jesuitsciencenetwork / web

The web frontend for the Jesuit Science Network
http://jesuitscience.net/
MIT License
1 stars 0 forks source link

Bump symfony/symfony from 3.4.11 to 3.4.35 #13

Open dependabot[bot] opened 2 years ago

dependabot[bot] commented 2 years ago

Bumps symfony/symfony from 3.4.11 to 3.4.35.

Changelog

Sourced from symfony/symfony's changelog.

  • 3.4.35 (2019-11-13)

  • bug #34344 [Console] Constant STDOUT might be undefined (nicolas-grekas)

  • security #cve-2019-18889 [Cache] forbid serializing AbstractAdapter and TagAwareAdapter instances (nicolas-grekas)

  • security #cve-2019-18888 [HttpFoundation] fix guessing mime-types of files with leading dash (nicolas-grekas)

  • security #cve-2019-18887 [HttpKernel] Use constant time comparison in UriSigner (stof)

  • 3.4.34 (2019-11-11)

  • bug #34297 [DI] fix locators with numeric keys (nicolas-grekas)

  • bug #34282 [DI] Dont cache classes with missing parents (nicolas-grekas)

  • bug #34181 [Stopwatch] Fixed bug in getDuration when counting multiple ongoing periods (TimoBakx)

  • bug #34179 [Stopwatch] Fixed a bug in StopwatchEvent::getStartTime (TimoBakx)

  • bug #34203 [FrameworkBundle] [HttpKernel] fixed correct EOL and EOM month (erics86)

  • 3.4.33 (2019-11-01)

  • bug #33998 [Config] Disable default alphabet sorting in glob function due of unstable sort (hurricane-voronin)

  • bug #34144 [Serializer] Improve messages for unexpected resources values (fancyweb)

  • bug #34080 [SecurityBundle] correct types for default arguments for firewall configs (shieldo)

  • bug #33999 [Form] Make sure to collect child forms created on *_SET_DATA events (yceruto)

  • bug #34021 [TwigBridge] do not render errors for checkboxes twice (xabbuh)

  • bug #34041 [HttpKernel] fix wrong removal of the just generated container dir (nicolas-grekas)

  • bug #34023 [Dotenv] allow LF in single-quoted strings (nicolas-grekas)

  • bug #33818 [Yaml] Throw exception for tagged invalid inline elements (gharlan)

  • bug #33948 [PropertyInfo] Respect property name case when guessing from public method name (antograssiot)

  • bug #33962 [Cache] fixed TagAwareAdapter returning invalid cache (v-m-i)

  • bug #33965 [HttpFoundation] Add plus character + to legal mime subtype (ilzrv)

  • bug #32943 [Dotenv] search variable values in ENV first then env file (soufianZantar)

  • bug #33943 [VarDumper] fix resetting the "bold" state in CliDumper (nicolas-grekas)

  • 3.4.32 (2019-10-07)

  • bug #33834 [Validator] Fix ValidValidator group cascading usage (fancyweb)

  • bug #33841 [VarDumper] fix dumping uninitialized SplFileInfo (nicolas-grekas)

  • bug #33799 [Security]: Don't let falsy usernames slip through impersonation (j4nr6n)

  • bug #33814 [HttpFoundation] Check if data passed to SessionBagProxy::initialize is an array (mynameisbogdan)

  • bug #33805 [FrameworkBundle] Fix wrong returned status code in ConfigDebugCommand (jschaedl)

  • bug #33781 [AnnotationCacheWarmer] add RedirectController to annotation cache (jenschude)

  • bug #33777 Fix the :only-of-type pseudo class selector (jakzal)

  • bug #32051 [Serializer] Add CsvEncoder tests for PHP 7.4 (ro0NL)

  • feature #33776 Copy phpunit.xsd to a predictable path (julienfalque)

  • bug #33759 [Security/Http] fix parsing X509 emailAddress (nicolas-grekas)

  • bug #33733 [Serializer] fix denormalization of string-arrays with only one element (mkrauser)

  • bug #33754 [Cache] fix known tag versions ttl check (SwenVanZanten)

  • bug #33646 [HttpFoundation] allow additinal characters in not raw cookies (marie)

  • bug #33748 [Console] Do not include hidden commands in suggested alternatives (m-vo)

  • bug #33625 [DependencyInjection] Fix wrong exception when service is synthetic (k0d3r1s)

  • bug #32522 [Validator] Accept underscores in the URL validator, as the URL will load (battye)

  • bug #32437 Fix toolbar load when GET params are present in "_wdt" route (Molkobain)

... (truncated)

Commits
  • 2adc85d Merge pull request #34350 from fabpot/release-3.4.35
  • 02257c8 updated VERSION for 3.4.35
  • 3e25850 updated CHANGELOG for 3.4.35
  • 32bde39 bug #34344 [Console] Constant STDOUT might be undefined (nicolas-grekas)
  • 53dc781 minor #34340 Allow returning null from NormalizerInterface::normalize (teohha...
  • bb8c82c [Console] Constant STDOUT might be undefined.
  • 1c8edc5 Allow returning null from NormalizerInterface::normalize
  • 4cc37df security #cve-2019-18889 [Cache] forbid serializing AbstractAdapter and TagAw...
  • b21025b security #cve-2019-18888 [HttpFoundation] fix guessing mime-types of files wi...
  • 0102134 security #cve-2019-18887 [HttpKernel] Use constant time comparison in UriSign...
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jesuitsciencenetwork/web/network/alerts).