Skip to content

Upgrade Core and Blaze#923

Merged
jviotti merged 1 commit into
mainfrom
sourcemeta-deps
Jun 29, 2026
Merged

Upgrade Core and Blaze#923
jviotti merged 1 commit into
mainfrom
sourcemeta-deps

Conversation

@jviotti

@jviotti jviotti commented Jun 29, 2026

Copy link
Copy Markdown
Member

Signed-off-by: Juan Cruz Viotti jv@jviotti.com

Review in cubic

Signed-off-by: Juan Cruz Viotti <jv@jviotti.com>
@jviotti jviotti merged commit 9980cbe into main Jun 29, 2026
13 checks passed
@jviotti jviotti deleted the sourcemeta-deps branch June 29, 2026 20:26
@augmentcode

augmentcode Bot commented Jun 29, 2026

Copy link
Copy Markdown
🤖 Augment PR Summary

Summary: This PR updates the vendored Sourcemeta core and blaze dependencies to newer commits and aligns this repository with the updated APIs.

Changes:

  • Bumped core and blaze SHAs (and Blaze’s JSON-Schema test-suite SHA) in dependency manifests.
  • Updated Blaze schema canonicalizer/linter rules to use the new single-token JSON Pointer concat overloads.
  • Added a new sourcemeta::core::JWKSProvider (JOSE) that caches/refreshes JWKS fetched from a URL and retries on key rotation.
  • Introduced a new jsonld library/component in Core (CMake + public headers) implementing JSON-LD 1.1 expansion/compaction/flattening utilities.
  • Extended Core’s JSON object entry API with a hash-aware key_equals helper.
  • Extended JSON Pointer with concat(property) and concat(index) convenience overloads.
  • Added URI helpers (is_scheme, is_gen_delim) and improved URI::relative_to behavior for same-path URIs.
  • Adjusted Blaze codegen symbol mangling to better handle word boundaries.

Technical Notes: The new JSON-LD component is wired into Core’s build/config component system (SOURCEMETA_CORE_JSONLD) and adds several new source files under vendor/core/src/core/jsonld.

🤖 Was this summary useful? React with 👍 or 👎

@augmentcode augmentcode Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review completed. 2 suggestions posted.

Fix All in Augment

Comment augment review to trigger a new review at any time.

const std::chrono::system_clock::time_point now) -> bool {
std::optional<FetchResult> fetched;
try {
fetched = this->fetcher_(this->jwks_uri_);

@augmentcode augmentcode Bot Jun 29, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

vendor/core/src/core/jose/jose_jwks_provider.cc:60 — fetch_and_install_locked invokes the user-provided fetcher_ while holding mutex_, which risks deadlock/re-entrancy issues and can block unrelated verify() calls for the duration of network I/O.

Severity: medium

Fix This in Augment

🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.

if (state.resolver == nullptr || !*state.resolver) {
throw JSONLDError("Loading remote context failed", location);
}
const auto document{(*state.resolver)(reference)};

@augmentcode augmentcode Bot Jun 29, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

vendor/core/src/core/jsonld/jsonld_context_processing.cc:81 — The user-supplied JSONLDResolver is called without guarding against exceptions; if it throws, it will escape as an arbitrary exception rather than being reported as a JSON-LD loading failure.

Severity: medium

Other Locations
  • vendor/core/src/core/jsonld/jsonld_context_processing.cc:161

Fix This in Augment

🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant