Add LICENSE and SECURITY.md files

.github/workflows/codeql-analysis.yml

@@ -12,14 +12,16 @@
 name: "CodeQL"
 
 on:
+  push:
+    branches: '*'
   pull_request:
     # The branches below must be a subset of the branches above
     branches: '*'
 
 jobs:
   analyze:
     name: Analyze
-    runs-on: ubuntu-latest
+    runs-on: macos-latest
     permissions:
       actions: read
       contents: read
@@ -28,17 +30,17 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'ruby' ]
+        language: [ 'swift' ]
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
         # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -48,11 +50,15 @@ jobs:
         # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
         # queries: security-extended,security-and-quality
 
-
+    - name: Install dependencies
+      run: |
+        sudo gem install cocoapods
+        pod install
+
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -65,4 +71,4 @@ jobs:
     #   ./location_of_script_within_repo/buildscript.sh
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3

.talismanrc

@@ -1,5 +1,17 @@
 fileignoreconfig:
 - filename: .github/workflows/secrets-scan.yml
+- filename: README.md
+  checksum: e725ff07d9c1bc643171e63e63e8de446017be17e9164909ec3a1b2585fe45a3
+- filename: Podfile.lock
+  checksum: 1e736dd1291867ab01f6557552c7fa275cce09f83fe85d91530a8848dee1e991
+- filename: csnews.xcodeproj/project.pbxproj
+  checksum: 4d045dea691bb025be52852918b463a973e3a3a9feea258782be9680b3fe44a0
+- filename: csnews.xcodeproj/xcshareddata/xcschemes/csnews.xcscheme
+  checksum: d3b2a9aaeb2194c3688178a88fed42399c2ce11967141267da2fa4ca352274ae
+- filename: Podfile.lock
+  checksum: 8092cb6bb4ccbf7b384dfacdae70eb97651522d41ccf1bb95cd2a4f3f3133907
+- filename: csnews.xcodeproj/project.pbxproj
+  checksum: aac67b934c7066328ee9b6d00d45e53fcf8f1ce8b2b950aa99f18ae5f2752673
   ignore_detectors:
     - filecontent
 version: "1.0"

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2012 - 2025 Contentstack
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Podfile

@@ -1,9 +1,23 @@
 source 'https://github.com/CocoaPods/Specs.git'
-platform :ios, '8.0'
+platform :ios, '15.6'
 use_frameworks!
 
 target 'csnews' do
-    pod 'NVActivityIndicatorView', '~> 4.4.0'
-    pod 'Kingfisher', '~> 4.10.0'
-    pod 'Contentstack'
+    pod 'NVActivityIndicatorView', '~> 5.2.0'
+    pod 'Kingfisher', '~> 8.5.0'
+    pod 'Contentstack', '~> 3.15.0'
 end
+
+post_install do |installer|
+    installer.pods_project.targets.each do |target|
+      target.build_configurations.each do |config|
+        config.build_settings['EXCLUDED_ARCHS[sdk=iphonesimulator*]'] = 'arm64'
+        config.build_settings['IPHONEOS_DEPLOYMENT_TARGET'] = '15.6'
+      end
+    end
+
+    # Remove _CodeSignature from all frameworks (fixes rsync sandbox error)
+    Dir.glob('Pods/**/*.framework/_CodeSignature').each do |code_signature|
+      FileUtils.rm_rf(code_signature)
+    end
+  end

Podfile.lock

@@ -1,26 +1,26 @@
 PODS:
-  - Contentstack (3.3.0)
-  - Kingfisher (4.10.1)
-  - NVActivityIndicatorView (4.4.1):
-    - NVActivityIndicatorView/Presenter (= 4.4.1)
-  - NVActivityIndicatorView/Presenter (4.4.1)
+  - Contentstack (3.15.0)
+  - Kingfisher (8.5.0)
+  - NVActivityIndicatorView (5.2.0):
+    - NVActivityIndicatorView/Base (= 5.2.0)
+  - NVActivityIndicatorView/Base (5.2.0)
 
 DEPENDENCIES:
-  - Contentstack
-  - Kingfisher (~> 4.10.0)
-  - NVActivityIndicatorView (~> 4.4.0)
+  - Contentstack (~> 3.15.0)
+  - Kingfisher (~> 8.5.0)
+  - NVActivityIndicatorView (~> 5.2.0)
 
 SPEC REPOS:
-  https://github.com/cocoapods/specs.git:
+  https://github.com/CocoaPods/Specs.git:
     - Contentstack
     - Kingfisher
     - NVActivityIndicatorView
 
 SPEC CHECKSUMS:
-  Contentstack: 297c5cfd221d0463b8f86093682dcfb04fe14f79
-  Kingfisher: c148cd7b47ebde9989f6bc7c27dcaa79d81279a0
-  NVActivityIndicatorView: f0a6b0ed2973d9544da268f4eb76696f0a9577b0
+  Contentstack: 2f82e64408036f33d9b561e65cd5c359943362fa
+  Kingfisher: ff0d31a1f07bdff6a1ebb3ba08b8e6e567b6500c
+  NVActivityIndicatorView: fe52a6a68664c2df8991d7d9e3d86d8d19453c53
 
-PODFILE CHECKSUM: 841fe30c08174e6ed20c8ce8df27fb8bfe0ce183
+PODFILE CHECKSUM: b2454119c050e263e2a299a5738b04b422663bf7
 
-COCOAPODS: 1.6.0.rc.2
+COCOAPODS: 1.16.2

README.md

@@ -4,7 +4,7 @@
 
 **About this project**: Create an iOS news app using Contentstack iOS SDK.
 
-<img src='https://images.contentstack.io/v3/assets/blt23180bf2502c7444/blt182cc4fed073dbcf/5d651634e1a1d62fee0efcac/ios_large.png?disposition=inline' width='650' height='550'/>
+<img src='https://images.contentstack.io/v3/assets/asset_uid/dummy_uid/5d651634e1a1d62fee0efcac/ios_large.png?disposition=inline' width='650' height='550'/>
 
  ## Tutorial
 

SECURITY.md

@@ -0,0 +1,27 @@
+# Security
+
+Contentstack takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations.
+
+If you believe you have found a security vulnerability in any Contentstack-owned repository, please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Send email to [security@contentstack.com](mailto:security@contentstack.com).
+
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message.
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+- Full paths of source file(s) related to the manifestation of the issue
+- The location of the affected source code (tag/branch/commit or direct URL)
+- Any special configuration required to reproduce the issue
+- Step-by-step instructions to reproduce the issue
+- Proof-of-concept or exploit code (if possible)
+- Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+[https://www.contentstack.com/trust/](https://www.contentstack.com/trust/)