search

blumilksoftware / toby

HR software you love to hate
MIT License
17 stars 4 forks source link

- Update dependency laravel/framework to v11.31.0 [SECURITY] #507

Closed blumilk-renovate[bot] closed 1 week ago

blumilk-renovate[bot] commented 1 week ago

This PR contains the following updates:

Package Type Update Change
laravel/framework (source) require minor 11.29.0 -> 11.31.0

GitHub Vulnerability Alerts

CVE-2024-52301

Description

When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request.

Resolution

The framework now ignores argv values for environment detection on non-cli SAPIs.

Release Notes

laravel/framework (laravel/framework) ### [`v11.31.0`](https://redirect.github.com/laravel/framework/blob/HEAD/CHANGELOG.md#v11310---2024-11-12) [Compare Source](https://redirect.github.com/laravel/framework/compare/v11.30.0...v11.31.0) - \[11.x] Refactor: return Command::FAILURE by [@​fernandokbs](https://redirect.github.com/fernandokbs) in [https://github.com/laravel/framework/pull/53354](https://redirect.github.com/laravel/framework/pull/53354) - Allow the Batch and Chain onQueue method to accept Backed Enums by [@​onlime](https://redirect.github.com/onlime) in [https://github.com/laravel/framework/pull/53359](https://redirect.github.com/laravel/framework/pull/53359) - Add transaction generics by [@​MatusBoa](https://redirect.github.com/MatusBoa) in [https://github.com/laravel/framework/pull/53357](https://redirect.github.com/laravel/framework/pull/53357) - Add laravel default exception blade files to view:cache by [@​SamuelWei](https://redirect.github.com/SamuelWei) in [https://github.com/laravel/framework/pull/53353](https://redirect.github.com/laravel/framework/pull/53353) - \[11.x] Added `useCascadeTruncate` method for `PostgresGrammar` by [@​korkoshko](https://redirect.github.com/korkoshko) in [https://github.com/laravel/framework/pull/53343](https://redirect.github.com/laravel/framework/pull/53343) - Add Application::removeDeferredServices method by [@​ollieread](https://redirect.github.com/ollieread) in [https://github.com/laravel/framework/pull/53362](https://redirect.github.com/laravel/framework/pull/53362) - Add the ability to append and prepend middleware priority from the application builder by [@​ollieread](https://redirect.github.com/ollieread) in [https://github.com/laravel/framework/pull/53326](https://redirect.github.com/laravel/framework/pull/53326) - Fix typo in Translator code comment by [@​caendesilva](https://redirect.github.com/caendesilva) in [https://github.com/laravel/framework/pull/53366](https://redirect.github.com/laravel/framework/pull/53366) - \[11.x] Handle HtmlString constructed with a null by [@​sperelson](https://redirect.github.com/sperelson) in [https://github.com/laravel/framework/pull/53367](https://redirect.github.com/laravel/framework/pull/53367) - \[11.x] Add `URL::forceHttps()` to enforce HTTPS scheme for URLs by [@​dasundev](https://redirect.github.com/dasundev) in [https://github.com/laravel/framework/pull/53381](https://redirect.github.com/laravel/framework/pull/53381) - \[11.x] Refactor and add remaining test cases for the DatabaseUuidFailedJobProviderTest class by [@​kevinb1989](https://redirect.github.com/kevinb1989) in [https://github.com/laravel/framework/pull/53408](https://redirect.github.com/laravel/framework/pull/53408) - \[11.X] Postgres Aurora failover - DetectsLostConnections by [@​vifer](https://redirect.github.com/vifer) in [https://github.com/laravel/framework/pull/53404](https://redirect.github.com/laravel/framework/pull/53404) - `whereFullText` case consistency by [@​parth391](https://redirect.github.com/parth391) in [https://github.com/laravel/framework/pull/53395](https://redirect.github.com/laravel/framework/pull/53395) - \[11.x] Add `HasFactory` trait to `make:model` generation command using `--all` options by [@​adel007gh](https://redirect.github.com/adel007gh) in [https://github.com/laravel/framework/pull/53391](https://redirect.github.com/laravel/framework/pull/53391) - Introduce support for popping items from a stackable context item by [@​denjaland](https://redirect.github.com/denjaland) in [https://github.com/laravel/framework/pull/53403](https://redirect.github.com/laravel/framework/pull/53403) - \[11.x] Test Improvements by [@​crynobone](https://redirect.github.com/crynobone) in [https://github.com/laravel/framework/pull/53414](https://redirect.github.com/laravel/framework/pull/53414) - \[11.x] Add ability to dynamically build mailers on-demand using `Mail::build` by [@​stevebauman](https://redirect.github.com/stevebauman) in [https://github.com/laravel/framework/pull/53411](https://redirect.github.com/laravel/framework/pull/53411) - \[11.x] Refactor and add remaining test cases for the DatabaseFailedJobProviderTest class by [@​kevinb1989](https://redirect.github.com/kevinb1989) in [https://github.com/laravel/framework/pull/53409](https://redirect.github.com/laravel/framework/pull/53409) - \[11.x] Fix error event listener in Vite prefetching by [@​jnoordsij](https://redirect.github.com/jnoordsij) in [https://github.com/laravel/framework/pull/53439](https://redirect.github.com/laravel/framework/pull/53439) - \[11.x] Ensure datetime cache durations account for script execution time by [@​timacdonald](https://redirect.github.com/timacdonald) in [https://github.com/laravel/framework/pull/53431](https://redirect.github.com/laravel/framework/pull/53431) - \[11.x] Fix fluent syntax for HasManyThrough when combining HasMany followed by HasOne by [@​jnoordsij](https://redirect.github.com/jnoordsij) in [https://github.com/laravel/framework/pull/53335](https://redirect.github.com/laravel/framework/pull/53335) - Correct parameter type of Collection::diffKeys() and Collection::diffKeysUsing() by [@​AJenbo](https://redirect.github.com/AJenbo) in [https://github.com/laravel/framework/pull/53441](https://redirect.github.com/laravel/framework/pull/53441) - Correct parameter type of Collection::intersectByKeys() by [@​AJenbo](https://redirect.github.com/AJenbo) in [https://github.com/laravel/framework/pull/53444](https://redirect.github.com/laravel/framework/pull/53444) - Fix schema foreign ID support for tables with non-standard primary key by [@​willrowe](https://redirect.github.com/willrowe) in [https://github.com/laravel/framework/pull/53442](https://redirect.github.com/laravel/framework/pull/53442) - \[11.x] Cache token repository by [@​browner12](https://redirect.github.com/browner12) in [https://github.com/laravel/framework/pull/53428](https://redirect.github.com/laravel/framework/pull/53428) - Fix validation message when there is a parameter with escaped dot "." by [@​mdmahbubhelal](https://redirect.github.com/mdmahbubhelal) in [https://github.com/laravel/framework/pull/53416](https://redirect.github.com/laravel/framework/pull/53416) - \[11.x] add optional prefix for cache key by [@​browner12](https://redirect.github.com/browner12) in [https://github.com/laravel/framework/pull/53448](https://redirect.github.com/laravel/framework/pull/53448) - \[11.x] Do not overwrite existing link header(s) in `AddLinkHeadersForPreloadedAssets` middleware by [@​jnoordsij](https://redirect.github.com/jnoordsij) in [https://github.com/laravel/framework/pull/53463](https://redirect.github.com/laravel/framework/pull/53463) - \[11.x] use assertTrue and assertFalse method, instead of using assertE… by [@​iamyusuf](https://redirect.github.com/iamyusuf) in [https://github.com/laravel/framework/pull/53453](https://redirect.github.com/laravel/framework/pull/53453) - \[11.x] Add `DB::build` method by [@​stevebauman](https://redirect.github.com/stevebauman) in [https://github.com/laravel/framework/pull/53464](https://redirect.github.com/laravel/framework/pull/53464) - \[11.x] Add ability to dynamically build cache repositories on-demand using `Cache::build` by [@​stevebauman](https://redirect.github.com/stevebauman) in [https://github.com/laravel/framework/pull/53454](https://redirect.github.com/laravel/framework/pull/53454) - \[11.x] Skip the number of connections transacting while testing to run callbacks by [@​tonysm](https://redirect.github.com/tonysm) in [https://github.com/laravel/framework/pull/53377](https://redirect.github.com/laravel/framework/pull/53377) ### [`v11.30.0`](https://redirect.github.com/laravel/framework/blob/HEAD/CHANGELOG.md#v11300---2024-10-30) [Compare Source](https://redirect.github.com/laravel/framework/compare/v11.29.0...v11.30.0) - Add `$bind` parameter to `Blade::directive` by [@​hossein-zare](https://redirect.github.com/hossein-zare) in [https://github.com/laravel/framework/pull/53279](https://redirect.github.com/laravel/framework/pull/53279) - \[11.x] Fix `trans_choice()` when translation replacement include `|` separator by [@​crynobone](https://redirect.github.com/crynobone) in [https://github.com/laravel/framework/pull/53331](https://redirect.github.com/laravel/framework/pull/53331) - \[11.x] Allow the authorize method to accept Backed Enums directly by [@​johanvanhelden](https://redirect.github.com/johanvanhelden) in [https://github.com/laravel/framework/pull/53330](https://redirect.github.com/laravel/framework/pull/53330) - \[11.x] use `exists()` instead of `count()` by [@​browner12](https://redirect.github.com/browner12) in [https://github.com/laravel/framework/pull/53328](https://redirect.github.com/laravel/framework/pull/53328) - \[11.x] Docblock Improvements by [@​mtlukaszczyk](https://redirect.github.com/mtlukaszczyk) in [https://github.com/laravel/framework/pull/53325](https://redirect.github.com/laravel/framework/pull/53325) - Allow for custom Postgres operators to be added by [@​boris-glumpler](https://redirect.github.com/boris-glumpler) in [https://github.com/laravel/framework/pull/53324](https://redirect.github.com/laravel/framework/pull/53324) - \[11.x] Support Optional Dimensions for `vector` Column Type by [@​akr4m](https://redirect.github.com/akr4m) in [https://github.com/laravel/framework/pull/53316](https://redirect.github.com/laravel/framework/pull/53316) - \[11.x] Test Improvements by [@​saMahmoudzadeh](https://redirect.github.com/saMahmoudzadeh) in [https://github.com/laravel/framework/pull/53306](https://redirect.github.com/laravel/framework/pull/53306) - \[11.x] Added `dropColumnsIfExists`, `dropColumnIfExists` and `dropForeignIfExists` by [@​eusonlito](https://redirect.github.com/eusonlito) in [https://github.com/laravel/framework/pull/53305](https://redirect.github.com/laravel/framework/pull/53305) - \[11.x] Provide an error message for PostTooLargeException by [@​patrickomeara](https://redirect.github.com/patrickomeara) in [https://github.com/laravel/framework/pull/53301](https://redirect.github.com/laravel/framework/pull/53301) - \[11.x] Fix integrity constraint violation on failed_jobs_uuid_unique by [@​bytestream](https://redirect.github.com/bytestream) in [https://github.com/laravel/framework/pull/53264](https://redirect.github.com/laravel/framework/pull/53264) - Revert "\[11.x] Added `dropColumnsIfExists`, `dropColumnIfExists` and `dropForeignIfExists`" by [@​taylorotwell](https://redirect.github.com/taylorotwell) in [https://github.com/laravel/framework/pull/53338](https://redirect.github.com/laravel/framework/pull/53338) - \[11.x] Introduce `HasUniqueStringIds` by [@​cosmastech](https://redirect.github.com/cosmastech) in [https://github.com/laravel/framework/pull/53280](https://redirect.github.com/laravel/framework/pull/53280) - \[11.x] Refactor: check for contextual attribute before getting parameter class name by [@​korkoshko](https://redirect.github.com/korkoshko) in [https://github.com/laravel/framework/pull/53339](https://redirect.github.com/laravel/framework/pull/53339) - \[11.x] Pick up existing views and markdowns when creating mails by [@​kevinb1989](https://redirect.github.com/kevinb1989) in [https://github.com/laravel/framework/pull/53308](https://redirect.github.com/laravel/framework/pull/53308) - \[11.x] Add withoutDefer and withDefer testing helpers by [@​timacdonald](https://redirect.github.com/timacdonald) in [https://github.com/laravel/framework/pull/53340](https://redirect.github.com/laravel/framework/pull/53340)

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Warsaw, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Renovate Bot.