Skip to content

fix: update AtomicSDK version to 3.27.2 with vendored_frameworks#110

Merged
brax10ward merged 6 commits intomasterfrom
brax10/sdk-422-ios-sdk-version-mismatch
Mar 17, 2026
Merged

fix: update AtomicSDK version to 3.27.2 with vendored_frameworks#110
brax10ward merged 6 commits intomasterfrom
brax10/sdk-422-ios-sdk-version-mismatch

Conversation

@brax10ward
Copy link
Contributor

@brax10ward brax10ward commented Mar 16, 2026
edited
Loading

Linear Link

https://linear.app/atomic/issue/SDK-422/ios-sdk-version-mismatch-in-react-native-podspec

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Refactor (non-breaking change which cleans up code)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update
  • This change impacts security

Summary

The AtomicSDK CocoaPods dependency version was only updated in one of two podspec branches, causing customers on RN >= 0.71.0 to get 3.26.0 instead of the intended 3.27.1 (SDK-422).

To prevent this class of bug entirely, this PR:

  • Vendors AtomicSDK XCFrameworks directly into ios/frameworks/ instead of relying on CocoaPods dependency resolution
  • Adds scripts/update-ios-sdk.sh to download and update frameworks from GitHub releases
  • Adds update-ios-sdk.yml workflow that auto-creates a PR when a new iOS SDK is released (triggered via repository_dispatch from the iOS SDK repo, with auto-merge enabled)
  • Tracks vendored version in ios/frameworks/.sdk-version

Follow-up needed

Add a repository_dispatch step to atomicfi/atomic-transact-ios create_release.yml to trigger the auto-update workflow in this repo.

Checklist:

  • New and existing tests pass locally with my changes
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have tested on a physical iOS device and Android device
  • I have added tests that prove my fix is effective or that my feature works
  • I have followed the Code Review and Code Review Security guidelines
  • I have checked my code against flaws from the OWASP Top 10
    • A01:2021-Broken Access Control
    • A02:2021-Cryptographic Failures
    • A03:2021-Injection
    • A04:2021-Insecure Design
    • A05:2021-Security Misconfiguration
    • A06:2021-Vulnerable and Outdated Components
    • A07:2021-Identification and Authentication Failures
    • A08:2021-Software and Data Integrity Failures
    • A09:2021-Security Logging and Monitoring Failures
    • A10:2021-Server-Side Request Forgery

@brax10ward brax10ward force-pushed the brax10/sdk-422-ios-sdk-version-mismatch branch from a20d5c0 to 9d3c323 Compare March 16, 2026 20:23
semgrep-app[bot]
semgrep-app bot reviewed Mar 16, 2026
View reviewed changes
@semgrep-app

This comment was marked as resolved.

Sign in to view
@brax10ward brax10ward force-pushed the brax10/sdk-422-ios-sdk-version-mismatch branch 9 times, most recently from 0c99ed7 to 05e512b Compare March 17, 2026 14:46
@brax10ward brax10ward force-pushed the brax10/sdk-422-ios-sdk-version-mismatch branch from 05e512b to e027f00 Compare March 17, 2026 15:10
@brax10ward brax10ward requested a review from eriksargent March 17, 2026 17:44
@brax10ward brax10ward merged commit 34066e1 into master Mar 17, 2026
5 checks passed
@brax10ward brax10ward deleted the brax10/sdk-422-ios-sdk-version-mismatch branch March 17, 2026 19:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eriksargent eriksargent eriksargent approved these changes

+1 more reviewer

@semgrep-app semgrep-app[bot] semgrep-app[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@brax10ward @eriksargent