Skip to content

chore(deps): bump cocoapods to 1.16.2 #5564

Merged
ekjotmultani merged 9 commits into
mainfrom
chore/rails-support-bump
Mar 26, 2026
Merged

chore(deps): bump cocoapods to 1.16.2 #5564
ekjotmultani merged 9 commits into
mainfrom
chore/rails-support-bump

Conversation

@ekjotmultani
Copy link
Copy Markdown
Member

@ekjotmultani ekjotmultani commented Mar 24, 2026

Issue #, if available:

Description of changes:
bumps cocoapods and regenerates lockfile to get the latest version of Rails Active Support to address https://github.com/aws-amplify/aws-sdk-ios/security/dependabot/10

Check points:

  • Added new tests to cover change, if needed
  • All unit tests pass
  • All integration tests pass
  • Updated CHANGELOG.md
  • Documentation update for the change if required
  • PR title conforms to conventional commit style

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@ekjotmultani ekjotmultani force-pushed the chore/rails-support-bump branch from 476c1d4 to 6fc2d21 Compare March 24, 2026 23:00
@ekjotmultani
chore: bump cocoapods to 1.12.0 to resolve activesupport XSS vulnerab…
d851880 
…ility (CVE in SafeBuffer#%)

Upgrades cocoapods from 1.11.3 to 1.12.0 (minimum version that relaxes
the activesupport constraint from < 7 to < 8), allowing activesupport
to resolve to 7.2.3.1 (the earliest patched version).

Fixes Dependabot alert #10.
@ekjotmultani ekjotmultani force-pushed the chore/rails-support-bump branch from 6fc2d21 to d851880 Compare March 24, 2026 23:06
ekjotmultani and others added 6 commits March 24, 2026 16:16
@ekjotmultani
chore: point dependency review config to amazon-ospo
cfff64a
@ekjotmultani
chore: add local dependency review config with compound SPDX expressions
01fa7fc 
The amazon-ospo allowlist contains all individual licenses used by our
dependencies, but the dependency-review-action does not decompose
compound SPDX expressions (e.g. "MIT AND Ruby"). This adds a local
config that includes the OSPO allowlist plus the compound expressions
required by our RubyGems dependencies.
@ekjotmultani
chore: update CI runners to macos-latest
34b0bd7
@thisisabhash
update iOS simulators for tests
396eb03
@ekjotmultani
chore: rebuild libOCMock.a for arm64 simulator (OCMock 3.9.4)
3f4bb4d 
The old binary only had arm64-device + x86_64-simulator slices.
On macos-latest (Apple Silicon), the iOS simulator runs arm64 and
the linker rejected the device arm64 slice.

Rebuilt from OCMock 3.9.4 with arm64-simulator + x86_64-simulator
slices. Updated public headers to match.
@ekjotmultani
Revert "chore: rebuild libOCMock.a for arm64 simulator (OCMock 3.9.4)"
4a3c474 
This reverts commit 3f4bb4d.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thisisabhash thisisabhash thisisabhash approved these changes

@awsmobilesdk awsmobilesdk Awaiting requested review from awsmobilesdk awsmobilesdk is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ekjotmultani @thisisabhash