[AUTOMATIC] Release/4.25.0 (#2789)

**This is an automatic release.**

### New Features
* `Trusted Entitlements`: (#2621) via NachoSoto (@NachoSoto)

This new feature prevents MitM attacks between the SDK and the
RevenueCat server.
With verification enabled, the SDK ensures that the response created by
the server was not modified by a third-party, and the entitlements
received are exactly what was sent.
This is 100% opt-in. `EntitlementInfos` have a new `VerificationResult`
property, which will indicate the validity of the responses when this
feature is enabled.

```swift
let purchases = Purchases.configure(
  with: Configuration
    .builder(withAPIKey: "")
    .with(entitlementVerificationMode: .informational)
)
let customerInfo = try await purchases.customerInfo()
if !customerInfo.entitlements.verification.isVerified {
  print("Entitlements could not be verified")
}
```

You can learn more from [the
documentation](https://www.revenuecat.com/docs/trusted-entitlements).

### Other Changes
* `TrustedEntitlements`: new `VerificationResult.isVerified` (#2788) via
NachoSoto (@NachoSoto)
* `Refactor`: extracted `Collection.subscript(safe:)` (#2779) via
NachoSoto (@NachoSoto)
* `Trusted Entitlements`: added link to docs in
`ErrorCode.signatureVerificationFailed` (#2783) via NachoSoto
(@NachoSoto)
* `Trusted Entitlements`: improved documentation (#2782) via NachoSoto
(@NachoSoto)
* `Tests`: fixed flaky failure with asynchronous check (#2777) via
NachoSoto (@NachoSoto)
* `Integration Tests`: re-enable signature verification tests (#2744)
via NachoSoto (@NachoSoto)
* `CI`: remove `Jazzy` (#2775) via NachoSoto (@NachoSoto)
* `Signing`: inject `ClockType` to ensure hardcoded signatures don't
fail when intermediate key expires (#2771) via NachoSoto (@NachoSoto)

---------

Co-authored-by: NachoSoto <ignaciosoto90@gmail.com>

.version

@@ -1 +1 @@
-4.25.0-SNAPSHOT
+4.25.0

CHANGELOG.latest.md

@@ -1,24 +1,30 @@
-### Bugfixes
-* `PurchasesDiagnostics`: don't test signature verification if it's disabled (#2757) via NachoSoto (@NachoSoto)
+### New Features
+* `Trusted Entitlements`: (#2621) via NachoSoto (@NachoSoto)
+
+This new feature prevents MitM attacks between the SDK and the RevenueCat server.
+With verification enabled, the SDK ensures that the response created by the server was not modified by a third-party, and the entitlements received are exactly what was sent.
+This is 100% opt-in. `EntitlementInfos` have a new `VerificationResult` property, which will indicate the validity of the responses when this feature is enabled.
+
+```swift
+let purchases = Purchases.configure(
+  with: Configuration
+    .builder(withAPIKey: "")
+    .with(entitlementVerificationMode: .informational)
+)
+let customerInfo = try await purchases.customerInfo()
+if !customerInfo.entitlements.verification.isVerified {
+  print("Entitlements could not be verified")
+}
+```
+
+You can learn more from [the documentation](https://www.revenuecat.com/docs/trusted-entitlements).
+
 ### Other Changes
-* `AnyEncodable`: also implement `Decodable` (#2769) via NachoSoto (@NachoSoto)
-* `Trusted Entitlements`: log signature errors on requests with `.informational` mode (#2751) via NachoSoto (@NachoSoto)
-* `Tests`: optimized several tests (#2754) via NachoSoto (@NachoSoto)
-* `SimpleApp`: allow HTTP traffic (#2763) via NachoSoto (@NachoSoto)
-* `Trusted Entitlements`: added support for unauthenticated endpoints (#2761) via NachoSoto (@NachoSoto)
-* `Integration Tests`: `TestLogHandler` no longer crashes tests (#2760) via NachoSoto (@NachoSoto)
-* `SimpleApp`: changed bundle identifier (#2759) via NachoSoto (@NachoSoto)
-* `Testing`: add new `SimpleApp` (#2756) via NachoSoto (@NachoSoto)
-* `Trusted Entitlements`: update handling of escaped URLs (#2758) via NachoSoto (@NachoSoto)
-* `Trusted Entitlements`: produce verification failures for static endpoints with no signature (#2752) via NachoSoto (@NachoSoto)
-* `Trusted Entitlements`: added tests to verify offerings and product entitlement mapping (#2667) via NachoSoto (@NachoSoto)
-* `Integration Tests`: refactored expiration detection (#2700) via NachoSoto (@NachoSoto)
-* `Trusted Entitlements`: add API key and `HTTPRequest.Path` to signature (#2746) via NachoSoto (@NachoSoto)
-* `HTTPRequest.Path`: escape `appUserID` (#2747) via NachoSoto (@NachoSoto)
-* `Documentation`: add reference to `TestStoreProduct` (#2743) via NachoSoto (@NachoSoto)
-* `PostReceiptDataOperation`: add new `testReceiptIdentifier` parameter (#2749) via NachoSoto (@NachoSoto)
-* `Integration Tests`: updated load-shedder offerings snapshot (#2748) via NachoSoto (@NachoSoto)
-* `Signing`: extract and verify intermediate key (#2715) via NachoSoto (@NachoSoto)
-* `Trusted Entitlements`: update handling of 304 responses (#2698) via NachoSoto (@NachoSoto)
-* `Trusted Entitlements`: new Signature format (#2679) via NachoSoto (@NachoSoto)
-* `Integration Tests`: avoid crashes when stopping tests early (#2741) via NachoSoto (@NachoSoto)
+* `TrustedEntitlements`: new `VerificationResult.isVerified` (#2788) via NachoSoto (@NachoSoto)
+* `Refactor`: extracted `Collection.subscript(safe:)` (#2779) via NachoSoto (@NachoSoto)
+* `Trusted Entitlements`: added link to docs in `ErrorCode.signatureVerificationFailed` (#2783) via NachoSoto (@NachoSoto)
+* `Trusted Entitlements`: improved documentation (#2782) via NachoSoto (@NachoSoto)
+* `Tests`: fixed flaky failure with asynchronous check (#2777) via NachoSoto (@NachoSoto)
+* `Integration Tests`: re-enable signature verification tests (#2744) via NachoSoto (@NachoSoto)
+* `CI`: remove `Jazzy` (#2775) via NachoSoto (@NachoSoto)
+* `Signing`: inject `ClockType` to ensure hardcoded signatures don't fail when intermediate key expires (#2771) via NachoSoto (@NachoSoto)

CHANGELOG.md

@@ -1,3 +1,35 @@
+## 4.25.0
+### New Features
+* `Trusted Entitlements`: (#2621) via NachoSoto (@NachoSoto)
+
+This new feature prevents MitM attacks between the SDK and the RevenueCat server.
+With verification enabled, the SDK ensures that the response created by the server was not modified by a third-party, and the entitlements received are exactly what was sent.
+This is 100% opt-in. `EntitlementInfos` have a new `VerificationResult` property, which will indicate the validity of the responses when this feature is enabled.
+
+```swift
+let purchases = Purchases.configure(
+  with: Configuration
+    .builder(withAPIKey: "")
+    .with(entitlementVerificationMode: .informational)
+)
+let customerInfo = try await purchases.customerInfo()
+if !customerInfo.entitlements.verification.isVerified {
+  print("Entitlements could not be verified")
+}
+```
+
+You can learn more from [the documentation](https://www.revenuecat.com/docs/trusted-entitlements).
+
+### Other Changes
+* `TrustedEntitlements`: new `VerificationResult.isVerified` (#2788) via NachoSoto (@NachoSoto)
+* `Refactor`: extracted `Collection.subscript(safe:)` (#2779) via NachoSoto (@NachoSoto)
+* `Trusted Entitlements`: added link to docs in `ErrorCode.signatureVerificationFailed` (#2783) via NachoSoto (@NachoSoto)
+* `Trusted Entitlements`: improved documentation (#2782) via NachoSoto (@NachoSoto)
+* `Tests`: fixed flaky failure with asynchronous check (#2777) via NachoSoto (@NachoSoto)
+* `Integration Tests`: re-enable signature verification tests (#2744) via NachoSoto (@NachoSoto)
+* `CI`: remove `Jazzy` (#2775) via NachoSoto (@NachoSoto)
+* `Signing`: inject `ClockType` to ensure hardcoded signatures don't fail when intermediate key expires (#2771) via NachoSoto (@NachoSoto)
+
 ## 4.24.1
 ### Bugfixes
 * `PurchasesDiagnostics`: don't test signature verification if it's disabled (#2757) via NachoSoto (@NachoSoto)

RevenueCat.podspec

@@ -1,6 +1,6 @@
 Pod::Spec.new do |s|
   s.name             = "RevenueCat"
-  s.version          = "4.25.0-SNAPSHOT"
+  s.version          = "4.25.0"
   s.summary          = "Subscription and in-app-purchase backend service."
 
   s.description      = <<-DESC

Sources/Misc/SystemInfo.swift

@@ -53,7 +53,7 @@ class SystemInfo {
     }
 
     static var frameworkVersion: String {
-        return "4.25.0-SNAPSHOT"
+        return "4.25.0"
     }
 
     static var systemVersion: String {

Tests/InstallationTests/CommonFiles/RevenueCat-Swift.h

@@ -606,6 +606,32 @@ SWIFT_CLASS_NAMED("Builder")
 - (RCConfigurationBuilder * _Nonnull)withStoreKit1Timeout:(NSTimeInterval)storeKit1Timeout SWIFT_WARN_UNUSED_RESULT;
 /// Set <code>platformInfo</code>.
 - (RCConfigurationBuilder * _Nonnull)withPlatformInfo:(RCPlatformInfo * _Nonnull)platformInfo SWIFT_WARN_UNUSED_RESULT;
+/// Set <code>Configuration/EntitlementVerificationMode</code>.
+/// Defaults to <code>Configuration/EntitlementVerificationMode/disabled</code>.
+/// The result of the verification can be obtained from <code>EntitlementInfos/verification</code> or
+/// <code>EntitlementInfo/verification</code>.
+/// note:
+/// This feature requires iOS 13+.
+/// warning:
+/// When changing from <code>Configuration/EntitlementVerificationMode/disabled</code>
+/// to <code>Configuration/EntitlementVerificationMode/informational</code>
+/// the SDK will clear the <code>CustomerInfo</code> cache.
+/// This means that users will need to connect to the internet to get back their entitlements.
+/// <h3>Related Articles</h3>
+/// <ul>
+///   <li>
+///     <a href="https://rev.cat/trusted-entitlements">Documentation</a>
+///   </li>
+/// </ul>
+/// <h3>Related Symbols</h3>
+/// <ul>
+///   <li>
+///     <code>Configuration/EntitlementVerificationMode</code>
+///   </li>
+///   <li>
+///     <code>VerificationResult</code>
+///   </li>
+/// </ul>
 - (RCConfigurationBuilder * _Nonnull)withEntitlementVerificationMode:(enum RCEntitlementVerificationMode)mode SWIFT_WARN_UNUSED_RESULT SWIFT_AVAILABILITY(watchos,introduced=6.2) SWIFT_AVAILABILITY(tvos,introduced=13.0) SWIFT_AVAILABILITY(macos,introduced=10.15) SWIFT_AVAILABILITY(ios,introduced=13.0);
 /// Generate a <code>Configuration</code> object given the values configured by this builder.
 - (RCConfiguration * _Nonnull)build SWIFT_WARN_UNUSED_RESULT;
@@ -702,6 +728,12 @@ SWIFT_CLASS_NAMED("Configuration")
 @end
 
 /// Defines how strict <code>EntitlementInfo</code> verification ought to be.
+/// <h3>Related Articles</h3>
+/// <ul>
+///   <li>
+///     <a href="https://rev.cat/trusted-entitlements">Documentation</a>
+///   </li>
+/// </ul>
 /// <h3>Related Symbols</h3>
 /// <ul>
 ///   <li>
@@ -714,7 +746,7 @@ SWIFT_CLASS_NAMED("Configuration")
 ///     <code>EntitlementInfos/verification</code>
 ///   </li>
 /// </ul>
-typedef SWIFT_ENUM_NAMED(NSInteger, RCEntitlementVerificationMode, "EntitlementVerificationMode", closed) {
+typedef SWIFT_ENUM_NAMED(NSInteger, RCEntitlementVerificationMode, "EntitlementVerificationMode", open) {
 /// The SDK will not perform any entitlement verification.
   RCEntitlementVerificationModeDisabled = 0,
 /// Enable entitlement verification.
@@ -948,6 +980,19 @@ SWIFT_CLASS_NAMED("EntitlementInfo")
 /// or shared to them by a family member. This can be useful for onboarding users who have had
 /// an entitlement shared with them, but might not be entirely aware of the benefits they now have.
 @property (nonatomic, readonly) enum RCPurchaseOwnershipType ownershipType;
+/// Whether this entitlement was verified.
+/// <h3>Related Articles</h3>
+/// <ul>
+///   <li>
+///     <a href="https://rev.cat/trusted-entitlements">Documentation</a>
+///   </li>
+/// </ul>
+/// <h3>Related Symbols</h3>
+/// <ul>
+///   <li>
+///     <code>VerificationResult</code>
+///   </li>
+/// </ul>
 @property (nonatomic, readonly) enum RCVerificationResult verification SWIFT_AVAILABILITY(watchos,introduced=6.2) SWIFT_AVAILABILITY(tvos,introduced=13.0) SWIFT_AVAILABILITY(macos,introduced=10.15) SWIFT_AVAILABILITY(ios,introduced=13.0);
 @property (nonatomic, readonly, copy) NSDictionary<NSString *, id> * _Nonnull rawData;
 @property (nonatomic, readonly, copy) NSString * _Nonnull description;
@@ -994,6 +1039,19 @@ SWIFT_CLASS_NAMED("EntitlementInfos")
 /// <code>entitlementInfos["pro_entitlement_id"]</code>.
 @property (nonatomic, readonly, copy) NSDictionary<NSString *, RCEntitlementInfo *> * _Nonnull all;
 - (RCEntitlementInfo * _Nullable)objectForKeyedSubscript:(NSString * _Nonnull)key SWIFT_WARN_UNUSED_RESULT;
+/// Whether these entitlements were verified.
+/// <h3>Related Articles</h3>
+/// <ul>
+///   <li>
+///     <a href="https://rev.cat/trusted-entitlements">Documentation</a>
+///   </li>
+/// </ul>
+/// <h3>Related Symbols</h3>
+/// <ul>
+///   <li>
+///     <code>VerificationResult</code>
+///   </li>
+/// </ul>
 @property (nonatomic, readonly) enum RCVerificationResult verification SWIFT_AVAILABILITY(watchos,introduced=6.2) SWIFT_AVAILABILITY(tvos,introduced=13.0) SWIFT_AVAILABILITY(macos,introduced=10.15) SWIFT_AVAILABILITY(ios,introduced=13.0);
 @property (nonatomic, readonly, copy) NSString * _Nonnull description;
 - (BOOL)isEqual:(id _Nullable)object SWIFT_WARN_UNUSED_RESULT;
@@ -3322,7 +3380,45 @@ SWIFT_CLASS_NAMED("Transaction") SWIFT_AVAILABILITY(macos,obsoleted=1,message="'
 
 
 
-typedef SWIFT_ENUM_NAMED(NSInteger, RCVerificationResult, "VerificationResult", closed) {
+/// The result of data verification process.
+/// This is accomplished by preventing MiTM attacks between the SDK and the RevenueCat server.
+/// With verification enabled, the SDK ensures that the response created by the server was not
+/// modified by a third-party, and the entitlements received are exactly what was sent.
+/// note:
+/// Entitlements are only verified if enabled using
+/// <code>Configuration/Builder/with(entitlementVerificationMode:)</code>, which is disabled by default.
+/// <h3>Example:</h3>
+/// \code
+/// let purchases = Purchases.configure(
+///   with: Configuration
+///     .builder(withAPIKey: "")
+///     .with(entitlementVerificationMode: .informational)
+/// )
+///
+/// let customerInfo = try await purchases.customerInfo()
+/// if !customerInfo.entitlements.verification.isVerified {
+///   print("Entitlements could not be verified")
+/// }
+///
+/// \endcode<h3>Related Articles</h3>
+/// <ul>
+///   <li>
+///     <a href="https://rev.cat/trusted-entitlements">Documentation</a>
+///   </li>
+/// </ul>
+/// <h3>Related Symbols</h3>
+/// <ul>
+///   <li>
+///     <code>Configuration/EntitlementVerificationMode</code>
+///   </li>
+///   <li>
+///     <code>Configuration/Builder/with(entitlementVerificationMode:)</code>
+///   </li>
+///   <li>
+///     <code>EntitlementInfos/verification</code>
+///   </li>
+/// </ul>
+typedef SWIFT_ENUM_NAMED(NSInteger, RCVerificationResult, "VerificationResult", open) {
 /// No verification was done.
 /// This can happen for multiple reasons:
 /// <ol>

scripts/docs/index.html

@@ -2,7 +2,7 @@
 <!DOCTYPE html>
 <html>
 <head>
-    <meta http-equiv="refresh" content="0; url=https://revenuecat.github.io/purchases-ios-docs/4.25.0-SNAPSHOT/documentation/revenuecat"/>
+    <meta http-equiv="refresh" content="0; url=https://revenuecat.github.io/purchases-ios-docs/4.25.0/documentation/revenuecat"/>
 </head>
 <body>
 </body>

scripts/docs/v4_api_migration_guide.html

@@ -2,7 +2,7 @@
 <!DOCTYPE html>
 <html>
 <head>
-    <meta http-equiv="refresh" content="0; url=https://revenuecat.github.io/purchases-ios-docs/4.25.0-SNAPSHOT/documentation/revenuecat/v4_api_migration_guide"/>
+    <meta http-equiv="refresh" content="0; url=https://revenuecat.github.io/purchases-ios-docs/4.25.0/documentation/revenuecat/v4_api_migration_guide"/>
 </head>
 <body>
 </body>