Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the composer group across 1 directory with 8 updates #4

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the composer group across 1 directory with 8 updates #4

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Dec 10, 2024

Bumps the composer group with 5 updates in the / directory:

Package From To
laravel/framework 10.48.10 10.48.23
livewire/livewire 3.4.12 3.5.2
phpoffice/phpspreadsheet 1.29.0 1.29.4
symfony/http-client 6.4.7 6.4.15
twig/twig 3.10.3 3.16.0

Updates laravel/framework from 10.48.10 to 10.48.23

Release notes

Sourced from laravel/framework's releases.

v10.48.23

v10.48.22

No release notes provided.

v10.48.21

v10.48.20

v10.48.19

v10.48.18

v10.48.17

v10.48.16

v10.48.15

v10.48.14

v10.48.13

v10.48.12

... (truncated)

Commits
  • 625269c Update version to v10.48.23
  • 8c07b63 check for running in console
  • 7ccb4dc [10.x] Fix append and prepend batch to chain (#53455)
  • 646520a Ensure headers are only attached to illuminate responses (#53019)
  • 1b3ef8f Update CHANGELOG
  • c4ea52b Update version to v10.48.22
  • 0124751 wip
  • 58c2053 Fix arguments passed to artisan commands that start with 'env' (#52748)
  • 80cdd87 [10.x] Fixes whereDate, whereDay, whereMonth, whereTime, whereYear ...
  • 05a9554 Update CHANGELOG
  • Additional commits viewable in compare view

Updates livewire/livewire from 3.4.12 to 3.5.2

Release notes

Sourced from livewire/livewire's releases.

v3.5.2

What's Changed

New Contributors

Full Changelog: livewire/livewire@v3.5.1...v3.5.2

v3.5.1

What's Changed

... (truncated)

Commits
  • 636725c HandleRequests: use empty array as default value to avoid error in foreach (#...
  • 0828297 Fix crc32(): Passing null deprecation (#8625)
  • 70503b7 Fix image upload extension validation (#8624)
  • 14e1eac Fix facade actingAs return type docblock (#8616)
  • 287d3b9 Do nothing when href doesn't exist (#8622)
  • 168bdca Revert "Fix file upload image extension validation vulnerability"
  • c298442 Fix file upload image extension validation vulnerability
  • c61a138 Fix passing null to parse_url() deprecation error (#8596)
  • 58fef84 Revert "update custom asset url docs" (#8594)
  • fe963dc Fix: Persistent middlewares not redirecting on subsequent requests (#8592)
  • Additional commits viewable in compare view

Updates phpoffice/phpspreadsheet from 1.29.0 to 1.29.4

Release notes

Sourced from phpoffice/phpspreadsheet's releases.

1.29.4 - 2024-11-10

Fixed

Added

1.29.2 - 2024-09-29

Fixed

  • Backported security patches.
  • Support for Php8.4.
  • Change to Csv Reader (see below under Deprecated). Backport of PR #4162 intended for 3.0.0. [Issue #4161](PHPOffice/PhpSpreadsheet#4161)
  • Tweaks to ROUNDUP, ROUNDDOWN, TRUNC, AMORDEGRC (results had been different under 8.4).

Changed

  • Images will not be added to spreadsheet if they cannot be validated as images.

Security Patch

1.29.1 - 2024-09-03

Fixed

  • Backported security patches from PR #4119 and PR #3957.
Changelog

Sourced from phpoffice/phpspreadsheet's changelog.

1.29.4 - 2024-11-10

Fixed

Added

1.29.2 - 2024-09-29

Fixed

  • Backported security patches.
  • Support for Php8.4.
  • Change to Csv Reader (see below under Deprecated). Backport of PR #4162 intended for 3.0.0. [Issue #4161](PHPOffice/PhpSpreadsheet#4161)
  • Tweaks to ROUNDUP, ROUNDDOWN, TRUNC, AMORDEGRC (results had been different under 8.4).

Changed

  • Images will not be added to spreadsheet if they cannot be validated as images.

Deprecated

  • Php8.4 will deprecate the escape parameter of fgetcsv. Csv Reader is affected by this; code is changed to be unaffected, but this will mean a breaking change is coming with Php9. Any code which uses the default escape value of backslash will fail in Php9. It is recommended to explicitly set the escape value to null string before then.

1.29.1 - 2024-09-03

Fixed

  • Backported security patches.
Commits

Updates symfony/http-client from 6.4.7 to 6.4.15

Release notes

Sourced from symfony/http-client's releases.

v6.4.15

Changelog (symfony/http-client@v6.4.14...v6.4.15)

v6.4.14

Changelog (symfony/http-client@v6.4.13...v6.4.14)

v6.4.13

Changelog (symfony/http-client@v6.4.12...v6.4.13)

  • no significant changes

v6.4.12

Changelog (symfony/http-client@v6.4.11...v6.4.12)

v6.4.11

Changelog (symfony/http-client@v6.4.10...v6.4.11)

v6.4.10

Changelog (symfony/http-client@v6.4.9...v6.4.10)

  • no significant changes

v6.4.9

Changelog (symfony/http-client@v6.4.8...v6.4.9)

v6.4.8

Changelog (symfony/http-client@v6.4.7...v6.4.8)

Commits
  • cb4073c Merge branch '5.4' into 6.4
  • 3b643b8 [HttpClient] Resolve hostnames in NoPrivateNetworkHttpClient
  • 05d88cb Merge branch '5.4' into 6.4
  • 224124d bug #58704 [HttpClient] fix for HttpClientDataCollector fails if proc_open is...
  • aa7bebe [HttpClient] Fix Process-based escaping in HttpClientDataCollector
  • e9b0846 fix for HttpClientDataCollector fails if proc_open is disabled via php.ini . ...
  • ebcaeea [HttpClient] Filter private IPs before connecting when Host == IP
  • 509d0e8 [HttpClient] Fix class requirement message
  • 9990ced Merge branch '5.4' into 6.4
  • 54118c6 Add PR template and auto-close PR on subtree split repositories
  • Additional commits viewable in compare view

Updates league/commonmark from 2.4.2 to 2.6.0

Release notes

Sourced from league/commonmark's releases.

2.6.0

This is a security release to address potential denial of service attacks when parsing specially crafted, malicious input from untrusted sources (like user input). See GHSA-c2pc-g5qf-rfrf for more details.

Added

  • Added max_delimiters_per_line config option to prevent denial of service attacks when parsing malicious input
  • Added table/max_autocompleted_cells config option to prevent denial of service attacks when parsing large tables
  • The AttributesExtension now supports attributes without values (#985, #986)
  • The AutolinkExtension exposes two new configuration options to override the default behavior (#969, #987):
    • autolink/allowed_protocols - an array of protocols to allow autolinking for
    • autolink/default_protocol - the default protocol to use when none is specified
  • Added RegexHelper::isWhitespace() method to check if a given character is an ASCII whitespace character
  • Added CacheableDelimiterProcessorInterface to ensure linear complexity for dynamic delimiter processing
  • Added Bracket delimiter type to optimize bracket parsing

Changed

  • [ and ] are no longer added as Delimiter objects on the stack; a new Bracket type with its own stack is used instead
  • UrlAutolinkParser no longer parses URLs with more than 127 subdomains
  • Expanded reference links can no longer exceed 100kb, or the size of the input document (whichever is greater)
  • Delimiters should always provide a non-null value via DelimiterInterface::getIndex()
    • We'll attempt to infer the index based on surrounding delimiters where possible
  • The DelimiterStack now accepts integer positions for any $stackBottom argument
  • Several small performance optimizations

2.5.3

Changed

  • Made compatible with CommonMark spec 0.31.1, including:
    • Remove source, add search to list of recognized block tags

Full Changelog: thephpleague/commonmark@2.5.2...2.5.3

2.5.2

Changed

  • Boolean attributes now require an explicit true value (#1040)

Fixed

  • Fixed regression where text could be misinterpreted as an attribute (#1040)

Full Changelog: thephpleague/commonmark@2.5.1...2.5.2

2.5.1

Fixed

... (truncated)

Changelog

Sourced from league/commonmark's changelog.

[2.6.0] - 2024-12-07

This is a security release to address potential denial of service attacks when parsing specially crafted, malicious input from untrusted sources (like user input).

Added

  • Added max_delimiters_per_line config option to prevent denial of service attacks when parsing malicious input
  • Added table/max_autocompleted_cells config option to prevent denial of service attacks when parsing large tables
  • The AttributesExtension now supports attributes without values (#985, #986)
  • The AutolinkExtension exposes two new configuration options to override the default behavior (#969, #987):
    • autolink/allowed_protocols - an array of protocols to allow autolinking for
    • autolink/default_protocol - the default protocol to use when none is specified
  • Added RegexHelper::isWhitespace() method to check if a given character is an ASCII whitespace character
  • Added CacheableDelimiterProcessorInterface to ensure linear complexity for dynamic delimiter processing
  • Added Bracket delimiter type to optimize bracket parsing

Changed

  • [ and ] are no longer added as Delimiter objects on the stack; a new Bracket type with its own stack is used instead
  • UrlAutolinkParser no longer parses URLs with more than 127 subdomains
  • Expanded reference links can no longer exceed 100kb, or the size of the input document (whichever is greater)
  • Delimiters should always provide a non-null value via DelimiterInterface::getIndex()
    • We'll attempt to infer the index based on surrounding delimiters where possible
  • The DelimiterStack now accepts integer positions for any $stackBottom argument
  • Several small performance optimizations

[2.5.3] - 2024-08-16

Changed

  • Made compatible with CommonMark spec 0.31.1, including:
    • Remove source, add search to list of recognized block tags

[2.5.2] - 2024-08-14

Changed

  • Boolean attributes now require an explicit true value (#1040)

Fixed

  • Fixed regression where text could be misinterpreted as an attribute (#1040)

[2.5.1] - 2024-07-24

Fixed

  • Fixed attribute parsing incorrectly parsing mustache-like syntax (#1035)
  • Fixed incorrect Table start line numbers (#1037)

... (truncated)

Commits
  • d150f91 Prepare to release 2.6.0
  • 2f1e520 Merge commit from fork
  • d777db8 Add pathological test for deeply-nested blocks
  • 92dbad9 Flag this as a security release
  • 8b9d95e Fix pathological test suite failing not loading extensions in CI
  • 5156796 Add max_delimiters_per_line config option
  • 5ce491f Optimize repeated parsing of links without closing brace
  • 540d850 Fix quadratic complexity parsing long backtick code spans with no matching cl...
  • e1cfa8d Use recursive lookup as a last resort to avoid throwing
  • b61bbd4 Use delimiter position to optimize processing
  • Additional commits viewable in compare view

Updates symfony/http-foundation from 6.4.7 to 6.4.14

Release notes

Sourced from symfony/http-foundation's releases.

v6.4.14

Changelog (symfony/http-foundation@v6.4.13...v6.4.14)

v6.4.13

Changelog (symfony/http-foundation@v6.4.12...v6.4.13)

v6.4.12

Changelog (symfony/http-foundation@v6.4.11...v6.4.12)

v6.4.10

Changelog (symfony/http-foundation@v6.4.9...v6.4.10)

v6.4.8

Changelog (symfony/http-foundation@v6.4.7...v6.4.8)

Commits
  • ba020a3 Merge branch '5.4' into 6.4
  • 168b77c security #cve-2024-50345 [HttpFoundation] Reject URIs that contain invalid ch...
  • 4875486 Merge branch '5.4' into 6.4
  • 32310ff [HttpFoundation] Reject URIs that contain invalid characters
  • 38bd9bc [HttpFoundation] Remove invalid HTTP method from exception message
  • 3f38426 Ensure compatibility with mongodb v2
  • 4c0341b Merge branch '5.4' into 6.4
  • 35f7b4c session names must not be empty
  • 3363819 Merge branch '5.4' into 6.4
  • e641edd ensure session storages are opened in tests before destroying them
  • Additional commits viewable in compare view

Updates symfony/process from 6.4.7 to 6.4.15

Release notes

Sourced from symfony/process's releases.

v6.4.15

Changelog (symfony/process@v6.4.14...v6.4.15)

  • no significant changes

v6.4.14

Changelog (symfony/process@v6.4.13...v6.4.14)

v6.4.13

Changelog (symfony/process@v6.4.12...v6.4.13)

  • no significant changes

v6.4.12

Changelog (symfony/process@v6.4.11...v6.4.12)

v6.4.8

Changelog (symfony/process@v6.4.7...v6.4.8)

Commits
  • 3cb242f Merge branch '5.4' into 6.4
  • 5d1662f normalize paths to avoid failures if a path is referenced by different names
  • 25214ad Merge branch '5.4' into 6.4
  • 0190687 [Process] Fix test
  • 88638b9 Merge branch '5.4' into 6.4
  • ee75984 security #cve-2024-51736 [Process] Use %PATH% before %CD% to load the shell o...
  • 05c2ccc [Process] Use %PATH% before %CD% to load the shell on Windows
  • 0776b99 Merge branch '5.4' into 6.4
  • d94dda5 [Process] Fix escaping /X arguments on Windows
  • 836d34f Merge branch '5.4' into 6.4
  • Additional commits viewable in compare view

Updates twig/twig from 3.10.3 to 3.16.0

Changelog

Sourced from twig/twig's changelog.

3.16.0 (2024-11-29)

  • Deprecate InlinePrint
  • Fix having macro variables starting with an underscore
  • Deprecate not passing a Source instance to TokenStream
  • Deprecate returning null from TwigFilter::getSafe() and TwigFunction::getSafe(), return [] instead

3.15.0 (2024-11-17)

  • [BC BREAK] Add support for accessing class constants with the dot operator; this can be a BC break if you don't use UPPERCASE constant names
  • Add Spanish inflector support for the plural and singular filters in the String extension
  • Deprecate TempNameExpression in favor of LocalVariable
  • Deprecate NameExpression in favor of ContextVariable
  • Deprecate AssignNameExpression in favor of AssignContextVariable
  • Remove MacroAutoImportNodeVisitor
  • Deprecate MethodCallExpression in favor of MacroReferenceExpression
  • Fix support for the "is defined" test on _self.xxx (auto-imported) macros
  • Fix support for the "is defined" test on inherited macros
  • Add named arguments support for the dot operator arguments (foo.bar(some: arg))
  • Add named arguments support for macros
  • Add a new guard tag that allows to test if some Twig callables are available at compilation time
  • Allow arrow functions everywhere
  • Deprecate passing a string or an array to Twig callable arguments accepting arrow functions (pass a \Closure)
  • Add support for triggering deprecations for future operator precedence changes
  • Deprecate using the not unary operator in an expression with *, /, //, or % without using explicit parentheses to clarify precedence
  • Deprecate using the ?? binary operator without explicit parentheses
  • Deprecate using the ~ binary operator in an expression with + or - without using parentheses to clarify precedence
  • Deprecate not passing AbstractExpression args to most constructor arguments for classes extending AbstractExpression
  • Fix power expressions with a negative number in parenthesis ((-1) ** 2)
  • Deprecate instantiating Node directly. Use EmptyNode or Nodes instead.
  • Add support for inline comments
  • Add Profile::getStartTime() and Profile::getEndTime()
  • Fix "ignore missing" when used on an "embed" tag
  • Fix the possibility to override an aliased block (via use)
  • Add template cache hot reload
  • Allow Twig callable argument names to be free-form (snake-case or camelCase) independently of the PHP callable signature They were automatically converted to snake-cased before
  • Deprecate the attribute function; use the . notation and wrap the name with parenthesis instead
  • Add support for argument unpackaging
  • Add JSON support for the file extension escaping strategy
  • Support Markup instances (and any other \Stringable) as dynamic mapping keys
  • Deprecate the sandbox tag
  • Improve the way one can deprecate a Twig callable (use deprecation_info instead of the other callable options)
  • Add the enum function
  • Add support for logical xor operator

3.14.2 (2024-11-07)

  • Fix an infinite recursion in the sandbox code

... (truncated)

Commits
  • 475ad2d Prepare the 3.16.0 release
  • ef3dbab minor #4481 Simplify code even more (fabpot)
  • 2337c7f Simplify code even more
  • ae82e8b feature #4479 Simplify EscaperNodeVisitor code (fabpot)
  • 02cec77 Simplify EscaperNodeVisitor code
  • c384fb4 bug #4475 Fix having macro variables starting with an underscore (fabpot)
  • bdb0f3c Fix having macro variables starting with an underscore
  • 0176de0 Fix CS
  • b08968f feature #4469 Fix SafeAnalysisNodeVisitor::getSafe() return value (fabpot)
  • c402deb Fix EscapeNodeVisitor::isSafeFor()
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the composer group across 1 directory with 8 updates
99820e0 
Bumps the composer group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [laravel/framework](https://github.com/laravel/framework) | `10.48.10` | `10.48.23` |
| [livewire/livewire](https://github.com/livewire/livewire) | `3.4.12` | `3.5.2` |
| [phpoffice/phpspreadsheet](https://github.com/PHPOffice/PhpSpreadsheet) | `1.29.0` | `1.29.4` |
| [symfony/http-client](https://github.com/symfony/http-client) | `6.4.7` | `6.4.15` |
| [twig/twig](https://github.com/twigphp/Twig) | `3.10.3` | `3.16.0` |



Updates `laravel/framework` from 10.48.10 to 10.48.23
- [Release notes](https://github.com/laravel/framework/releases)
- [Changelog](https://github.com/laravel/framework/blob/11.x/CHANGELOG.md)
- [Commits](laravel/framework@v10.48.10...v10.48.23)

Updates `livewire/livewire` from 3.4.12 to 3.5.2
- [Release notes](https://github.com/livewire/livewire/releases)
- [Commits](livewire/livewire@v3.4.12...v3.5.2)

Updates `phpoffice/phpspreadsheet` from 1.29.0 to 1.29.4
- [Release notes](https://github.com/PHPOffice/PhpSpreadsheet/releases)
- [Changelog](https://github.com/PHPOffice/PhpSpreadsheet/blob/1.29.4/CHANGELOG.md)
- [Commits](PHPOffice/PhpSpreadsheet@1.29.0...1.29.4)

Updates `symfony/http-client` from 6.4.7 to 6.4.15
- [Release notes](https://github.com/symfony/http-client/releases)
- [Changelog](https://github.com/symfony/http-client/blob/7.2/CHANGELOG.md)
- [Commits](symfony/http-client@v6.4.7...v6.4.15)

Updates `league/commonmark` from 2.4.2 to 2.6.0
- [Release notes](https://github.com/thephpleague/commonmark/releases)
- [Changelog](https://github.com/thephpleague/commonmark/blob/2.6/CHANGELOG.md)
- [Commits](thephpleague/commonmark@2.4.2...2.6.0)

Updates `symfony/http-foundation` from 6.4.7 to 6.4.14
- [Release notes](https://github.com/symfony/http-foundation/releases)
- [Changelog](https://github.com/symfony/http-foundation/blob/7.2/CHANGELOG.md)
- [Commits](symfony/http-foundation@v6.4.7...v6.4.14)

Updates `symfony/process` from 6.4.7 to 6.4.15
- [Release notes](https://github.com/symfony/process/releases)
- [Changelog](https://github.com/symfony/process/blob/7.2/CHANGELOG.md)
- [Commits](symfony/process@v6.4.7...v6.4.15)

Updates `twig/twig` from 3.10.3 to 3.16.0
- [Changelog](https://github.com/twigphp/Twig/blob/3.x/CHANGELOG)
- [Commits](twigphp/Twig@v3.10.3...v3.16.0)

---
updated-dependencies:
- dependency-name: laravel/framework
  dependency-type: direct:production
  dependency-group: composer
- dependency-name: livewire/livewire
  dependency-type: direct:production
  dependency-group: composer
- dependency-name: phpoffice/phpspreadsheet
  dependency-type: direct:production
  dependency-group: composer
- dependency-name: symfony/http-client
  dependency-type: direct:production
  dependency-group: composer
- dependency-name: league/commonmark
  dependency-type: indirect
  dependency-group: composer
- dependency-name: symfony/http-foundation
  dependency-type: indirect
  dependency-group: composer
- dependency-name: symfony/process
  dependency-type: indirect
  dependency-group: composer
- dependency-name: twig/twig
  dependency-type: indirect
  dependency-group: composer
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file php Pull requests that update Php code labels Dec 10, 2024
@vercel Vercel
Copy link

vercel bot commented Dec 10, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
akaunting ❌ Failed (Inspect) Dec 10, 2024 1:07am

@sourcery-ai Sourcery AI
Copy link

sourcery-ai bot commented Dec 10, 2024
edited
Loading

🧙 Sourcery has finished reviewing your pull request!

Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time. You can also use
    this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

sourcery-ai[bot]
sourcery-ai bot reviewed Dec 10, 2024
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have skipped reviewing this pull request. Here's why:

  • It seems to have been created by a bot (hey, dependabot[bot]!). We assume it knows what it's doing!
  • All of the files are larger than we can process. We're working on it!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file php Pull requests that update Php code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants