Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test(deps): update dependency composer to v2.7.7 #2796

Merged
merged 1 commit into from
Jun 10, 2024
Merged

test(deps): update dependency composer to v2.7.7 #2796

merged 1 commit into from
Jun 10, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jun 10, 2024

Mend Renovate

This PR contains the following updates:

Package Update Change
composer patch 2.7.6 -> 2.7.7

Release Notes

composer/composer (composer)

v2.7.7

Compare Source

  • Security: Fixed command injection via malicious git branch name (GHSA-47f6-5gq3-vx9c / CVE-2024-35241)
    • Security: Fixed multiple command injections via malicious git/hg branch names (GHSA-v9qv-c7wm-wgmf / CVE-2024-35242)
    • Security: Fixed secure-http checks that could be bypassed by using malformed URL formats (fa3b958)
    • Security: Fixed Filesystem::isLocalPath including windows-specific checks on linux (3c37a67)
    • Security: Fixed perforce argument escaping (3773f77)
    • Security: Fixed handling of zip bombs when extracting archives (de5f7e3)
    • Security: Fixed Windows command parameter escaping to prevent abuse of unicode characters with best fit encoding conversion (3130a74, 04a63b3)
    • Fixed PSR violations for classes not matching the namespace of a rule being hidden, this may lead to new violations being shown (#​11957)
    • Fixed UX when a plugin is still in vendor dir but is not required nor allowed anymore after changing branches (#​12000)
    • Fixed new platform requirements from composer.json not being checked if the lock file is outdated (#​12001)
    • Fixed ability for config command to remove autoload keys (#​11967)
    • Fixed empty type support in init command (#​11999)
    • Fixed git clone errors when safe.bareRepository is set to strict in the git config (#​11969)
    • Fixed regression showing network errors on PHP <8.1 (#​11974)
    • Fixed some color bleed from a few warnings (#​11972)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot enabled auto-merge June 10, 2024 21:13
@renovate renovate bot added this pull request to the merge queue Jun 10, 2024
Merged via the queue into main with commit 9f6934b Jun 10, 2024
32 checks passed
@renovate renovate bot deleted the renovate/test-composer-2.7.x branch June 10, 2024 21:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants