Bug #18239: Fix support of no-extension files for FileValidator::validateExtension() (darkdef)
Bug #18245: Make resolving DI references inside of arrays in dependencies optional (SamMousa, samdark, hiqsol)
Bug #18248: Render only one stack trace on a console for chained exceptions (mikehaertl)
Bug #18269: Fix integer safe attribute to work properly in yii\base\Model (Ladone)
Bug: (CVE-2020-15148): Disable unserialization of yii\db\BatchQueryResult to prevent remote code execution in case application calls unserialize() on user input containing specially crafted string (samdark, russtone)
Enh #18196: yii\rbac\DbManager::$checkAccessAssignments is now protected (alex-code)
Enh #18213: Do not load fixtures with circular dependencies twice instead of throwing an exception (JesseHines0)
Enh #18236: Allow yii\filters\RateLimiter to accept a closure function for the $user property in order to assign values on runtime (nadar)
2.0.37 August 07, 2020
Bug #17147: Fix form attribute validations for empty select inputs (kartik-v)
Bug #18156: Fix yii\db\Schema::quoteSimpleTableName() was checking incorrect quote character (M4tho, samdark)
Bug #18170: Fix 2.0.36 regression in passing extra console command arguments to the action (darkdef)
Bug #18171: Change case of column names in SQL query for findConstraints to fix MySQL 8 compatibility (darkdef)
Bug #18182: yii\db\Expression was not supported as condition in ActiveRecord::findOne() and ActiveRecord::findAll() (rhertogh)
Bug #18189: Fix "Invalid parameter number" in yii\rbac\DbManager::removeItem() (samdark)
Bug #18198: Fix saving tables with trigger by outputting inserted data from insert query with usage of temporary table (darkdef)
Bug #18203: PDO exception code was not properly passed to yii\db\Exception (samdark)
Bug #18204: Fix 2.0.36 regression in inline validator and JS validation (samdark)
Enh #18205: Add .phpstorm.meta.php file for better auto-completion in PhpStorm (vjik)
Enh #18210: Allow strict comparison for multi-select inputs (alex-code)
Enh #18217: Make yii\console\ErrorHandler render chained exceptions in debug mode (mikehaertl)
2.0.36 July 07, 2020
Bug #13828: Fix retrieving inserted data for a primary key of type uniqueidentifier for SQL Server 2005 or later (darkdef)
Bug #17474: Fix retrieving inserted data for a primary key of type trigger for SQL Server 2005 or later (darkdef)
Bug #17985: Convert migrationNamespaces to array if needed (darkdef)
Bug #18001: Fix getting table metadata for tables ( in their name (floor12)
Bug #18026: Fix ArrayHelper::getValue() did not work with ArrayAccess objects (mikk150)
Bug #18028: Fix division by zero exception in console Table::calculateRowHeight() (fourhundredfour)
Bug #18031: HttpBasicAuth with auth callback now triggers login events same was as other authentication methods (samdark)
Bug #18041: Fix RBAC migration for MSSQL (darkdef)
Bug #18047: Fix colorization markers output in console Table (cheeseq)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/elyby/accounts/network/alerts).
Bumps yiisoft/yii2 from 2.0.35 to 2.0.38.
Changelog
Sourced from yiisoft/yii2's changelog.
Commits
fd01e74
release version 2.0.382f7fb32
Merge pull request from GHSA-699q-wcff-g9mj55dc14e
Adjust changelog messages4e3cf83
Bug #18245: Make resolving DI references inside of arrays in dependencies opt...acbefe6
Fix #16892: Validation error class was not applied to checkbox and radio when...ce35719
Fix #18040, fix #15265, fix #18232 database issues (#18225)5b1b475
Fix typos in Hindi language (#18276)f848d88
Bug #13973: Correct alterColumn for MSSQL & drop constraints before drop column9141cc5
Fix #18196:yii\rbac\DbManager::$checkAccessAssignments
is nowprotected
6342ad8
Fix #18213: Do not load fixtures with circular dependencies twice instead of ...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/elyby/accounts/network/alerts).