🚨 [security] [server] Update symfony/http-kernel: 4.2.2 → 4.4.50 (minor) #17
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![depfu[bot]](https://avatars.githubusercontent.com/in/715?s=60&v=4){kind=small}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Welcome to Depfu 👋
This is one of the first three pull requests with dependency updates we've sent your way. We tried to start with a few easy patch-level updates. Hopefully your tests will pass and you can merge this pull request without too much risk. This should give you an idea how Depfu works in general.
After you merge your first pull request, we'll send you a few more. We'll never open more than seven PRs at the same time so you're not getting overwhelmed with updates.
Let us know if you have any questions. Thanks so much for giving Depfu a try!
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
Security Advisories 🚨
🚨 Symfony storing cookie headers in HttpCache
🚨 Non-constant time comparison in UriSigner
🚨 Non-constant time comparison in UriSigner
🚨 RCE in Symfony
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by 75 commits:
Add composer cacheCleanup composer dependenciesAdd github workflowApply new code standards to projectsupdate phpstan keyMerge pull request #24 from GrahamCampbell/patch-1Update .travis.ymlTeston PHP 7.3 and 7.4Merge pull request #19 from ashnazg/ciphpstan fixlowest dependency versions that pass testsbetter parallelize build stagesMerge pull request #18 from voyula/patch-1Update composer.jsonMerge pull request #17 from ashnazg/ciuse ecs v3.xMerge pull request #16 from ashnazg/reflection-needsupdate appveyor config formatlook for php tarball in archiveRevert "update PHP versions on appveyor"update PHP versions on appveyorskip ecs until I can get its usage updatedremove string typehint for Reflection's sake (cannot use phpunit while this typehint exists)bump php versionsadditional return types;add arg typehintupdate deps; add branch-alias for better dep resolution by composersee if looser phpunit v6 works on travisMerge pull request #15 from ashnazg/shieldshield url to packagist must match composer package name of reflection-commonMerge pull request #14 from ashnazg/php7update copyright, license blurb, and remove php version from docblocks;Merge pull request #13 from ashnazg/strictecs --fixadd strict typingMerge pull request #12 from ashnazg/ciuse --dev phpunittry installing phpunit separatelystick with phpunit in require-dev, for IDE use and to lessen complications with reflection-* depsdo not use phpunit.phar against a package that is itself in that pharadjust phpunit for coveragetrack phive.xmlfix phive coverallsuse phive-installed phpunit for test stageinstall phive for all stagesuse travis_retry on occasional error pointscache phiveadjust phive usagespecify no coverage for test stage; need composer-installed phpunit to properly generate coverageuse preinstalled phpunit; don't show phive download progress;avoid key promptphp list must be global; test stage not working like expectedtry out phive for pharsjust use composer for phpunit in the coverage phase, to work around phpunit.phar not producing coverage correctlyphpunit phar not generating coverage correctly... try composerfix phpunit phar downloaduse phar in appveyorfix name of coveralls phargo with coveralls 2.0try php-coveralls versionsee if newer coveralls will workdo the phar fetching as before_script, so that its failure is build Error rather than Failureget phpunit phar only when needed by stageswitch dev deps to using phars instead, to avoid installation dep issuesremove duplicated checkercomposer updateignore ecsecs fixesMerge pull request #11 from ashnazg/cino coverage for phpunit hereuse shields for badgescoveralls cfg not neededadd phpstanupdate ci cfgbump to 7.1Commits
See the full diff on Github. The new version differs by 33 commits:
Merge pull request #196 from GrahamCampbell/patch-1Update .travis.ymlMerge pull request #195 from GrahamCampbell/patch-1Removed bad lineRevert "Install phpunit's phar using phive"Revert "Update travis to use phive"Revert "Installing phive dependencies should be non-interactive"Installing phive dependencies should be non-interactiveUpdate travis to use phiveInstall phpunit's phar using phiveFixed code styleTravis fixesActually fixed the testsDropped composer cacheUpdated depsAdd required interface to example tagAdd braces support to Property, Property-Read, Property-Write and VarSupport braces in types for `@param`Move type extraction to base class and re-use in ThrowsAdd extra tests to check for multibyte behaviourSupport braces in types for @returnFix invalid unittestFixed @method annotations with an empty argument list and descriptionAdd fast finish to travisTest on PHP 7.4Merge pull request #178 from alexander-schranz/enhancement/update-type-resolverSet version for coding standard checkFix test for php 7.0Add appveyor scriptTest agains neweset dependenciesUpdate type resolver usageadded test for generic tag to parse description with `0` as expectedfixed generic tag to parse description with `0` as expectedCommits
See the full diff on Github. The new version differs by more commits than we can show here.
Release Notes
1.1.4
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 23 commits:
Merge pull request #74 from Jeckerson/masterMake type of 2nd argument `context` compliant with LoggerInterfaceRevert "Clarify type of 2nd argument `context`"Clarify type of 2nd argument `context`Merge pull request #73 from varfrog/patch-1Fix the phpdoc of LoggerAwareTrait::$loggerMerge pull request #71 from J0WI/patch-1Update url to HTTPSMerge pull request #70 from greg0ire/better-typehintsBe explicit about mixed context elementsUse PSR-4 for all classes (#69)Create .gitattributes (#67)Add "exception"-context array key to docsMerge pull request #66 from WyriHaximus-labs/extract-DummyTest-into-its-own-file-and-return-empty-string-from-___toStringReturn string from DummyTest::__toStringMerge pull request #55 from DQNEO/namespaced-phpunitRemove alias as PHPUnit 4.8.35+ ships with it which is supporting PHP 5.3Merge pull request #63 from ArturGoldyn/patch-1Merge pull request #51 from Fleshgrinder/throws-annoationRemove redundant leading backslashesUpdate TestLogger.phpMerge pull request #58 from lyrixx/patch-1Bump version to `1.1.x-dev`Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Commits
See the full diff on Github. The new version differs by 2 commits:
Fix CSCS fixesCommits
See the full diff on Github. The new version differs by 24 commits:
Prepare for v1.27Update changelogUpdate CHANGELOG.mdIndicates that polyfills provides corresponding extensions[GHA] Add PHP 8.1Update CHANGELOG and branch-aliasAdd polyfill-php81Update and apply CS rulesVerify the signature of polyfills on PHP >= 8Drop polyfills for PHP <= 7.1 from the metapackageBump minimum PHP version to 7.1Fix the name of arguments for PHP 8Update branch-alias for main + v1.19Update CHANGELOG and branch-aliasAdd missing "extra.thanks" entries in composer.jsonBump for 1.17.0Add separate checks for all polyfilled functions and constantsBumped branch aliasBump branch-aliasPHP 8.0 - add fdiv() function polyfill[Uuid] Added the polyfillbump branch-alias and update changelogAdded missing polyfill for JsonExceptionUpdate year in license fileCommits
See the full diff on Github. The new version differs by 47 commits:
Prepare for v1.27CS fixUpdate changelogUpdate CHANGELOG.mdPassing null to preg_split() throws deprecation on PHP 8.1Passing null to strpos() throws deprecation on PHP 8.1Indicates that polyfills provides corresponding extensions[Mbstring] fix throwing from mb_substitute_character on PHP >= 8Fixed `grapheme_str(r)ipos()`Update to Unicode 13Various fixes[mbstring] add return value to mb_parse_str (#351)minor #349 Use fully-qualified iconv calls in the mbstring polyfill (stof)Use fully-qualified iconv calls in the mbstring polyfillUpdate CHANGELOG and branch-aliasAlways accept null values on PHP 8Add polyfill-php81Update and apply CS rulesAdjust mbstring polyfill for PHP 8Verify the signature of polyfills on PHP >= 8Drop polyfills for PHP <= 7.1 from the metapackageBump minimum PHP version to 7.1Fix the name of arguments for PHP 8Update branch-alias for main + v1.19Fix php8 error passing too many arguments to strrchrUpdate CHANGELOG and branch-aliasAdd missing "extra.thanks" entries in composer.jsonBump unicode dataFix declaring extra constants when `intl` is loadedBump for 1.17.0Add separate checks for all polyfilled functions and constantsBumped branch aliasFix support for preloadingBump branch-aliasAdd link in intl idn readmePHP 8.0 - add fdiv() function polyfill[Mbstring] fix `mb_str_split()` ignoring new-line charactersminor #199 Optimization of mb_str_split (kamil-tekiela)Optimization of mb_str_split[Uuid] Added the polyfill[Mbstring] fix mb_strrpos with negative offsetbump branch-alias and update changelogfeature #181 add new PHP 7.4 functions (IonBazan)add new PHP 7.4 functions[Mbstring ] fix mb_substr return typeAdded missing polyfill for JsonExceptionUpdate year in license fileCommits
See the full diff on Github. The new version differs by 30 commits:
Prepare for v1.27CS fixUpdate changelogUpdate CHANGELOG.mdupdate Php72 README about mbstring functionsVarious fixesUpdate CHANGELOG and branch-aliasAdd polyfill-php81Update and apply CS rulesDrop polyfills for PHP <= 7.1 from the metapackageBump minimum PHP version to 7.1Fix the name of arguments for PHP 8Update branch-alias for main + v1.19Fix null comparisonUpdate CHANGELOG and branch-aliasAdd missing "extra.thanks" entries in composer.jsonFix declaring extra constants when `intl` is loadedBump for 1.17.0fix a minor typoAdd polyfill for `PHP_FLOAT_*` constantsAdd separate checks for all polyfilled functions and constantsBumped branch aliasFix the polyfill for spl_object_id()Bump branch-aliasAdd link in intl idn readmePHP 8.0 - add fdiv() function polyfill[Uuid] Added the polyfillbump branch-alias and update changelogAdded missing polyfill for JsonExceptionUpdate year in license fileCommits
See the full diff on Github. The new version differs by 75 commits:
Merge pull request #209 from GrahamCampbell/patch-1Release 1.9.1Merge pull request #207 from Ayesh/php8composer.json: Allow PHP 8Fix `method_exist()` calls throwing `\TypeError` exceptions on non-string|objectFix typo in CHANGELOG (#206)Prepare release 1.9.0 (#204)Update CHANGELOG.mdFix pslam capitalizationUpdate CHANGELOG.mdPrepare release 1.9.0Add phpstan conflict (#203)NullOr/all assertions implementation (#126)Added missing @psalm-pure (#189)Led an assertion errors to a uniform standard (#196)Add @psalm-assert and @psalm-pure to Assert::classExists (#186)Doc changes (#187)Prep 1.8.0 release (#184)Add `inArray`, and make `oneOf` an alias of it (#174)Update the changelog for unreleased features (#181)Feature: Add notStartsWith() & notEndsWith() (#147) (#175)Assert::count(): also sprintf $message var (#179)Convert DateTime to string value (#176)Added type assertions for multiple methods not covered by existing `@psalm-assert` functionality (#160)Prepare 1.7.0 release (#172)Added isAOf(), isAOfAny(), notAOf() (#106)increase psalm to latest version to allow `non-empty-list` in `@psalm… (#170)Don't allow HHVM to fail anymore (#162)Add `notFalse` (#164)Fix typos in README.md (#163)Update link to https (#159)Use php 7.4 instead of the snapshot version (#157)Update appveyor to php 7.4 (#158)Update changelog for 1.6.0 (#156)Improve the error messages on auto review tests (#155)Add non empty assertions for list and map (#153)Revert a BC break on filer_var based assertions (#154)Fix: allow empty maps and lists (#152)Add has static analysis test (#149)Remove side effect psalm assert from stringNotEmpty (#150)Add more psalm assertions (#143)Remove unneeded psalm asserts (#146)Remove psalm-assert for `oneOf` (#144)added coverage badge to readme (#139)fixes parametername in docblock (#142)SimpeXML and ResourceBundle are also 'countable'. (#141)Add validArrayKey assertion (#140)Add an auto review test for the annotations (#133)fixed starts with letter (#138)Add check for #81 (#137)Docblock fixes (#136)Test argument really is a string before doing a filter_var. (#135)Alpha improvement (#134)Add throws tag to doc (#130)Remove branch alias (#131)Add an extending assert section to the readme (#120)Use correct headers for changelog (#123)Update changelog for 1.5.0 (#122)Add annotations (#118)Prefix all function calls with a \ (#114)Add email assertion (#113)Add "unicodeLetters" assertion for Unicode letters (#112)Use trusty dist for php 5.4 and 5.5 (#117)Fix nightly builds (#111)Fix endsWith for multibyte suffix (#79)Test against 3.x version of hhvm (#109)Fix strlen for fullwidth characters (#78)Add an editorconfig (#107)Add some more test cases (#108)Update CI (#103)Update phpunit configuration (#104)Add deprecated tag to isTraversable (#105)Improve arguments name. (#100)Assert::uniqueValues($values, $message = '') (#93)Updated readme (#92)🆕 symfony/error-handler (added, 4.4.44)
🆕 symfony/event-dispatcher-contracts (added, 1.1.13)
🆕 symfony/http-client-contracts (added, 1.1.13)
🆕 symfony/mime (added, 4.4.47)
🆕 symfony/polyfill-intl-idn (added, 1.27.0)
🆕 symfony/polyfill-intl-normalizer (added, 1.27.0)
🆕 symfony/polyfill-php73 (added, 1.27.0)
🆕 symfony/polyfill-php80 (added, 1.27.0)
🗑️ laravel/envoy (removed)
🗑️ nategood/httpful (removed)
👉 No CI detected
You don't seem to have any Continuous Integration service set up!
Without a service that will test the Depfu branches and pull requests, we can't inform you if incoming updates actually work with your app. We think that this degrades the service we're trying to provide down to a point where it is more or less meaningless.
This is fine if you just want to give Depfu a quick try. If you want to really let Depfu help you keep your app up-to-date, we recommend setting up a CI system:
depfu/.Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase.All Depfu comment commands