chore(deps): bump yiisoft/yii from 1.1.14 to 1.1.27 in /test/acceptance/workspaces/composer-app

[dependabot[bot]]

Bumps yiisoft/yii from 1.1.14 to 1.1.27.

Release notes

Sourced from yiisoft/yii's releases.

Version 1.1.27

https://www.yiiframework.com/news/510/yii-1-1-27-is-released

Version 1.1.26

https://www.yiiframework.com/news/495/yii-1-1-26-is-released

Version 1.1.25

https://www.yiiframework.com/news/419/yii-1-1-25-is-released

Version 1.1.24

https://www.yiiframework.com/news/369/yii-1-1-24-is-released-and-security-support-extended

Version 1.1.23

https://www.yiiframework.com/news/318/yii-1-1-23-is-released

Version 1.1.22

https://www.yiiframework.com/news/267/yii-1-1-22-is-released

Version 1.1.21

https://www.yiiframework.com/news/206/yii-1-1-21-is-released

Version 1.1.20

https://www.yiiframework.com/news/178/yii-1-1-20-is-released

Version 1.1.19

This release is a maintenance release of Yii 1.1.x which contains compatibility fixes for PHP 7.0 and 7.1.

See the complete release announcement for all details: http://www.yiiframework.com/news/137/yii-1-1-19-is-released/

Version 1.1.18

This release is a maintenance release of Yii 1.1.x which contains compatibility fixes for PHP 7.0 and 7.1.

See the complete release announcement for all details: http://www.yiiframework.com/news/133/yii-1-1-18-is-released/

Version 1.1.17

This is the last release of Yii 1.1.x containing Enhancements. Future releases will be bugfix only.

See the complete release announcement for all details: http://www.yiiframework.com/news/93/yii-1-1-17-is-released/

Version 1.1.16

In this release, we fixed more than 120 enhancements and bug fixes.

See http://www.yiiframework.com/news/83/yii-1-1-16-is-released/ for the complete release news.

Version 1.1.15

This release fixes a security issue found in CDetailView in the 1.1.14 release. The issue allows an attacker to

... (truncated)

Changelog

Sourced from yiisoft/yii's changelog.

Version 1.1.27 November 21, 2022

• Bug: PHP 8.1 compatibility: Fix CFileCache call of file_get_contents (Bregi)
• Bug: CVE-2022-41922. Prevent RCE when deserializing untrusted user input (fi3wey, marcovtwout)

Version 1.1.26 September 30, 2022

• Enh #4386: Added support for PHP 8.1 (marcovtwout, JonathanArgentao, ivany4, csears123)
• Enh #4386: Updated HTMLPurifier to version 4.15.0 for PHP 8.1 support (https://github.com/ezyang/htmlpurifier/blob/v4.15.0/NEWS) (marcovtwout)
• Enh #4392: Added support for SSL to CRedisCache (andres101)
• Bug #4453: Alpine Linux compatibility: Avoid using GLOB_BRACE in CFileHelper::removeDirectory (ivany4)

Version 1.1.25 December 13, 2021

• Bug #4226: Fix for Gii diff displaying "reset() expects parameter 1 to be array, integer given" (LeoZandvliet, marcovtwout)
• Bug #4369: PHP 8.0 compatibility: Fix warning "Only the first byte will be assigned to the string offset" when generating code with Gii (marcovtwout)
• Bug #4374: Fix for createUpdateCommand which did not accept just a table name when using MSSQL (c-schmitz)
• Bug #4380: Prevent fatal errors while validating CSRF token of malformed requests (rob006)
• Bug #4382: PHP 8.0 compatibility: Fix CFileLogRoute throwing TypeError when logfile cannot be opened (marcovtwout)

Version 1.1.24 June 7, 2021

• Bug #4339: "There is no active transaction" when transaction is autocommitted (twisted1919)
• Bug #4343: Fix "driver does not support quoting" when using the driver pdo_odbc (xpohoc69)
• Bug #4355: Fix errorhandler missing backtrace entries (georaldc, marcovtwout)
• Enh #4349: Added CHtml option to omit type attribute from tag (mohamedmalki, marcovtwout)
• Enh #4351: Added CHtml option to omit CDATA wrapper from and contents (marcovtwout)
• Enh #4354: Allow to set log file permissions for CFileLogRoute (jdayamx)
• Chg #4344: Upgraded jQuery to 1.12.4 (marcovtwout)
• Chg #4344: Upgraded jQuery UI to 1.12.1 (marcovtwout)

Version 1.1.23 December 2, 2020

• Bug #4291: The scheme (protocol) is deleted when validateIDN is enabled after validation (Argevollen)
• Bug #4306: Add PHP 8 support (samdark)
• Bug #4310: Items on memcache won't expire due to memcache difference in internal clock (nikolasr200)
• Bug #4325: Add support for unicode strings beyond the BMP (like emojies) in CJavaScript::encode() (marcovtwout)
• Bug: Fix CFileHelper::findFiles() to use correct directory separator under Windows (samdark)
• Enh #4305: PHP 7.3 compatibility: Support giving cookies a SameSite=None attribute value (tomfotherby)
• Enh #4308: PHP 7.3 compatibility: Add samesite as a session cookie option (tomfotherby)
• Enh #4314: Exceptions thrown while loading fixtures now contain details about the error location (BBoom)
• Enh #4314: Missing fixture files now throw exceptions (BBoom)
• Enh #4315: Added change triggers to clickable checkbox rows in grid views, allowing other script to react to the changed checkbox states (BBoom)
• Enh #4317: Added special option 'encode' to $htmlOptions argument in CHtml::errorSummary and CHtml::error (shidenko97)
• Enh #4323: Add PostgreSQL 12 support (bio, d4rkstar, marcovtwout)

... (truncated)

Commits

• 8f9404a Release version 1.1.27
• ed67b7c Merge pull request from GHSA-442f-wcwq-fpcf
• 5660bc8 Update CHANGELOG
• 991a162 Optimize PNG files (#4495)
• 0cb2d7c When unserializing CDbCriteria, check if $params is an array to prevent objec...
• cea893f Merge pull request #4493 from Bregi/fix-c-file-cache-get-value
• 5a09222 PHP 8.1 compatibility fix for CFileCache
• 8b9619b fix typo (#4489)
• 0036f3d Merge pull request #4488 from MaximPolyaev/patch-1
• b34b03b Update link
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Watemlifts/Watemlifts../network/alerts).

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.