edno / kleis

Simplified SquidGuard web frontend (users & filters management)
MIT License
4 stars 2 forks source link

[Security] Bump symfony/http-foundation from 4.3.3 to 4.3.8 #141

Closed dependabot-preview[bot] closed 4 years ago

dependabot-preview[bot] commented 4 years ago

Bumps symfony/http-foundation from 4.3.3 to 4.3.8. This update includes a security fix.

Vulnerabilities fixed *Sourced from [The PHP Security Advisories Database](https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml).* > **CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser** > > Affected versions: >=2.0.0, <2.1.0; >=2.1.0, <2.2.0; >=2.2.0, <2.3.0; >=2.3.0, <2.4.0; >=2.4.0, <2.5.0; >=2.5.0, <2.6.0; >=2.6.0, <2.7.0; >=2.7.0, <2.8.0; >=2.8.0, <2.8.52; >=3.0.0, <3.1.0; >=3.1.0, <3.2.0; >=3.2.0, <3.3.0; >=3.3.0, <3.4.0; >=3.4.0, <3.4.35; >=4.0.0, <4.1.0; >=4.1.0, <4.2.0; >=4.2.0, <4.2.12; >=4.3.0, <4.3.8
Commits - [`cabe672`](https://github.com/symfony/http-foundation/commit/cabe67275034e173350e158f3b1803d023880227) Merge branch '3.4' into 4.3 - [`9e4b3ac`](https://github.com/symfony/http-foundation/commit/9e4b3ac8fa3348b4811674d23de32d201de225ce) [HttpFoundation] fix guessing mime-types of files with leading dash - [`514e5bb`](https://github.com/symfony/http-foundation/commit/514e5bbcbc783465c6fce5a7b2e28657f2e114b7) Merge branch '3.4' into 4.3 - [`a5d46a3`](https://github.com/symfony/http-foundation/commit/a5d46a33e8649ba802cebe520d188b04385572a2) Fix MockFileSessionStorageTest::sessionDir being used after it's unset - [`38f63e4`](https://github.com/symfony/http-foundation/commit/38f63e471cda9d37ac06e76d14c5ea2ec5887051) [4.3] Remove unused local variables - [`9a98f13`](https://github.com/symfony/http-foundation/commit/9a98f1393ea8f7c42296c55e86b03ee683ed47cd) [HttpFoundation] Allow to not pass a parameter to Request::isMethodSafe() - [`d7f44cf`](https://github.com/symfony/http-foundation/commit/d7f44cf6d9aa30e6ecd91ecb33ae92a76b95f377) Merge branch '3.4' into 4.3 - [`7b4626a`](https://github.com/symfony/http-foundation/commit/7b4626ab40d8562707e6d1c9a6fab977a86c2037) Remove unused local variables in tests - [`9c134c0`](https://github.com/symfony/http-foundation/commit/9c134c03c3bc57865cfe184a6581cb4572624a2e) Merge branch '3.4' into 4.3 - [`4db558c`](https://github.com/symfony/http-foundation/commit/4db558c7c6777aac02293efbfe7c7c5d4c1385c3) Add plus character `+` to legal mime subtype - Additional commits viewable in [compare view](https://github.com/symfony/http-foundation/compare/v4.3.3...v4.3.8)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)
dependabot-preview[bot] commented 4 years ago

Superseded by #144.