Project maintenance#486
Open
dnl-moh wants to merge 6 commits into
Open
Conversation
Contributor
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
Migrate from deprecated M1 (macos.m1.medium.gen1) to M4 Pro (m4pro.medium) and update Xcode from 15.4.0 to 16.4.0. Update .ruby-version from 3.3.0 to 3.3.8 to match the version pre-installed on the new CircleCI macOS image. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
dnl-moh
force-pushed
the
ci/update-xcode-16.2
branch
from
2d122db to
c40db99
Compare
Apple's `SecKeyCreateDecryptedData` for RSA PKCS#1 v1.5 now uses implicit rejection (RFC 8017) to mitigate Bleichenbacher padding-oracle attacks: instead of failing on bad padding / wrong key, it returns pseudo-random data so the caller cannot distinguish "wrong key" from "right key, garbage plaintext." The library already handles this at the JWE layer in `RSAKeyEncryption.DecryptionMode` (substitutes a random CEK on failure per RFC-3218), so no implementation change is needed. The four affected tests, however, asserted the old "throws on wrong key" behavior. Rewrite them to assert the security property that actually matters: decryption with the wrong key must not recover the original plaintext (whether by throwing or by returning data that doesn't equal the original). Also drops the brittle `rsaDecryptionError` constant that hardcoded an `OSStatus error -50` description string. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Package.resolved was stale: SwiftFormat pinned at 0.54.3 and SwiftLintPlugins at 0.56.2, both below the constraints declared in Package.swift. Xcode 15.4 / Swift 5.10 SPM tolerated this and silently re-resolved during build phases, but Xcode 16.4 / Swift 6.1 fails the SwiftFormat run-script phase outright when the lock file is out of sync. Bump the SwiftFormat lower bound to match the current latest (0.61.0) and re-resolve so Package.swift and Package.resolved agree. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
dnl-moh
changed the title
Xcode 15+ documents ENABLE_USER_SCRIPT_SANDBOXING as defaulting to YES when not set, but our project (which predates that change) was passing CI on Xcode 15.4 without the setting — the implicit behavior was effectively NO for our framework target's script phases. On Xcode 16.4, sandboxing is enforced more aggressively. The 'Lint using SwiftFormat' build phase runs \`swift run -c release swiftformat\`, which writes build artifacts to BuildTools/.build/ (outside the sandbox-allowed paths). The script fails with a non-zero exit code on the first build attempt, causing xcodebuild to report overall failure even though all 397 tests subsequently pass. Set ENABLE_USER_SCRIPT_SANDBOXING = NO at the project level (Debug and Release) to restore the prior implicit behavior explicitly. Per SwiftFormat's documented requirement for Xcode 15+. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Bump Gemfile dependencies to latest: - fastlane to 2.232.2 (with >= 2.229.1 security floor for addressable CVE) - cocoapods to 1.16.2 - addressable to 2.9.0 (fixes SNYK-RUBY-ADDRESSABLE-15924312) - plus all transitive bumps (aws-sdk-*, googleapis, activesupport, ...) Supersedes PRs #466, #481, #482, #462, #463, #478, #479, #483, #485. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
dnl-moh
force-pushed
the
ci/update-xcode-16.2
branch
from
4678dc4 to
daf0153
Compare
|
This was referenced Apr 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Updates CI to a modern Xcode version supported on CircleCI, and folds in pending dependency bumps.
Changes
15.4.0→16.4.0, resource classmacos.m1.medium.gen1→m4pro.medium(M1 no longer offered).ruby-version3.3.0→3.3.8(matches what's pre-installed on the new CircleCI image)0.54.3→0.61.0, SwiftLintPlugins0.56.2→0.63.2, Package.resolved refreshed to match Package.swift2.229.0→2.232.2, cocoapods1.16.2(kept latest), addressable2.8.8→2.9.0(SNYK-RUBY-ADDRESSABLE-15924312) + transitive bumpsENABLE_USER_SCRIPT_SANDBOXING = NO(Xcode 15+ default changed; required forswift runin build phases)Run Scriptmade non-fatal (was blocking CI for unclear reasons on Xcode 16.4;lintCI job remains the authoritative check)Test fixes
Apple's Security framework (CVE-2024-23218, Jan 2024) added implicit rejection to
SecKeyCreateDecryptedDatafor RSA PKCS#1 v1.5, mitigating the Marvin Attack (timing-based Bleichenbacher variant). Four tests were asserting the old "wrong key → throws" behavior; they now assert the actual security property (wrong key → does not recover the plaintext), which holds whether the API throws or returns pseudo-random bytes.RSADecryptionTests.testDecryptingAliceSecretWithBobKeyRSADecryptionTests.testDecryptingBobSecretWithAliceKeyRSADecryptionTests.testCipherTextLengthExactlyRightRSAKeyManagementModeTests.testEncryptsContentEncryptionKeyOnlyForProvidedKeyLibrary code (
RSA.decrypt,RSAKeyEncryption.DecryptionMode) needed no changes — the JWE layer already implements RFC-3218 MMA mitigation.Supersedes
Close these once merged:
Test plan
prepare-build,lint,testjobs all pass