renovate[bot]
commented
2 weeks ago ⚠️ Artifact update problem
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
- any of the package files in this branch needs updating, or
- the branch becomes conflicted, or
- you click the rebase/retry checkbox if found above, or
- you rename this PR's title to start with "rebase!" to trigger it manually
The artifact failure details are included below:
File name: composer.lock
Command failed: composer update laravel/framework:8.83.28 --with-dependencies --ignore-platform-req='ext-*' --ignore-platform-req='lib-*' --no-ansi --no-interaction --no-scripts --no-autoloader --no-plugins
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.
Problem 1
- phpunit/phpunit is locked to version 9.5.20 and an update of this package was not requested.
- phpspec/prophecy v1.15.0 requires php ^7.2 || ~8.0, <8.2 -> your php version (8.3.13) does not satisfy that requirement.
- phpunit/phpunit 9.5.20 requires phpspec/prophecy ^1.12.1 -> satisfiable by phpspec/prophecy[v1.15.0].
This PR contains the following updates:
8.83.13->8.83.28GitHub Vulnerability Alerts
CVE-2024-52301
Description
When the
register_argc_argv phpdirective is set toon, and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request.Resolution
The framework now ignores argv values for environment detection on non-cli SAPIs.
Release Notes
laravel/framework (laravel/framework)
### [`v8.83.28`](https://redirect.github.com/laravel/framework/compare/v8.83.27...v8.83.28) [Compare Source](https://redirect.github.com/laravel/framework/compare/v8.83.27...v8.83.28) ### [`v8.83.27`](https://redirect.github.com/laravel/framework/releases/tag/v8.83.27) [Compare Source](https://redirect.github.com/laravel/framework/compare/v8.83.26...v8.83.27) ##### Fixed - Fixed email verification request ([#45227](https://redirect.github.com/laravel/framework/pull/45227)) ### [`v8.83.26`](https://redirect.github.com/laravel/framework/releases/tag/v8.83.26) [Compare Source](https://redirect.github.com/laravel/framework/compare/v8.83.25...v8.83.26) ##### Fixed - Fixes controller computed middleware ([#44454](https://redirect.github.com/laravel/framework/pull/44454)) ### [`v8.83.25`](https://redirect.github.com/laravel/framework/releases/tag/v8.83.25) [Compare Source](https://redirect.github.com/laravel/framework/compare/v8.83.24...v8.83.25) ##### Added - Added `Illuminate/Routing/Route::flushController()` ([#44393](https://redirect.github.com/laravel/framework/pull/44393)) ### [`v8.83.24`](https://redirect.github.com/laravel/framework/releases/tag/v8.83.24) [Compare Source](https://redirect.github.com/laravel/framework/compare/v8.83.23...v8.83.24) ##### Fixed - Avoid Passing null to parameter exception on PHP 8.1 ([#43951](https://redirect.github.com/laravel/framework/pull/43951)) ##### Changed - Patch for timeless timing attack vulnerability in user login ([#44069](https://redirect.github.com/laravel/framework/pull/44069)) ### [`v8.83.23`](https://redirect.github.com/laravel/framework/releases/tag/v8.83.23) [Compare Source](https://redirect.github.com/laravel/framework/compare/v8.83.22...v8.83.23) ##### Fixed - Fix DynamoDB locks with 0 seconds duration ([#43365](https://redirect.github.com/laravel/framework/pull/43365)) ### [`v8.83.22`](https://redirect.github.com/laravel/framework/releases/tag/v8.83.22) [Compare Source](https://redirect.github.com/laravel/framework/compare/v8.83.21...v8.83.22) ##### Revert - Revert ["Protect against ambiguous columns"](https://redirect.github.com/laravel/framework/pull/43278) ([#43362](https://redirect.github.com/laravel/framework/pull/43362)) ### [`v8.83.21`](https://redirect.github.com/laravel/framework/releases/tag/v8.83.21) [Compare Source](https://redirect.github.com/laravel/framework/compare/v8.83.20...v8.83.21) ##### Revert - Revert of ["Prevent double throwing chained exception on sync queue"](https://redirect.github.com/laravel/framework/pull/42950) ([#43354](https://redirect.github.com/laravel/framework/pull/43354)) ### [`v8.83.20`](https://redirect.github.com/laravel/framework/releases/tag/v8.83.20) [Compare Source](https://redirect.github.com/laravel/framework/compare/v8.83.19...v8.83.20) ##### Fixed - Fixed transaction attempts counter for sqlsrv ([#43176](https://redirect.github.com/laravel/framework/pull/43176)) ##### Changed - Clear Facade resolvedInstances in queue worker resetScope callback ([#43215](https://redirect.github.com/laravel/framework/pull/43215)) - Protect against ambiguous columns ([#43278](https://redirect.github.com/laravel/framework/pull/43278)) ### [`v8.83.19`](https://redirect.github.com/laravel/framework/releases/tag/v8.83.19) [Compare Source](https://redirect.github.com/laravel/framework/compare/v8.83.18...v8.83.19) ##### Fixed - Fixed forceCreate on MorphMany not returning newly created object ([#42996](https://redirect.github.com/laravel/framework/pull/42996)) - Prevent double throwing chained exception on sync queue ([#42950](https://redirect.github.com/laravel/framework/pull/42950)) ##### Changed - Disable Column Statistics for php artisan schema:dump on MariaDB ([#43027](https://redirect.github.com/laravel/framework/pull/43027)) ### [`v8.83.18`](https://redirect.github.com/laravel/framework/releases/tag/v8.83.18) [Compare Source](https://redirect.github.com/laravel/framework/compare/v8.83.17...v8.83.18) ##### Fixed - Fixed bug on forceCreate on a MorphMay relationship not including morph type ([#42929](https://redirect.github.com/laravel/framework/pull/42929)) - Handle cursor paginator when no items are found ([#42963](https://redirect.github.com/laravel/framework/pull/42963)) - Fixed Str::Mask() for repeating chars ([#42956](https://redirect.github.com/laravel/framework/pull/42956)) ### [`v8.83.17`](https://redirect.github.com/laravel/framework/releases/tag/v8.83.17) [Compare Source](https://redirect.github.com/laravel/framework/compare/v8.83.16...v8.83.17) ##### Added - Apply where's from union query builder in cursor pagination ([#42651](https://redirect.github.com/laravel/framework/pull/42651)) - Handle collection creation around a single enum ([#42839](https://redirect.github.com/laravel/framework/pull/42839)) ##### Fixed - Fixed Request offsetExists without routeResolver ([#42754](https://redirect.github.com/laravel/framework/pull/42754)) - Fixed: Loose comparison causes the value not to be saved ([#42793](https://redirect.github.com/laravel/framework/pull/42793)) ### [`v8.83.16`](https://redirect.github.com/laravel/framework/releases/tag/v8.83.16) [Compare Source](https://redirect.github.com/laravel/framework/compare/v8.83.15...v8.83.16) ##### Fixed - Free reserved memory before handling fatal errors ([#42630](https://redirect.github.com/laravel/framework/pull/42630), [#42646](https://redirect.github.com/laravel/framework/pull/42646)) - Prevent $mailer being reset when testing mailables that implement ShouldQueue ([#42695](https://redirect.github.com/laravel/framework/pull/42695)) ### [`v8.83.15`](https://redirect.github.com/laravel/framework/releases/tag/v8.83.15) [Compare Source](https://redirect.github.com/laravel/framework/compare/v8.83.14...v8.83.15) ##### Reverted - Revert digits changes in Validator ([c6d1a2d](https://redirect.github.com/laravel/framework/commit/c6d1a2da17e3aaaeb0ff5b8cc4879816d214b527), [#42562](https://redirect.github.com/laravel/framework/pull/42562)) ##### Changed - Retain the original attribute value during validation of an array key with a dot for correct failure message ([#42395](https://redirect.github.com/laravel/framework/pull/42395)) ### [`v8.83.14`](https://redirect.github.com/laravel/framework/releases/tag/v8.83.14) [Compare Source](https://redirect.github.com/laravel/framework/compare/v8.83.13...v8.83.14) ##### Fixed - Add flush handler to output buffer for streamed test response (bugfix) ([#42481](https://redirect.github.com/laravel/framework/pull/42481)) ##### Changed - Use duplicate instead of createFromBase to clone request when routes are cached ([#42420](https://redirect.github.com/laravel/framework/pull/42420))Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.