theus77 / global

0 stars 0 forks source link

Bump symfony/symfony from 3.0.9 to 3.4.35 #17

Open dependabot[bot] opened 4 years ago

dependabot[bot] commented 4 years ago

Bumps symfony/symfony from 3.0.9 to 3.4.35.

Release notes

Sourced from symfony/symfony's releases.

v3.4.35

Changelog (since https://github.com/symfony/symfony/compare/v3.4.34...v3.4.35)

  • bug #34344 [Console] Constant STDOUT might be undefined (@nicolas-grekas)
  • security #cve-2019-18889 [Cache] forbid serializing AbstractAdapter and TagAwareAdapter instances (@nicolas-grekas)
  • security #cve-2019-18888 [HttpFoundation] fix guessing mime-types of files with leading dash (@nicolas-grekas)
  • security #cve-2019-18887 [HttpKernel] Use constant time comparison in UriSigner (@stof)

[PR] symfony/symfony#34350 [SECURITY] Security release

v3.4.34

Changelog (since https://github.com/symfony/symfony/compare/v3.4.33...v3.4.34)

[PR] symfony/symfony#34322

v3.4.33

Changelog (since https://github.com/symfony/symfony/compare/v3.4.32...v3.4.33)

  • bug #33998 [Config] Disable default alphabet sorting in glob function due of unstable sort (@hurricane-voronin)
  • bug #34144 [Serializer] Improve messages for unexpected resources values (@fancyweb)
  • bug #34080 [SecurityBundle] correct types for default arguments for firewall configs (@shieldo)
  • bug #33999 [Form] Make sure to collect child forms created on *_SET_DATA events (@yceruto)
  • bug #34021 [TwigBridge] do not render errors for checkboxes twice (@xabbuh)
  • bug #34041 [HttpKernel] fix wrong removal of the just generated container dir (@nicolas-grekas)
  • bug #34023 [Dotenv] allow LF in single-quoted strings (@nicolas-grekas)
  • bug #33818 [Yaml] Throw exception for tagged invalid inline elements (@gharlan)
  • bug #33948 [PropertyInfo] Respect property name case when guessing from public method name (@antograssiot)
  • bug #33962 [Cache] fixed TagAwareAdapter returning invalid cache (@v-m-i)
  • bug #33965 [HttpFoundation] Add plus character + to legal mime subtype (@ilzrv)
  • bug #32943 [Dotenv] search variable values in ENV first then env file (@soufianZantar)
  • bug #33943 [VarDumper] fix resetting the "bold" state in CliDumper (@nicolas-grekas)

[PR] symfony/symfony#34208

v3.4.32

Changelog (since https://github.com/symfony/symfony/compare/v3.4.31...v3.4.32)

  • bug #33834 [Validator] Fix ValidValidator group cascading usage (@fancyweb)
  • bug #33841 [VarDumper] fix dumping uninitialized SplFileInfo (@nicolas-grekas)
  • bug #33799 [Security]: Don't let falsy usernames slip through impersonation (@j4nr6n)
  • bug #33814 [HttpFoundation] Check if data passed to SessionBagProxy::initialize is an array (@mynameisbogdan)
  • bug #33805 [FrameworkBundle] Fix wrong returned status code in ConfigDebugCommand (@jschaedl)
  • bug #33781 [AnnotationCacheWarmer] add RedirectController to annotation cache (@jenschude)
... (truncated)
Commits
  • 2adc85d Merge pull request #34350 from fabpot/release-3.4.35
  • 02257c8 updated VERSION for 3.4.35
  • 3e25850 updated CHANGELOG for 3.4.35
  • 32bde39 bug #34344 [Console] Constant STDOUT might be undefined (nicolas-grekas)
  • 53dc781 minor #34340 Allow returning null from NormalizerInterface::normalize (teohha...
  • bb8c82c [Console] Constant STDOUT might be undefined.
  • 1c8edc5 Allow returning null from NormalizerInterface::normalize
  • 4cc37df security #cve-2019-18889 [Cache] forbid serializing AbstractAdapter and TagAw...
  • b21025b security #cve-2019-18888 [HttpFoundation] fix guessing mime-types of files wi...
  • 0102134 security #cve-2019-18887 [HttpKernel] Use constant time comparison in UriSign...
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/theus77/global/network/alerts).