Closed dependabot[bot] closed 2 months ago
Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information
Thanks @dependabot[bot] for opening this PR!
For COLLABORATOR only :
To add labels, comment on the issue
/label add label1,label2,label3
To remove labels, comment on the issue
/label remove label1,label2,label3
Check out the playback for this Pull Request here.
Unable to locate .performanceTestingBot config file
Session-related but not session-based, this attack is based on the ability of an attacker to force an action on a user’s browser (commonly in the form of a POST request) to perform an unauthorized action on behalf of the user. This can often occur without the user even noticing it… or only noticing when it is too late. The root cause is that browsers automatically send session cookies with all requests to a given domain, regardless of where the source of the request came from, and the application server cannot differentiate between a request that came from pages it served or a request that came from an unrelated page.
Cross-site scripting vulnerabilities occur when unescaped input is rendered into a page displayed to the user. When HTML or script is included in the input, it will be processed by a user's browser as HTML or script and can alter the appearance of the page or execute malicious scripts in their user context.
[!IMPORTANT]
Auto Review Skipped
Bot user detected.
To trigger a single review, invoke the
@coderabbitai review
command.You can disable this status message by setting the
reviews.review_status
tofalse
in the CodeRabbit configuration file.
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?
PR Details of @dependabot[bot] in snyk-cli : | OPEN | CLOSED | TOTAL |
---|---|---|---|
3 | 12 | 15 |
Bumps the composer group with 4 updates in the /test/acceptance/workspaces/composer-app directory: symfony/symfony, yiisoft/yii, aws/aws-sdk-php and doctrine/common.
Updates
symfony/symfony
from 2.3.1 to 4.1.13Commits
0578fdf
bumped version4a80f8f
fixed version482d063
Merge pull request #31147 from fabpot/release-4.1.120196d2f
updated VERSION for 4.1.1212b0cab
updated CHANGELOG for 4.1.124c80c34
security #cve-2019-10910 [DI] Check service IDs are valid (nicolas-grekas)c8a98df
security #cve-2019-10909 [FrameworkBundle][Form] Fix XSS issues in the form t...b224d4f
security #cve-2019-10912 [Cache][PHPUnit Bridge] Prevent destructors with sid...890cf89
security #cve-2019-10911 [Security] Add a separator in the remember me cookie...5ff0944
security #cve-2019-10913 [HttpFoundation] reject invalid method override (nic...Updates
yiisoft/yii
from 1.1.14 to 1.1.29Release notes
Sourced from yiisoft/yii's releases.
... (truncated)
Changelog
Sourced from yiisoft/yii's changelog.
... (truncated)
Commits
f89b76e
Release version 1.1.2937142be
Merge pull request from GHSA-mw2w-2hj2-fg8qd687882
FIX: Check the proper valuef687987
Merge branch 'advisory-fix-marcovtwout' of github.com:yiisoft/yii-ghsa-mw2w-2...a113037
Change is_string to is_scalar to accept more argument types even though strin...22c4c2b
Merge branch 'master' into advisory-fix-marcovtwout6d8e867
Merge pull request #4537 from yiisoft/4533-phan-check-improvements0361fac
Merge pull request #4536 from yiisoft/4534-fix-pear-diff-php-deprecations3719f5d
Update CHANGELOGac88032
Improve formattingUpdates
aws/aws-sdk-php
from 3.0.0 to 3.278.3Commits
596534c
3.278.3 releasebad02d2
Update models for release629c8bf
Revert "Deprecation below 7.2.5 (#2707)" (#2757)84d4539
Deprecation below 7.2.5 (#2707)d9c58e9
3.278.2 releaseee54551
Update models for releaseed7cba5
3.278.1 releasee2a2b07
Update models for release494c3bc
3.278.0 release33a0b4c
Update models for releaseUpdates
doctrine/common
from 2.5.0 to 2.5.1Commits
0009b8f
Merge branch 'master' of github.com:doctrine/commonb3ae747
[DCOM-293] Fix security misconfiguration vulnerability that can lead to local...7d4f8e4
Merge pull request #350 from 4alexandr/masterff72726
Remove the hhvm-nightly job from the matrix5add480
Merge pull request #366 from marcel-burkhard/patch-19b30b43
Update DefaultFileLocator.phpad89591
Merge pull request #361 from DavidPrevot/testb950908
Bumping version to 2.6.0-DEV18217c3
Fix static call in test74fc182
Made PATTERN_MATCH_ID_METHOD more flexibleUpdates
guzzlehttp/guzzle
from 6.3.0 to 6.5.8Release notes
Sourced from guzzlehttp/guzzle's releases.
Changelog
Sourced from guzzlehttp/guzzle's changelog.
... (truncated)
Commits
a52f044
Release 6.5.8 (#3042)724562f
Release 6.5.7 (#3022)f092dd7
[6.x] Fix cross-domain cookie leakage (#3017)e8ed4db
Fixed tests (#2720)9d4290d
Prepare 6.5.5 (#2692)ba7930f
Updated static analysis tooling (#2694)23730ab
Unpin version for symfony/polyfill-intl-idn (#2678)a4a1b69
Adding changelog for 6.5.4 (#2651)0d137e9
[6.5] Remove obsolete statement inhandler
option docs (#2567)d3f2c17
[6.5] Fix various intl icu issues (#2626)Updates
guzzlehttp/psr7
from 1.4.2 to 1.9.1Release notes
Sourced from guzzlehttp/psr7's releases.
... (truncated)
Changelog
Sourced from guzzlehttp/psr7's changelog.
... (truncated)
Commits
e4490ca
Release 1.9.1c8b21de
Release 1.9.118fd891
Patch header validation issue0e75375
Remove branch alias7cd3009
Update CI workflows (#552)e98e3e6
Release 1.9.0 (#520)337e3ad
Release 1.8.5 (#491)902db15
Release 1.8.4 (#486)1afdd86
Release 1.8.3 (#446)a0c4a5f
Return null in caching stream size if remote is null (#438)Updates
twig/twig
from 1.35.0 to 2.16.0Changelog
Sourced from twig/twig's changelog.
... (truncated)
Commits
0c9cc7e
End of maintenance for the 2.x brancha4974b2
feature #3893 Add SourcePolicyInterface to selectively enable the Sandbox bas...a18da16
Add SourcePolicyInterface to selectively enable the Sandbox based on a templa...ec57248
minor #3929 update Blackfire documentation URL (Ca-Jou)ed2cfbd
update Blackfire documentation URLad63740
Prepare the 2.15.6 releasea41a0e7
Update CHANGELOG02262de
bug #3873 Fix premature loop exit in Security Policy lookup of allowed method...5e1838d
Fix premature loop exit in Security Policy lookup of allowed methods/propertiesb83a044
Set Twig 2 end of maintenance to December 2023Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show