Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Minor gem updates #84

Merged
1 commit merged into from
Jul 31, 2019
Merged

Minor gem updates #84

1 commit merged into from
Jul 31, 2019

Conversation

ghost
Copy link

@ghost ghost commented Jul 30, 2019

Summary

Minor update to Ruby gem development dependencies to update mini-magick to resolve (CVE-2019-13574). This is a dependency of Fastlane, which we use for running our test suite and automating some of the release process.

Larger updates are available for some of our gems, but this is not the purpose of this PR. It is meant to be a minimal update for some bug and vulnerability fixes.

Note: This is a part of a dependency used for development of the framework and not a dependency of the framework itself.

@ghost ghost added the bug label Jul 30, 2019
@ghost ghost requested review from concertman and belenmdc July 30, 2019 07:10
concertman
concertman approved these changes Jul 30, 2019
View reviewed changes
Copy link

@concertman concertman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks ok for a security fix. CocoaPods is on 1.7.5 now but maybe we should hold off updating that and just look at moving to SPM instead

@ghost
Copy link
Author

ghost commented Jul 30, 2019

@concertman Yeah, holding off on a bigger update to CocoaPods until it's needed just to keep this PR as minimal as possible. I think exploring SPM longer-term makes sense. I'd wait until after Xcode 11 is released and there's better integration. I'd also want to wait until all our dev dependencies can be installed / managed by SPM.

Then there's a separate issue of supporting SPM as a delivery mechanism for FormValidatorSwift itself. Currently there's a very long standing issue with SPM that prevents us ( #4 ). We could also choose to stop providing localised default error strings, which is where the hang-up is. But that'd be a major change that I'd want to have a wider discussion about.

@ghost ghost merged commit 39879e2 into master Jul 31, 2019
@ghost ghost deleted the update-gems branch July 31, 2019 09:59
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@concertman @belenmdc