Bump the composer group across 1 directory with 8 updates#320
Merged
Conversation
Bumps the composer group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) | `7.9.1` | `7.13.1` | | [league/commonmark](https://github.com/thephpleague/commonmark) | `2.7.0` | `2.8.2` | | [symfony/http-foundation](https://github.com/symfony/http-foundation) | `6.4.14` | `6.4.42` | | [symfony/process](https://github.com/symfony/process) | `6.4.14` | `6.4.41` | | [symfony/yaml](https://github.com/symfony/yaml) | `6.4.8` | `6.4.42` | Updates `guzzlehttp/guzzle` from 7.9.1 to 7.13.1 - [Release notes](https://github.com/guzzle/guzzle/releases) - [Changelog](https://github.com/guzzle/guzzle/blob/7.13/CHANGELOG.md) - [Commits](guzzle/guzzle@7.9.1...7.13.1) Updates `guzzlehttp/psr7` from 2.7.0 to 2.12.3 - [Release notes](https://github.com/guzzle/psr7/releases) - [Changelog](https://github.com/guzzle/psr7/blob/2.12/CHANGELOG.md) - [Commits](guzzle/psr7@2.7.0...2.12.3) Updates `league/commonmark` from 2.7.0 to 2.8.2 - [Release notes](https://github.com/thephpleague/commonmark/releases) - [Changelog](https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md) - [Commits](thephpleague/commonmark@2.7.0...2.8.2) Updates `symfony/http-foundation` from 6.4.14 to 6.4.42 - [Release notes](https://github.com/symfony/http-foundation/releases) - [Changelog](https://github.com/symfony/http-foundation/blob/8.2/CHANGELOG.md) - [Commits](symfony/http-foundation@v6.4.14...v6.4.42) Updates `symfony/mime` from 6.4.13 to 6.4.41 - [Release notes](https://github.com/symfony/mime/releases) - [Changelog](https://github.com/symfony/mime/blob/8.2/CHANGELOG.md) - [Commits](symfony/mime@v6.4.13...v6.4.41) Updates `symfony/polyfill-intl-idn` from 1.31.0 to 1.38.1 - [Release notes](https://github.com/symfony/polyfill-intl-idn/releases) - [Commits](symfony/polyfill-intl-idn@v1.31.0...v1.38.1) Updates `symfony/process` from 6.4.14 to 6.4.41 - [Release notes](https://github.com/symfony/process/releases) - [Changelog](https://github.com/symfony/process/blob/8.2/CHANGELOG.md) - [Commits](symfony/process@v6.4.14...v6.4.41) Updates `symfony/yaml` from 6.4.8 to 6.4.42 - [Release notes](https://github.com/symfony/yaml/releases) - [Changelog](https://github.com/symfony/yaml/blob/8.2/CHANGELOG.md) - [Commits](symfony/yaml@v6.4.8...v6.4.42) --- updated-dependencies: - dependency-name: guzzlehttp/guzzle dependency-version: 7.13.1 dependency-type: indirect dependency-group: composer - dependency-name: guzzlehttp/psr7 dependency-version: 2.12.3 dependency-type: indirect dependency-group: composer - dependency-name: league/commonmark dependency-version: 2.8.2 dependency-type: indirect dependency-group: composer - dependency-name: symfony/http-foundation dependency-version: 6.4.42 dependency-type: indirect dependency-group: composer - dependency-name: symfony/mime dependency-version: 6.4.41 dependency-type: indirect dependency-group: composer - dependency-name: symfony/polyfill-intl-idn dependency-version: 1.38.1 dependency-type: indirect dependency-group: composer - dependency-name: symfony/process dependency-version: 6.4.41 dependency-type: indirect dependency-group: composer - dependency-name: symfony/yaml dependency-version: 6.4.42 dependency-type: indirect dependency-group: composer ... Signed-off-by: dependabot[bot] <support@github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the composer group with 5 updates in the / directory:
7.9.17.13.12.7.02.8.26.4.146.4.426.4.146.4.416.4.86.4.42Updates
guzzlehttp/guzzlefrom 7.9.1 to 7.13.1Release notes
Sourced from guzzlehttp/guzzle's releases.
... (truncated)
Changelog
Sourced from guzzlehttp/guzzle's changelog.
... (truncated)
Commits
55901a7Release 7.13.1 (#3726)f385904Validate cURL scheme support before protocol policy (#3723)8d0895bAllow middleware to rewrite partial URIs (#3721)a4decaaRelease 7.13.0a5e7069Stop deprecating CURLOPT_PREREQFUNCTION (#3718)bc34e93Reject CURLOPT_SHARE with authenticated proxy tunnel (#3711)f748c62Route Proxy-Authorization through cURL proxy headers (#3710)69fc262Harden cURL header list options (#3716)cef051aReject final URIs missing scheme or host (#3715)586ddfbHarden CurlMultiHandler proxy tunnel isolation (#3708)Updates
guzzlehttp/psr7from 2.7.0 to 2.12.3Release notes
Sourced from guzzlehttp/psr7's releases.
... (truncated)
Changelog
Sourced from guzzlehttp/psr7's changelog.
... (truncated)
Commits
7ec62dcRelease 2.12.3ddd64f1Validate the URI host sogetHost()matches the URI authority (#811)5ec8b15Release 2.12.25cfb193Fail closed on validation PCRE errors (#803)9e21236Report message parser PCRE failures (#802)45ae7e8Report URI PCRE failures (#801)7af66b9Bump minimum PHP 8.0 polyfill version (#800)172ef2fRelease 2.12.1f3f94b4Mitigate CRLF Injection in HTTP Start-Line Serialization (#798)9b38012Release 2.12.0Updates
league/commonmarkfrom 2.7.0 to 2.8.2Release notes
Sourced from league/commonmark's releases.
... (truncated)
Changelog
Sourced from league/commonmark's changelog.
Commits
59fb075Fix DomainFilteringAdapter hostname boundary bypass74b4487Document dangers of enabling an unsafe php.ini setting84b1ca4Almost forgot this entrybcf54f5Merge commit from fork7a68ed1Prepare to release 2.8.15c0c4c8Fix DisallowedRawHtml bypass via newline/tab in tag namesf6e7443Add regression test0719b67Merge pull request #1107 from freost/fix-php85-deprecation-error63ff2e0Fix PHP 8.5 deprecation8608e9cMerge pull request #1106 from Kocal/patch-1Updates
symfony/http-foundationfrom 6.4.14 to 6.4.42Release notes
Sourced from symfony/http-foundation's releases.
... (truncated)
Commits
23dcf8eRestore compat with DBAL v4.x41a0b1aUnsafe unserialize phpstan rule443b2d0[HttpFoundation] Add RFC6598 Shared Address Space to IpUtils::PRIVATE_SUBNETS2ebaf12Drop PR warning and auto-closing on subtree splits48d76c2security #cve-2026-48736 [HttpFoundation] Block IPv6 transition forms in IpUt...10d5daa[HttpFoundation] Fix tests for PHP 8.6: session.cookie_samesite=Lax3ebc78a[HttpFoundation] Block IPv6 transition forms in IpUtils::PRIVATE_SUBNETS5402ad1Remove wrong documentation92eeee6CS fixes - native_function_invocation & static_lambdacffffd0[HttpFoundation] Fix session cookie_lifetime not applied in mock session storageUpdates
symfony/mimefrom 6.4.13 to 6.4.41Release notes
Sourced from symfony/mime's releases.
... (truncated)
Commits
5575d37[Routing][RateLimiter][Mime][Security] Harden __unserialize against __toStrin...7ccfb0cMerge branch '5.4' into 6.48f89d3a[Mime] Reject email addresses containing line breaks in Addressf2f05cb[Mime] Fix transient test330077bbug #64047 [Mime] Preserve inline part filename instead of overwriting it wit...4c7099f[Mime] Preserve inline part filename instead of overwriting it with the Conte...e2ae51d[FrameworkBundle] Apply tagged MIME type guessers in File::getMimeType()3d48678More CS fixes05099f5CS fixes - native_function_invocation & static_lambdaf56fd2b[CS] Back config from 8.1 and apply heredoc_indentation ruleUpdates
symfony/polyfill-intl-idnfrom 1.31.0 to 1.38.1Release notes
Sourced from symfony/polyfill-intl-idn's releases.
Commits
dc21118[Intl][Idn] Reject xn-- labels whose Punycode payload decodes to ASCII-only9614ac4Give testing some loveUpdates
symfony/processfrom 6.4.14 to 6.4.41Release notes
Sourced from symfony/process's releases.
... (truncated)
Commits
c8fc09b[Process] Stop leaking CGI/FastCGI request-context vars to subprocesses6c93071[Process] Ignore array env values before proc_open7b8e6e8More CS fixes5731331CS fixes - native_function_invocation & static_lambda736ed52[CS] Back config from 8.1 and apply heredoc_indentation rulec46e854[Process] Fix escaping for MSYS on Windowsc593135[Process] Adjust Process mustRun method phpdoce579464[Process] Ignore invalid env var names8541b73[Process] Fix dealing with broken stdin pipes48bad91Replace __sleep/wakeup() by __(un)serialize() for throwing and internal usagesUpdates
symfony/yamlfrom 6.4.8 to 6.4.42Release notes
Sourced from symfony/yaml's releases.
... (truncated)
Commits
989dfb7Unsafe unserialize phpstan rule907f845Drop PR warning and auto-closing on subtree splits9bb6ebd[Yaml] Fix parsing inline anchored valuese8fdf34CS fix69b7344Merge branch '5.4' into 6.4ae0bbb4[Yaml] Allow trailing newlines after the end-of-document marker68dcd1fMerge branch '5.4' into 6.4b0b2705[Yaml] Harden the Parser::cleanup() regexes against catastrophic backtracking5a351ff[Yaml] Bound collection-alias resolution in the parsere4fb993[Yaml] Reject non-stringables when using "!!binary"Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.