

    • [CRuby] The libxml2 HTML parser no longer exhibits quadratic behavior when recovering some broken markup related to start-of-tag and bare < characters.

    Changed

    • [CRuby] The libxml2 HTML parser in v2.9.14 recovers from some broken markup differently. Notably, the XML CDATA escape sequence <![CDATA[ and incorrectly-opened comments will result in HTML text nodes starting with &lt;! instead of skipping the invalid tag. This behavior is a direct result of the quadratic-behavior fix noted above. The behavior of downstream sanitizers relying on this behavior will also change. Some tests describing the changed behavior are in test/html4/test_comments.rb.

    1.13.4 / 2022-04-11

    Security

    Dependencies

    • [CRuby] Vendored zlib is updated from 1.2.11 to 1.2.12. (See LICENSE-DEPENDENCIES.md for details on which packages redistribute this library.)
    • [JRuby] Vendored Xerces-J (xerces:xercesImpl) is updated from 2.12.0 to 2.12.2.
    • [JRuby] Vendored nekohtml (org.cyberneko.html) is updated from a fork of 1.9.21 to 1.9.22.noko2. This fork is now publicly developed at https://github.com/sparklemotion/nekohtml

    ... (truncated)

    Commits
    • b7817b6 version bump to v1.13.6
    • 61b1a39 Merge pull request #2530 from sparklemotion/flavorjones-check-parse-memory-ty...
    • 83cc451 fix: {HTML4,XML}::SAX::{Parser,ParserContext} check arg types
    • 22c9e5b version bump to v1.13.5
    • 6155881 doc: update CHANGELOG for v1.13.5
    • c519a47 Merge pull request #2527 from sparklemotion/2525-update-libxml-2_9_14-v1_13_x
    • 66c2886 dep: update libxml2 to v2.9.14
    • b7c4cc3 test: unpend the LIBXML_LOADED_VERSION test on freebsd
    • eac7934 dev: require yaml
    • f3521ba style(rubocop): pend Style/FetchEnvVar for now
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump rubyzip from 1.2.1 to 1.3.0

    Bump rubyzip from 1.2.1 to 1.3.0

    Bumps rubyzip from 1.2.1 to 1.3.0.

    Release notes

    Sourced from rubyzip's releases.

    v1.3.0

    Security

    • Add validate_entry_sizes option so that callers can trust an entry's reported size when using extract #403
      • This option defaults to false for backward compatibility in this release, but you are strongly encouraged to set it to true. It will default to true in rubyzip 2.0.

    New Feature

    • Add add_stored method to simplify adding entries without compression #366

    Tooling / Documentation

    • Add more gem metadata links #402

    v1.2.4

    • Do not rewrite zip files opened with open_buffer that have not changed #360

    Tooling / Documentation

    • Update example_recursive.rb in README #397
    • Hold CI at trusty for now, automatically pick the latest ruby patch version, use rbx-4 and hold jruby at 9.1 #399

    v1.2.3

    • Allow tilde in zip entry names #391 (fixes regression in 1.2.2 from #376)
    • Support frozen string literals in more files #390
    • Require pathname explicitly #388 (fixes regression in 1.2.2 from #376)

    Tooling / Documentation:

    • CI updates #392, #394
      • Bump supported ruby versions and add 2.6
      • JRuby failures are no longer ignored (reverts #375 / part of #371)
    • Add changelog entry that was missing for last release #387
    • Comment cleanup #385

    Since the GitHub release information for 1.2.2 is missing, I will also include it here:

    1.2.2

    NB: This release drops support for extracting symlinks, because there was no clear way to support this securely. See rubyzip/rubyzip#376 for details.

    • Fix CVE-2018-1000544 #376 / #371
    • Fix NoMethodError: undefined method `glob' #363
    • Fix handling of stored files (i.e. files not using compression) with general purpose bit 3 set #358
    • Fix close on StringIO-backed zip file #353
    • Add Zip.force_entry_names_encoding option #340
    • Update rubocop, apply auto-fixes, and fix regressions caused by said auto-fixes #332, #355
    • Save temporary files to temporary directory (rather than current directory) #325

    Tooling / Documentation:

    ... (truncated)

    Changelog

    Sourced from rubyzip's changelog.

    1.3.0 (2019-09-25)

    Security

    • Add validate_entry_sizes option so that callers can trust an entry's reported size when using extract #403
      • This option defaults to false for backward compatibility in this release, but you are strongly encouraged to set it to true. It will default to true in rubyzip 2.0.

    New Feature

    • Add add_stored method to simplify adding entries without compression #366

    Tooling / Documentation

    • Add more gem metadata links #402

    1.2.4 (2019-09-06)

    • Do not rewrite zip files opened with open_buffer that have not changed #360

    Tooling / Documentation

    • Update example_recursive.rb in README #397
    • Hold CI at trusty for now, automatically pick the latest ruby patch version, use rbx-4 and hold jruby at 9.1 #399

    1.2.3

    • Allow tilde in zip entry names #391 (fixes regression in 1.2.2 from #376)
    • Support frozen string literals in more files #390
    • Require pathname explicitly #388 (fixes regression in 1.2.2 from #376)

    Tooling / Documentation:

    • CI updates #392, #394
      • Bump supported ruby versions and add 2.6
      • JRuby failures are no longer ignored (reverts #375 / part of #371)
    • Add changelog entry that was missing for last release #387
    • Comment cleanup #385

    1.2.2

    NB: This release drops support for extracting symlinks, because there was no clear way to support this securely. See rubyzip/rubyzip#376 for details.

    • Fix CVE-2018-1000544 #376 / #371
    • Fix NoMethodError: undefined method `glob' #363
    • Fix handling of stored files (i.e. files not using compression) with general purpose bit 3 set #358
    • Fix close on StringIO-backed zip file #353
    • Add Zip.force_entry_names_encoding option #340
    • Update rubocop, apply auto-fixes, and fix regressions caused by said auto-fixes #332, #355
    • Save temporary files to temporary directory (rather than current directory) #325

    ... (truncated)

    Commits
    • e79d9ea Merge pull request #407 from rubyzip/v1-3-0
    • 7c65e1e Bump version to 1.3.0
    • d65fe7b Merge pull request #403 from rubyzip/check-size
    • 97cb6ae Warn when an entry size is invalid
    • 7849f73 Default validate_entry_sizes to false for 1.3 release
    • 4167f0c Validate entry sizes when extracting
    • 94b7fa2 [ci skip] Update changelog
    • 93505ca Check expected entry size in add_stored test
    • 6619bf3 Merge pull request #366 from hainesr/add-stored
    • ecb2776 Zip::File.add_stored() to add uncompressed files.
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump git from 1.3.0 to 1.11.0

    Bump git from 1.3.0 to 1.11.0

    Bumps git from 1.3.0 to 1.11.0.

    Release notes

    Sourced from git's releases.

    Release v1.11.0

    Full Changelog

    • 292087e Supress unneeded test output (#570)
    • 19dfe5e Add support for fetch options "--force/-f" and "--prune-tags/-P". (#563)
    • 018d919 Fix bug when grepping lines that contain numbers surrounded by colons (#566)
    • c04d16e remove from maintainer (#567)
    • 291ca09 Address command line injection in Git::Lib#fetch
    • 521b8e7 Release v1.10.2 (#561)

    Release v1.10.2

    Full Changelog

    • 57f941c Release v1.10.2
    • c987a74 Add create-release, setup, and console dev scripts (#560)
    • 12e3d03 Store tempfile objects to prevent deletion during tests (#555)

    Release v1.10.1

    Full Changelog

    • c7b12af Release v1.10.1
    • ea28118 Properly escape double quotes in shell commands on Windows (#552)
    • db060fc Properly unescape diff paths (#504)
    • ea47044 Add Ruby 3.0 to CI build (#547)
    • cb01d2b Create a Docker image to run the changelog (#546)

    v.1.10.0

    Full Changelog

    • 8acec7d Release v1.10.0 (#545)
    • 8feb4ff Refactor directory initialization (#544)
    • 3884314 Add -ff option to git clean (#529)
    • 984ff7f #533 Add --depth options for fetch call (#534)
    • 6cba37e Add support for git init --initial-branch=main argument (#539)
    • ff98c42 Add support for the git merge --no-commit argument (#538)
    • 1023f85 Require pathname module (#536)

    v1.9.1

    Full Changelog

    • 58100b0 Release v1.9.1 (#527)
    • 45aeac9 Fix the gpg_sign commit option (#525)

    v1.9.0

    Full Changelog

    • 07a1167 Release v1.9.0 (#524)
    • 8fe479b Fix worktree test when git dir includes symlinks (#522)
    • 0cef8ac feat: add --gpg-sign option on commits (#518)
    • 765df7c Adds file option to config_set to allow adding to specific git-config files (#458)

    ... (truncated)

    Changelog

    Sourced from git's changelog.

    v1.11.0

    • 292087e Supress unneeded test output (#570)
    • 19dfe5e Add support for fetch options "--force/-f" and "--prune-tags/-P". (#563)
    • 018d919 Fix bug when grepping lines that contain numbers surrounded by colons (#566)
    • c04d16e remove from maintainer (#567)
    • 291ca09 Address command line injection in Git::Lib#fetch
    • 521b8e7 Release v1.10.2 (#561)

    See https://github.com/ruby-git/ruby-git/releases/tag/v1.11.0

    v1.10.2

    See https://github.com/ruby-git/ruby-git/releases/tag/v1.10.2

    1.10.1

    See https://github.com/ruby-git/ruby-git/releases/tag/v1.10.1

    1.10.0

    See https://github.com/ruby-git/ruby-git/releases/tag/v1.10.0

    1.9.1

    See https://github.com/ruby-git/ruby-git/releases/tag/v1.9.1

    1.9.0

    See https://github.com/ruby-git/ruby-git/releases/tag/v1.9.0

    1.8.1

    See https://github.com/ruby-git/ruby-git/releases/tag/v1.8.1

    1.8.0

    See https://github.com/ruby-git/ruby-git/releases/tag/v1.8.0

    1.7.0

    See https://github.com/ruby-git/ruby-git/releases/tag/v1.7.0

    1.6.0

    See https://github.com/ruby-git/ruby-git/releases/tag/v1.6.0

    1.6.0.pre1

    See https://github.com/ruby-git/ruby-git/releases/tag/v1.6.0.pre1

    ... (truncated)

    Commits
    • 546bc03 Release v1.11.0
    • 292087e Supress unneeded test output (#570)
    • 19dfe5e Add support for fetch options "--force/-f" and "--prune-tags/-P". (#563)
    • 018d919 Fix bug when grepping lines that contain numbers surrounded by colons (#566)
    • c04d16e remove from maintainer (#567)
    • 291ca09 Address command line injection in Git::Lib#fetch
    • 521b8e7 Release v1.10.2 (#561)
    • c987a74 Add create-release, setup, and console dev scripts (#560)
    • 12e3d03 Store tempfile objects to prevent deletion during tests (#555)
    • 735b083 Release v1.10.1 (#553)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump cocoapods-downloader from 1.1.3 to 1.6.3

    Bump cocoapods-downloader from 1.1.3 to 1.6.3

    Bumps cocoapods-downloader from 1.1.3 to 1.6.3.

    Release notes

    Sourced from cocoapods-downloader's releases.

    1.6.3

    Enhancements
    • None.
    Bug Fixes
    • None.

    1.6.2

    Enhancements
    • None.
    Bug Fixes
    • None.

    1.6.1

    Enhancements
    • None.
    Bug Fixes
    • None.

    1.6.0

    Enhancements
    • None.
    Bug Fixes
    • Adds a check for command injections in the input for hg and git.
      orta #124

    1.5.1

    Enhancements
    • None.
    Bug Fixes
    • Fix "can't modify frozen string" errors when pods are integrated using the branch option
      buju77 #10920

    1.5.0

    ... (truncated)

    Changelog

    Sourced from cocoapods-downloader's changelog.

    1.6.3 (2022-04-01)

    Enhancements
    • None.
    Bug Fixes
    • None.

    1.6.2 (2022-03-28)

    Enhancements
    • None.
    Bug Fixes
    • None.

    1.6.1 (2022-03-23)

    Enhancements
    • None.
    Bug Fixes
    • None.

    1.6.0 (2022-03-22)

    Enhancements
    • None.
    Bug Fixes
    • Adds a check for command injections in the input for hg and git.
      orta #124

    1.5.1 (2021-09-07)

    Enhancements
    • None.

    ... (truncated)

    Commits
    • c03e2ed Release 1.6.3
    • f75bccc Disable Bazaar tests due to macOS 12.3 not including python2
    • 52a0d54 Merge pull request #128 from CocoaPods/validate_before_dl
    • d27c983 Ensure that the git pre-processor doesn't accidentally bail also
    • 3adfe1f [CHANGELOG] Add empty Master section
    • 591167a Release 1.6.2
    • d2564c3 Merge pull request #127 from CocoaPods/validate_before_dl
    • 99fec61 Switches where we check for invalid input, to move it inside the download fun...
    • 96679f2 [CHANGELOG] Add empty Master section
    • 3a7c54b Release 1.6.1
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
Releases(2.0.7)
  • 2.0.7(Jul 20, 2017)

  • 2.0.6(Dec 26, 2016)

  • 2.0.5(Dec 25, 2016)

  • 2.0.4(Dec 25, 2016)

  • 2.0.3(Dec 25, 2016)

  • 2.0.2(Dec 25, 2016)

  • 2.0.1(Dec 25, 2016)

    Bump podspec to 2.0.1 Update CHANGELOG.md Update README with the official API documentation Test and document collections Test Photo and Search models Test search Photo tested and docummented Test User's resources Update README, renaming UnsplashClient to UnsplashSource Test User resources Update Bundler dependencies Add missing endpoints Add changelog Update README to add missing stuff Solve son linting issues Add models Update README & CHANGELOG Rename UnsplashClient to UnsplashSource and add UnsplashClient (official API) Bump podspec to 1.0.0

    Source code(tar.gz)
    Source code(zip)
  • 1.0.0(Nov 1, 2016)

    Bump podspec to 1.0.0 Update README.md Update README.md Merge pull request #10 from carambalabs/feature/nonReactiveInterface Added non-reactive public interface Update Fastfile to ask for release version Update README Update Tests with new Kit interface Migrate core classes to non-reactive interface Update podspec to specify dependency version Update Podfile Delete reactive related classes Added non-reactive public interface Update README to use new RxSwift Swift 3 methods Update Gemfile.lock

    Source code(tar.gz)
    Source code(zip)
  • 0.0.23(Aug 30, 2016)

  • 0.0.22(Aug 30, 2016)

  • 0.0.21(Aug 30, 2016)

  • 0.0.20(Aug 30, 2016)

  • 0.0.19(Aug 30, 2016)

    Bump podspec to 0.0.19 Bump podspec to 0.0.18 Add more platforms support Merge pull request #6 from carambalabs/feature/danger Add Danger Fix Danger Add danger step to the fastlane tests lane Add danger step to the fastlane tests lane Update README Disable mention Add Danger Update README.md Update README.md Add ISSUE & PR templates Update README.md Bump podspec to 0.0.17 Bump podspec to 0.0.16 Bump podspec to 0.0.15 Merge pull request #5 from carambalabs/feature/PodAutoDeploy Update travis.yml to autodeploy new pod version Update travis.yml to autodeploy new pod version Update README.md Update README.md Merge pull request #2 from carambalabs/feature/NonReactivePublicInterface Readme + Swiftlint + Tests Merge branch 'master' into feature/NonReactivePublicInterface Updated pod spec support (iOS and tvOS) Fixed a linter warning Update Readme Update Example project Podfile to use correct specs repo Update UnplashImage class to support watchos Update Podfile.lock and podspec Fix import main os frameworks for different oss Disable linting from Travis Add fastlane line for fetching the tags once the release gets created Merge branch 'master' into feature/NonReactivePublicInterface Rename UnsplasKit to UnsplashClient for public class Remove UnsplashKit Spec Add missing imports in UnsplashImage Bump podspec to 0.0.14 Bump podspec to 0.0.13 Disable pod lib lint verbosity Bump podspec to 0.0.12 Bump podspec to 0.0.11 Bump podspec to 0.0.10 Add about section to the Readme Completed all the UnsplashKit call specs Added specs for UnsplashKit class Update testing project config Update Readme Update project to fix swiftlint warnings

    Source code(tar.gz)
    Source code(zip)
  • 0.0.17(Aug 27, 2016)

  • 0.0.16(Aug 27, 2016)

  • 0.0.15(Aug 27, 2016)

    Bump podspec to 0.0.15 Merge pull request #5 from carambalabs/feature/PodAutoDeploy Update travis.yml to autodeploy new pod version Update travis.yml to autodeploy new pod version Update README.md Update README.md Merge pull request #2 from carambalabs/feature/NonReactivePublicInterface Readme + Swiftlint + Tests Merge branch 'master' into feature/NonReactivePublicInterface Updated pod spec support (iOS and tvOS) Fixed a linter warning Update Readme Update Example project Podfile to use correct specs repo Update UnplashImage class to support watchos Update Podfile.lock and podspec Fix import main os frameworks for different oss Disable linting from Travis Add fastlane line for fetching the tags once the release gets created Merge branch 'master' into feature/NonReactivePublicInterface Rename UnsplasKit to UnsplashClient for public class Remove UnsplashKit Spec Add missing imports in UnsplashImage Bump podspec to 0.0.14 Bump podspec to 0.0.13 Add about section to the Readme Completed all the UnsplashKit call specs Added specs for UnsplashKit class Update testing project config Update Readme Update project to fix swiftlint warnings

    Source code(tar.gz)
    Source code(zip)
  • 0.0.14(Aug 12, 2016)

    Bump podspec to 0.0.14 Bump podspec to 0.0.13 Disable pod lib lint verbosity Bump podspec to 0.0.12 Bump podspec to 0.0.11 Bump podspec to 0.0.10

    Source code(tar.gz)
    Source code(zip)
  • 0.0.12(Aug 12, 2016)

  • 0.0.10(Aug 12, 2016)

Owner
Modo
We are Modo, a remote digital product studio
Modo
Unofficial GitHub API client in Swift

Github.swift ❤️ Support my apps ❤️ Push Hero - pure Swift native macOS application to test push notifications PastePal - Pasteboard, note and shortcut

Khoa 184 Nov 25, 2022
Instagram API client written in Swift

SwiftInstagram is a wrapper for the Instagram API written in Swift. It allows you to authenticate users and request data from Instagram effortlessly.

Ander Goig 579 Dec 31, 2022
A Slack API Client for the Perfect Server-Side Swift Framework

PerfectSlackAPIClient is an API Client to access the Slack API from your Perfect Server Side Swift application. It is build on top of PerfectAPIClient

Cap.雪ノ下八幡 2 Dec 1, 2019
Giphy API client for iOS in Objective-C

Giphy-iOS Giphy-iOS is a Giphy API client for iOS in Objective-C. Usage To run the example project, clone the repo, and run pod install from the Examp

alex choi 52 Jul 11, 2019
A Dropbox v2 client library written in Objective-C

TJDropbox TJDropbox is a Dropbox v2 client library written in Objective-C. When Dropbox originally announced their v2 API they included only a Swift c

Tim Johnsen 61 Dec 21, 2022
AWS Full Stack Swift with Apple CarPlay

This application demonstrates a full-stack Apple CarPlay app that uses Swift for both the UI and the backend services in AWS. The app accesses Lambda functions written in Swift and deployed from Docker images. The app accesses Amazon Location Service and a 3rd party weather api to display information in the vicinity of the user.

AWS Samples 100 Jan 6, 2023
A Swift wrapper for Foursquare API. iOS and OSX.

Das Quadrat Das Quadrat is Foursquare API wrapper written in Swift. Features Supports iOS and OSX. Covers all API endpoints. Authorization process imp

Constantine Fry 171 Jun 18, 2022
Pokeapi wrapper, written in Swift

PokemonKit What is this? PokemonKit is a swift wrapper for Pokeapi. PokemonKit use Alamofire and PromiseKit for async web requests handling. Usage imp

Continuous Learning 105 Nov 16, 2022
A swift SDK for Medium's OAuth2 API

Medium SDK - Swift A library to allow access to Medium API for any Swift iOS application. Features Medium.com authorization & token handling Login sta

null 11 Jan 22, 2022
A Twitter framework for iOS & OS X written in Swift

Getting Started Installation If you're using Xcode 6 and above, Swifter can be installed by simply dragging the Swifter Xcode project into your own pr

Matt Donnelly 2.4k Dec 30, 2022
Build Slack apps, in Swift

SlackKit: Slack Apps in Swift Description SlackKit makes it easy to build Slack apps in Swift. It's intended to expose all of the functionality of Sla

Peter Zignego 1k Dec 20, 2022
👤 Framework to Generate Random Users - An Unofficial Swift SDK for randomuser.me

RandomUserSwift is an easy to use Swift framework that provides the ability to generate random users and their accompanying data for your Swift applic

Wilson Ding 95 Sep 9, 2022
Swift 3 framework for accessing data in Event Registry (http://eventregistry.org/)

PPEventRegistryAPI Swift 3 framework for accessing data in Event Registry (http://eventregistry.org/) Supported API calls Log In Get Event By Identifi

Pavel Pantus 8 Nov 1, 2016
The Swift-est way to build native mobile apps that connect to Salesforce.

Swiftly Salesforce is the Swift-est way to build native mobile apps that connect to Salesforce: Written entirely in Swift. Very easy to install and up

Michael Epstein 131 Nov 23, 2022
An Elegant Spotify Web API Library Written in Swift for iOS and macOS

Written in Swift 4.2 Spartan is a lightweight, elegant, and easy to use Spotify Web API wrapper library for iOS and macOS written in Swift 3. Under th

Dalton Hinterscher 107 Nov 8, 2022
An Elegant Financial Markets Library Written in Swift

Notice As of May 20th, 2017, it appears that Yahoo is dropping support for a few features that BigBoard supports or there is an outage on their end ca

Dalton Hinterscher 66 Dec 7, 2022
Swift Wrapper For Bittrex API

BittrexApiKit Swift client for Bittrex api. It support all APIs with most recent changes. more info here let api = Bittrex(apikey: "api key", secretke

Saeid 8 Apr 5, 2021
iOS/macOS Cross-platform Ark-Ecosystem Framework in Swift | Powered by Ѧrk.io |

a macOS & iOS Swift Framework for Ark.io. What is ARKKit? ARKKit is wrapper for interacting with the Ark Ecosystem. It is written purely in Swift 4.0,

Simon 19 Jun 28, 2022
A Swift Framework build for the Ark Ecosystem

Introduction Overview SwiftyArk is a simple, lightweight framework for the Ark Ecosystem. SwiftyArk provides a simple wrapper for accessing Ark accoun

Andrew Walz 8 May 12, 2019