Summary: Received an alert on a vulenrability in brace-expansion package, upgraded to latest version.
Differential Revision: D101617088
fbshipit-source-id: a7b1e3a4792f49329f8297a206d0dbe505a7d6e6
Summary: Received a pull request attempting to upgrade package dompurify.
Differential Revision: D101169251
fbshipit-source-id: aa699f0fa476aeece77e09328d3ba66738faff87
Summary:
X-link: https://github.com/meta-pytorch/monarch/pull/3221
These files are shared between projects and were inadvertently modified.
Reviewed By: bigfootjon
Differential Revision: D98217804
fbshipit-source-id: 9d04fdb54bac4c3e46937ad5fae5356fa4264ff5
Summary:
This is an automatically generated diff to link facebookresearch/tensor-layouts's main branch to fbsource.
<< DO NOT EDIT BELOW THIS LINE >>
diff-train-skip-merge
diff-train-source-id: f40cb70c521410c9d16a4623514d3fb3a755b33c
Generated by: https://www.internalfb.com/intern/sandcastle/job/2567264638/
GitHub Repo: facebookresearch/tensor-layouts
Reviewed By: jduprat
Differential Revision: D98051566
fbshipit-source-id: 150f0fe4e579896e660a2a2615beddd16e610389
Summary: Received an alert of a security vulnerability due to an outdated package. Updated dependency versions
Reviewed By: thisischristoph, constantine-fry
Differential Revision: D96729552
fbshipit-source-id: a015f27c4da32cb5f051c6b3cc12ca59c1f91285
Summary:
Adds a new constrainedSize(maxWidth:maxHeight:) modifier to QuickLayout that clamps the parent's proposed size before measuring the child.
Unlike .frame(maxWidth:maxHeight:) (FlexibleFrame), this modifier does not create an invisible frame around the child or reposition it with alignment. It simply constrains the proposed size passed to the child and reports the child's actual size as its own. This makes it useful when you want to limit how much space a child is offered without introducing extra layout space around it.
The new ConstrainedSizeElement is modeled after FixedFrameElement but differs in three key ways:
Reports the child's actual size rather than the frame's size
Delegates flexibility to the child instead of reporting .fixedSize
Does not perform alignment positioning — the child is placed at the origin
Reviewed By: xavierjurado
Differential Revision: D94706249
fbshipit-source-id: 26f6a505c64a65964478d2c915962b9bc37c1b6c
Summary:
Both `UILabel.proxy` variants (text-based and attributed-text-based) shared a single static `sizingLabel`. When the attributed text variant set an `NSAttributedString` carrying paragraph style properties like `minimumLineHeight` (e.g. from `BCNAttributedString`), UIKit retained those properties internally on the label — even after subsequent text-based proxy calls set `attributedText = nil` and reassigned `text` + `font`. This caused stale paragraph style properties to inflate subsequent text-based proxy measurements. For example, a stale `minimumLineHeight` of 25pt (from a 20pt bold header) would cause a 13pt label (natural height ~15.67pt) to be measured at 25pt.
The fix: use a dedicated `attributedSizingLabel` for the attributed text proxy, so the two code paths never share state and paragraph style properties can't leak between them.
Reviewed By: constantine-fry
Differential Revision: D96003413
fbshipit-source-id: 02378a04cb2dd86679053b1608bef5b2e2fdfe3d
Summary: Remove local UIColor init(hex:) definitions from 21 files that contained both the definition and callers. Each file's callers are migrated to UIColor(rgb:) for integer hex literals or UIColor(argbHexString:) for dynamic strings. Files that needed METAUIColorSwift were given the appropriate import. BUCK files updated where needed to add the METAUIColorSwift dependency.
Reviewed By: adamjernst
Differential Revision: D93524996
fbshipit-source-id: 0e77cb4befbf973520aa60054e345a519940806f
Summary:
Allow QuickLayout compile for Mac Catalyst.
It's a support question on the github page: https://github.com/facebookincubator/QuickLayout/issues/21
I don't see any blocker against doing that.
Reviewed By: xavierjurado
Differential Revision: D92951983
fbshipit-source-id: 5ba71518eaf3d4dcbea93d4a896895774b23f3fc
Summary: A security vulnerability alert was triggered for QuickLayout in github for the webpack dependency. Upgraded all dependencies to resolve this.
Reviewed By: adamjernst
Differential Revision: D92711271
fbshipit-source-id: 651e890cae0d39524e7dd1330d79e429181f9d28
Summary:
The default argument associated with `tolerance` using a floating literal cannot
be used in Swift, but because of a bug in versions previous to 6.3, the
diagnostic was not emitted in methods. In Swift 6.3 this becomes a warning, and
will become an error in future versions of Swift, but it is an fatal error if
one enables `-warnings-as-errors`.
Instead of using a float literal, change the tolerances to accept an optional
and default to `nil`. Only in the actual `compare`, use the calculation
equivalent to `0.0001` if user did not override the default. The calculation has
to be done like `1.0/10000.0` because the protocol `FloatingPoint` cannot be
initialized from `FloatLiteralType` in a generic way.
Reviewed By: xavierjurado
Differential Revision: D92412465
fbshipit-source-id: 06b40b960b3f760f6672a37af720cd85b293c5c6
Summary:
The original code used a `leading` symbol that doesn't exist. The right one is `.leading`.
Pull Request resolved: https://github.com/facebookincubator/QuickLayout/pull/19
Reviewed By: yannickl
Differential Revision: D92039987
Pulled By: constantine-fry
fbshipit-source-id: 7d975c1fa082680b6cf2f8887cffa2e036961bd6
Summary:
Added the following banner into static docs and README file.
{F1984818606}
Reviewed By: saadhzahid
Differential Revision: D91141068
fbshipit-source-id: 54c7743a9243befe98043bae66a96bf1ae07eb6e
Summary:
## Description
Improves compatibility with other swift-syntax dependent libraries by specifying a version range.
## Changes
- Update swift-syntax dependency from open-ended from: "600.0.0" to explicit range "600.0.0"..<"603.0.0"
- Allow using the highest possible swift-syntax version (602.0.0)
- Reduce dependency resolution conflicts with other packages
## Reference
[Being a Good Citizen in the Land of SwiftSyntax - Point-Free](https://www.pointfree.co/blog/posts/116-being-a-good-citizen-in-the-land-of-swiftsyntax)
Pull Request resolved: https://github.com/facebookincubator/QuickLayout/pull/11
Reviewed By: D3migod
Differential Revision: D91116306
Pulled By: constantine-fry
fbshipit-source-id: 47fe4e651834f87e86dff4d9ea4f9251016e06a9
Summary:
This diff makes `LazyView` conform to `LeafElement` as long as `ViewType` is a `LeafElement`.
This way so that we can pass `LazyView` to `LeftElement` directly, instead of having to call `.loadIfNeeded`.
Differential Revision: D90431927
fbshipit-source-id: d891d1ee736889f6d4ec26b9a111994c6c57c13b
Summary: Added unit tests to `LazyView` so that we have more coverage.
Differential Revision: D90432337
fbshipit-source-id: 83701ef8b15fc7b457945d41cc385f992ab0c4b7
Summary: Some of the test files have typos, fixed.
Reviewed By: D3migod
Differential Revision: D89725386
fbshipit-source-id: d19e008a6aa49a81da6aedcfc8c02e1d07e44b2d
Summary: The previous description may have implied that QuickLayout is already widely adopted throughout Instagram, which isn't accurate. The updated wording provides a clearer and more honest message: QuickLayout is the recommended approach moving forward, but it does not exaggerate its current usage. This helps set realistic expectations: QuickLayout is the preferred solution, yet, due to the scale of Instagram’s codebase, a complete migration will take time.
Reviewed By: minmkim, saadhzahid
Differential Revision: D88381324
fbshipit-source-id: c0d2c6e0b743417f18f85e9018bb05d02de6a8a9
Summary:
This PR makes QuickLayout accessible to developers using stable Xcode versions by downgrading the Swift tools version requirement.
## Changes
- Downgrade `swift-tools-version` from 6.2 to 6.0
- Update `swift-syntax` dependency from 602.0.0 to 600.0.0
- Fix Demo project iOS deployment target from 26.0 to 15.0
## Rationale
- **Swift 6.2 requires Xcode 16.5 Beta**, which most developers don't have access to. Swift 6.0 (Xcode 16.0+) is widely available.
- **swift-syntax version must match the Swift tools version** (600.x for Swift 6.0).
- **iOS 26.0 does not exist** - this was a configuration error. Changed to 15.0 to match the `platforms` declaration in Package.swift.
## Verification
- [x] `swift package resolve` succeeds
- [x] `xcodebuild -scheme QuickLayout -destination 'platform=iOS Simulator,name=iPhone 16' build` succeeds
- [x] Demo project builds successfully
Pull Request resolved: https://github.com/facebookincubator/QuickLayout/pull/3
Reviewed By: tumtumtum
Differential Revision: D88010997
Pulled By: constantine-fry
fbshipit-source-id: 751cfb12ccdae289dae222a383aeff3962e14bb2
Summary: People have reported to me that Devmate often uses .applyFrame when using QuickLayout. However, it's against the recommendation. I updated the docs so that it's even more clear.
Differential Revision: D87983350
fbshipit-source-id: f7dd2c18a5e4de9c8b671447c9b845cadeaba4d1
Summary: I noticed there was a mismatch between the diagrams and the code samples--Resolved.
Differential Revision: D87924557
fbshipit-source-id: e49c7fc633891a6d340808eca1a375f95e83616f
Summary:
Updated the `js-yaml` dependency from version 4.1.0 to ^4.1.1 to address a known security vulnerability. The package was added as a direct dependency to ensure explicit control over the version and allow future patch and minor version updates.
This change affects the QuickLayout documentation site which uses Docusaurus. The semver range (^4.1.1) ensures that future patch versions (4.1.2, 4.1.3, etc.) and minor versions (4.2.0, 4.3.0, etc.) will be automatically picked up while preventing breaking changes from major version updates.
Reviewed By: saadhzahid
Differential Revision: D87346632
fbshipit-source-id: 0ba9971a8386264b6ef8cf4fb3c2c0cf06f8e8c1
Summary:
The 3P Library Vulnerability Remediation Team is dedicated to remediating high-risk external libraries at Meta using both manual and automated processes. Older versions of this library have been identified as risky, and this diff stack is intended to upgrade the library to a recommended version.
We kindly request your help with the diff review. Please commandeer this diff stack if specific merges need to be added or if there are any build or dependency failures.
Asset Name: asset://code.third_party_library/fbsource/fbobjc%2FLibraries%2FMobileUI%2FQuickLayout%2Fdocs%2Fyarn.lock%23pkg:npm%2Fdom-iterator@1.0.0
Asset Version: 1.0.0
Asset Vulnerabilities:
CVE-2024-21541, CWEs: Improper Control of Generation of Code ('Code Injection')
Version to upgrade to: 1.0.1
Additional Info: This diff contains updated yarn files and changes to update vulnerable package. As a part of this diff performed below steps
update resolutions section with recommended version
run yarn install
revert changes in resolutions section
run yarn install
Reviewed By: ide-2
Differential Revision: D87274669
fbshipit-source-id: ed5fff58404052f259cedddb9a9b8f09b158aa5f
