From fe5c4a05676a818b4dc24e3ea062bc1c5648ccc7 Mon Sep 17 00:00:00 2001 From: Ross Goldberg <484615+rgoldberg@users.noreply.github.com> Date: Mon, 4 May 2026 05:58:41 -0400 Subject: [PATCH 1/4] Update dependencies. Signed-off-by: Ross Goldberg <484615+rgoldberg@users.noreply.github.com> --- Brewfile | 2 +- Package.resolved | 6 +++--- Package.swift | 2 +- .../PrivateFrameworks/include/CommerceKit/CKDownloadQueue.h | 2 +- .../include/CommerceKit/CKPurchaseController.h | 2 +- .../include/CommerceKit/CKServiceInterface.h | 2 +- Sources/PrivateFrameworks/include/CommerceKit/CommerceKit.h | 2 +- .../include/StoreFoundation/ISAccountService-Protocol.h | 2 +- .../include/StoreFoundation/ISServiceProxy.h | 2 +- .../include/StoreFoundation/ISStoreAccount.h | 2 +- .../PrivateFrameworks/include/StoreFoundation/SSDownload.h | 2 +- .../include/StoreFoundation/SSDownloadMetadata.h | 2 +- .../include/StoreFoundation/SSDownloadPhase.h | 2 +- .../include/StoreFoundation/SSDownloadStatus.h | 2 +- .../PrivateFrameworks/include/StoreFoundation/SSPurchase.h | 2 +- .../include/StoreFoundation/SSPurchaseResponse.h | 2 +- .../include/StoreFoundation/StoreFoundation.h | 2 +- 17 files changed, 19 insertions(+), 19 deletions(-) diff --git a/Brewfile b/Brewfile index 1f28ebc01..fa11a5c1c 100644 --- a/Brewfile +++ b/Brewfile @@ -2,7 +2,7 @@ brew "actionlint" # 1.7.12 brew "editorconfig-checker" # 3.6.1 brew "gh" # 2.92.0 brew "git" # 2.54.0 -brew "ipsw" # 3.1.672 +brew "ipsw" # 3.1.674 brew "markdownlint-cli2" # 0.22.1 brew "periphery" if MacOS.version >= :sequoia && `/usr/bin/arch` == "arm64" # 3.7.4 brew "shellcheck" # 0.11.0 diff --git a/Package.resolved b/Package.resolved index 0fa56e4d2..cc2208929 100644 --- a/Package.resolved +++ b/Package.resolved @@ -1,5 +1,5 @@ { - "originHash" : "a431011731c9cc16971b9a9760bd3b53ff3c42043a189d0bc6d9079bc46387bd", + "originHash" : "2277ed9d2daa7a09520ff58214e4aed1453d61cb6bf1cdee8c13b6f71eb09a02", "pins" : [ { "identity" : "bigint", @@ -87,8 +87,8 @@ "kind" : "remoteSourceControl", "location" : "https://github.com/mas-cli/swift-json.git", "state" : { - "revision" : "7f39f41878ed56acccc3634d917022737c82e030", - "version" : "3.3.0" + "revision" : "e9e1d77bbfe277d7e4e4557f0e26b35ac1e06337", + "version" : "3.3.1" } }, { diff --git a/Package.swift b/Package.swift index 185031573..98181a725 100644 --- a/Package.swift +++ b/Package.swift @@ -24,7 +24,7 @@ _ = Package( .package(url: "https://github.com/apple/swift-atomics.git", from: "1.3.0"), .package(url: "https://github.com/apple/swift-collections.git", from: "1.4.1"), .package(url: "https://github.com/attaswift/BigInt.git", from: "5.7.0"), - .package(url: "https://github.com/mas-cli/swift-json.git", from: "3.3.0"), + .package(url: "https://github.com/mas-cli/swift-json.git", from: "3.3.1"), .package(url: "https://github.com/scinfu/SwiftSoup.git", from: "2.13.4"), ], targets: [ diff --git a/Sources/PrivateFrameworks/include/CommerceKit/CKDownloadQueue.h b/Sources/PrivateFrameworks/include/CommerceKit/CKDownloadQueue.h index 2a29e0961..2bc409f4f 100644 --- a/Sources/PrivateFrameworks/include/CommerceKit/CKDownloadQueue.h +++ b/Sources/PrivateFrameworks/include/CommerceKit/CKDownloadQueue.h @@ -1,5 +1,5 @@ // -// Generated by https://github.com/blacktop/ipsw (Version: 3.1.672, BuildCommit: Homebrew) +// Generated by https://github.com/blacktop/ipsw (Version: 3.1.674, BuildCommit: Homebrew) // // - LC_BUILD_VERSION: Platform: macOS, MinOS: 26.2, SDK: 26.2, Tool: ld (1230.3) // - LC_SOURCE_VERSION: 716.2.2.0.0 diff --git a/Sources/PrivateFrameworks/include/CommerceKit/CKPurchaseController.h b/Sources/PrivateFrameworks/include/CommerceKit/CKPurchaseController.h index 777dabdc5..910495492 100644 --- a/Sources/PrivateFrameworks/include/CommerceKit/CKPurchaseController.h +++ b/Sources/PrivateFrameworks/include/CommerceKit/CKPurchaseController.h @@ -1,5 +1,5 @@ // -// Generated by https://github.com/blacktop/ipsw (Version: 3.1.672, BuildCommit: Homebrew) +// Generated by https://github.com/blacktop/ipsw (Version: 3.1.674, BuildCommit: Homebrew) // // - LC_BUILD_VERSION: Platform: macOS, MinOS: 26.2, SDK: 26.2, Tool: ld (1230.3) // - LC_SOURCE_VERSION: 716.2.2.0.0 diff --git a/Sources/PrivateFrameworks/include/CommerceKit/CKServiceInterface.h b/Sources/PrivateFrameworks/include/CommerceKit/CKServiceInterface.h index be9cc852e..4c8f392d9 100644 --- a/Sources/PrivateFrameworks/include/CommerceKit/CKServiceInterface.h +++ b/Sources/PrivateFrameworks/include/CommerceKit/CKServiceInterface.h @@ -1,5 +1,5 @@ // -// Generated by https://github.com/blacktop/ipsw (Version: 3.1.672, BuildCommit: Homebrew) +// Generated by https://github.com/blacktop/ipsw (Version: 3.1.674, BuildCommit: Homebrew) // // - LC_BUILD_VERSION: Platform: macOS, MinOS: 26.2, SDK: 26.2, Tool: ld (1230.3) // - LC_SOURCE_VERSION: 716.2.2.0.0 diff --git a/Sources/PrivateFrameworks/include/CommerceKit/CommerceKit.h b/Sources/PrivateFrameworks/include/CommerceKit/CommerceKit.h index 656599438..d8898b943 100644 --- a/Sources/PrivateFrameworks/include/CommerceKit/CommerceKit.h +++ b/Sources/PrivateFrameworks/include/CommerceKit/CommerceKit.h @@ -1,5 +1,5 @@ // -// Generated by https://github.com/blacktop/ipsw (Version: 3.1.672, BuildCommit: Homebrew) +// Generated by https://github.com/blacktop/ipsw (Version: 3.1.674, BuildCommit: Homebrew) // // - LC_BUILD_VERSION: Platform: macOS, MinOS: 26.2, SDK: 26.2, Tool: ld (1230.3) // - LC_SOURCE_VERSION: 716.2.2.0.0 diff --git a/Sources/PrivateFrameworks/include/StoreFoundation/ISAccountService-Protocol.h b/Sources/PrivateFrameworks/include/StoreFoundation/ISAccountService-Protocol.h index b34a00393..bd55b74b9 100644 --- a/Sources/PrivateFrameworks/include/StoreFoundation/ISAccountService-Protocol.h +++ b/Sources/PrivateFrameworks/include/StoreFoundation/ISAccountService-Protocol.h @@ -1,5 +1,5 @@ // -// Generated by https://github.com/blacktop/ipsw (Version: 3.1.672, BuildCommit: Homebrew) +// Generated by https://github.com/blacktop/ipsw (Version: 3.1.674, BuildCommit: Homebrew) // // - LC_BUILD_VERSION: Platform: macOS, MinOS: 26.2, SDK: 26.2, Tool: ld (1230.3) // - LC_SOURCE_VERSION: 716.2.2.0.0 diff --git a/Sources/PrivateFrameworks/include/StoreFoundation/ISServiceProxy.h b/Sources/PrivateFrameworks/include/StoreFoundation/ISServiceProxy.h index 368fb1332..32f45d99f 100644 --- a/Sources/PrivateFrameworks/include/StoreFoundation/ISServiceProxy.h +++ b/Sources/PrivateFrameworks/include/StoreFoundation/ISServiceProxy.h @@ -1,5 +1,5 @@ // -// Generated by https://github.com/blacktop/ipsw (Version: 3.1.672, BuildCommit: Homebrew) +// Generated by https://github.com/blacktop/ipsw (Version: 3.1.674, BuildCommit: Homebrew) // // - LC_BUILD_VERSION: Platform: macOS, MinOS: 26.2, SDK: 26.2, Tool: ld (1230.3) // - LC_SOURCE_VERSION: 716.2.2.0.0 diff --git a/Sources/PrivateFrameworks/include/StoreFoundation/ISStoreAccount.h b/Sources/PrivateFrameworks/include/StoreFoundation/ISStoreAccount.h index f04086cd7..3866819f0 100644 --- a/Sources/PrivateFrameworks/include/StoreFoundation/ISStoreAccount.h +++ b/Sources/PrivateFrameworks/include/StoreFoundation/ISStoreAccount.h @@ -1,5 +1,5 @@ // -// Generated by https://github.com/blacktop/ipsw (Version: 3.1.672, BuildCommit: Homebrew) +// Generated by https://github.com/blacktop/ipsw (Version: 3.1.674, BuildCommit: Homebrew) // // - LC_BUILD_VERSION: Platform: macOS, MinOS: 26.2, SDK: 26.2, Tool: ld (1230.3) // - LC_SOURCE_VERSION: 716.2.2.0.0 diff --git a/Sources/PrivateFrameworks/include/StoreFoundation/SSDownload.h b/Sources/PrivateFrameworks/include/StoreFoundation/SSDownload.h index a9d69424a..1b289b5bf 100644 --- a/Sources/PrivateFrameworks/include/StoreFoundation/SSDownload.h +++ b/Sources/PrivateFrameworks/include/StoreFoundation/SSDownload.h @@ -1,5 +1,5 @@ // -// Generated by https://github.com/blacktop/ipsw (Version: 3.1.672, BuildCommit: Homebrew) +// Generated by https://github.com/blacktop/ipsw (Version: 3.1.674, BuildCommit: Homebrew) // // - LC_BUILD_VERSION: Platform: macOS, MinOS: 26.2, SDK: 26.2, Tool: ld (1230.3) // - LC_SOURCE_VERSION: 716.2.2.0.0 diff --git a/Sources/PrivateFrameworks/include/StoreFoundation/SSDownloadMetadata.h b/Sources/PrivateFrameworks/include/StoreFoundation/SSDownloadMetadata.h index 1587527a1..9cee60230 100644 --- a/Sources/PrivateFrameworks/include/StoreFoundation/SSDownloadMetadata.h +++ b/Sources/PrivateFrameworks/include/StoreFoundation/SSDownloadMetadata.h @@ -1,5 +1,5 @@ // -// Generated by https://github.com/blacktop/ipsw (Version: 3.1.672, BuildCommit: Homebrew) +// Generated by https://github.com/blacktop/ipsw (Version: 3.1.674, BuildCommit: Homebrew) // // - LC_BUILD_VERSION: Platform: macOS, MinOS: 26.2, SDK: 26.2, Tool: ld (1230.3) // - LC_SOURCE_VERSION: 716.2.2.0.0 diff --git a/Sources/PrivateFrameworks/include/StoreFoundation/SSDownloadPhase.h b/Sources/PrivateFrameworks/include/StoreFoundation/SSDownloadPhase.h index e06ca7125..92b8484be 100644 --- a/Sources/PrivateFrameworks/include/StoreFoundation/SSDownloadPhase.h +++ b/Sources/PrivateFrameworks/include/StoreFoundation/SSDownloadPhase.h @@ -1,5 +1,5 @@ // -// Generated by https://github.com/blacktop/ipsw (Version: 3.1.672, BuildCommit: Homebrew) +// Generated by https://github.com/blacktop/ipsw (Version: 3.1.674, BuildCommit: Homebrew) // // - LC_BUILD_VERSION: Platform: macOS, MinOS: 26.2, SDK: 26.2, Tool: ld (1230.3) // - LC_SOURCE_VERSION: 716.2.2.0.0 diff --git a/Sources/PrivateFrameworks/include/StoreFoundation/SSDownloadStatus.h b/Sources/PrivateFrameworks/include/StoreFoundation/SSDownloadStatus.h index 49d2d4320..005c7ff78 100644 --- a/Sources/PrivateFrameworks/include/StoreFoundation/SSDownloadStatus.h +++ b/Sources/PrivateFrameworks/include/StoreFoundation/SSDownloadStatus.h @@ -1,5 +1,5 @@ // -// Generated by https://github.com/blacktop/ipsw (Version: 3.1.672, BuildCommit: Homebrew) +// Generated by https://github.com/blacktop/ipsw (Version: 3.1.674, BuildCommit: Homebrew) // // - LC_BUILD_VERSION: Platform: macOS, MinOS: 26.2, SDK: 26.2, Tool: ld (1230.3) // - LC_SOURCE_VERSION: 716.2.2.0.0 diff --git a/Sources/PrivateFrameworks/include/StoreFoundation/SSPurchase.h b/Sources/PrivateFrameworks/include/StoreFoundation/SSPurchase.h index 14e1cd42f..4c87cda0c 100644 --- a/Sources/PrivateFrameworks/include/StoreFoundation/SSPurchase.h +++ b/Sources/PrivateFrameworks/include/StoreFoundation/SSPurchase.h @@ -1,5 +1,5 @@ // -// Generated by https://github.com/blacktop/ipsw (Version: 3.1.672, BuildCommit: Homebrew) +// Generated by https://github.com/blacktop/ipsw (Version: 3.1.674, BuildCommit: Homebrew) // // - LC_BUILD_VERSION: Platform: macOS, MinOS: 26.2, SDK: 26.2, Tool: ld (1230.3) // - LC_SOURCE_VERSION: 716.2.2.0.0 diff --git a/Sources/PrivateFrameworks/include/StoreFoundation/SSPurchaseResponse.h b/Sources/PrivateFrameworks/include/StoreFoundation/SSPurchaseResponse.h index fbf7dc41f..b0db854f6 100644 --- a/Sources/PrivateFrameworks/include/StoreFoundation/SSPurchaseResponse.h +++ b/Sources/PrivateFrameworks/include/StoreFoundation/SSPurchaseResponse.h @@ -1,5 +1,5 @@ // -// Generated by https://github.com/blacktop/ipsw (Version: 3.1.672, BuildCommit: Homebrew) +// Generated by https://github.com/blacktop/ipsw (Version: 3.1.674, BuildCommit: Homebrew) // // - LC_BUILD_VERSION: Platform: macOS, MinOS: 26.2, SDK: 26.2, Tool: ld (1230.3) // - LC_SOURCE_VERSION: 716.2.2.0.0 diff --git a/Sources/PrivateFrameworks/include/StoreFoundation/StoreFoundation.h b/Sources/PrivateFrameworks/include/StoreFoundation/StoreFoundation.h index 5e2b982d8..5fcd2ce9e 100644 --- a/Sources/PrivateFrameworks/include/StoreFoundation/StoreFoundation.h +++ b/Sources/PrivateFrameworks/include/StoreFoundation/StoreFoundation.h @@ -1,5 +1,5 @@ // -// Generated by https://github.com/blacktop/ipsw (Version: 3.1.672, BuildCommit: Homebrew) +// Generated by https://github.com/blacktop/ipsw (Version: 3.1.674, BuildCommit: Homebrew) // // - LC_BUILD_VERSION: Platform: macOS, MinOS: 26.2, SDK: 26.2, Tool: ld (1230.3) // - LC_SOURCE_VERSION: 716.2.2.0.0 From 45199c60ad428e49b69976237cfea0d02e095463 Mon Sep 17 00:00:00 2001 From: Ross Goldberg <484615+rgoldberg@users.noreply.github.com> Date: Tue, 5 May 2026 05:42:26 -0400 Subject: [PATCH 2/4] Add OSSF Scorecard GHA workflow. Signed-off-by: Ross Goldberg <484615+rgoldberg@users.noreply.github.com> --- .github/workflows/scorecard.yaml | 55 ++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 .github/workflows/scorecard.yaml diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml new file mode 100644 index 000000000..2d885e6f0 --- /dev/null +++ b/.github/workflows/scorecard.yaml @@ -0,0 +1,55 @@ +# +# .github/workflows/scorecard.yaml +# +--- +name: OSSF Scorecard +on: + branch_protection_rule: + types: [created, deleted, edited] + pull_request: + branches: + - main + push: + branches: [main] + schedule: + - cron: 27 21 * * 4 + workflow_dispatch: {} +permissions: {} +jobs: + analysis: + name: Scorecard analysis + runs-on: ubuntu-latest + if: github.event.repository.default_branch == github.ref_name || github.event_name == 'pull_request' + permissions: + contents: read + security-events: write + id-token: write + steps: + - name: Checkout code + env: + GIT_CONFIG_COUNT: 1 + GIT_CONFIG_KEY_0: init.defaultBranch + GIT_CONFIG_VALUE_0: ${{github.event.repository.default_branch}} + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: Run analysis + uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3 + with: + results_file: results.sarif + results_format: sarif + repo_token: ${{github.token}} + publish_results: ${{github.event_name != 'pull_request'}} + + - name: Upload artifact + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + - name: Upload to code-scanning + uses: github/codeql-action/upload-sarif@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3 + with: + sarif_file: results.sarif From e157fc3d1cade7b6f9bb9694667a64fce538d7ba Mon Sep 17 00:00:00 2001 From: Ross Goldberg <484615+rgoldberg@users.noreply.github.com> Date: Tue, 5 May 2026 08:58:28 -0400 Subject: [PATCH 3/4] Tighten permissions for `release-published.yaml`. Signed-off-by: Ross Goldberg <484615+rgoldberg@users.noreply.github.com> --- .github/workflows/release-published.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-published.yaml b/.github/workflows/release-published.yaml index 3b3b795b5..e3a214813 100644 --- a/.github/workflows/release-published.yaml +++ b/.github/workflows/release-published.yaml @@ -6,8 +6,7 @@ name: release-published on: release: types: [published] -permissions: - actions: read +permissions: {} defaults: run: # Force all run commands to not use Rosetta 2 @@ -17,6 +16,7 @@ jobs: if: ${{!github.event.repository.fork}} runs-on: macos-26 permissions: + actions: read contents: write pull-requests: write steps: From 76160a3db55220caa6b67246c019e35ebf08e73c Mon Sep 17 00:00:00 2001 From: Ross Goldberg <484615+rgoldberg@users.noreply.github.com> Date: Tue, 5 May 2026 09:54:56 -0400 Subject: [PATCH 4/4] Update `GEMINI.md`. Signed-off-by: Ross Goldberg <484615+rgoldberg@users.noreply.github.com> --- GEMINI.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/GEMINI.md b/GEMINI.md index 5f6171fe0..a38ccba40 100644 --- a/GEMINI.md +++ b/GEMINI.md @@ -67,7 +67,8 @@ Refer to [AGENTS.md](AGENTS.md) for comprehensive guidelines. Key highlights: ### YAML Guidelines -- **Style:** 2 spaces indentation, single quotes for strings, unix newlines. +- **Style:** 2-space indentation, unix newlines, quoted strings only when + necessary, single quotes for strings. - **Rules:** Forbid non-empty braces, require document start (`---`). ### Zsh Scripting