Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump the minor-production-deps group in /packages/php with 1 update #936

Closed
wants to merge 1 commit into from
Closed

chore(deps): bump the minor-production-deps group in /packages/php with 1 update #936

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 1, 2023
edited
Loading

Bumps the minor-production-deps group in /packages/php with 1 update: composer/composer.

Release notes

Sourced from composer/composer's releases.

2.6.5

  • Fixed error when vendor dir contains broken symlinks (#11670)
  • Fixed composer.lock missing from Composer's zip archives (#11674)
  • Fixed AutoloadGenerator::dump() non-BC signature change in 2.6.4 (cb363b0e8)

2.6.4

  • Security: Fixed possible remote code execution vulnerability if composer.phar is publicly accessible, executable as PHP, and register_argc_argv is enabled in php.ini (GHSA-jm6m-4632-36hf / CVE-2023-43655)
  • Fixed json output of abandoned packages in audit command (#11647)
  • Fixed autoloader suffix to reuse the content-hash from lock file if available to make for more reproducible builds by default (#11663)
  • Performance improvement in pool optimization step (#11638)
  • Performance improvement in show -a <packagename> (#11659)

2.6.3

  • Added audit.abandoned config setting. Can be set to ignore, report (current default) or fail (future default in 2.7) to make the audit command report abandoned packages as a security problem (#11639)
  • Added a warning when duplicates files autoload rules are detected (#11109)
  • Fixed unhandled promise rejection regression (#11620)
  • Fixed loading of root aliases on path repo packages when doing partial updates (#11632)
  • Fixed archive command not producing the correct output if the temp dir is a symlink (#11636)
  • Fixed some replaced packages being incorrectly missing when unlocked in a partial update (#11629)

2.6.2

  • Reverted "Fixed binary proxies causing scripts inspecting $_SERVER['SCRIPT_NAME'] to detect them, they are now more transparent (#11562)" which caused a regression (#11617)
  • Fixed non-zero exit code on failed audits to only apply to install --audit runs and not implicit audits with require, create-project or update commands (#11616)
  • Fixed create-project infinite post-install loop in some circumstances (#11613)
Changelog

Sourced from composer/composer's changelog.

[2.6.5] 2023-10-06

  • Fixed error when vendor dir contains broken symlinks (#11670)
  • Fixed composer.lock missing from Composer's zip archives (#11674)
  • Fixed AutoloadGenerator::dump() non-BC signature change in 2.6.4 (cb363b0e8)

[2.6.4] 2023-09-29

  • Security: Fixed possible remote code execution vulnerability if composer.phar is publicly accessible, executable as PHP, and register_argc_argv is enabled in php.ini (GHSA-jm6m-4632-36hf / CVE-2023-43655)
  • Fixed json output of abandoned packages in audit command (#11647)
  • Performance improvement in pool optimization step (#11638)
  • Performance improvement in show -a <packagename> (#11659)

[2.6.3] 2023-09-15

  • Added audit.abandoned config setting. Can be set to ignore, report (current default) or fail (future default in 2.7) to make the audit command report abandoned packages as a security problem (#11639)
  • Added a warning when duplicates files autoload rules are detected (#11109)
  • Fixed unhandled promise rejection regression (#11620)
  • Fixed loading of root aliases on path repo packages when doing partial updates (#11632)
  • Fixed archive command not producing the correct output if the temp dir is a symlink (#11636)
  • Fixed some replaced packages being incorrectly missing when unlocked in a partial update (#11629)

[2.6.2] 2023-09-03

  • Reverted "Fixed binary proxies causing scripts inspecting $_SERVER['SCRIPT_NAME'] to detect them, they are now more transparent (#11562)" which caused a regression (#11617)
  • Fixed non-zero exit code on failed audits to only apply to install --audit runs and not implicit audits with require, create-project or update commands (#11616)
  • Fixed create-project infinite post-install loop in some circumstances (#11613)
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the minor-production-deps group
65f3a15 
Bumps the minor-production-deps group in /packages/php with 1 update: [composer/composer](https://github.com/composer/composer).

- [Release notes](https://github.com/composer/composer/releases)
- [Changelog](https://github.com/composer/composer/blob/main/CHANGELOG.md)
- [Commits](composer/composer@2.6.1...2.6.5)

---
updated-dependencies:
- dependency-name: composer/composer
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-production-deps
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added area:php dependencies Pull requests that update a dependency file labels Nov 1, 2023
@dependabot dependabot bot mentioned this pull request Nov 1, 2023
Closed
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 1, 2023

Looks like composer/composer is updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Dec 1, 2023
@dependabot dependabot bot deleted the dependabot/composer/packages/php/minor-production-deps-d35756b6da branch December 1, 2023 19:50
@erunion erunion added php Issues related to our PHP SDK and removed area:php labels Jul 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file php Issues related to our PHP SDK
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@erunion