search

mathieu-ducrot / liip-load-fixture-files-test

Test environment for the loadFixtureFiles from the LiipFunctionalTestBundle
1 stars 0 forks source link

Bump symfony/symfony from 2.8.48 to 2.8.52 #1

Closed dependabot[bot] closed 4 years ago

dependabot[bot] commented 4 years ago

Bumps symfony/symfony from 2.8.48 to 2.8.52.

Release notes *Sourced from [symfony/symfony's releases](https://github.com/symfony/symfony/releases).* > ## v2.8.52 > **Changelog** (since https://github.com/symfony/symfony/compare/v2.8.51...v2.8.52) > > * security #cve-2019-18888 [HttpFoundation] fix guessing mime-types of files with leading dash ([@​nicolas-grekas](https://github.com/nicolas-grekas)) > * security #cve-2019-18887 [HttpKernel] Use constant time comparison in UriSigner ([@​stof](https://github.com/stof)) > > [PR] [symfony/symfony#34349](https://github-redirect.dependabot.com/symfony/symfony/pull/34349) > [SECURITY] Security release > > ## v2.8.50 > **Changelog** (since https://github.com/symfony/symfony/compare/v2.8.49...v2.8.50) > > * security #cve-2019-10910 [DI] Check service IDs are valid ([@​nicolas-grekas](https://github.com/nicolas-grekas)) > * security #cve-2019-10909 [FrameworkBundle][Form] Fix XSS issues in the form theme of the PHP templating engine ([@​stof](https://github.com/stof)) > * security #cve-2019-10912 [PHPUnit Bridge] Prevent destructors with side-effects from being unserialized ([@​nicolas-grekas](https://github.com/nicolas-grekas)) > * security #cve-2019-10911 [Security] Add a separator in the remember me cookie hash ([@​pborreli](https://github.com/pborreli)) > * security #cve-2019-10913 [HttpFoundation] reject invalid method override ([@​nicolas-grekas](https://github.com/nicolas-grekas)) > > [PR] [symfony/symfony#31145](https://github-redirect.dependabot.com/symfony/symfony/pull/31145) > [SECURITY] Security release > > ## v2.8.49 > **Changelog** (since https://github.com/symfony/symfony/compare/v2.8.48...v2.8.49) > > * security #cve-2018-19790 [Security\Http] detect bad redirect targets using backslashes ([@​xabbuh](https://github.com/xabbuh)) > * security #cve-2018-19789 [Form] Filter file uploads out of regular form types ([@​nicolas-grekas](https://github.com/nicolas-grekas)) > > [PR] [symfony/symfony#29487](https://github-redirect.dependabot.com/symfony/symfony/pull/29487) > [SECURITY] Security release
Changelog *Sourced from [symfony/symfony's changelog](https://github.com/symfony/symfony/blob/v2.8.52/CHANGELOG-2.8.md).* > * 2.8.52 (2019-11-13) > > * security #cve-2019-18888 [HttpFoundation] fix guessing mime-types of files with leading dash (nicolas-grekas) > * security #cve-2019-18887 [HttpKernel] Use constant time comparison in UriSigner (stof) > > * 2.8.51 (2019-04-17) > > * no changes > > * 2.8.50 (2019-04-17) > > * security #cve-2019-10910 [DI] Check service IDs are valid (nicolas-grekas) > * security #cve-2019-10909 [FrameworkBundle][Form] Fix XSS issues in the form theme of the PHP templating engine (stof) > * security #cve-2019-10912 [PHPUnit Bridge] Prevent destructors with side-effects from being unserialized (nicolas-grekas) > * security #cve-2019-10911 [Security] Add a separator in the remember me cookie hash (pborreli) > * security #cve-2019-10913 [HttpFoundation] reject invalid method override (nicolas-grekas) > > * 2.8.49 (2018-12-06) > > * security #cve-2018-19790 [Security\Http] detect bad redirect targets using backslashes (xabbuh) > * security #cve-2018-19789 [Form] Filter file uploads out of regular form types (nicolas-grekas)
Commits - [`88f3ef6`](https://github.com/symfony/symfony/commit/88f3ef62d6ab870128352c8686c7889562698faf) Merge pull request [#34349](https://github-redirect.dependabot.com/symfony/symfony/issues/34349) from fabpot/release-2.8.52 - [`44dbe04`](https://github.com/symfony/symfony/commit/44dbe046a56b1e510b40ab7ecdeb946e7388d709) updated VERSION for 2.8.52 - [`be612fe`](https://github.com/symfony/symfony/commit/be612fe316924132f286db6374c656dbcc564242) updated CHANGELOG for 2.8.52 - [`2d6bf2e`](https://github.com/symfony/symfony/commit/2d6bf2e689cbaf6500ed21a6ccfd45bcd5f3c931) Fix CHANGELOG - [`af70ccb`](https://github.com/symfony/symfony/commit/af70ccb73b9bf994774be39226446b3802def601) security #cve-2019-18888 [HttpFoundation] fix guessing mime-types of files wi... - [`d41bd42`](https://github.com/symfony/symfony/commit/d41bd42ad5d51e0f4d24259ec2814ccb294c3ba2) security #cve-2019-18887 [HttpKernel] Use constant time comparison in UriSign... - [`2dfc115`](https://github.com/symfony/symfony/commit/2dfc115f6dd56fcc12a6941e8050349cc4d04dbe) [HttpFoundation] fix guessing mime-types of files with leading dash - [`9a50fc5`](https://github.com/symfony/symfony/commit/9a50fc572202f0da41b095900eec79fa3694777c) [HttpKernel] Use constant time comparison in UriSigner - [`78d86f8`](https://github.com/symfony/symfony/commit/78d86f8516ea82fa809c0289a01d04f5aa3c0cd0) bumped version - [`d4843fe`](https://github.com/symfony/symfony/commit/d4843fe948d18611a07469d74eff0836ec988ce7) fixed version - Additional commits viewable in [compare view](https://github.com/symfony/symfony/compare/v2.8.48...v2.8.52)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mathieu-ducrot/liip-load-fixture-files-test/network/alerts).
mathieu-ducrot commented 4 years ago

Close PR from Github dependabot because it was intentional to have that version of symfony.

dependabot[bot] commented 4 years ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.