diff --git a/.github/dependency-review-config.yml b/.github/dependency-review-config.yml new file mode 100644 index 00000000000..03592765524 --- /dev/null +++ b/.github/dependency-review-config.yml @@ -0,0 +1,44 @@ +# License allowlist for dependency review. +# Based on amazon-ospo/dependency-review-config/default with additional +# compound SPDX expressions required by this repo's RubyGems dependencies. +allow-licenses: + - 0BSD + - Apache-2.0 + - BSD-1-Clause + - BSD-2-Clause + - BSD-2-Clause-FreeBSD + - BSD-3-Clause + - BSD-3-Clause-Attribution + - BSD-Source-Code + - bzip2-1.0.6 + - CDDL-1.1 + - CDLA-Permissive-2.0 + - curl + - EPL-2.0 + - ISC + - JSON + - MIT + - MPL-2.0 + - NTP + - OLDAP-2.8 + - OpenSSL + - PDDL-1.0 + - PostgreSQL + - Python-2.0 + - Ruby + - Spencer-94 + - Unicode-DFS-2015 + - Unicode-DFS-2016 + - Unlicense + - WTFPL + - X11 + - Zlib + - zlib-acknowledgement + # Compound SPDX expressions seen in RubyGems dependencies + - BSD-2-Clause AND BSD-3-Clause + - BSD-2-Clause AND BSD-3-Clause AND Ruby + - BSD-2-Clause AND MIT + - BSD-2-Clause AND MIT AND Ruby + - BSD-3-Clause AND MIT + - MIT AND Ruby + - LicenseRef-github-NOASSERTION diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 27ebe3b783b..aa122c8fd4d 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -21,4 +21,4 @@ jobs: - name: Dependency Review uses: actions/dependency-review-action@7d90b4f05fea31dde1c4a1fb3fa787e197ea93ab # v3.0.7 with: - config-file: aws-amplify/amplify-ci-support/.github/dependency-review-config.yml@main + config-file: './.github/dependency-review-config.yml' diff --git a/Gemfile b/Gemfile index c5ee5e1537e..6815acb5073 100644 --- a/Gemfile +++ b/Gemfile @@ -3,6 +3,6 @@ source "https://rubygems.org" gem 'xcpretty', '0.3.0' -gem 'cocoapods', '1.11.3' +gem 'cocoapods', '1.12.0' gem 'cocoapods-downloader', '1.6.3' gem 'jazzy', '0.14.2' \ No newline at end of file diff --git a/Gemfile.lock b/Gemfile.lock index 0aebb6ace46..ce1515a888e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,33 +1,38 @@ GEM remote: https://rubygems.org/ specs: - CFPropertyList (3.0.7) + CFPropertyList (3.0.8) + activesupport (7.2.3.1) base64 - nkf - rexml - activesupport (6.1.7.6) - concurrent-ruby (~> 1.0, >= 1.0.2) + benchmark (>= 0.3) + bigdecimal + concurrent-ruby (~> 1.0, >= 1.3.1) + connection_pool (>= 2.2.5) + drb i18n (>= 1.6, < 2) - minitest (>= 5.1) - tzinfo (~> 2.0) - zeitwerk (~> 2.3) - addressable (2.8.0) - public_suffix (>= 2.0.2, < 5.0) + logger (>= 1.4.2) + minitest (>= 5.1, < 6) + securerandom (>= 0.3) + tzinfo (~> 2.0, >= 2.0.5) + addressable (2.8.9) + public_suffix (>= 2.0.2, < 8.0) algoliasearch (1.27.5) httpclient (~> 2.8, >= 2.8.3) json (>= 1.5.1) atomos (0.1.3) - base64 (0.2.0) + base64 (0.3.0) + benchmark (0.5.0) + bigdecimal (4.0.1) claide (1.1.0) - cocoapods (1.11.3) + cocoapods (1.12.0) addressable (~> 2.8) claide (>= 1.0.2, < 2.0) - cocoapods-core (= 1.11.3) + cocoapods-core (= 1.12.0) cocoapods-deintegrate (>= 1.0.3, < 2.0) - cocoapods-downloader (>= 1.4.0, < 2.0) + cocoapods-downloader (>= 1.6.0, < 2.0) cocoapods-plugins (>= 1.0.0, < 2.0) cocoapods-search (>= 1.0.0, < 2.0) - cocoapods-trunk (>= 1.4.0, < 2.0) + cocoapods-trunk (>= 1.6.0, < 2.0) cocoapods-try (>= 1.1.0, < 2.0) colored2 (~> 3.1) escape (~> 0.0.4) @@ -35,10 +40,10 @@ GEM gh_inspector (~> 1.0) molinillo (~> 0.8.0) nap (~> 1.0) - ruby-macho (>= 1.0, < 3.0) + ruby-macho (>= 2.3.0, < 3.0) xcodeproj (>= 1.21.0, < 2.0) - cocoapods-core (1.11.3) - activesupport (>= 5.0, < 7) + cocoapods-core (1.12.0) + activesupport (>= 5.0, < 8) addressable (~> 2.8) algoliasearch (~> 1.0) concurrent-ruby (~> 1.1) @@ -57,16 +62,20 @@ GEM netrc (~> 0.11) cocoapods-try (1.2.0) colored2 (3.1.2) - concurrent-ruby (1.2.2) + concurrent-ruby (1.3.6) + connection_pool (3.0.2) + drb (2.2.3) escape (0.0.4) - ethon (0.15.0) + ethon (0.18.0) ffi (>= 1.15.0) - ffi (1.15.5) + logger + ffi (1.17.3) fourflusher (2.3.1) fuzzy_match (2.0.4) gh_inspector (1.1.3) - httpclient (2.8.3) - i18n (1.14.1) + httpclient (2.9.0) + mutex_m + i18n (1.14.8) concurrent-ruby (~> 1.0) jazzy (0.14.2) cocoapods (~> 1.5) @@ -78,51 +87,52 @@ GEM sassc (~> 2.1) sqlite3 (~> 1.3) xcinvoke (~> 0.3.0) - json (2.6.1) + json (2.19.2) liferaft (0.0.6) - mini_portile2 (2.8.7) - minitest (5.19.0) + logger (1.7.0) + mini_portile2 (2.8.9) + minitest (5.27.0) molinillo (0.8.0) - mustache (1.1.1) - nanaimo (0.3.0) + mustache (1.1.2) + mutex_m (0.3.0) + nanaimo (0.4.0) nap (1.1.0) netrc (0.11.0) - nkf (0.2.0) open4 (1.3.4) - public_suffix (4.0.6) - redcarpet (3.5.1) - rexml (3.4.2) + public_suffix (4.0.7) + redcarpet (3.6.1) + rexml (3.4.4) rouge (2.0.7) ruby-macho (2.5.1) sassc (2.4.0) ffi (~> 1.9) + securerandom (0.4.1) sqlite3 (1.7.3) mini_portile2 (~> 2.8.0) - typhoeus (1.4.0) - ethon (>= 0.9.0) + typhoeus (1.6.0) + ethon (>= 0.18.0) tzinfo (2.0.6) concurrent-ruby (~> 1.0) xcinvoke (0.3.0) liferaft (~> 0.0.6) - xcodeproj (1.25.0) + xcodeproj (1.27.0) CFPropertyList (>= 2.3.3, < 4.0) atomos (~> 0.1.3) claide (>= 1.0.2, < 2.0) colored2 (~> 3.1) - nanaimo (~> 0.3.0) - rexml (>= 3.3.2, < 4.0) + nanaimo (~> 0.4.0) + rexml (>= 3.3.6, < 4.0) xcpretty (0.3.0) rouge (~> 2.0.7) - zeitwerk (2.6.11) PLATFORMS ruby DEPENDENCIES - cocoapods (= 1.11.3) + cocoapods (= 1.12.0) cocoapods-downloader (= 1.6.3) jazzy (= 0.14.2) xcpretty (= 0.3.0) BUNDLED WITH - 2.5.14 + 4.0.8