chore(deps): bump the dependencies group with 4 updates

[dependabot]

Bumps the dependencies group with 4 updates: github.com/vapor/vapor, github.com/vapor/fluent, github.com/vapor/leaf and github.com/tid-kijyun/kanna.

Updates github.com/vapor/vapor from 4.57.0 to 4.66.0

Release notes

Sourced from github.com/vapor/vapor's releases.

Prevent vapor from crashing during a crash in third-party code, obfuscating the real problem

This patch was authored by @​Joannis and released by @​0xTim.

If a third-party library or user defined code crashed a Vapor app, the Vapor Application deinit will crash the app before the real issue pops up. This leads to frustrating debug sessions

Fixing issue #2755: updating config storage inside HTTPServer

This patch was authored by @​rkreutz and released by @​gwynne.

We can update application.storage from within HTTPServer, this way we can keep any changes that happen to the configuration internally up-to-date with the application storage.

This possibly has the least changes and less surface of potential flaws, since we are only adding an extra param and working on top of it. However, now we are setting the application storage from within HTTPServer, there is no issue with that, is just that now we have 2 places changing the storage for the config.

Resolves #2755

Add missing protocol ExpressibleByStringLiteral to HTTPHeaders.Name

This patch was authored by @​grahamburgsma and released by @​0xTim.

Add missing protocol ExpressibleByStringLiteral to HTTPHeaders.Name. The implementation init(stringLiteral:) was there, but the actual protocol was missing.

Implement support for custom verify callbacks

This patch was authored by @​Lukasa and released by @​0xTim.

Motivation

When using NIOSSL it is sometimes necessary to completely take over the certificate verification logic. NIOSSL exposes a callback for this, but it's currently hidden from Vapor users. We should let them get access to this callback.

Modifications

• Added the callback to the HTTPServer configuration struct.
• Plumbed the callback through.
• Added some invalid test certs to the resources for the tests.
• Added a test to confirm the override functions correctly.

Result

Users can override client cert validation.

Add support for regular expression validations

This patch was authored by @​K1NXZ and released by @​0xTim.

Validate a regular expression pattern

Example:

struct TestContent: Codable, Validatable {
    static func validations(_ validations: inout Validations) {
        validations.add("numbersOnly", as: String.self, is: .pattern("^[0-9]*$"))
</tr></table> 

... (truncated)

Commits

• 9a837b8 Prevent vapor from crashing during a crash in third-party code, obfuscating t...
• 319254b Fixed HTTP Decompression Test Failures (#2897)
• dda0de5 Fixing issue #2755: updating config storage inside HTTPServer (#2882)
• a875f1d Migrate tests from NIOAtomics to Atomics (#2887)
• b37dfa7 FileIO doc fix for streamFile. (#2886)
• 45bc9ab Update comment in DebuggableError.swift (#2876)
• 971becb Add missing protocol ExpressibleByStringLiteral to HTTPHeaders.Name (#2874)
• de68c34 Fix Leaf Downstream CI (#2875)
• c814b6f Implement support for custom verify callbacks (#2865)
• b518199 Added support for RegExp pattern Validation (#2856)
• Additional commits viewable in compare view

Updates github.com/vapor/fluent from 4.4.0 to 4.5.0

Release notes

Sourced from github.com/vapor/fluent's releases.

Add asyncCredentialsAuthenticator to ModelCredentialsAuthenticatable

This patch was authored by @​fatto and released by @​0xTim.

Adds asyncCredentialsAuthenticator to ModelCredentialsAuthenticatable to allow it to be overridden if needs be

Commits

• 26c4460 Add asyncCredentialsAuthenticator to ModelCredentialsAuthenticatable (#744)
• 469310c Add project board workflow (#740)
• 8407d95 Add project board workflow (#739)
• f008b2c Add project board workflow (#736)
• See full diff in compare view

Updates github.com/vapor/leaf from 4.1.5 to 4.2.4

Release notes

Sourced from github.com/vapor/leaf's releases.

Fix Algorithms Dependency Declaration

This patch was authored by @​dankinsoid and released by @​0xTim.

Swift Algorithms was used in Leaf but never explicitly declared as a dependency on the target. That resulted in compiler errors in some scenarios. The dependency is now correctly declared.

Fix retain cycle(s) in encoder implementation

This patch was authored by @​petrpavlik and released by @​0xTim.

This PR addresses issue vapor/leaf#215 and server as an alternative of PR vapor/leaf#216, that somehow got stuck in it's efforts of being merged in.

I've done 2 things to discover the issue and confirm the fix

• Xcode would show a bunch of memory leaks when using it's memory graph debugger, those are gone after the changes introduced in this PR
• I've switched https://swiftpack.co, which uses leaf heavily, to using my fork with this fix. The heroku graph bellow shows significantly lower memory consumption and does not seem to be crashing, though I still do do seem to have memory leaks somewhere in the codebase.

Add Swift Algorithms as an explicit dependency

This patch was authored by @​Joannis and released by @​0xTim.

Adds Swift Algorithms as an explicit dependency as we depend on it

Fix behavior of Leaf context encoding and improve Leaf errors

This patch was authored and released by @​gwynne.

Types which use superEncoder(forKey:) in their Codable conformance (such as Fluent models) can now safely be provided to Leaf views as context objects. In general, handling of context encoding is significantly improved.

LeafError now conforms to AbortError and DebuggableError for improved error UI/UX.

Update Supported Swift Versions

This patch was authored and released by @​0xTim.

This removes support for Swift 5.2 and Swift 5.3, making Swift 5.4 the earliest supported version as announced

Commits

• 6fe0e84 Fix Algorithms Dependency Declaration (#222)
• 79fbcfb Fix retain cycle(s) in encoder implementation (#220)
• bf1c279 Add Swift Algorithms as an explicit dependency (#217)
• 04f262e Fix behavior of Leaf context encoding and improve Leaf errors (#212)
• 7dcd710 Add contributing.md (#211)
• 804f272 Update Supported Swift Versions (#209)
• 526e951 Add project board workflow (#208)
• 6f2401e Add project board workflow (#207)
• See full diff in compare view

Updates github.com/tid-kijyun/kanna from 5.2.7 to 5.3.0

Release notes

Sourced from github.com/tid-kijyun/kanna's releases.

5.3.0

• Supports for Xcode 15 including Privacy Manifest (#265)
• Supports for visionOS (#268)
• Fixed podspec (#267 #269 #270)
• bugfix: supporting namespace for querying the same attribute name with different namespace (#264) @​codelynx

Commits

• 41c3d28 Merge pull request #270 from tid-kijyun/fix/cocoapods
• 0acdd3e Fixed podspec
• 1e32aef Merge pull request #269 from tid-kijyun/fix/cocoapods
• 1481fbd Fixed podspec
• 053f5e3 Merge pull request #268 from tid-kijyun/feature/supports_visionos
• 1615746 Added support for visioOS
• 58b7c44 Merge pull request #267 from tid-kijyun/fix/cocoapods
• 5ad0d50 Fixed podspec
• 6aed5c7 Bumping version to 5.3.0
• 9315350 Merge pull request #266 from tid-kijyun/fix/cocoapods
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[coderabbitai]

Important

Auto Review Skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

---

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit-tests for this file.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit tests for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository from git and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit tests.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• The JSON schema for the configuration file is available here.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

CodeRabbit Discord Community

Join our Discord Community to get help, request features, and share feedback.