Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency composer/composer to ^2.7.7 #590

Merged
merged 1 commit into from
Jun 10, 2024
Merged

chore(deps): update dependency composer/composer to ^2.7.7 #590

merged 1 commit into from
Jun 10, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jun 10, 2024

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
composer/composer (source) ^2.7.6 -> ^2.7.7 age adoption passing confidence

Release Notes

composer/composer (composer/composer)

v2.7.7

Compare Source

  • Security: Fixed command injection via malicious git branch name (GHSA-47f6-5gq3-vx9c / CVE-2024-35241)
    • Security: Fixed multiple command injections via malicious git/hg branch names (GHSA-v9qv-c7wm-wgmf / CVE-2024-35242)
    • Security: Fixed secure-http checks that could be bypassed by using malformed URL formats (fa3b958)
    • Security: Fixed Filesystem::isLocalPath including windows-specific checks on linux (3c37a67)
    • Security: Fixed perforce argument escaping (3773f77)
    • Security: Fixed handling of zip bombs when extracting archives (de5f7e3)
    • Security: Fixed Windows command parameter escaping to prevent abuse of unicode characters with best fit encoding conversion (3130a74, 04a63b3)
    • Fixed PSR violations for classes not matching the namespace of a rule being hidden, this may lead to new violations being shown (#​11957)
    • Fixed UX when a plugin is still in vendor dir but is not required nor allowed anymore after changing branches (#​12000)
    • Fixed new platform requirements from composer.json not being checked if the lock file is outdated (#​12001)
    • Fixed ability for config command to remove autoload keys (#​11967)
    • Fixed empty type support in init command (#​11999)
    • Fixed git clone errors when safe.bareRepository is set to strict in the git config (#​11969)
    • Fixed regression showing network errors on PHP <8.1 (#​11974)
    • Fixed some color bleed from a few warnings (#​11972)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@github-actions github-actions bot temporarily deployed to pantheon-pr-590 June 10, 2024 22:32 Destroyed
mrdavidburns
mrdavidburns approved these changes Jun 10, 2024
View reviewed changes
Copy link
Member

@mrdavidburns mrdavidburns left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Patch release. All checks pass.

@mrdavidburns mrdavidburns merged commit 41b0d83 into main Jun 10, 2024
35 of 36 checks passed
@mrdavidburns mrdavidburns deleted the renovate/composer-composer-2.x branch June 10, 2024 22:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mrdavidburns mrdavidburns mrdavidburns approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@mrdavidburns