fastlane 2.219.0 → 2.220.0

data/frameit/lib/frameit/device_types.rb

@@ -133,6 +133,10 @@ module Frameit
     IPHONE_13_PRO ||= Frameit::Device.new("iphone-13-pro", "Apple iPhone 13 Pro", 11, [[1170, 2532], [2532, 1170]], 460, Color::GRAPHITE, Platform::IOS)
     IPHONE_13_PRO_MAX ||= Frameit::Device.new("iphone13-pro-max", "Apple iPhone 13 Pro Max", 11, [[1284, 2778], [2778, 1284]], 458, Color::GRAPHITE, Platform::IOS)
     IPHONE_13_MINI ||= Frameit::Device.new("iphone-13-mini", "Apple iPhone 13 Mini", 11, [[1080, 2340], [2340, 1080]], 476, Color::MIDNIGHT, Platform::IOS)
+    IPHONE_14 ||= Frameit::Device.new("iphone-14", "Apple iPhone 14", 12, [[1170, 2532], [2532, 1170]], 460, Color::MIDNIGHT, Platform::IOS)
+    IPHONE_14_PLUS ||= Frameit::Device.new("iphone-14-plus", "Apple iPhone 14 Plus", 12, [[1284, 2778], [2778, 1284]], 458, Color::MIDNIGHT, Platform::IOS)
+    IPHONE_14_PRO ||= Frameit::Device.new("iphone-14-pro", "Apple iPhone 14 Pro", 12, [[1178, 2556], [2556, 1178]], 460, Color::PURPLE, Platform::IOS)
+    IPHONE_14_PRO_MAX ||= Frameit::Device.new("iphone14-pro-max", "Apple iPhone 14 Pro Max", 12, [[1290, 2796], [2796, 1290]], 458, Color::PURPLE, Platform::IOS)
     IPAD_10_2 ||= Frameit::Device.new("ipad-10-2", "Apple iPad 10.2", 1, [[1620, 2160], [2160, 1620]], 264, Color::SPACE_GRAY, Platform::IOS)
     IPAD_AIR_2 ||= Frameit::Device.new("ipad-air-2", "Apple iPad Air 2", 1, [[1536, 2048], [2048, 1536]], 264, Color::SPACE_GRAY, Platform::IOS, Deliver::AppScreenshot::ScreenSize::IOS_IPAD)
     IPAD_AIR_2019 ||= Frameit::Device.new("ipad-air-2019", "Apple iPad Air (2019)", 2, [[1668, 2224], [2224, 1668]], 265, Color::SPACE_GRAY, Platform::IOS)

data/frameit/lib/frameit/editor.rb

@@ -109,6 +109,26 @@ module Frameit
         end
       end
 
+      # Apply rounded corners for all iPhone 14 devices
+      if screenshot.device.id.to_s.include?("iphone-14") || screenshot.device.id.to_s.include?("iphone14")
+
+        maskData = MiniMagick::Tool::Convert.new do |img|
+          img.size("#{screenshot.size[0]}x#{screenshot.size[1]}")
+          img.canvas('none')
+          img.draw("roundrectangle 0,0,#{screenshot.size[0]},#{screenshot.size[1]},100,100")
+          img << 'png:-'
+        end
+
+        # Create a mask
+        mask = MiniMagick::Image.read(maskData)
+
+        @image = @image.composite(mask, "png") do |c|
+          c.channel("A")
+          c.compose("DstIn")
+          c.alpha("on")
+        end
+      end
+
       @image = frame.composite(image, "png") do |c|
         c.compose("DstOver")
         c.geometry(offset['offset'])

data/gym/lib/gym/detect_values.rb

@@ -147,6 +147,8 @@ module Gym
 
       platform = if Gym.project.tvos?
                    "tvOS"
+                 elsif Gym.project.visionos?
+                   "visionOS"
                  elsif Gym.building_for_ios?
                    "iOS"
                  elsif Gym.building_for_mac?

data/gym/lib/gym/module.rb

@@ -33,8 +33,8 @@ module Gym
         # Can be iOS project and build for mac if catalyst
         return false if building_mac_catalyst_for_mac?
 
-        # Can be iOS project if iOS, tvOS, or watchOS
-        return Gym.project.ios? || Gym.project.tvos? || Gym.project.watchos?
+        # Can be iOS project if iOS, tvOS, watchOS, or visionOS
+        return Gym.project.ios? || Gym.project.tvos? || Gym.project.watchos? || Gym.project.visionos?
       end
     end
 

data/match/lib/assets/READMETemplate.md

@@ -14,13 +14,11 @@ Make sure you have the latest version of the Xcode command line tools installed:
 xcode-select --install
 ```
 
-Install _fastlane_ using
+Install _fastlane_ using bundler by following instructions here on [fastlane docs](https://docs.fastlane.tools).
 
-```
-[sudo] gem install fastlane -NV
-```
+or alternatively using 
 
-or alternatively using `brew install fastlane`
+`brew install fastlane`
 
 ### Usage
 

data/match/lib/match/encryption/encryption.rb

@@ -0,0 +1,154 @@
+require 'base64'
+require 'openssl'
+require 'securerandom'
+
+module Match
+  module Encryption
+    # This is to keep backwards compatibility with the old fastlane version which used the local openssl installation.
+    # The encryption parameters in this implementation reflect the old behavior which was the most common default value in those versions.
+    # As for decryption, 1.0.x OpenSSL and earlier versions use MD5, 1.1.0c and newer uses SHA256, we try both before giving an error
+    class EncryptionV1
+      ALGORITHM = 'aes-256-cbc'
+
+      def encrypt(data:, password:, salt:, hash_algorithm: "MD5")
+        cipher = ::OpenSSL::Cipher.new(ALGORITHM)
+        cipher.encrypt
+
+        keyivgen(cipher, password, salt, hash_algorithm)
+
+        encrypted_data = cipher.update(data)
+        encrypted_data << cipher.final
+        { encrypted_data: encrypted_data }
+      end
+
+      def decrypt(encrypted_data:, password:, salt:, hash_algorithm: "MD5")
+        cipher = ::OpenSSL::Cipher.new(ALGORITHM)
+        cipher.decrypt
+
+        keyivgen(cipher, password, salt, hash_algorithm)
+
+        data = cipher.update(encrypted_data)
+        data << cipher.final
+      end
+
+      private
+
+      def keyivgen(cipher, password, salt, hash_algorithm)
+        cipher.pkcs5_keyivgen(password, salt, 1, hash_algorithm)
+      end
+    end
+
+    # The newer encryption mechanism, which features a more secure key and IV generation.
+    #
+    # The IV is randomly generated and provided unencrypted.
+    # The salt should be randomly generated and provided unencrypted (like in the current implementation).
+    # The key is generated with OpenSSL::KDF::pbkdf2_hmac with properly chosen parameters.
+    #
+    # Short explanation about salt and IV: https://stackoverflow.com/a/1950674/6324550
+    class EncryptionV2
+      ALGORITHM = 'aes-256-gcm'
+
+      def encrypt(data:, password:, salt:)
+        cipher = ::OpenSSL::Cipher.new(ALGORITHM)
+        cipher.encrypt
+
+        keyivgen(cipher, password, salt)
+
+        encrypted_data = cipher.update(data)
+        encrypted_data << cipher.final
+
+        auth_tag = cipher.auth_tag
+
+        { encrypted_data: encrypted_data, auth_tag: auth_tag }
+      end
+
+      def decrypt(encrypted_data:, password:, salt:, auth_tag:)
+        cipher = ::OpenSSL::Cipher.new(ALGORITHM)
+        cipher.decrypt
+
+        keyivgen(cipher, password, salt)
+
+        cipher.auth_tag = auth_tag
+
+        data = cipher.update(encrypted_data)
+        data << cipher.final
+      end
+
+      private
+
+      def keyivgen(cipher, password, salt)
+        keyIv = ::OpenSSL::KDF.pbkdf2_hmac(password, salt: salt, iterations: 10_000, length: 32 + 12 + 24, hash: "sha256")
+        key = keyIv[0..31]
+        iv = keyIv[32..43]
+        auth_data = keyIv[44..-1]
+        cipher.key = key
+        cipher.iv = iv
+        cipher.auth_data = auth_data
+      end
+    end
+
+    class MatchDataEncryption
+      V1_PREFIX = "Salted__"
+      V2_PREFIX = "match_encrypted_v2__"
+
+      def encrypt(data:, password:, version: 2)
+        salt = SecureRandom.random_bytes(8)
+        if version == 2
+          e = EncryptionV2.new
+          encryption = e.encrypt(data: data, password: password, salt: salt)
+          encrypted_data = V2_PREFIX + salt + encryption[:auth_tag] + encryption[:encrypted_data]
+        else
+          e = EncryptionV1.new
+          encryption = e.encrypt(data: data, password: password, salt: salt)
+          encrypted_data = V1_PREFIX + salt + encryption[:encrypted_data]
+        end
+        Base64.encode64(encrypted_data)
+      end
+
+      def decrypt(base64encoded_encrypted:, password:)
+        stored_data = Base64.decode64(base64encoded_encrypted)
+        if stored_data.start_with?(V2_PREFIX)
+          salt = stored_data[20..27]
+          auth_tag = stored_data[28..43]
+          data_to_decrypt = stored_data[44..-1]
+          e = EncryptionV2.new
+          e.decrypt(encrypted_data: data_to_decrypt, password: password, salt: salt, auth_tag: auth_tag)
+        else
+          salt = stored_data[8..15]
+          data_to_decrypt = stored_data[16..-1]
+          e = EncryptionV1.new
+          begin
+            # Note that we are not guaranteed to catch the decryption errors here if the password or the hash is wrong
+            # as there's no integrity checks.
+            # see https://github.com/fastlane/fastlane/issues/21663
+            e.decrypt(encrypted_data: data_to_decrypt, password: password, salt: salt)
+            # With the wrong hash_algorithm, there's here 0.4% chance that the decryption failure will go undetected
+          rescue => _ex
+            # With a wrong password, there's a 0.4% chance it will decrypt garbage and not fail
+            fallback_hash_algorithm = "SHA256"
+            e.decrypt(encrypted_data: data_to_decrypt, password: password, salt: salt, hash_algorithm: fallback_hash_algorithm)
+          end
+        end
+      end
+    end
+
+    # The methods of this class will encrypt or decrypt files in place, by default.
+    class MatchFileEncryption
+      def encrypt(file_path:, password:, output_path: nil)
+        output_path = file_path unless output_path
+        data_to_encrypt = File.binread(file_path)
+        e = MatchDataEncryption.new
+        data = e.encrypt(data: data_to_encrypt, password: password)
+        File.write(output_path, data)
+      end
+
+      def decrypt(file_path:, password:, output_path: nil)
+        output_path = file_path unless output_path
+        content = File.read(file_path)
+        e = MatchDataEncryption.new
+        decrypted_data = e.decrypt(base64encoded_encrypted: content, password: password)
+        File.binwrite(output_path, decrypted_data)
+      end
+    end
+  end
+end

data/match/lib/match/encryption/openssl.rb

@@ -109,25 +109,10 @@ module Match
         return password
       end
 
-      # We encrypt with MD5 because that was the most common default value in older fastlane versions which used the local OpenSSL installation
-      # A more secure key and IV generation is needed in the future
-      # IV should be randomly generated and provided unencrypted
-      # salt should be randomly generated and provided unencrypted (like in the current implementation)
-      # key should be generated with OpenSSL::KDF::pbkdf2_hmac with properly chosen parameters
-      # Short explanation about salt and IV: https://stackoverflow.com/a/1950674/6324550
       def encrypt_specific_file(path: nil, password: nil)
         UI.user_error!("No password supplied") if password.to_s.strip.length == 0
-
-        data_to_encrypt = File.binread(path)
-        salt = SecureRandom.random_bytes(8)
-
-        # The :: is important, as there is a name clash
-        cipher = ::OpenSSL::Cipher.new('AES-256-CBC')
-        cipher.encrypt
-        cipher.pkcs5_keyivgen(password, salt, 1, "MD5")
-        encrypted_data = "Salted__" + salt + cipher.update(data_to_encrypt) + cipher.final
-
-        File.write(path, Base64.encode64(encrypted_data))
+        e = MatchFileEncryption.new
+        e.encrypt(file_path: path, password: password)
       rescue FastlaneCore::Interface::FastlaneError
         raise
       rescue => error
@@ -135,28 +120,12 @@ module Match
         UI.crash!("Error encrypting '#{path}'")
       end
 
-      # The encryption parameters in this implementations reflect the old behavior which depended on the users' local OpenSSL version
-      # 1.0.x OpenSSL and earlier versions use MD5, 1.1.0c and newer uses SHA256, we try both before giving an error
-      def decrypt_specific_file(path: nil, password: nil, hash_algorithm: "MD5")
-        stored_data = Base64.decode64(File.read(path))
-        salt = stored_data[8..15]
-        data_to_decrypt = stored_data[16..-1]
-
-        decipher = ::OpenSSL::Cipher.new('AES-256-CBC')
-        decipher.decrypt
-        decipher.pkcs5_keyivgen(password, salt, 1, hash_algorithm)
-
-        decrypted_data = decipher.update(data_to_decrypt) + decipher.final
-
-        File.binwrite(path, decrypted_data)
+      def decrypt_specific_file(path: nil, password: nil)
+        e = MatchFileEncryption.new
+        e.decrypt(file_path: path, password: password)
       rescue => error
-        fallback_hash_algorithm = "SHA256"
-        if hash_algorithm != fallback_hash_algorithm
-          decrypt_specific_file(path: path, password: password, hash_algorithm: fallback_hash_algorithm)
-        else
-          UI.error(error.to_s)
-          UI.crash!("Error decrypting '#{path}'")
-        end
+        UI.error(error.to_s)
+        UI.crash!("Error decrypting '#{path}'")
       end
     end
   end

data/match/lib/match/encryption.rb

@@ -1,5 +1,6 @@
 require_relative 'encryption/interface'
 require_relative 'encryption/openssl'
+require_relative 'encryption/encryption'
 
 module Match
   module Encryption

data/match/lib/match/runner.rb

@@ -19,6 +19,7 @@ module Match
   # rubocop:disable Metrics/ClassLength
   class Runner
     attr_accessor :files_to_commit
+    attr_accessor :files_to_delete
     attr_accessor :spaceship
 
     attr_accessor :storage
@@ -28,6 +29,7 @@ module Match
     # rubocop:disable Metrics/PerceivedComplexity
     def run(params)
       self.files_to_commit = []
+      self.files_to_delete = []
 
       FileUtils.mkdir_p(params[:output_path]) if params[:output_path]
 
@@ -82,12 +84,12 @@ module Match
       end
 
       # Certificate
-      cert_id = fetch_certificate(params: params, working_directory: storage.working_directory)
+      cert_id = fetch_certificate(params: params, renew_expired_certs: false)
 
       # Mac Installer Distribution Certificate
       additional_cert_types = params[:additional_cert_types] || []
       cert_ids = additional_cert_types.map do |additional_cert_type|
-        fetch_certificate(params: params, working_directory: storage.working_directory, specific_cert_type: additional_cert_type)
+        fetch_certificate(params: params, renew_expired_certs: false, specific_cert_type: additional_cert_type)
       end
 
       profile_type = Sigh.profile_type_for_distribution_type(
@@ -112,9 +114,10 @@ module Match
         end
       end
 
-      if self.files_to_commit.count > 0 && !params[:readonly]
+      has_file_changes = self.files_to_commit.count > 0 || self.files_to_delete.count > 0
+      if has_file_changes && !params[:readonly]
         encryption.encrypt_files if encryption
-        storage.save_changes!(files_to_commit: self.files_to_commit)
+        storage.save_changes!(files_to_commit: self.files_to_commit, files_to_delete: self.files_to_delete)
       end
 
       # Print a summary table for each app_identifier
@@ -152,13 +155,48 @@ module Match
       end
     end
 
-    def fetch_certificate(params: nil, working_directory: nil, specific_cert_type: nil)
+    RENEWABLE_CERT_TYPES_VIA_API = [:mac_installer_distribution, :development, :distribution, :enterprise]
+
+    def fetch_certificate(params: nil, renew_expired_certs: false, specific_cert_type: nil)
       cert_type = Match.cert_type_sym(specific_cert_type || params[:type])
 
       certs = Dir[File.join(prefixed_working_directory, "certs", cert_type.to_s, "*.cer")]
       keys = Dir[File.join(prefixed_working_directory, "certs", cert_type.to_s, "*.p12")]
 
-      if certs.count == 0 || keys.count == 0
+      storage_has_certs = certs.count != 0 && keys.count != 0
+
+      # Determine if cert is renewable.
+      # Can't renew developer_id certs with Connect API token. Account holder access is required.
+      is_authenticated_with_login = Spaceship::ConnectAPI.token.nil?
+      is_cert_renewable_via_api = RENEWABLE_CERT_TYPES_VIA_API.include?(cert_type)
+      is_cert_renewable = is_authenticated_with_login || is_cert_renewable_via_api
+
+      # Validate existing certificate first.
+      if renew_expired_certs && is_cert_renewable && storage_has_certs && !params[:readonly]
+        cert_path = select_cert_or_key(paths: certs)
+
+        unless Utils.is_cert_valid?(cert_path)
+          UI.important("Removing invalid certificate '#{File.basename(cert_path)}'")
+
+          # Remove expired cert.
+          self.files_to_delete << cert_path
+          File.delete(cert_path)
+
+          # Key filename is the same as cert but with .p12 extension.
+          key_path = cert_path.gsub(/\.cer$/, ".p12")
+          # Remove expired key .p12 file.
+          if File.exist?(key_path)
+            self.files_to_delete << key_path
+            File.delete(key_path)
+          end
+
+          certs = []
+          keys = []
+          storage_has_certs = false
+        end
+      end
+
+      if !storage_has_certs
         UI.important("Couldn't find a valid code signing identity for #{cert_type}... creating one for you now")
         UI.crash!("No code signing identity found and cannot create a new one because you enabled `readonly`") if params[:readonly]
         cert_path = Generator.generate_certificate(params, cert_type, prefixed_working_directory, specific_cert_type: specific_cert_type)
@@ -318,6 +356,7 @@ module Match
 
       if params[:output_path]
         FileUtils.cp(stored_profile_path, params[:output_path])
+        installed_profile = FastlaneCore::ProvisioningProfile.install(profile, keychain_path)
       end
 
       Utils.fill_environment(Utils.environment_variable_name(app_identifier: app_identifier,

data/match/lib/match/storage/git_storage.rb

@@ -140,9 +140,10 @@ module Match
       end
 
       def delete_files(files_to_delete: [], custom_message: nil)
-        # No specific list given, e.g. this happens on `fastlane match nuke`
-        # We just want to run `git add -A` to commit everything
-        git_push(commands: ["git add -A"], commit_message: custom_message)
+        if files_to_delete.count > 0
+          commands = files_to_delete.map { |filename|  "git rm #{filename.shellescape}" }
+          git_push(commands: commands, commit_message: custom_message)
+        end
       end
 
       def upload_files(files_to_upload: [], custom_message: nil)

data/match/lib/match/storage/interface.rb

@@ -55,11 +55,14 @@ module Match
         # Custom init to `[]` in case `nil` is passed
         files_to_commit ||= []
         files_to_delete ||= []
+        files_to_delete -= files_to_commit # Make sure we are not removing added files.
+
+        if files_to_commit.count == 0 && files_to_delete.count == 0
+          UI.user_error!("Neither `files_to_commit` nor `files_to_delete` were provided to the `save_changes!` method call")
+        end
 
         Dir.chdir(File.expand_path(self.working_directory)) do
           if files_to_commit.count > 0 # everything that isn't `match nuke`
-            UI.user_error!("You can't provide both `files_to_delete` and `files_to_commit` right now") if files_to_delete.count > 0
-
             if !File.exist?(MATCH_VERSION_FILE_NAME) || File.read(MATCH_VERSION_FILE_NAME) != Fastlane::VERSION.to_s
               files_to_commit << MATCH_VERSION_FILE_NAME
               File.write(MATCH_VERSION_FILE_NAME, Fastlane::VERSION) # stored unencrypted
@@ -74,13 +77,14 @@ module Match
 
             self.upload_files(files_to_upload: files_to_commit, custom_message: custom_message)
             UI.message("Finished uploading files to #{self.human_readable_description}")
-          elsif files_to_delete.count > 0
+          end
+
+          if files_to_delete.count > 0
             self.delete_files(files_to_delete: files_to_delete, custom_message: custom_message)
             UI.message("Finished deleting files from #{self.human_readable_description}")
-          else
-            UI.user_error!("Neither `files_to_commit` nor `files_to_delete` were provided to the `save_changes!` method call")
           end
         end
+      ensure # Always clear working_directory after save
         self.clear_changes
       end
 

data/pilot/lib/pilot/build_manager.rb

@@ -65,6 +65,7 @@ module Pilot
           UI.important("`skip_waiting_for_build_processing` used and no `changelog` supplied - skipping waiting for build processing")
           return
         else
+          UI.important("`skip_waiting_for_build_processing` used and `changelog` supplied - will wait until build appears on App Store Connect, update the changelog and then skip the rest of the remaining of the processing steps.")
           return_when_build_appears = true
         end
       end
@@ -72,8 +73,10 @@ module Pilot
       # Calling login again here is needed if login was not called during 'start'
       login unless should_login_in_start
 
-      UI.message("If you want to skip waiting for the processing to be finished, use the `skip_waiting_for_build_processing` option")
-      UI.message("Note that if `skip_waiting_for_build_processing` is used but a `changelog` is supplied, this process will wait for the build to appear on AppStoreConnect, update the changelog and then skip the remaining of the processing steps.")
+      if config[:skip_waiting_for_build_processing].nil?
+        UI.message("If you want to skip waiting for the processing to be finished, use the `skip_waiting_for_build_processing` option")
+        UI.message("Note that if `skip_waiting_for_build_processing` is used but a `changelog` is supplied, this process will wait for the build to appear on App Store Connect, update the changelog and then skip the remaining of the processing steps.")
+      end
 
       latest_build = wait_for_build_processing_to_be_complete(return_when_build_appears)
       distribute(options, build: latest_build)

data/pilot/lib/pilot/manager.rb

@@ -85,8 +85,8 @@ module Pilot
       result ||= FastlaneCore::IpaFileAnalyser.fetch_app_platform(config[:ipa]) if config[:ipa]
       result ||= FastlaneCore::PkgFileAnalyser.fetch_app_platform(config[:pkg]) if config[:pkg]
       if required
-        result ||= UI.input("Please enter the app's platform (appletvos, ios, osx): ")
-        UI.user_error!("App Platform must be ios, appletvos, or osx") unless ['ios', 'appletvos', 'osx'].include?(result)
+        result ||= UI.input("Please enter the app's platform (appletvos, ios, osx, xros): ")
+        UI.user_error!("App Platform must be ios, appletvos, osx, or xros") unless ['ios', 'appletvos', 'osx', 'xros'].include?(result)
         UI.verbose("App Platform (#{result})")
       end
       return result

data/pilot/lib/pilot/options.rb

@@ -49,7 +49,7 @@ module Pilot
                                      description: "The platform to use (optional)",
                                      optional: true,
                                      verify_block: proc do |value|
-                                       UI.user_error!("The platform can only be ios, appletvos, or osx") unless ['ios', 'appletvos', 'osx'].include?(value)
+                                       UI.user_error!("The platform can only be ios, appletvos, osx, or xros") unless ['ios', 'appletvos', 'osx', 'xros'].include?(value)
                                      end),
         FastlaneCore::ConfigItem.new(key: :apple_id,
                                      short_option: "-p",

data/snapshot/lib/snapshot/options.rb

@@ -23,7 +23,7 @@ module Snapshot
                                      short_option: "-w",
                                      env_name: "SNAPSHOT_WORKSPACE",
                                      optional: true,
-                                     description: "Path the workspace file",
+                                     description: "Path to the workspace file",
                                      verify_block: proc do |value|
                                        v = File.expand_path(value.to_s)
                                        UI.user_error!("Workspace file not found at path '#{v}'") unless File.exist?(v)
@@ -34,7 +34,7 @@ module Snapshot
                                      short_option: "-p",
                                      optional: true,
                                      env_name: "SNAPSHOT_PROJECT",
-                                     description: "Path the project file",
+                                     description: "Path to the project file",
                                      verify_block: proc do |value|
                                        v = File.expand_path(value.to_s)
                                        UI.user_error!("Project file not found at path '#{v}'") unless File.exist?(v)

data/snapshot/lib/snapshot/setup.rb

@@ -34,7 +34,7 @@ module Snapshot
       puts("✅  Successfully created #{snapshot_helper_filename} '#{File.join(path, snapshot_helper_filename)}'".green)
       puts("✅  Successfully created new Snapfile at '#{snapfile_path}'".green)
       puts("-------------------------------------------------------".yellow)
-      print_instructions(snapshot_helper_filename: snapshot_helper_filename, snapfile_path: snapfile_path)
+      print_instructions(snapshot_helper_filename: snapshot_helper_filename)
     end
 
     def self.print_instructions(snapshot_helper_filename: nil)

data/spaceship/lib/spaceship/connect_api/api_client.rb

@@ -184,7 +184,7 @@ module Spaceship
         if tries.zero?
           raise error
         else
-          msg = "Token has expired or has been revoked! Trying to refresh..."
+          msg = "Token has expired, issued-at-time is in the future, or has been revoked! Trying to refresh..."
           puts(msg) if Spaceship::Globals.verbose?
           @token.refresh!
           retry

data/spaceship/lib/spaceship/connect_api/models/app_info.rb

@@ -5,6 +5,7 @@ module Spaceship
       include Spaceship::ConnectAPI::Model
 
       attr_accessor :app_store_state
+      attr_accessor :state
       attr_accessor :app_store_age_rating
       attr_accessor :brazil_age_rating
       attr_accessor :kids_age_band
@@ -16,6 +17,7 @@ module Spaceship
       attr_accessor :secondary_subcategory_one
       attr_accessor :secondary_subcategory_two
 
+      # Deprecated in App Store Connect API specification 3.3
       module AppStoreState
         ACCEPTED = "ACCEPTED"
         DEVELOPER_REJECTED = "DEVELOPER_REJECTED"
@@ -36,6 +38,20 @@ module Spaceship
         REPLACED_WITH_NEW_VERSION = "REPLACED_WITH_NEW_VERSION"
         WAITING_FOR_EXPORT_COMPLIANCE = "WAITING_FOR_EXPORT_COMPLIANCE"
         WAITING_FOR_REVIEW = "WAITING_FOR_REVIEW"
+        NOT_APPLICABLE = "NOT_APPLICABLE"
+      end
+
+      module State
+        ACCEPTED = "ACCEPTED"
+        DEVELOPER_REJECTED = "DEVELOPER_REJECTED"
+        IN_REVIEW = "IN_REVIEW"
+        PENDING_RELEASE = "PENDING_RELEASE"
+        PREPARE_FOR_SUBMISSION = "PREPARE_FOR_SUBMISSION"
+        READY_FOR_DISTRIBUTION = "READY_FOR_DISTRIBUTION"
+        READY_FOR_REVIEW = "READY_FOR_REVIEW"
+        REJECTED = "REJECTED"
+        REPLACED_WITH_NEW_INFO = "REPLACED_WITH_NEW_INFO"
+        WAITING_FOR_REVIEW = "WAITING_FOR_REVIEW"
       end
 
       module AppStoreAgeRating
@@ -44,6 +60,7 @@ module Spaceship
 
       attr_mapping({
         "appStoreState" => "app_store_state",
+        "state" => "state",
         "appStoreAgeRating" => "app_store_age_rating",
         "brazilAgeRating" => "brazil_age_rating",
         "kidsAgeBand" => "kids_age_band",