Skip to content

Bump the composer group across 1 directory with 6 updates#5

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/composer/composer-3e7379d80c
Open

Bump the composer group across 1 directory with 6 updates#5
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/composer/composer-3e7379d80c

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Jun 10, 2024

Bumps the composer group with 1 update in the / directory: statamic/cms.

Updates statamic/cms from 3.2.19 to 3.4.17

Release notes

Sourced from statamic/cms's releases.

v3.4.17

What's fixed

v3.4.16

What's fixed

v3.4.15

What's fixed

v3.4.14

What's fixed

v3.4.13

What's fixed

v3.4.12

What's improved

What's fixed

Changelog

Sourced from statamic/cms's changelog.

3.4.17 (2024-01-25)

What's fixed

3.4.16 (2024-01-22)

What's fixed

3.4.15 (2023-11-21)

What's fixed

3.4.14 (2023-11-14)

What's fixed

3.4.13 (2023-11-10)

What's fixed

3.4.12 (2023-10-24)

What's improved

What's fixed

3.4.11 (2023-05-06)

What's fixed

... (truncated)

Commits

Updates composer/composer from 2.1.11 to 2.7.7

Release notes

Sourced from composer/composer's releases.

2.7.7

This release includes fixes for issues found in a security audit by Cure53 funded by Alpha-Omega.

  • Security: Fixed command injection via malicious git branch name (GHSA-47f6-5gq3-vx9c / CVE-2024-35241)
  • Security: Fixed multiple command injections via malicious git/hg branch names (GHSA-v9qv-c7wm-wgmf / CVE-2024-35242)
  • Security: Fixed secure-http checks that could be bypassed by using malformed URL formats (fa3b9582c)
  • Security: Fixed Filesystem::isLocalPath including windows-specific checks on linux (3c37a67c)
  • Security: Fixed perforce argument escaping (3773f775)
  • Security: Fixed handling of zip bombs when extracting archives (de5f7e32)
  • Security: Fixed Windows command parameter escaping to prevent abuse of unicode characters with best fit encoding conversion, reported by Splitline Huang (3130a7455, 04a63b324)
  • Fixed PSR violations for classes not matching the namespace of a rule being hidden, this may lead to new violations being shown (#11957)
  • Fixed UX when a plugin is still in vendor dir but is not required nor allowed anymore after changing branches (#12000)
  • Fixed new platform requirements from composer.json not being checked if the lock file is outdated (#12001)
  • Fixed ability for config command to remove autoload keys (#11967)
  • Fixed empty type support in init command (#11999)
  • Fixed git clone errors when safe.bareRepository is set to strict in the git config (#11969)
  • Fixed regression showing network errors on PHP <8.1 (#11974)
  • Fixed some color bleed from a few warnings (#11972)

Full Changelog: composer/composer@2.7.6...2.7.7

2.7.6

  • Fixed regression when script handlers add an autoloader which uses a private callback (#11960)

2.7.5

  • Added uninstall alias to remove command (#11951)
  • Added workaround for broken curl versions 8.7.0/8.7.1 causing transport exceptions (#11913)
  • Fixed root usage warnings showing up within Podman containers (#11946)
  • Fixed config command not handling objects correctly in some conditions (#11945)
  • Fixed binary proxies not containing the correct path if the project dir is a symlink (#11947)
  • Fixed Composer autoloader being overruled by project autoloaders when they are loaded by event handlers (scripts/plugins) (#11955)
  • Fixed TransportException (http failures) not having a distinct exit code, should now exit with 100 as code (#11954)

2.7.4

  • Fixed regression (Call to undefined method ProxyManager::needsTransitionWarning()) with projects requiring composer/composer in an pre-2.7.3 version (#11943, #11940)

As a side-note, requiring composer/composer is frowned upon and should really only be done in circumstances where it is absolutely necessary, and ideally you should talk to us first to see if we can't help avoid it or help by extracting some code in a smaller library.

2.7.3

  • BC Warning: Fixed https_proxy env var falling back to http_proxy's value, this is still in place but with a warning for now, and https_proxy can now be set empty to remove the fallback. Composer 2.8.0 will remove the fallback so make sure you heed the warnings (#11915)
  • Fixed show and outdated commands to remove leading v in e.g. v1.2.3 when showing lists of packages (#11925)
  • Fixed audit command not showing any id when no CVE is present, the advisory ID is now shown (#11892)
  • Fixed the warning about a missing default version showing for packages with project type as those are typically not versioned and do not have cyclic dependencies (#11885)
  • Fixed PHP 8.4 deprecation warnings
  • Fixed clear-cache command to respect the config.cache-dir setting from the local composer.json (#11921)
  • Fixed status command not handling failed download/install promises correctly (#11889)
  • Added support for buy_me_a_coffee in GitHub funding files (#11902)
  • Added hg support for SSH urls (#11878)
  • Fixed some env vars with an integer value causing a crash (#11908)
  • Fixed context data not being output when using IOInterface as a PSR-3 logger (#11882)

... (truncated)

Changelog

Sourced from composer/composer's changelog.

[2.7.7] 2024-06-10

  • Security: Fixed command injection via malicious git branch name (GHSA-47f6-5gq3-vx9c / CVE-2024-35241)
  • Security: Fixed multiple command injections via malicious git/hg branch names (GHSA-v9qv-c7wm-wgmf / CVE-2024-35242)
  • Security: Fixed secure-http checks that could be bypassed by using malformed URL formats (fa3b9582c)
  • Security: Fixed Filesystem::isLocalPath including windows-specific checks on linux (3c37a67c)
  • Security: Fixed perforce argument escaping (3773f775)
  • Security: Fixed handling of zip bombs when extracting archives (de5f7e32)
  • Security: Fixed Windows command parameter escaping to prevent abuse of unicode characters with best fit encoding conversion (3130a7455, 04a63b324)
  • Fixed PSR violations for classes not matching the namespace of a rule being hidden, this may lead to new violations being shown (#11957)
  • Fixed UX when a plugin is still in vendor dir but is not required nor allowed anymore after changing branches (#12000)
  • Fixed new platform requirements from composer.json not being checked if the lock file is outdated (#12001)
  • Fixed ability for config command to remove autoload keys (#11967)
  • Fixed empty type support in init command (#11999)
  • Fixed git clone errors when safe.bareRepository is set to strict in the git config (#11969)
  • Fixed regression showing network errors on PHP <8.1 (#11974)
  • Fixed some color bleed from a few warnings (#11972)

[2.7.6] 2024-05-04

  • Fixed regression when script handlers add an autoloader which uses a private callback (#11960)

[2.7.5] 2024-05-03

  • Added uninstall alias to remove command (#11951)
  • Added workaround for broken curl versions 8.7.0/8.7.1 causing transport exceptions (#11913)
  • Fixed root usage warnings showing up within Podman containers (#11946)
  • Fixed config command not handling objects correctly in some conditions (#11945)
  • Fixed binary proxies not containing the correct path if the project dir is a symlink (#11947)
  • Fixed Composer autoloader being overruled by project autoloaders when they are loaded by event handlers (scripts/plugins) (#11955)
  • Fixed TransportException (http failures) not having a distinct exit code, should now exit with 100 as code (#11954)

[2.7.4] 2024-04-22

  • Fixed regression (Call to undefined method ProxyManager::needsTransitionWarning()) with projects requiring composer/composer in an pre-2.7.3 version (#11943, #11940)

[2.7.3] 2024-04-19

  • BC Warning: Fixed https_proxy env var falling back to http_proxy's value, this is still in place but with a warning for now, and https_proxy can now be set empty to remove the fallback. Composer 2.8.0 will remove the fallback so make sure you heed the warnings (#11915)
  • Fixed show and outdated commands to remove leading v in e.g. v1.2.3 when showing lists of packages (#11925)
  • Fixed audit command not showing any id when no CVE is present, the advisory ID is now shown (#11892)
  • Fixed the warning about a missing default version showing for packages with project type as those are typically not versioned and do not have cyclic dependencies (#11885)
  • Fixed PHP 8.4 deprecation warnings
  • Fixed clear-cache command to respect the config.cache-dir setting from the local composer.json (#11921)
  • Fixed status command not handling failed download/install promises correctly (#11889)
  • Added support for buy_me_a_coffee in GitHub funding files (#11902)
  • Added hg support for SSH urls (#11878)
  • Fixed some env vars with an integer value causing a crash (#11908)
  • Fixed context data not being output when using IOInterface as a PSR-3 logger (#11882)

... (truncated)

Commits

Updates guzzlehttp/guzzle from 7.4.0 to 7.8.1

Release notes

Sourced from guzzlehttp/guzzle's releases.

Release 7.8.1

Changed

  • Updated links in docs to their canonical versions
  • Replaced call_user_func* with native calls

Release 7.8.0

See change log for changes.

Release 7.7.1

See change log for changes.

Release 7.7.0

See change log for changes.

Release 7.6.1

See change log for changes.

Release 7.6.0

See change log for changes.

Release 7.5.3

See change log for changes.

Release 7.5.2

See change log for changes.

Release 7.5.1

See change log for changes.

Release 7.5.0

See change log for changes.

Release 7.4.5

See change log for changes.

Release 7.4.4

See change log for changes.

Release 7.4.3

See change log for changes.

Release 7.4.2

See change log for changes.

Release 7.4.1

See change log for changes.

Changelog

Sourced from guzzlehttp/guzzle's changelog.

7.8.1 - 2023-12-03

Changed

  • Updated links in docs to their canonical versions
  • Replaced call_user_func* with native calls

7.8.0 - 2023-08-27

Added

  • Support for PHP 8.3
  • Added automatic closing of handles on CurlFactory object destruction

7.7.1 - 2023-08-27

Changed

  • Remove the need for AllowDynamicProperties in CurlMultiHandler

7.7.0 - 2023-05-21

Added

  • Support guzzlehttp/promises v2

7.6.1 - 2023-05-15

Fixed

  • Fix SetCookie::fromString MaxAge deprecation warning and skip invalid MaxAge values

7.6.0 - 2023-05-14

Added

  • Support for setting the minimum TLS version in a unified way
  • Apply on request the version set in options parameters

7.5.2 - 2023-05-14

Fixed

  • Fixed set cookie constructor validation

... (truncated)

Commits
  • 41042bc Fix GitHub CI Workflow Badge URL (#3188)
  • 4d6ca3b Add tests for cookie removal and update in FileCookieJar (#3182)
  • 9338d98 Add another base_uri example in documentation (#3189)
  • d68085a Release 7.8.1 (#3193)
  • 9cb80ef Switch to actions/checkout@v4 and upgrade SA tools (#3192)
  • d95d9ab Replace call_user_func* syntax in tests (#3174)
  • a427580 Revert "Pin to Composer 2.5.8"
  • 56a99b5 Pin to Composer 2.5.8
  • 1cfc24f Replaced bad all insecure/invalid/redirecting links
  • e79c79e Update link in server.js to point to an https site
  • Additional commits viewable in compare view

Updates guzzlehttp/psr7 from 2.1.0 to 2.6.2

Release notes

Sourced from guzzlehttp/psr7's releases.

2.6.2

Fixed

  • Fixed another issue with the fact that PHP transforms numeric strings in array keys to ints

Changed

  • Updated links in docs to their canonical versions
  • Replaced call_user_func* with native calls

See also the change log for changes.

2.6.1

See change log for changes.

2.6.0

See change log for changes.

2.5.1

See change log for changes.

2.5.0

See change log for changes.

2.4.5

See change log for changes.

2.4.4

See change log for changes.

2.4.3

See change log for changes.

2.4.2

See change log for changes.

2.4.1

See change log for changes.

2.4.0

See change log for changes.

2.3.0

See change log for changes.

2.2.2

See change log for changes.

... (truncated)

Changelog

Sourced from guzzlehttp/psr7's changelog.

2.6.2 - 2023-12-03

Fixed

  • Fixed another issue with the fact that PHP transforms numeric strings in array keys to ints

Changed

  • Updated links in docs to their canonical versions
  • Replaced call_user_func* with native calls

2.6.1 - 2023-08-27

Fixed

  • Properly handle the fact that PHP transforms numeric strings in array keys to ints

2.6.0 - 2023-08-03

Changed

  • Updated the mime type map to add some new entries, fix a couple of invalid entries, and remove an invalid entry
  • Fallback to application/octet-stream if we are unable to guess the content type for a multipart file upload

2.5.1 - 2023-08-03

Fixed

  • Corrected mime type for .acc files to audio/aac

Changed

  • PHP 8.3 support

2.5.0 - 2023-04-17

Changed

  • Adjusted psr/http-message version constraint to ^1.1 || ^2.0

2.4.5 - 2023-04-17

Fixed

  • Prevent possible warnings on unset variables in ServerRequest::normalizeNestedFileSpec
  • Fixed Message::bodySummary when preg_match fails
  • Fixed header validation issue

2.4.4 - 2023-03-09

... (truncated)

Commits

Updates laravel/framework from 8.69.0 to 8.83.27

Commits

Updates symfony/http-kernel from 5.3.10 to 5.4.40

Release notes

Sourced from symfony/http-kernel's releases.

v5.4.40

Changelog (symfony/http-kernel@v5.4.39...v5.4.40)

  • no significant changes

v5.4.39

Changelog (symfony/http-kernel@v5.4.38...v5.4.39)

v5.4.38

Changelog (symfony/http-kernel@v5.4.37...v5.4.38)

  • no significant changes

v5.4.37

Changelog (symfony/http-kernel@v5.4.36...v5.4.37)

  • no significant changes

v5.4.36

Changelog (symfony/http-kernel@v5.4.35...v5.4.36)

v5.4.35

Changelog (symfony/http-kernel@v5.4.34...v5.4.35)

  • no significant changes

v5.4.34

Changelog (symfony/http-kernel@v5.4.33...v5.4.34)

v5.4.33

Changelog (symfony/http-kernel@v5.4.32...v5.4.33)

  • no significant changes

v5.4.32

Changelog (symfony/http-kernel@v5.4.31...v5.4.32)

  • no significant changes

v5.4.31

Changelog (symfony/http-kernel@v5.4.30...v5.4.31)

... (truncated)

Changelog

Sourced from symfony/http-kernel's changelog.

CHANGELOG

7.1

  • Add method isKernelTerminating() to ExceptionEvent that allows to check if an exception was thrown while the kernel is being terminated
  • Add HttpException::fromStatusCode()
  • Add $validationFailedStatusCode argument to #[MapQueryParameter] that allows setting a custom HTTP status code when validation fails
  • Add NearMissValueResolverException to let value resolvers report when an argument could be under their watch but failed to be resolved
  • Add $type argument to #[MapRequestPayload] that allows mapping a list of items
  • The Extension class is marked as internal, extend the Extension class from the DependencyInjection component instead
  • Deprecate Extension::addAnnotatedClassesToCompile()
  • Deprecate AddAnnotatedClassesToCachePass
  • Deprecate the setAnnotatedClassCache() and getAnnotatedClassesToCompile() methods of the Kernel class
  • Add #[MapUploadedFile] attribute to fetch, validate, and inject uploaded files into controller arguments

7.0

  • Add argument $reflector to ArgumentResolverInterface::getArguments() and ArgumentMetadataFactoryInterface::createArgumentMetadata()
  • Remove ArgumentValueResolverInterface, use ValueResolverInterface instead
  • Remove StreamedResponseListener
  • Remove AbstractSurrogate::$phpEscapeMap
  • Remove HttpKernelInterface::MASTER_REQUEST
  • Remove terminate_on_cache_hit option from HttpCache
  • Require explicit argument when calling ConfigDataCollector::setKernel(), RouterListener::setCurrentRequest()
  • Remove Kernel::stripComments()
  • Remove FileLinkFormatter, use FileLinkFormatter from the ErrorHandler component instead
  • Remove UriSigner, use UriSigner from the HttpFoundation component instead
  • Add argument $buildDir to WarmableInterface
  • Add argument $filter to Profiler::find() and FileProfilerStorage::find()

6.4

  • Support backed enums in #[MapQueryParameter]
  • BundleInterface no longer extends ContainerAwareInterface
  • Add optional $className parameter to ControllerEvent::getAttributes()
  • Add native return types to TraceableEventDispatcher and to MergeExtensionConfigurationPass
  • Add argument $validationFailedStatusCode to #[MapQueryString] and #[MapRequestPayload]
  • Add argument $debug to Logger
  • Add class DebugLoggerConfigurator
  • Add parameters kernel.runtime_mode and kernel.runtime_mode.*, all set from env var APP_RUNTIME_MODE
  • Deprecate Kernel::stripComments()
  • Support the ! character at the beginning of a string as a negation operator in the url filter of the profiler
  • Deprecate UriSigner, use UriSigner from the HttpFoundation component instead
  • Deprecate FileLinkFormatter, use FileLinkFormatter from the ErrorHandler component instead
  • Add argument $buildDir to WarmableInterface
  • Add argument $filter to Profiler::find() and FileProfilerStorage::find()

... (truncated)

Commits
  • 3ad0318 Update VERSION for 5.4.40
  • 3e9a729 Revert "minor #54653 Auto-close PRs on subtree-splits (nicolas-grekas)"
  • 67d0b0a minor #54785 Remove calls to TestCase::iniSet() and calls to deprecated met...
  • 77810d5 Remove calls to getMockForAbstractClass()
  • 880afee Remove calls to TestCase::iniSet() and calls to deprecated methods of `Mock...
  • 51ffc08 minor #54768 Remove calls to onConsecutiveCalls() (alexandre-daubois)
  • aa6a398 Remove calls to onConsecutiveCalls()
  • 96e9ede Bump Symfony version to 5.4.40
  • 1d812dc Update VERSION for 5.4.39
  • f580349 Auto-close PRs on subtree-splits
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the composer group across 1 directory with 6 updates
9afd357 
Bumps the composer group with 1 update in the / directory: [statamic/cms](https://github.com/statamic/cms).


Updates `statamic/cms` from 3.2.19 to 3.4.17
- [Release notes](https://github.com/statamic/cms/releases)
- [Changelog](https://github.com/statamic/cms/blob/v3.4.17/CHANGELOG.md)
- [Commits](statamic/cms@v3.2.19...v3.4.17)

Updates `composer/composer` from 2.1.11 to 2.7.7
- [Release notes](https://github.com/composer/composer/releases)
- [Changelog](https://github.com/composer/composer/blob/main/CHANGELOG.md)
- [Commits](composer/composer@2.1.11...2.7.7)

Updates `guzzlehttp/guzzle` from 7.4.0 to 7.8.1
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/7.8/CHANGELOG.md)
- [Commits](guzzle/guzzle@7.4.0...7.8.1)

Updates `guzzlehttp/psr7` from 2.1.0 to 2.6.2
- [Release notes](https://github.com/guzzle/psr7/releases)
- [Changelog](https://github.com/guzzle/psr7/blob/2.6/CHANGELOG.md)
- [Commits](guzzle/psr7@2.1.0...2.6.2)

Updates `laravel/framework` from 8.69.0 to 8.83.27
- [Release notes](https://github.com/laravel/framework/releases)
- [Changelog](https://github.com/laravel/framework/blob/11.x/CHANGELOG.md)
- [Commits](laravel/framework@v8.69.0...v8.83.27)

Updates `symfony/http-kernel` from 5.3.10 to 5.4.40
- [Release notes](https://github.com/symfony/http-kernel/releases)
- [Changelog](https://github.com/symfony/http-kernel/blob/7.1/CHANGELOG.md)
- [Commits](symfony/http-kernel@v5.3.10...v5.4.40)

---
updated-dependencies:
- dependency-name: statamic/cms
  dependency-type: direct:production
  dependency-group: composer
- dependency-name: composer/composer
  dependency-type: indirect
  dependency-group: composer
- dependency-name: guzzlehttp/guzzle
  dependency-type: indirect
  dependency-group: composer
- dependency-name: guzzlehttp/psr7
  dependency-type: indirect
  dependency-group: composer
- dependency-name: laravel/framework
  dependency-type: indirect
  dependency-group: composer
- dependency-name: symfony/http-kernel
  dependency-type: indirect
  dependency-group: composer
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file php Pull requests that update Php code labels Jun 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file php Pull requests that update Php code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants