Bump the minor-patch group with 3 updates

[dependabot[bot]]

Bumps the minor-patch group with 3 updates: composer/composer, composer/class-map-generator and myclabs/deep-copy.

Updates composer/composer from 2.7.6 to 2.7.7

Release notes

Sourced from composer/composer's releases.

2.7.7

This release includes fixes for issues found in a security audit by Cure53 funded by Alpha-Omega.

• Security: Fixed command injection via malicious git branch name (GHSA-47f6-5gq3-vx9c / CVE-2024-35241)
• Security: Fixed multiple command injections via malicious git/hg branch names (GHSA-v9qv-c7wm-wgmf / CVE-2024-35242)
• Security: Fixed secure-http checks that could be bypassed by using malformed URL formats (fa3b9582c)
• Security: Fixed Filesystem::isLocalPath including windows-specific checks on linux (3c37a67c)
• Security: Fixed perforce argument escaping (3773f775)
• Security: Fixed handling of zip bombs when extracting archives (de5f7e32)
• Security: Fixed Windows command parameter escaping to prevent abuse of unicode characters with best fit encoding conversion, reported by Splitline Huang (3130a7455, 04a63b324)
• Fixed PSR violations for classes not matching the namespace of a rule being hidden, this may lead to new violations being shown (#11957)
• Fixed UX when a plugin is still in vendor dir but is not required nor allowed anymore after changing branches (#12000)
• Fixed new platform requirements from composer.json not being checked if the lock file is outdated (#12001)
• Fixed ability for config command to remove autoload keys (#11967)
• Fixed empty type support in init command (#11999)
• Fixed git clone errors when safe.bareRepository is set to strict in the git config (#11969)
• Fixed regression showing network errors on PHP <8.1 (#11974)
• Fixed some color bleed from a few warnings (#11972)

Full Changelog: https://github.com/composer/composer/compare/2.7.6...2.7.7

Changelog

Sourced from composer/composer's changelog.

[2.7.7] 2024-06-10

• Security: Fixed command injection via malicious git branch name (GHSA-47f6-5gq3-vx9c / CVE-2024-35241)
• Security: Fixed multiple command injections via malicious git/hg branch names (GHSA-v9qv-c7wm-wgmf / CVE-2024-35242)
• Security: Fixed secure-http checks that could be bypassed by using malformed URL formats (fa3b9582c)
• Security: Fixed Filesystem::isLocalPath including windows-specific checks on linux (3c37a67c)
• Security: Fixed perforce argument escaping (3773f775)
• Security: Fixed handling of zip bombs when extracting archives (de5f7e32)
• Security: Fixed Windows command parameter escaping to prevent abuse of unicode characters with best fit encoding conversion (3130a7455, 04a63b324)
• Fixed PSR violations for classes not matching the namespace of a rule being hidden, this may lead to new violations being shown (#11957)
• Fixed UX when a plugin is still in vendor dir but is not required nor allowed anymore after changing branches (#12000)
• Fixed new platform requirements from composer.json not being checked if the lock file is outdated (#12001)
• Fixed ability for config command to remove autoload keys (#11967)
• Fixed empty type support in init command (#11999)
• Fixed git clone errors when safe.bareRepository is set to strict in the git config (#11969)
• Fixed regression showing network errors on PHP <8.1 (#11974)
• Fixed some color bleed from a few warnings (#11972)

Commits

• 2919429 Release 2.7.7
• e354a8d Update changelog
• 04a63b3 Add more characters for best fit encoding protection
• ad8985e Update changelog
• 3130a74 Fix windows parameter encoding to prevent abuse of unicode characters with be...
• 5aa7b03 Fix test
• ee28354 Merge pull request from GHSA-47f6-5gq3-vx9c
• 6bd43df Merge pull request from GHSA-v9qv-c7wm-wgmf
• fa3b958 Fix secure-http check to avoid bypass using emojis
• f3e877a Update deps
• Additional commits viewable in compare view

Updates composer/class-map-generator from 1.3.2 to 1.3.4

Release notes

Sourced from composer/class-map-generator's releases.

1.3.4

• Fixed aliased use statements leading to problem with classes called like keywords (#9)

Full Changelog: https://github.com/composer/class-map-generator/compare/1.3.3...1.3.4

1.3.3

• Fixed path normalization issue on windows

Full Changelog: https://github.com/composer/class-map-generator/compare/1.3.2...1.3.3

Commits

• b1b3fd0 Fix aliased use statements leading to problem with classes called like keywor...
• 61804f9 Fix path normalization issues on windows
• 2a3384e Fix path normalization issues on windows
• d2c6c89 Update CI targets
• See full diff in compare view

Updates myclabs/deep-copy from 1.11.1 to 1.12.0

Release notes

Sourced from myclabs/deep-copy's releases.

1.12.0

What's Changed

• Ignore readonly properties by @​llupa in myclabs/DeepCopy#195
• Normalize Composer configuration by @​szepeviktor in myclabs/DeepCopy#182
• Add github folder to .gitattributes by @​VincentLanglet in myclabs/DeepCopy#191
• Update .gitattributes by @​systemsolutionweb in myclabs/DeepCopy#176

New Contributors

• @​szepeviktor made their first contribution in myclabs/DeepCopy#181
• @​VincentLanglet made their first contribution in myclabs/DeepCopy#191
• @​systemsolutionweb made their first contribution in myclabs/DeepCopy#176
• @​llupa made their first contribution in myclabs/DeepCopy#195

Full Changelog: https://github.com/myclabs/DeepCopy/compare/1.11.1...1.12.0

Commits

• 3a6b9a4 Merge pull request #195 from llupa/readonly-properties
• 3306d5f Add test fixtures
• 156b10c Update DeepCopyTest.php
• 4e89dc3 Ignore readonly properties
• 57f2365 Ignore readonly properties
• 2f52946 Merge pull request #193 from Chris53897/feature/improve-ci
• 27c6110 chore: fix ci deprecations
• 202aaf6 Update .gitattributes (#176)
• f6f48cf Merge pull request #191 from VincentLanglet/patch-1
• c809eee Add github folder to .gitattributes
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[private-packagist[bot]]

composer.lock

Package changes

Package	Operation	From	To	About
composer/class-map-generator	upgrade	1.3.2	1.3.4	diff
composer/composer	upgrade	2.7.6 :warning:	2.7.7 :white_check_mark:	diff

Dev Package changes

Package	Operation	From	To	About
myclabs/deep-copy	upgrade	1.11.1	1.12.0	diff

---

Settings · Docs · Powered by Private Packagist