Skip to content

Bump the composer group across 1 directory with 8 updates#320

Merged
emmadesilva merged 1 commit into
masterfrom
dependabot/composer/composer-a86ced8911
Jul 2, 2026
Merged

Bump the composer group across 1 directory with 8 updates#320
emmadesilva merged 1 commit into
masterfrom
dependabot/composer/composer-a86ced8911

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor

Bumps the composer group with 5 updates in the / directory:

Package From To
guzzlehttp/guzzle 7.9.1 7.13.1
league/commonmark 2.7.0 2.8.2
symfony/http-foundation 6.4.14 6.4.42
symfony/process 6.4.14 6.4.41
symfony/yaml 6.4.8 6.4.42

Updates guzzlehttp/guzzle from 7.9.1 to 7.13.1

Release notes

Sourced from guzzlehttp/guzzle's releases.

7.13.1

Fixed

  • Allow middleware to rewrite partial URIs before transports validate them

7.13.0

Added

  • Added the crypto_method_max request option to cap the maximum TLS protocol version
  • Added HTTP QUERY redirect support, preserving method and body on 301 and 302

Changed

  • Section proxy tunnel connection reuse by credential so distinct credentials never share a tunnel
  • Isolate concurrent foreign cURL proxy tunnels added while another owner's tunnel is active
  • Route credentialed HTTP(S) proxy Proxy-Authorization headers through cURL proxy header handling
  • Reject request-level CURLOPT_SHARE when combined with authenticated HTTP/HTTPS proxy tunnel configuration
  • Remove deprecation for raw cURL CURLOPT_PREREQFUNCTION callbacks when defined by PHP cURL
  • Route TLS 1.2 crypto_method requests to the stream handler when cURL cannot select TLS 1.2
  • Reject final request URIs missing a scheme or host before transfer

Deprecated

  • Deprecate invalid protocols, force_ip_resolve, delay, cookies, and allow_redirects values

7.12.3

Changed

  • Adjusted guzzlehttp/psr7 version constraint to ^2.12.3

Security

7.12.2

Fixed

  • Clamp out-of-range Max-Age so a very large value no longer overflows to an already-expired timestamp
  • Use strict comparison in CookieJar conflict resolution so distinct numeric-string names don't overwrite
  • Store a cookie whose Domain has a trailing dot on the origin host instead of silently discarding it
  • Fix StreamHandler hard-failing on bracketed IPv6 literal hosts when force_ip_resolve is set
  • Use strict cookie Path comparison so CookieJar::clear() with a numeric path keeps a distinct-path cookie
  • Fixed cookie handling for falsey Domain, Max-Age, path, and name values
  • Fixed decode_content handling for falsey string values
  • Fixed deprecated request option values reaching built-in handlers before normalization

7.12.1

Changed

  • Adjusted guzzlehttp/psr7 version constraint to ^2.12.1

... (truncated)

Changelog

Sourced from guzzlehttp/guzzle's changelog.

7.13.1 - 2026-06-29

Fixed

  • Allow middleware to rewrite partial URIs before transports validate them

7.13.0 - 2026-06-29

Added

  • Added the crypto_method_max request option to cap the maximum TLS protocol version
  • Added HTTP QUERY redirect support, preserving method and body on 301 and 302

Changed

  • Section proxy tunnel connection reuse by credential so distinct credentials never share a tunnel
  • Isolate concurrent foreign cURL proxy tunnels added while another owner's tunnel is active
  • Route credentialed HTTP(S) proxy Proxy-Authorization headers through cURL proxy header handling
  • Reject request-level CURLOPT_SHARE when combined with authenticated HTTP/HTTPS proxy tunnel configuration
  • Remove deprecation for raw cURL CURLOPT_PREREQFUNCTION callbacks when defined by PHP cURL
  • Route TLS 1.2 crypto_method requests to the stream handler when cURL cannot select TLS 1.2
  • Reject final request URIs missing a scheme or host before transfer

Deprecated

  • Deprecate invalid protocols, force_ip_resolve, delay, cookies, and allow_redirects values

7.12.3 - 2026-06-23

Changed

  • Adjusted guzzlehttp/psr7 version constraint to ^2.12.3

Security

7.12.2 - 2026-06-23

Fixed

  • Clamp out-of-range Max-Age so a very large value no longer overflows to an already-expired timestamp
  • Use strict comparison in CookieJar conflict resolution so distinct numeric-string names don't overwrite
  • Store a cookie whose Domain has a trailing dot on the origin host instead of silently discarding it
  • Fix StreamHandler hard-failing on bracketed IPv6 literal hosts when force_ip_resolve is set
  • Use strict cookie Path comparison so CookieJar::clear() with a numeric path keeps a distinct-path cookie
  • Fixed cookie handling for falsey Domain, Max-Age, path, and name values

... (truncated)

Commits

Updates guzzlehttp/psr7 from 2.7.0 to 2.12.3

Release notes

Sourced from guzzlehttp/psr7's releases.

2.12.3

Security

2.12.2

Fixed

  • Report URI parsing, filtering, and normalization PCRE failures explicitly
  • Report HTTP message parser PCRE failures explicitly
  • Fail closed when PCRE validation fails for request targets and hosts

2.12.1

Security

2.12.0

Deprecated

  • Deprecated non-finite float values in Query::build() that guzzlehttp/psr7 3.0 rejects
  • Deprecated non-finite float multipart contents that guzzlehttp/psr7 3.0 rejects
  • Deprecated non-string scalar bodies in Utils::streamFor(); cast them to a string for 3.0
  • Deprecated non-string Uri::withQueryValues() values; cast them to a string for 3.0

2.11.1

Fixed

  • Fixed non-finite float values emitting coercion warnings on PHP 8.5

2.11.0

Changed

  • Changed Utils::modifyRequest() to reject conflicting URI and Host header changes in the same call
  • Changed Header::parse() to split semicolon-separated parameters without repeated regular expression lookaheads
  • Changed UriComparator::isCrossOrigin() so only HTTP and HTTPS missing ports receive implicit default ports

Deprecated

  • Deprecated invalid PSR-7 arguments that guzzlehttp/psr7 3.0 will require native types for
  • Deprecated non-string header values that guzzlehttp/psr7 3.0 will reject
  • Deprecated empty header value arrays that guzzlehttp/psr7 3.0 will reject
  • Deprecated URI schemes that do not match guzzlehttp/psr7 3.0 syntax requirements
  • Deprecated multipart boundary and custom part header metadata that guzzlehttp/psr7 3.0 will reject
  • Deprecated reliance on automatic uppercasing of request methods; guzzlehttp/psr7 3.0 preserves method casing
  • Deprecated invalid Utils::modifyRequest() change values that guzzlehttp/psr7 3.0 will reject

Fixed

  • Fixed Utils::copyToStream() to retry short destination writes instead of dropping the unwritten remainder

... (truncated)

Changelog

Sourced from guzzlehttp/psr7's changelog.

2.12.3 - 2026-06-23

Security

2.12.2 - 2026-06-23

Fixed

  • Report URI parsing, filtering, and normalization PCRE failures explicitly
  • Report HTTP message parser PCRE failures explicitly
  • Fail closed when PCRE validation fails for request targets and hosts

2.12.1 - 2026-06-18

Security

2.12.0 - 2026-06-16

Deprecated

  • Deprecated non-finite float values in Query::build() that guzzlehttp/psr7 3.0 rejects
  • Deprecated non-finite float multipart contents that guzzlehttp/psr7 3.0 rejects
  • Deprecated non-string scalar bodies in Utils::streamFor(); cast them to a string for 3.0
  • Deprecated non-string Uri::withQueryValues() values; cast them to a string for 3.0

2.11.1 - 2026-06-12

Fixed

  • Fixed non-finite float values emitting coercion warnings on PHP 8.5

2.11.0 - 2026-06-02

Changed

  • Changed Utils::modifyRequest() to reject conflicting URI and Host header changes in the same call
  • Changed Header::parse() to split semicolon-separated parameters without repeated regular expression lookaheads
  • Changed UriComparator::isCrossOrigin() so only HTTP and HTTPS missing ports receive implicit default ports

Deprecated

  • Deprecated invalid PSR-7 arguments that guzzlehttp/psr7 3.0 will require native types for
  • Deprecated non-string header values that guzzlehttp/psr7 3.0 will reject
  • Deprecated empty header value arrays that guzzlehttp/psr7 3.0 will reject
  • Deprecated URI schemes that do not match guzzlehttp/psr7 3.0 syntax requirements
  • Deprecated multipart boundary and custom part header metadata that guzzlehttp/psr7 3.0 will reject

... (truncated)

Commits

Updates league/commonmark from 2.7.0 to 2.8.2

Release notes

Sourced from league/commonmark's releases.

2.8.2

This is a security release to address an issue where the allowed_domains setting for the Embed extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.

Fixed

  • Fixed DomainFilteringAdapter hostname boundary bypass where domains like youtube.com.evil could match an allowlist entry for youtube.com (GHSA-hh8v-hgvp-g3f5)

Full Changelog: thephpleague/commonmark@2.8.1...2.8.2

2.8.1

What's Changed

This is a security release to address an issue where DisallowedRawHtml can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.

Fixed

  • Fixed DisallowedRawHtmlRenderer not blocking raw HTML tags with trailing ASCII whitespace (GHSA-4v6x-c7xx-hw9f)
  • Fixed PHP 8.5 deprecation (#1107)

New Contributors

Full Changelog: thephpleague/commonmark@2.8.0...2.8.1

2.8.0

What's Changed

Added

  • Added a new HighlightExtension for marking important text using == syntax (#1100)

Fixed

  • Fixed AutolinkExtension incorrectly matching URLs after invalid www. prefix (#1095, #1103)

New Contributors

Full Changelog: thephpleague/commonmark@2.7.1...2.8.0

2.7.1

Notable Changes

Changed

  • Optimized several regular expressions in RegexHelper to improve performance (#674, #1086)

Fixed

  • EmbedProcessor no longer calls updateEmbeds() when there are no embeds to update (#1081)
  • Fixed missing benchmark.php CSV path validation for non-existent files (#1068, #1085)

New Contributors

... (truncated)

Changelog

Sourced from league/commonmark's changelog.

[2.8.2] - 2026-03-19

This is a security release to address an issue where the allowed_domains setting for the Embed extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.

Fixed

  • Fixed DomainFilteringAdapter hostname boundary bypass where domains like youtube.com.evil could match an allowlist entry for youtube.com (GHSA-hh8v-hgvp-g3f5)

[2.8.1] - 2026-03-05

This is a security release to address an issue where DisallowedRawHtml can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.

Fixed

  • Fixed DisallowedRawHtmlRenderer not blocking raw HTML tags with trailing ASCII whitespace (GHSA-4v6x-c7xx-hw9f)
  • Fixed PHP 8.5 deprecation (#1107)

[2.8.0] - 2025-11-26

Added

  • Added a new HighlightExtension for marking important text using == syntax (#1100)

Fixed

  • Fixed AutolinkExtension incorrectly matching URLs after invalid www. prefix (#1095, #1103)

[2.7.1] - 2025-07-20

Changed

  • Optimized several regular expressions in RegexHelper to improve performance (#674, #1086)

Fixed

  • EmbedProcessor no longer calls updateEmbeds() when there are no embeds to update (#1081)
  • Fixed missing benchmark.php CSV path validation for non-existent files (#1068, #1085)
Commits
  • 59fb075 Fix DomainFilteringAdapter hostname boundary bypass
  • 74b4487 Document dangers of enabling an unsafe php.ini setting
  • 84b1ca4 Almost forgot this entry
  • bcf54f5 Merge commit from fork
  • 7a68ed1 Prepare to release 2.8.1
  • 5c0c4c8 Fix DisallowedRawHtml bypass via newline/tab in tag names
  • f6e7443 Add regression test
  • 0719b67 Merge pull request #1107 from freost/fix-php85-deprecation-error
  • 63ff2e0 Fix PHP 8.5 deprecation
  • 8608e9c Merge pull request #1106 from Kocal/patch-1
  • Additional commits viewable in compare view

Updates symfony/http-foundation from 6.4.14 to 6.4.42

Release notes

Sourced from symfony/http-foundation's releases.

v6.4.42

Changelog (symfony/http-foundation@v6.4.41...v6.4.42)

v6.4.41

Changelog (symfony/http-foundation@v6.4.35...v6.4.41)

v6.4.35

Changelog (symfony/http-foundation@v6.4.34...v6.4.35)

v6.4.34

Changelog (symfony/http-foundation@v6.4.33...v6.4.34)

v6.4.33

Changelog (symfony/http-foundation@v6.4.32...v6.4.33)

v6.4.32

Changelog (symfony/http-foundation@v6.4.31...v6.4.32)

v6.4.31

Changelog (symfony/http-foundation@v6.4.30...v6.4.31)

v6.4.30

Changelog (symfony/http-foundation@v6.4.29...v6.4.30)

v6.4.29

Changelog (symfony/http-foundation@v6.4.28...v6.4.29)

  • no significant changes

... (truncated)

Commits
  • 23dcf8e Restore compat with DBAL v4.x
  • 41a0b1a Unsafe unserialize phpstan rule
  • 443b2d0 [HttpFoundation] Add RFC6598 Shared Address Space to IpUtils::PRIVATE_SUBNETS
  • 2ebaf12 Drop PR warning and auto-closing on subtree splits
  • 48d76c2 security #cve-2026-48736 [HttpFoundation] Block IPv6 transition forms in IpUt...
  • 10d5daa [HttpFoundation] Fix tests for PHP 8.6: session.cookie_samesite=Lax
  • 3ebc78a [HttpFoundation] Block IPv6 transition forms in IpUtils::PRIVATE_SUBNETS
  • 5402ad1 Remove wrong documentation
  • 92eeee6 CS fixes - native_function_invocation & static_lambda
  • cffffd0 [HttpFoundation] Fix session cookie_lifetime not applied in mock session storage
  • Additional commits viewable in compare view

Updates symfony/mime from 6.4.13 to 6.4.41

Release notes

Sourced from symfony/mime's releases.

v6.4.41

Changelog (symfony/mime@v6.4.40...v6.4.41)

v6.4.40

Changelog (symfony/mime@v6.4.37...v6.4.40)

v6.4.37

Changelog (symfony/mime@v6.4.36...v6.4.37)

v6.4.36

Changelog (symfony/mime@v6.4.35...v6.4.36)

v6.4.35

Changelog (symfony/mime@v6.4.34...v6.4.35)

v6.4.34

Changelog (symfony/mime@v6.4.33...v6.4.34)

  • no significant changes

v6.4.32

Changelog (symfony/mime@v6.4.31...v6.4.32)

  • no significant changes

v6.4.30

Changelog (symfony/mime@v6.4.29...v6.4.30)

  • no significant changes

v6.4.26

Changelog (symfony/mime@v6.4.25...v6.4.26)

v6.4.24

Changelog (symfony/mime@v6.4.23...v6.4.24)

... (truncated)

Commits
  • 5575d37 [Routing][RateLimiter][Mime][Security] Harden __unserialize against __toStrin...
  • 7ccfb0c Merge branch '5.4' into 6.4
  • 8f89d3a [Mime] Reject email addresses containing line breaks in Address
  • f2f05cb [Mime] Fix transient test
  • 330077b bug #64047 [Mime] Preserve inline part filename instead of overwriting it wit...
  • 4c7099f [Mime] Preserve inline part filename instead of overwriting it with the Conte...
  • e2ae51d [FrameworkBundle] Apply tagged MIME type guessers in File::getMimeType()
  • 3d48678 More CS fixes
  • 05099f5 CS fixes - native_function_invocation & static_lambda
  • f56fd2b [CS] Back config from 8.1 and apply heredoc_indentation rule
  • Additional commits viewable in compare view

Updates symfony/polyfill-intl-idn from 1.31.0 to 1.38.1

Release notes

Sourced from symfony/polyfill-intl-idn's releases.

v1.38.1

Changelog (symfony/polyfill-intl-idn@v1.31.0...v1.38.1)

v1.37.0

Changelog (symfony/polyfill-intl-idn@v1.36.0...v1.37.0)

  • no significant changes

v1.36.0

Changelog (symfony/polyfill-intl-idn@v1.35.0...v1.36.0)

  • no significant changes

v1.35.0

Changelog (symfony/polyfill-intl-idn@v1.34.0...v1.35.0)

  • no significant changes

v1.34.0

Changelog (symfony/polyfill-intl-idn@v1.33.0...v1.34.0)

  • no significant changes
Commits
  • dc21118 [Intl][Idn] Reject xn-- labels whose Punycode payload decodes to ASCII-only
  • 9614ac4 Give testing some love
  • See full diff in compare view

Updates symfony/process from 6.4.14 to 6.4.41

Release notes

Sourced from symfony/process's releases.

v6.4.41

Changelog (symfony/process@v6.4.39...v6.4.41)

v6.4.39

Changelog (symfony/process@v6.4.33...v6.4.39)

v6.4.33

Changelog (symfony/process@v6.4.32...v6.4.33)

v6.4.32

Changelog (symfony/process@v6.4.31...v6.4.32)

v6.4.31

Changelog (symfony/process@v6.4.30...v6.4.31)

v6.4.26

Changelog (symfony/process@v6.4.25...v6.4.26)

v6.4.25

Changelog (symfony/process@v6.4.24...v6.4.25)

v6.4.24

Changelog (symfony/process@v6.4.23...v6.4.24)

  • no significant changes

v6.4.20

Changelog (symfony/process@v6.4.19...v6.4.20)

v6.4.19

Changelog (symfony/process@v6.4.18...v6.4.19)

  • no significant changes

... (truncated)

Commits
  • c8fc09b [Process] Stop leaking CGI/FastCGI request-context vars to subprocesses
  • 6c93071 [Process] Ignore array env values before proc_open
  • 7b8e6e8 More CS fixes
  • 5731331 CS fixes - native_function_invocation & static_lambda
  • 736ed52 [CS] Back config from 8.1 and apply heredoc_indentation rule
  • c46e854 [Process] Fix escaping for MSYS on Windows
  • c593135 [Process] Adjust Process mustRun method phpdoc
  • e579464 [Process] Ignore invalid env var names
  • 8541b73 [Process] Fix dealing with broken stdin pipes
  • 48bad91 Replace __sleep/wakeup() by __(un)serialize() for throwing and internal usages
  • Additional commits viewable in compare view

Updates symfony/yaml from 6.4.8 to 6.4.42

Release notes

Sourced from symfony/yaml's releases.

v6.4.42

Changelog (symfony/yaml@v6.4.41...v6.4.42)

v6.4.41

Changelog (symfony/yaml@v6.4.40...v6.4.41)

v6.4.40

Changelog (symfony/yaml@v6.4.39...v6.4.40)

v6.4.39

Changelog (symfony/yaml@v6.4.38...v6.4.39)

v6.4.38

Changelog (symfony/yaml@v6.4.34...v6.4.38)

v6.4.34

Changelog (symfony/yaml@v6.4.33...v6.4.34)

v6.4.30

Changelog (symfony/yaml@v6.4.29...v6.4.30)

v6.4.26

Changelog (symfony/yaml@v6.4.25...v6.4.26)

v6.4.25

Changelog (symfony/yaml@v6.4.24...v6.4.25)

... (truncated)

Commits
  • 989dfb7 Unsafe unserialize phpstan rule
  • 907f845 Drop PR warning and auto-closing on subtree splits
  • 9bb6ebd [Yaml] Fix parsing inline anchored values
  • e8fdf34 CS fix
  • 69b7344 Merge branch '5.4' into 6.4
  • ae0bbb4 [Yaml] Allow trailing newlines after the end-of-document marker
  • 68dcd1f Merge branch '5.4' into 6.4
  • b0b2705 [Yaml] Harden the Parser::cleanup() regexes against catastrophic backtracking
  • 5a351ff [Yaml] Bound collection-alias resolution in the parser
  • e4fb993 [Yaml] Reject non-stringables when using "!!binary"
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the composer group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) | `7.9.1` | `7.13.1` |
| [league/commonmark](https://github.com/thephpleague/commonmark) | `2.7.0` | `2.8.2` |
| [symfony/http-foundation](https://github.com/symfony/http-foundation) | `6.4.14` | `6.4.42` |
| [symfony/process](https://github.com/symfony/process) | `6.4.14` | `6.4.41` |
| [symfony/yaml](https://github.com/symfony/yaml) | `6.4.8` | `6.4.42` |



Updates `guzzlehttp/guzzle` from 7.9.1 to 7.13.1
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/7.13/CHANGELOG.md)
- [Commits](guzzle/guzzle@7.9.1...7.13.1)

Updates `guzzlehttp/psr7` from 2.7.0 to 2.12.3
- [Release notes](https://github.com/guzzle/psr7/releases)
- [Changelog](https://github.com/guzzle/psr7/blob/2.12/CHANGELOG.md)
- [Commits](guzzle/psr7@2.7.0...2.12.3)

Updates `league/commonmark` from 2.7.0 to 2.8.2
- [Release notes](https://github.com/thephpleague/commonmark/releases)
- [Changelog](https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md)
- [Commits](thephpleague/commonmark@2.7.0...2.8.2)

Updates `symfony/http-foundation` from 6.4.14 to 6.4.42
- [Release notes](https://github.com/symfony/http-foundation/releases)
- [Changelog](https://github.com/symfony/http-foundation/blob/8.2/CHANGELOG.md)
- [Commits](symfony/http-foundation@v6.4.14...v6.4.42)

Updates `symfony/mime` from 6.4.13 to 6.4.41
- [Release notes](https://github.com/symfony/mime/releases)
- [Changelog](https://github.com/symfony/mime/blob/8.2/CHANGELOG.md)
- [Commits](symfony/mime@v6.4.13...v6.4.41)

Updates `symfony/polyfill-intl-idn` from 1.31.0 to 1.38.1
- [Release notes](https://github.com/symfony/polyfill-intl-idn/releases)
- [Commits](symfony/polyfill-intl-idn@v1.31.0...v1.38.1)

Updates `symfony/process` from 6.4.14 to 6.4.41
- [Release notes](https://github.com/symfony/process/releases)
- [Changelog](https://github.com/symfony/process/blob/8.2/CHANGELOG.md)
- [Commits](symfony/process@v6.4.14...v6.4.41)

Updates `symfony/yaml` from 6.4.8 to 6.4.42
- [Release notes](https://github.com/symfony/yaml/releases)
- [Changelog](https://github.com/symfony/yaml/blob/8.2/CHANGELOG.md)
- [Commits](symfony/yaml@v6.4.8...v6.4.42)

---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
  dependency-version: 7.13.1
  dependency-type: indirect
  dependency-group: composer
- dependency-name: guzzlehttp/psr7
  dependency-version: 2.12.3
  dependency-type: indirect
  dependency-group: composer
- dependency-name: league/commonmark
  dependency-version: 2.8.2
  dependency-type: indirect
  dependency-group: composer
- dependency-name: symfony/http-foundation
  dependency-version: 6.4.42
  dependency-type: indirect
  dependency-group: composer
- dependency-name: symfony/mime
  dependency-version: 6.4.41
  dependency-type: indirect
  dependency-group: composer
- dependency-name: symfony/polyfill-intl-idn
  dependency-version: 1.38.1
  dependency-type: indirect
  dependency-group: composer
- dependency-name: symfony/process
  dependency-version: 6.4.41
  dependency-type: indirect
  dependency-group: composer
- dependency-name: symfony/yaml
  dependency-version: 6.4.42
  dependency-type: indirect
  dependency-group: composer
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file php Pull requests that update Php code labels Jul 2, 2026
@emmadesilva emmadesilva added this pull request to the merge queue Jul 2, 2026
Merged via the queue into master with commit 98b220a Jul 2, 2026
26 checks passed
@dependabot dependabot Bot deleted the dependabot/composer/composer-a86ced8911 branch July 2, 2026 15:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file php Pull requests that update Php code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant