Skip to content

Bump the composer group across 1 directory with 8 updates #103

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the composer group across 1 directory with 8 updates #103

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 8, 2025

Bumps the composer group with 6 updates in the / directory:

Package From To
symfony/http-client 7.0.8 7.1.8
symfony/process 7.1.1 7.1.7
symfony/runtime 7.0.8 7.1.7
symfony/security-bundle 7.1.2 7.1.3
symfony/validator 7.1.2 7.1.4
twig/twig 3.14.0 3.14.1

Updates symfony/http-client from 7.0.8 to 7.1.8

Release notes

Sourced from symfony/http-client's releases.

v7.1.8

Changelog (symfony/http-client@v7.1.7...v7.1.8)

v7.1.7

Changelog (symfony/http-client@v7.1.6...v7.1.7)

v7.1.6

Changelog (symfony/http-client@v7.1.5...v7.1.6)

  • no significant changes

v7.1.5

Changelog (symfony/http-client@v7.1.4...v7.1.5)

v7.1.4

Changelog (symfony/http-client@v7.1.3...v7.1.4)

v7.1.3

Changelog (symfony/http-client@v7.1.2...v7.1.3)

  • no significant changes

v7.1.2

Changelog (symfony/http-client@v7.1.1...v7.1.2)

v7.1.1

Changelog (symfony/http-client@v7.1.0...v7.1.1)

  • no significant changes

v7.1.0

Changelog (symfony/http-client@v7.1.0-RC1...v7.1.0)

  • no significant changes

... (truncated)

Changelog

Sourced from symfony/http-client's changelog.

CHANGELOG

7.2

  • Add support for amphp/http-client v5 on PHP 8.4+

7.1

  • Add HttpOptions::setHeader() to add or replace a single header
  • Allow mocking start_time info in MockResponse
  • Add MockResponse::fromFile() and JsonMockResponse::fromFile() methods to help using fixtures files
  • Add ThrottlingHttpClient to enable limiting the number of requests within a certain period
  • Deprecate the setLogger() methods of the NoPrivateNetworkHttpClient, TraceableHttpClient and ScopingHttpClient classes, configure the logger of the wrapped clients directly instead

7.0

  • Remove implementing Http\Message\RequestFactory from HttplugClient

6.4

  • Add HarFileResponseFactory testing utility, allow to replay responses from .har files
  • Add max_retries option to RetryableHttpClient to adjust the retry logic on a per request level
  • Add PingWehookMessage and PingWebhookMessageHandler
  • Enable using EventSourceHttpClient::connect() for both GET and POST

6.3

  • Add option crypto_method to set the minimum TLS version and make it default to v1.2
  • Add UriTemplateHttpClient to use URI templates as specified in the RFC 6570
  • Add ServerSentEvent::getArrayData() to get the Server-Sent Event's data decoded as an array when it's a JSON payload
  • Allow array of urls as base_uri option value in RetryableHttpClient to retry on a new url each time
  • Add JsonMockResponse, a MockResponse shortcut that automatically encodes the passed body to JSON and sets the content type to application/json by default
  • Support file uploads by nesting resource streams in option "body"

6.2

  • Make HttplugClient implement Psr\Http\Message\RequestFactoryInterface, StreamFactoryInterface and UriFactoryInterface
  • Deprecate implementing Http\Message\RequestFactory, StreamFactory and UriFactory on HttplugClient
  • Add withOptions() to HttplugClient and Psr18Client

6.1

... (truncated)

Commits
  • c30d91a Merge branch '6.4' into 7.1
  • cb4073c Merge branch '5.4' into 6.4
  • 3b643b8 [HttpClient] Resolve hostnames in NoPrivateNetworkHttpClient
  • 90ab2a4 Merge branch '6.4' into 7.1
  • 05d88cb Merge branch '5.4' into 6.4
  • 5962356 Merge branch '6.4' into 7.1
  • 224124d bug #58704 [HttpClient] fix for HttpClientDataCollector fails if proc_open is...
  • aa7bebe [HttpClient] Fix Process-based escaping in HttpClientDataCollector
  • e9b0846 fix for HttpClientDataCollector fails if proc_open is disabled via php.ini . ...
  • ebcaeea [HttpClient] Filter private IPs before connecting when Host == IP
  • Additional commits viewable in compare view

Updates symfony/process from 7.1.1 to 7.1.7

Release notes

Sourced from symfony/process's releases.

v7.1.7

Changelog (symfony/process@v7.1.6...v7.1.7)

v7.1.6

Changelog (symfony/process@v7.1.5...v7.1.6)

  • no significant changes

v7.1.5

Changelog (symfony/process@v7.1.4...v7.1.5)

v7.1.3

Changelog (symfony/process@v7.1.2...v7.1.3)

  • no significant changes
Commits
  • 9b8a40b Merge branch '6.4' into 7.1
  • 25214ad Merge branch '5.4' into 6.4
  • 0190687 [Process] Fix test
  • 66716d3 Merge branch '6.4' into 7.1
  • 88638b9 Merge branch '5.4' into 6.4
  • ee75984 security #cve-2024-51736 [Process] Use %PATH% before %CD% to load the shell o...
  • 05c2ccc [Process] Use %PATH% before %CD% to load the shell on Windows
  • f4fb6b8 Merge branch '6.4' into 7.1
  • 0776b99 Merge branch '5.4' into 6.4
  • 284aead Merge branch '6.4' into 7.1
  • Additional commits viewable in compare view

Updates symfony/runtime from 7.0.8 to 7.1.7

Release notes

Sourced from symfony/runtime's releases.

v7.1.7

Changelog (symfony/runtime@v7.1.6...v7.1.7)

v7.1.6

Changelog (symfony/runtime@v7.1.5...v7.1.6)

v7.1.1

Changelog (symfony/runtime@v7.1.0...v7.1.1)

  • no significant changes

v7.1.0

Changelog (symfony/runtime@v7.1.0-RC1...v7.1.0)

  • no significant changes

v7.1.0-RC1

Changelog (symfony/runtime@v7.1.0-BETA1...v7.1.0-RC1)

  • no significant changes

v7.1.0-BETA1

Changelog (symfony/runtime@v7.0.7...v7.1.0-BETA1)

  • no significant changes
Commits
  • 9889783 Merge branch '6.4' into 7.1
  • 4facd41 Merge branch '5.4' into 6.4
  • 443f7d2 Do not read from argv on non-CLI SAPIs
  • 290ba8b Merge branch '6.4' into 7.1
  • 033988f [Runtime] Remove unused SKIPIF from dotenv_overload.phpt
  • 5f556dc Merge branch '6.4' into 7.1
  • 2c61a6c Merge branch '5.4' into 6.4
  • ae232b0 minor #58355 Add PR template and auto-close PR on subtree split repositories ...
  • ea38ad2 Add PR template and auto-close PR on subtree split repositories
  • 51477fd Merge branch '6.4' into 7.1
  • Additional commits viewable in compare view

Updates symfony/security-bundle from 7.1.2 to 7.1.3

Release notes

Sourced from symfony/security-bundle's releases.

v7.1.3

Changelog (symfony/security-bundle@v7.1.2...v7.1.3)

Commits
  • 4f77a89 [Security] Update web-token/jwt-library version and adjust checker parameters
  • 4ec3cda Merge branch '7.0' into 7.1
  • c9a134c Merge branch '6.4' into 7.0
  • 50007f4 use firewall-specific user checkers when manually logging in users
  • See full diff in compare view

Updates symfony/validator from 7.1.2 to 7.1.4

Release notes

Sourced from symfony/validator's releases.

v7.1.4

Changelog (symfony/validator@v7.1.3...v7.1.4)

v7.1.3

Changelog (symfony/validator@v7.1.2...v7.1.3)

Commits
  • 0d7e0df Merge branch '6.4' into 7.1
  • 4ff41cf Merge branch '5.4' into 6.4
  • 21d022d synchronize IBAN formats
  • 3212b25 Merge branch '6.4' into 7.1
  • 8e37d58 Merge branch '5.4' into 6.4
  • a1b845a [Translation] Review Serbian translations
  • 4f4f3df Merge branch '6.4' into 7.1
  • 1da8e1e Merge branch '5.4' into 6.4
  • a28c302 [Validator] added Polish translation for units 116-119
  • 8b664c8 Merge branch '6.4' into 7.1
  • Additional commits viewable in compare view

Updates twig/twig from 3.14.0 to 3.14.1

Changelog

Sourced from twig/twig's changelog.

3.14.1 (2024-11-06)

  • [BC BREAK] Fix a security issue in the sandbox mode allowing an attacker to call attributes on Array-like objects They are now checked via the property policy
  • Fix a security issue in the sandbox mode allowing an attacker to be able to call toString() under some circumstances on an object even if the __toString() method is not allowed by the security policy
Commits
  • f405356 Prepare the 3.14.1 release
  • 793e835 Update CHANGELOG
  • 831c148 Sandbox ArrayAccess and do sandbox checks before isset() checks
  • 2bb8c24 Fix sandbox handling for __toString()
  • See full diff in compare view

Updates symfony/http-foundation from 7.1.1 to 7.1.7

Release notes

Sourced from symfony/http-foundation's releases.

v7.1.7

Changelog (symfony/http-foundation@v7.1.6...v7.1.7)

v7.1.6

Changelog (symfony/http-foundation@v7.1.5...v7.1.6)

v7.1.5

Changelog (symfony/http-foundation@v7.1.4...v7.1.5)

v7.1.3

Changelog (symfony/http-foundation@v7.1.2...v7.1.3)

Commits
  • 5183b61 [HttpFoundation] Fix merge
  • cd65d42 Merge branch '6.4' into 7.1
  • ba020a3 Merge branch '5.4' into 6.4
  • 168b77c security #cve-2024-50345 [HttpFoundation] Reject URIs that contain invalid ch...
  • 4f4d5a2 bug #58712 [HttpFoundation] Fix support for \SplTempFileObject in `BinaryFi...
  • 40f90f6 Fix support for \SplTempFileObject in BinaryFileResponse
  • 6472a9f Merge branch '6.4' into 7.1
  • 4875486 Merge branch '5.4' into 6.4
  • 32310ff [HttpFoundation] Reject URIs that contain invalid characters
  • 38bd9bc [HttpFoundation] Remove invalid HTTP method from exception message
  • Additional commits viewable in compare view

Updates symfony/security-http from 7.1.2 to 7.2.6

Release notes

Sourced from symfony/security-http's releases.

v7.2.6

Changelog (symfony/security-http@v7.2.5...v7.2.6)

v7.2.4

Changelog (symfony/security-http@v7.2.3...v7.2.4)

v7.2.3

Changelog (symfony/security-http@v7.2.2...v7.2.3)

v7.2.1

Changelog (symfony/security-http@v7.2.0...v7.2.1)

  • no significant changes

v7.2.0

Changelog (symfony/security-http@v7.2.0-RC1...v7.2.0)

  • no significant changes

v7.2.0-BETA2

Changelog (symfony/security-http@v7.2.0-BETA1...v7.2.0-BETA2)

v7.2.0-BETA1

Changelog (symfony/security-http@v7.1.6...v7.2.0-BETA1)

v7.1.11

Changelog (symfony/security-http@v7.1.10...v7.1.11)

v7.1.10

Changelog (symfony/security-http@v7.1.9...v7.1.10)

... (truncated)

Changelog

Sourced from symfony/security-http's changelog.

CHANGELOG

7.2

  • Pass the current token to the checkPostAuth() method of user checkers
  • Deprecate argument $secret of RememberMeAuthenticator
  • Deprecate passing an empty string as $userIdentifier argument to UserBadge constructor
  • Allow passing passport attributes to the UserAuthenticatorInterface::authenticateUser() method

7.1

  • Add #[IsCsrfTokenValid] attribute
  • Add CAS 2.0 access token handler
  • Make empty username or empty password on form login attempts throw BadCredentialsException

7.0

  • Add argument $badgeFqcn to Passport::addBadge()
  • Add argument $lifetime to LoginLinkHandlerInterface::createLoginLink()
  • Throw when calling the constructor of DefaultLoginRateLimiter with an empty secret

6.4

  • UserValueResolver no longer implements ArgumentValueResolverInterface
  • Deprecate calling the constructor of DefaultLoginRateLimiter with an empty secret

6.3

  • Add RememberMeBadge to JsonLoginAuthenticator and enable reading parameter in JSON request body
  • Add argument $exceptionCode to #[IsGranted]
  • Deprecate passing a secret as the 2nd argument to the constructor of Symfony\Component\Security\Http\RememberMe\PersistentRememberMeHandler
  • Add OidcUserInfoTokenHandler and OidcTokenHandler with OIDC support for AccessTokenAuthenticator
  • Add attributes optional array argument in UserBadge
  • Call UserBadge::userLoader with attributes if the argument is set
  • Allow to override badge fqcn on Passport::addBadge
  • Add SecurityTokenValueResolver to inject token as controller argument

6.2

  • Add maximum username length enforcement of 4096 characters in UserBadge
  • Add #[IsGranted()]
  • Deprecate empty username or password when using when using JsonLoginAuthenticator
  • Set custom lifetime for login link

... (truncated)

Commits
  • 324425d Merge branch '6.4' into 7.2
  • a69c17e fix(security): fix OIDC user identifier
  • 6e51e21 Merge branch '6.4' into 7.2
  • cdfcf7d clarify what the tested code is expected to do
  • 8478e95 Merge branch '6.4' into 7.2
  • a21ab89 [Security] Fix typo in deprecation message
  • a57bb00 [Security] Return null instead of empty username to fix deprecation notice
  • d185c41 Merge branch '7.1' into 7.2
  • c5ef4cb Merge branch '6.4' into 7.1
  • 54f2ccc [Security] Throw an explicit error when authenticating a token with a null user
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the composer group across 1 directory with 8 updates
a85167f 
Bumps the composer group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [symfony/http-client](https://github.com/symfony/http-client) | `7.0.8` | `7.1.8` |
| [symfony/process](https://github.com/symfony/process) | `7.1.1` | `7.1.7` |
| [symfony/runtime](https://github.com/symfony/runtime) | `7.0.8` | `7.1.7` |
| [symfony/security-bundle](https://github.com/symfony/security-bundle) | `7.1.2` | `7.1.3` |
| [symfony/validator](https://github.com/symfony/validator) | `7.1.2` | `7.1.4` |
| [twig/twig](https://github.com/twigphp/Twig) | `3.14.0` | `3.14.1` |



Updates `symfony/http-client` from 7.0.8 to 7.1.8
- [Release notes](https://github.com/symfony/http-client/releases)
- [Changelog](https://github.com/symfony/http-client/blob/7.2/CHANGELOG.md)
- [Commits](symfony/http-client@v7.0.8...v7.1.8)

Updates `symfony/process` from 7.1.1 to 7.1.7
- [Release notes](https://github.com/symfony/process/releases)
- [Changelog](https://github.com/symfony/process/blob/7.2/CHANGELOG.md)
- [Commits](symfony/process@v7.1.1...v7.1.7)

Updates `symfony/runtime` from 7.0.8 to 7.1.7
- [Release notes](https://github.com/symfony/runtime/releases)
- [Changelog](https://github.com/symfony/runtime/blob/7.2/CHANGELOG.md)
- [Commits](symfony/runtime@v7.0.8...v7.1.7)

Updates `symfony/security-bundle` from 7.1.2 to 7.1.3
- [Release notes](https://github.com/symfony/security-bundle/releases)
- [Changelog](https://github.com/symfony/security-bundle/blob/7.2/CHANGELOG.md)
- [Commits](symfony/security-bundle@v7.1.2...v7.1.3)

Updates `symfony/validator` from 7.1.2 to 7.1.4
- [Release notes](https://github.com/symfony/validator/releases)
- [Changelog](https://github.com/symfony/validator/blob/7.2/CHANGELOG.md)
- [Commits](symfony/validator@v7.1.2...v7.1.4)

Updates `twig/twig` from 3.14.0 to 3.14.1
- [Changelog](https://github.com/twigphp/Twig/blob/3.x/CHANGELOG)
- [Commits](twigphp/Twig@v3.14.0...v3.14.1)

Updates `symfony/http-foundation` from 7.1.1 to 7.1.7
- [Release notes](https://github.com/symfony/http-foundation/releases)
- [Changelog](https://github.com/symfony/http-foundation/blob/7.2/CHANGELOG.md)
- [Commits](symfony/http-foundation@v7.1.1...v7.1.7)

Updates `symfony/security-http` from 7.1.2 to 7.2.6
- [Release notes](https://github.com/symfony/security-http/releases)
- [Changelog](https://github.com/symfony/security-http/blob/7.2/CHANGELOG.md)
- [Commits](symfony/security-http@v7.1.2...v7.2.6)

---
updated-dependencies:
- dependency-name: symfony/http-client
  dependency-version: 7.1.8
  dependency-type: direct:production
  dependency-group: composer
- dependency-name: symfony/process
  dependency-version: 7.1.7
  dependency-type: direct:production
  dependency-group: composer
- dependency-name: symfony/runtime
  dependency-version: 7.1.7
  dependency-type: direct:production
  dependency-group: composer
- dependency-name: symfony/security-bundle
  dependency-version: 7.1.3
  dependency-type: direct:production
  dependency-group: composer
- dependency-name: symfony/validator
  dependency-version: 7.1.4
  dependency-type: direct:production
  dependency-group: composer
- dependency-name: twig/twig
  dependency-version: 3.14.1
  dependency-type: direct:production
  dependency-group: composer
- dependency-name: symfony/http-foundation
  dependency-version: 7.1.7
  dependency-type: indirect
  dependency-group: composer
- dependency-name: symfony/security-http
  dependency-version: 7.2.6
  dependency-type: indirect
  dependency-group: composer
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added php Pull requests that update Php code dependencies Pull requests that update a dependency file labels May 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file php Pull requests that update Php code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant