Skip to content

Bump the composer group across 1 directory with 4 updates #49

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the composer group across 1 directory with 4 updates #49

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 6, 2025
edited
Loading

Bumps the composer group with 4 updates in the / directory: league/commonmark, nesbot/carbon, symfony/http-client and symfony/process.

Updates league/commonmark from 2.3.5 to 2.7.0

Release notes

Sourced from league/commonmark's releases.

2.7.0

This is a security release to address a potential cross-site scripting (XSS) vulnerability when using the AttributesExtension with untrusted user input.

Added

  • Added attributes/allow config option to specify which attributes users are allowed to set on elements (default allows virtually all attributes)

Changed

  • The AttributesExtension blocks all attributes starting with on unless explicitly allowed via the attributes/allow config option
  • The allow_unsafe_links option is now respected by the AttributesExtension when users specify href and src attributes

2.6.2

Fixed

  • Fixed Attributes extension parsing regression (#1071)

Other Changes

New Contributors

Full Changelog: thephpleague/commonmark@2.6.1...2.6.2

2.6.1

Fixed

  • Rendered list items should only add newlines around block-level children (#1059, #1061)

Full Changelog: thephpleague/commonmark@2.6.0...2.6.1

2.6.0

This is a security release to address potential denial of service attacks when parsing specially crafted, malicious input from untrusted sources (like user input). See GHSA-c2pc-g5qf-rfrf for more details.

Added

  • Added max_delimiters_per_line config option to prevent denial of service attacks when parsing malicious input
  • Added table/max_autocompleted_cells config option to prevent denial of service attacks when parsing large tables
  • The AttributesExtension now supports attributes without values (#985, #986)
  • The AutolinkExtension exposes two new configuration options to override the default behavior (#969, #987):
    • autolink/allowed_protocols - an array of protocols to allow autolinking for
    • autolink/default_protocol - the default protocol to use when none is specified
  • Added RegexHelper::isWhitespace() method to check if a given character is an ASCII whitespace character
  • Added CacheableDelimiterProcessorInterface to ensure linear complexity for dynamic delimiter processing
  • Added Bracket delimiter type to optimize bracket parsing

Changed

... (truncated)

Changelog

Sourced from league/commonmark's changelog.

[2.7.0]

This is a security release to address a potential cross-site scripting (XSS) vulnerability when using the AttributesExtension with untrusted user input.

Added

  • Added attributes/allow config option to specify which attributes users are allowed to set on elements (default allows virtually all attributes)

Changed

  • The AttributesExtension blocks all attributes starting with on unless explicitly allowed via the attributes/allow config option
  • The allow_unsafe_links option is now respected by the AttributesExtension when users specify href and src attributes

[2.6.2] - 2025-04-18

Fixed

  • Fixed Attributes extension parsing regression (#1071)

[2.6.1] - 2024-12-29

Fixed

  • Rendered list items should only add newlines around block-level children (#1059, #1061)

[2.6.0] - 2024-12-07

This is a security release to address potential denial of service attacks when parsing specially crafted, malicious input from untrusted sources (like user input).

Added

  • Added max_delimiters_per_line config option to prevent denial of service attacks when parsing malicious input
  • Added table/max_autocompleted_cells config option to prevent denial of service attacks when parsing large tables
  • The AttributesExtension now supports attributes without values (#985, #986)
  • The AutolinkExtension exposes two new configuration options to override the default behavior (#969, #987):
    • autolink/allowed_protocols - an array of protocols to allow autolinking for
    • autolink/default_protocol - the default protocol to use when none is specified
  • Added RegexHelper::isWhitespace() method to check if a given character is an ASCII whitespace character
  • Added CacheableDelimiterProcessorInterface to ensure linear complexity for dynamic delimiter processing
  • Added Bracket delimiter type to optimize bracket parsing

Changed

  • [ and ] are no longer added as Delimiter objects on the stack; a new Bracket type with its own stack is used instead
  • UrlAutolinkParser no longer parses URLs with more than 127 subdomains
  • Expanded reference links can no longer exceed 100kb, or the size of the input document (whichever is greater)
  • Delimiters should always provide a non-null value via DelimiterInterface::getIndex()
    • We'll attempt to infer the index based on surrounding delimiters where possible
  • The DelimiterStack now accepts integer positions for any $stackBottom argument
  • Several small performance optimizations

... (truncated)

Commits

Updates nesbot/carbon from 2.61.0 to 2.73.0

Release notes

Sourced from nesbot/carbon's releases.

2.73.0

Complete commits list: briannesbitt/Carbon@2.72.6...2.73.0

Summary:

2.72.6

Complete commits list: CarbonPHP/carbon@2.72.5...2.72.6

Summary:

  • Validate locale earlier
Commits
  • 9228ce9 Merge pull request #13 from thecaliskan/2.x
  • 142f0f5 changed CS rule
  • dc27804 changed CS rule
  • 8910c51 changed expected result for PHP 8.4
  • d1e695f Added PHP 8.3 and PHP 8.4 test for laravel and removed PHP 8.4 lowest test ma...
  • 5dca8dc Fixes for PHP 8.4
  • 8c3e607 Fixes for implicit nullability deprecation
  • 5f4c750 upgraded phpunit version on tests
  • a4932f3 Fixed CS
  • d6f5afb Added PHP 8.4 support
  • Additional commits viewable in compare view

Updates symfony/http-client from 6.0.11 to 6.0.20

Commits
  • 541c045 Merge branch '5.4' into 6.0
  • b4d936b [HttpClient] Fix collecting data non-late for the profiler
  • 5effe44 Merge branch '5.4' into 6.0
  • 0c22562 [HttpClient] Let curl handle content-length headers
  • 627cb71 Merge branch '5.4' into 6.0
  • da0579c [HttpClient] Move Http clients data collecting at a late level
  • b4d73e6 Merge branch '5.4' into 6.0
  • 46c5291 Bump license year to 2023
  • d104286 Merge branch '5.4' into 6.0
  • 772129f TraceableHttpClient: increase decorator's priority
  • Additional commits viewable in compare view

Updates symfony/process from 6.0.11 to 6.0.19

Release notes

Sourced from symfony/process's releases.

v6.0.19

Changelog (symfony/process@v6.0.18...v6.0.19)

  • no significant changes
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file php Pull requests that update Php code labels May 6, 2025
Sander0542
Sander0542 previously approved these changes May 6, 2025
View reviewed changes
@Sander0542 Sander0542 enabled auto-merge May 6, 2025 17:15
@Sander0542
Copy link
Owner

Sander0542 commented Oct 5, 2025

@dependabot rebase

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 5, 2025

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@Sander0542
Copy link
Owner

Sander0542 commented Oct 5, 2025

@dependabot recreate

@dependabot
Bump the composer group across 1 directory with 4 updates
5c3983f 
Bumps the composer group with 4 updates in the / directory: [league/commonmark](https://github.com/thephpleague/commonmark), [nesbot/carbon](https://github.com/CarbonPHP/carbon), [symfony/http-client](https://github.com/symfony/http-client) and [symfony/process](https://github.com/symfony/process).


Updates `league/commonmark` from 2.3.5 to 2.7.0
- [Release notes](https://github.com/thephpleague/commonmark/releases)
- [Changelog](https://github.com/thephpleague/commonmark/blob/2.7/CHANGELOG.md)
- [Commits](thephpleague/commonmark@2.3.5...2.7.0)

Updates `nesbot/carbon` from 2.61.0 to 2.73.0
- [Release notes](https://github.com/CarbonPHP/carbon/releases)
- [Commits](CarbonPHP/carbon@2.61.0...2.73.0)

Updates `symfony/http-client` from 6.0.11 to 6.0.20
- [Release notes](https://github.com/symfony/http-client/releases)
- [Changelog](https://github.com/symfony/http-client/blob/7.2/CHANGELOG.md)
- [Commits](symfony/http-client@v6.0.11...v6.0.20)

Updates `symfony/process` from 6.0.11 to 6.0.19
- [Release notes](https://github.com/symfony/process/releases)
- [Changelog](https://github.com/symfony/process/blob/7.2/CHANGELOG.md)
- [Commits](symfony/process@v6.0.11...v6.0.19)

---
updated-dependencies:
- dependency-name: league/commonmark
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: composer
- dependency-name: nesbot/carbon
  dependency-version: 2.73.0
  dependency-type: indirect
  dependency-group: composer
- dependency-name: symfony/http-client
  dependency-version: 6.0.20
  dependency-type: indirect
  dependency-group: composer
- dependency-name: symfony/process
  dependency-version: 6.0.19
  dependency-type: indirect
  dependency-group: composer
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/composer/composer-c46cd80f97 branch from 3b611e2 to 5c3983f Compare October 5, 2025 10:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Sander0542 Sander0542 Sander0542 left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file php Pull requests that update Php code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Sander0542