dependabot[bot]
commented
4 years ago Looks like symfony/symfony is up-to-date now, so this is no longer needed.
Closed dependabot[bot] closed 4 years ago
dependabot[bot]
commented
4 years ago Looks like symfony/symfony is up-to-date now, so this is no longer needed.
Bumps symfony/symfony from 2.8.51 to 2.8.52.
Release notes
*Sourced from [symfony/symfony's releases](https://github.com/symfony/symfony/releases).* > ## v2.8.52 > **Changelog** (since https://github.com/symfony/symfony/compare/v2.8.51...v2.8.52) > > * security #cve-2019-18888 [HttpFoundation] fix guessing mime-types of files with leading dash ([@nicolas-grekas](https://github.com/nicolas-grekas)) > * security #cve-2019-18887 [HttpKernel] Use constant time comparison in UriSigner ([@stof](https://github.com/stof)) > > [PR] [symfony/symfony#34349](https://github-redirect.dependabot.com/symfony/symfony/pull/34349) > [SECURITY] Security releaseChangelog
*Sourced from [symfony/symfony's changelog](https://github.com/symfony/symfony/blob/v2.8.52/CHANGELOG-2.8.md).* > * 2.8.52 (2019-11-13) > > * security #cve-2019-18888 [HttpFoundation] fix guessing mime-types of files with leading dash (nicolas-grekas) > * security #cve-2019-18887 [HttpKernel] Use constant time comparison in UriSigner (stof)Commits
- [`88f3ef6`](https://github.com/symfony/symfony/commit/88f3ef62d6ab870128352c8686c7889562698faf) Merge pull request [#34349](https://github-redirect.dependabot.com/symfony/symfony/issues/34349) from fabpot/release-2.8.52 - [`44dbe04`](https://github.com/symfony/symfony/commit/44dbe046a56b1e510b40ab7ecdeb946e7388d709) updated VERSION for 2.8.52 - [`be612fe`](https://github.com/symfony/symfony/commit/be612fe316924132f286db6374c656dbcc564242) updated CHANGELOG for 2.8.52 - [`2d6bf2e`](https://github.com/symfony/symfony/commit/2d6bf2e689cbaf6500ed21a6ccfd45bcd5f3c931) Fix CHANGELOG - [`af70ccb`](https://github.com/symfony/symfony/commit/af70ccb73b9bf994774be39226446b3802def601) security #cve-2019-18888 [HttpFoundation] fix guessing mime-types of files wi... - [`d41bd42`](https://github.com/symfony/symfony/commit/d41bd42ad5d51e0f4d24259ec2814ccb294c3ba2) security #cve-2019-18887 [HttpKernel] Use constant time comparison in UriSign... - [`2dfc115`](https://github.com/symfony/symfony/commit/2dfc115f6dd56fcc12a6941e8050349cc4d04dbe) [HttpFoundation] fix guessing mime-types of files with leading dash - [`9a50fc5`](https://github.com/symfony/symfony/commit/9a50fc572202f0da41b095900eec79fa3694777c) [HttpKernel] Use constant time comparison in UriSigner - See full diff in [compare view](https://github.com/symfony/symfony/compare/v2.8.51...v2.8.52)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/dinel/metadiscourse-annotator/network/alerts).