Security Updates April 2024

1. Composer dependencies update:

Package operations: 8 installs, 83 updates, 0 removals
  - Upgrading php-http/discovery (1.19.1 => 1.19.2): Extracting archive
  - Upgrading symfony/polyfill-php80 (v1.27.0 => v1.28.0): Extracting archive
  - Upgrading symfony/polyfill-mbstring (v1.27.0 => v1.28.0): Extracting archive
  - Upgrading symfony/polyfill-ctype (v1.27.0 => v1.28.0): Extracting archive
  - Upgrading phpoption/phpoption (1.9.1 => 1.9.2): Extracting archive
  - Upgrading graham-campbell/result-type (v1.1.1 => v1.1.2): Extracting archive
  - Upgrading vlucas/phpdotenv (v5.5.0 => v5.6.0): Extracting archive
  - Upgrading tijsverkoyen/css-to-inline-styles (2.2.6 => v2.2.7): Extracting archive
  - Upgrading symfony/polyfill-uuid (v1.27.0 => v1.28.0): Extracting archive
  - Upgrading symfony/polyfill-php72 (v1.27.0 => v1.28.0): Extracting archive
  - Upgrading symfony/polyfill-intl-normalizer (v1.27.0 => v1.28.0): Extracting archive
  - Upgrading symfony/polyfill-intl-idn (v1.27.0 => v1.28.0): Extracting archive
  - Upgrading doctrine/deprecations (v1.1.1 => 1.1.3): Extracting archive
  - Upgrading symfony/polyfill-intl-grapheme (v1.27.0 => v1.28.0): Extracting archive
  - Upgrading symfony/polyfill-php81 (v1.27.0 => v1.28.0): Extracting archive
  - Upgrading ramsey/uuid (4.7.4 => 4.7.5): Extracting archive
  - Installing psr/clock (1.0.0): Extracting archive
  - Installing carbonphp/carbon-doctrine-types (1.0.0): Extracting archive
  - Upgrading nesbot/carbon (2.68.1 => 2.72.3): Extracting archive
  - Upgrading monolog/monolog (2.9.1 => 2.9.2): Extracting archive
  - Upgrading league/mime-type-detection (1.11.0 => 1.15.0): Extracting archive
  - Upgrading league/flysystem (3.15.1 => 3.23.1): Extracting archive
  - Upgrading league/flysystem-local (3.15.0 => 3.23.1): Extracting archive
  - Upgrading nette/utils (v4.0.0 => v4.0.4): Extracting archive
  - Upgrading nette/schema (v1.2.3 => v1.2.5): Extracting archive
  - Upgrading league/commonmark (2.4.0 => 2.4.1): Extracting archive
  - Upgrading laravel/serializable-closure (v1.3.0 => v1.3.3): Extracting archive
  - Upgrading guzzlehttp/uri-template (v1.0.1 => v1.0.3): Extracting archive
  - Upgrading fruitcake/php-cors (v1.2.0 => v1.3.0): Extracting archive
  - Upgrading dragonmantank/cron-expression (v3.3.2 => v3.3.3): Extracting archive
  - Upgrading doctrine/inflector (2.0.8 => 2.0.9): Extracting archive
  - Upgrading laravel/framework (v9.52.10 => v9.52.16): Extracting archive
  - Upgrading aws/aws-crt-php (v1.2.1 => v1.2.4): Extracting archive
  - Upgrading composer/pcre (3.1.0 => 3.1.1): Extracting archive
  - Upgrading psr/http-client (1.0.2 => 1.0.3): Extracting archive
  - Upgrading guzzlehttp/psr7 (2.5.0 => 2.6.2): Extracting archive
  - Upgrading guzzlehttp/promises (1.5.3 => 2.0.2): Extracting archive
  - Upgrading guzzlehttp/guzzle (7.7.0 => 7.8.1): Extracting archive
  - Upgrading laravel/telescope (v4.15.2 => v4.17.5): Extracting archive
  - Upgrading mtdowling/jmespath.php (2.6.1 => 2.7.0): Extracting archive
  - Upgrading aws/aws-sdk-php (3.276.2 => 3.298.1): Extracting archive
  - Upgrading league/flysystem-aws-s3-v3 (3.15.0 => 3.23.1): Extracting archive
  - Upgrading livewire/livewire (v2.12.3 => v2.12.6): Extracting archive
  - Upgrading mockery/mockery (1.6.4 => 1.6.7): Extracting archive
  - Upgrading filp/whoops (2.15.3 => 2.15.4): Extracting archive
  - Installing orchestra/canvas-core (v7.7.0): Extracting archive
  - Installing symfony/polyfill-php83 (v1.28.0): Extracting archive
  - Upgrading symfony/polyfill-iconv (v1.27.0 => v1.28.0): Extracting archive
  - Upgrading spatie/ray (1.37.2 => 1.41.1): Extracting archive
  - Installing phpstan/phpstan (1.10.57): Extracting archive
  - Installing rector/rector (0.19.5): Extracting archive
  - Upgrading spatie/laravel-ray (1.32.6 => 1.34.0): Extracting archive
  - Upgrading orchestra/testbench-core (v7.25.0 => v7.40.1): Extracting archive
  - Installing orchestra/canvas (v7.11.1): Extracting archive
  - Upgrading nikic/php-parser (v4.16.0 => v4.18.0): Extracting archive
  - Upgrading psy/psysh (v0.11.19 => v0.12.0): Extracting archive
  - Upgrading laravel/tinker (v2.8.1 => v2.9.0): Extracting archive
  - Upgrading fakerphp/faker (v1.23.0 => v1.23.1): Extracting archive
  - Installing orchestra/workbench (v7.2.0): Extracting archive
  - Upgrading owen-it/laravel-auditing (v13.5.1 => v13.6.4): Extracting archive
  - Upgrading clue/stream-filter (v1.6.0 => v1.7.0): Extracting archive
  - Upgrading php-http/promise (1.1.0 => 1.3.0): Extracting archive
  - Upgrading php-http/client-common (2.7.0 => 2.7.1): Extracting archive
  - Upgrading phpstan/phpdoc-parser (1.22.1 => 1.25.0): Extracting archive
  - Upgrading phpdocumentor/type-resolver (1.7.2 => 1.8.0): Extracting archive
  - Upgrading sebastian/global-state (5.0.5 => 5.0.6): Extracting archive
  - Upgrading theseer/tokenizer (1.2.1 => 1.2.2): Extracting archive
  - Upgrading sebastian/lines-of-code (1.0.3 => 1.0.4): Extracting archive
  - Upgrading sebastian/complexity (2.0.2 => 2.0.3): Extracting archive
  - Upgrading phpunit/php-code-coverage (9.2.26 => 9.2.30): Extracting archive
  - Upgrading phpunit/phpunit (9.6.10 => 9.6.16): Extracting archive
  - Upgrading netresearch/jsonmapper (v4.2.0 => v4.4.1): Extracting archive
  - Upgrading composer/semver (3.3.2 => 3.4.0): Extracting archive
  - Upgrading orchestra/testbench (v7.25.0 => v7.40.1): Extracting archive
  - Upgrading symfony/psr-http-message-bridge (v2.2.0 => v2.3.1): Extracting archive
  - Upgrading nyholm/psr7 (1.8.0 => 1.8.1): Extracting archive
  - Upgrading sentry/sentry (3.20.1 => 3.22.1): Extracting archive
  - Upgrading sentry/sdk (3.5.0 => 3.6.0)
  - Upgrading spatie/temporary-directory (2.1.2 => 2.2.1): Extracting archive
  - Upgrading spatie/image-optimizer (1.6.4 => 1.7.2): Extracting archive
  - Upgrading spatie/image (2.2.6 => 2.2.7): Extracting archive
  - Upgrading spatie/browsershot (3.58.1 => 3.61.0): Extracting archive
  - Upgrading spatie/laravel-package-tools (1.15.0 => 1.16.2): Extracting archive
  - Upgrading spatie/db-dumper (3.4.0 => 3.4.2): Extracting archive
  - Upgrading spatie/laravel-backup (8.1.11 => 8.2.0): Extracting archive
  - Upgrading spatie/flare-client-php (1.4.1 => 1.4.4): Extracting archive
  - Upgrading spatie/ignition (1.9.0 => 1.12.0): Extracting archive
  - Upgrading spatie/laravel-medialibrary (10.10.1 => 10.15.0): Extracting archive
  - Upgrading spatie/laravel-translatable (6.5.3 => 6.5.5): Extracting archive
  - Upgrading spatie/laravel-tags (4.5.0 => 4.5.2): Extracting archive
  - Upgrading ezyang/htmlpurifier (v4.16.0 => v4.17.0): Extracting archive
Package adldap2/adldap2 is abandoned, you should avoid using it. No replacement was suggested.
Package adldap2/adldap2-laravel is abandoned, you should avoid using it. No replacement was suggested.
Package laravelcollective/html is abandoned, you should avoid using it. Use spatie/laravel-html instead.
Package php-http/message-factory is abandoned, you should avoid using it. Use psr/http-factory instead.
Package webmozart/path-util is abandoned, you should avoid using it. Use symfony/filesystem instead.

2. Adds database migration to create jobs table

3. npm audit

# npm audit report
@babel/traverse  <7.23.2
Severity: critical
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - https://github.com/advisories/GHSA-67hx-6x53-jw92
fix available via `npm audit fix`
node_modules/@babel/traverse

browserify-sign  2.6.0 - 4.2.1
Severity: high
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack - https://github.com/advisories/GHSA-x9w5-v3q2-3rhw
fix available via `npm audit fix`
node_modules/browserify-sign

follow-redirects  <1.15.4
Severity: moderate
Follow Redirects improperly handles URLs in the url.parse() function - https://github.com/advisories/GHSA-jchw-25xp-jwwc
fix available via `npm audit fix`
node_modules/follow-redirects

postcss  <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix`
node_modules/postcss

4 vulnerabilities (2 moderate, 1 high, 1 critical)

4. npm dependencies update:

node_modules/@babel/code-frame: 7.22.5 => 7.23.5
  @babel/highlight: ^7.22.5 =>  ^7.23.4
  chalk: ^2.4.2
node_modules/@babel/code-frame/node_modules/ansi-styles: 3.2.1
  color-convert: ^1.9.0
node_modules/@babel/code-frame/node_modules/chalk: 2.4.2
  ansi-style: ^3.2.1
  escape-strng-regexp: ^1.0.5
node_modules/@babel/code-frame/node_modules/color-convert: 1.9.3
  color-name: 1.1.3
node_modules/@babel/code-frame/node_modules/color-name: 1.1.3
node_modules/@babel/code-frame/node_modules/has-flag: 3.0.0
node_modules/@babel/code-frame/node_modules/supports-color: 5.5.0
  has-flag: ^3.0.0
node_modules/@babel/generator: 7.22.9 => 7.23.6
  @babel/types: ^7.22.5 => ^7.23.6,
node_modules/@babel/helper-environment-visitor: 7.22.5 => 7.22.20
node_modules/@babel/helper-function-name: 7.22.5 => 7.23.0
  @babel/template: ^7.22.5 => ^7.22.15
  @babel/types: ^7.22.5 => ^7.23.0
node_modules/@babel/helper-string-parser: 7.22.5 => 7.23.4
node_modules/@babel/helper-validator-identifier: 77.22.5 => 7.22.20
node_modules/@babel/highlight: 7.22.5 => 7.23.4
  @babel/helper-validator-identifier: 7.22.5 => ^7.22.20
  chalk: ^2.0.0 => ^2.4.2
node_modules/@babel/parser: ^7.22.7 => 7.23.9
node_modules/@babel/template: ^7.22.5 => 7.23.9
  @babel/code-frame: ^7.22.5 => ^7.23.5
  @babel/parser: ^7.22.5 => ^7.23.9
  @babel/types: ^7.22.5 => ^7.23.9
node_modules/@babel/traverse: ^7.22.8 => 7.23.9
  @babel/code-frame: ^7.22.5 => ^7.23.5
  @babel/generator: ^7.22.7 => ^7.23.6
  @babel/helper-environment-visitor: ^7.22.5 => ^7.22.20
  @babel/helper-function-name: ^7.22.5 => ^7.23.0
  @babel/parser: ^7.22.7 => ^7.23.9
  @babel/types: ^7.22.5 => ^7.23.9
  debug: ^4.1.0 => ^4.3.1
 node_modules/@babel/types: ^7.22.5 => 7.23.9
  @babel/helper-string-parser: ^7.22.5 => ^7.23.4
  @babel/helper-validator-identifier: ^7.22.5 => ^7.22.20
node_modules/browserify-signversion: 4.2.1 => 4.2.2
  bn.js: ^5.1.1 => ^5.2.1
  browserify-rsa: ^4.0.1 => ^4.1.0
  elliptic: ^6.5.3 => ^6.5.4
  parse-asn1: ^5.1.5 => ^5.1.6
  readable-stream: ^3.6.0 => ^3.6.2
  safe-buffer: ^5.2.0 => ^5.2.1
node_modules/follow-redirects: 1.15.2 => 1.15.5
node_modules/nanoid: 3.3.6 => 3.3.7
node_modules/postcss: 8.4.27 => 8.4.35
  nanoid: ^3.3.6 => ^3.3.7
@babel/code-frame: 7.22.5 => 7.23.5
  @babel/highlight: ^7.22.5 => ^7.23.4
  chalk: ^2.4.2
  ansi-styles: 3.2.1
    color-convert: ^1.9.0
  chalk: 2.4.2
    ansi-styles: ^3.2.1
  color-convert: 1.9.3
    color-name: 1.1.3
  color-name: 1.1.3
  has-flag: 3.0.0
  supports-color: 5.5.0
    has-flag: ^3.0.0
@babel/generator: 7.22.9 => 7.23.6
  @babel/types: ^7.22.5 => ^7.23.6
@babel/helper-environment-visitor: 7.22.5 => 7.22.20
@babel/helper-function-name: 7.22.5 => 7.23.0
  @babel/template: ^7.22.5 => ^7.22.15
  @babel/types: ^7.22.5 => ^7.23.0
@babel/helper-string-parser: 7.22.5 => 7.23.4
@babel/helper-validator-identifier: 7.22.5 => 7.22.20
@babel/highlight: 7.22.5 => 7.23.4
  @babel/helper-validator-identifier: ^7.22.5 => ^7.22.20
  chalk: ^2.2.0 => ^2.4.2
@babel/parser: 7.22.7 => 7.23.9
@babel/template: 7.22.5 => 7.23.9
  @babel/code-frame: ^7.22.5 => ^7.23.5
  @babel/parser: ^7.22.5 => ^7.23.9
  @babel/types: ^7.22.5 => ^7.23.9
@babel/traverse: 7.22.8 => 7.23.9
  @babel/code-frame: ^7.22.5 => ^7.23.5
  @babel/generator: ^7.22.7 => ^7.23.6
  @babel/helper-environment-visitor: ^7.22.5 => ^7.22.20
  @babel/helper-function-name: ^7.22.5 => ^7.23.0
  @babel/parser: ^7.22.7 => ^7.23.9
  @babel/types: ^7.22.5 => ^7.23.9
  debug: ^4.1.0 => ^4.3.1
@babel/types: 7.22.5 => 7.23.9
  @babel/helper-string-parser: ^7.22.5 => ^7.23.4
  @babel/helper-validator-identifier: ^7.22.5 => ^7.22.20
browserify-sign: 4.2.1 => 4.2.2
  bn.js: ^5.1.1 => ^5.2.1
  browserify-rsa: ^4.0.1 => ^4.1.0
  elliptic: ^6.5.3 => ^6.5.4
  parse-asn1: ^5.1.5 => ^5.1.6
  readable-stream: ^3.6.0 => ^3.6.2
  safe-buffer: ^5.2.0 => ^5.2.1
follow-redirects: 1.15.2 => 1.15.5
nanoid: 3.2.6 => 3.3.7
postcss: 8.4.27 => 8.4.35
  nanoid: ^3.3.6 => ^3.3.7

utdal / profiles

Security Updates April 2024 #140