Closed betsyecastro closed 3 months ago
1. Composer dependencies update:
Package operations: 8 installs, 83 updates, 0 removals - Upgrading php-http/discovery (1.19.1 => 1.19.2): Extracting archive - Upgrading symfony/polyfill-php80 (v1.27.0 => v1.28.0): Extracting archive - Upgrading symfony/polyfill-mbstring (v1.27.0 => v1.28.0): Extracting archive - Upgrading symfony/polyfill-ctype (v1.27.0 => v1.28.0): Extracting archive - Upgrading phpoption/phpoption (1.9.1 => 1.9.2): Extracting archive - Upgrading graham-campbell/result-type (v1.1.1 => v1.1.2): Extracting archive - Upgrading vlucas/phpdotenv (v5.5.0 => v5.6.0): Extracting archive - Upgrading tijsverkoyen/css-to-inline-styles (2.2.6 => v2.2.7): Extracting archive - Upgrading symfony/polyfill-uuid (v1.27.0 => v1.28.0): Extracting archive - Upgrading symfony/polyfill-php72 (v1.27.0 => v1.28.0): Extracting archive - Upgrading symfony/polyfill-intl-normalizer (v1.27.0 => v1.28.0): Extracting archive - Upgrading symfony/polyfill-intl-idn (v1.27.0 => v1.28.0): Extracting archive - Upgrading doctrine/deprecations (v1.1.1 => 1.1.3): Extracting archive - Upgrading symfony/polyfill-intl-grapheme (v1.27.0 => v1.28.0): Extracting archive - Upgrading symfony/polyfill-php81 (v1.27.0 => v1.28.0): Extracting archive - Upgrading ramsey/uuid (4.7.4 => 4.7.5): Extracting archive - Installing psr/clock (1.0.0): Extracting archive - Installing carbonphp/carbon-doctrine-types (1.0.0): Extracting archive - Upgrading nesbot/carbon (2.68.1 => 2.72.3): Extracting archive - Upgrading monolog/monolog (2.9.1 => 2.9.2): Extracting archive - Upgrading league/mime-type-detection (1.11.0 => 1.15.0): Extracting archive - Upgrading league/flysystem (3.15.1 => 3.23.1): Extracting archive - Upgrading league/flysystem-local (3.15.0 => 3.23.1): Extracting archive - Upgrading nette/utils (v4.0.0 => v4.0.4): Extracting archive - Upgrading nette/schema (v1.2.3 => v1.2.5): Extracting archive - Upgrading league/commonmark (2.4.0 => 2.4.1): Extracting archive - Upgrading laravel/serializable-closure (v1.3.0 => v1.3.3): Extracting archive - Upgrading guzzlehttp/uri-template (v1.0.1 => v1.0.3): Extracting archive - Upgrading fruitcake/php-cors (v1.2.0 => v1.3.0): Extracting archive - Upgrading dragonmantank/cron-expression (v3.3.2 => v3.3.3): Extracting archive - Upgrading doctrine/inflector (2.0.8 => 2.0.9): Extracting archive - Upgrading laravel/framework (v9.52.10 => v9.52.16): Extracting archive - Upgrading aws/aws-crt-php (v1.2.1 => v1.2.4): Extracting archive - Upgrading composer/pcre (3.1.0 => 3.1.1): Extracting archive - Upgrading psr/http-client (1.0.2 => 1.0.3): Extracting archive - Upgrading guzzlehttp/psr7 (2.5.0 => 2.6.2): Extracting archive - Upgrading guzzlehttp/promises (1.5.3 => 2.0.2): Extracting archive - Upgrading guzzlehttp/guzzle (7.7.0 => 7.8.1): Extracting archive - Upgrading laravel/telescope (v4.15.2 => v4.17.5): Extracting archive - Upgrading mtdowling/jmespath.php (2.6.1 => 2.7.0): Extracting archive - Upgrading aws/aws-sdk-php (3.276.2 => 3.298.1): Extracting archive - Upgrading league/flysystem-aws-s3-v3 (3.15.0 => 3.23.1): Extracting archive - Upgrading livewire/livewire (v2.12.3 => v2.12.6): Extracting archive - Upgrading mockery/mockery (1.6.4 => 1.6.7): Extracting archive - Upgrading filp/whoops (2.15.3 => 2.15.4): Extracting archive - Installing orchestra/canvas-core (v7.7.0): Extracting archive - Installing symfony/polyfill-php83 (v1.28.0): Extracting archive - Upgrading symfony/polyfill-iconv (v1.27.0 => v1.28.0): Extracting archive - Upgrading spatie/ray (1.37.2 => 1.41.1): Extracting archive - Installing phpstan/phpstan (1.10.57): Extracting archive - Installing rector/rector (0.19.5): Extracting archive - Upgrading spatie/laravel-ray (1.32.6 => 1.34.0): Extracting archive - Upgrading orchestra/testbench-core (v7.25.0 => v7.40.1): Extracting archive - Installing orchestra/canvas (v7.11.1): Extracting archive - Upgrading nikic/php-parser (v4.16.0 => v4.18.0): Extracting archive - Upgrading psy/psysh (v0.11.19 => v0.12.0): Extracting archive - Upgrading laravel/tinker (v2.8.1 => v2.9.0): Extracting archive - Upgrading fakerphp/faker (v1.23.0 => v1.23.1): Extracting archive - Installing orchestra/workbench (v7.2.0): Extracting archive - Upgrading owen-it/laravel-auditing (v13.5.1 => v13.6.4): Extracting archive - Upgrading clue/stream-filter (v1.6.0 => v1.7.0): Extracting archive - Upgrading php-http/promise (1.1.0 => 1.3.0): Extracting archive - Upgrading php-http/client-common (2.7.0 => 2.7.1): Extracting archive - Upgrading phpstan/phpdoc-parser (1.22.1 => 1.25.0): Extracting archive - Upgrading phpdocumentor/type-resolver (1.7.2 => 1.8.0): Extracting archive - Upgrading sebastian/global-state (5.0.5 => 5.0.6): Extracting archive - Upgrading theseer/tokenizer (1.2.1 => 1.2.2): Extracting archive - Upgrading sebastian/lines-of-code (1.0.3 => 1.0.4): Extracting archive - Upgrading sebastian/complexity (2.0.2 => 2.0.3): Extracting archive - Upgrading phpunit/php-code-coverage (9.2.26 => 9.2.30): Extracting archive - Upgrading phpunit/phpunit (9.6.10 => 9.6.16): Extracting archive - Upgrading netresearch/jsonmapper (v4.2.0 => v4.4.1): Extracting archive - Upgrading composer/semver (3.3.2 => 3.4.0): Extracting archive - Upgrading orchestra/testbench (v7.25.0 => v7.40.1): Extracting archive - Upgrading symfony/psr-http-message-bridge (v2.2.0 => v2.3.1): Extracting archive - Upgrading nyholm/psr7 (1.8.0 => 1.8.1): Extracting archive - Upgrading sentry/sentry (3.20.1 => 3.22.1): Extracting archive - Upgrading sentry/sdk (3.5.0 => 3.6.0) - Upgrading spatie/temporary-directory (2.1.2 => 2.2.1): Extracting archive - Upgrading spatie/image-optimizer (1.6.4 => 1.7.2): Extracting archive - Upgrading spatie/image (2.2.6 => 2.2.7): Extracting archive - Upgrading spatie/browsershot (3.58.1 => 3.61.0): Extracting archive - Upgrading spatie/laravel-package-tools (1.15.0 => 1.16.2): Extracting archive - Upgrading spatie/db-dumper (3.4.0 => 3.4.2): Extracting archive - Upgrading spatie/laravel-backup (8.1.11 => 8.2.0): Extracting archive - Upgrading spatie/flare-client-php (1.4.1 => 1.4.4): Extracting archive - Upgrading spatie/ignition (1.9.0 => 1.12.0): Extracting archive - Upgrading spatie/laravel-medialibrary (10.10.1 => 10.15.0): Extracting archive - Upgrading spatie/laravel-translatable (6.5.3 => 6.5.5): Extracting archive - Upgrading spatie/laravel-tags (4.5.0 => 4.5.2): Extracting archive - Upgrading ezyang/htmlpurifier (v4.16.0 => v4.17.0): Extracting archive Package adldap2/adldap2 is abandoned, you should avoid using it. No replacement was suggested. Package adldap2/adldap2-laravel is abandoned, you should avoid using it. No replacement was suggested. Package laravelcollective/html is abandoned, you should avoid using it. Use spatie/laravel-html instead. Package php-http/message-factory is abandoned, you should avoid using it. Use psr/http-factory instead. Package webmozart/path-util is abandoned, you should avoid using it. Use symfony/filesystem instead.
2. Adds database migration to create jobs table
3. npm audit
# npm audit report @babel/traverse <7.23.2 Severity: critical Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - https://github.com/advisories/GHSA-67hx-6x53-jw92 fix available via `npm audit fix` node_modules/@babel/traverse browserify-sign 2.6.0 - 4.2.1 Severity: high browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack - https://github.com/advisories/GHSA-x9w5-v3q2-3rhw fix available via `npm audit fix` node_modules/browserify-sign follow-redirects <1.15.4 Severity: moderate Follow Redirects improperly handles URLs in the url.parse() function - https://github.com/advisories/GHSA-jchw-25xp-jwwc fix available via `npm audit fix` node_modules/follow-redirects postcss <8.4.31 Severity: moderate PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j fix available via `npm audit fix` node_modules/postcss 4 vulnerabilities (2 moderate, 1 high, 1 critical)
4. npm dependencies update:
node_modules/@babel/code-frame: 7.22.5 => 7.23.5 @babel/highlight: ^7.22.5 => ^7.23.4 chalk: ^2.4.2 node_modules/@babel/code-frame/node_modules/ansi-styles: 3.2.1 color-convert: ^1.9.0 node_modules/@babel/code-frame/node_modules/chalk: 2.4.2 ansi-style: ^3.2.1 escape-strng-regexp: ^1.0.5 node_modules/@babel/code-frame/node_modules/color-convert: 1.9.3 color-name: 1.1.3 node_modules/@babel/code-frame/node_modules/color-name: 1.1.3 node_modules/@babel/code-frame/node_modules/has-flag: 3.0.0 node_modules/@babel/code-frame/node_modules/supports-color: 5.5.0 has-flag: ^3.0.0 node_modules/@babel/generator: 7.22.9 => 7.23.6 @babel/types: ^7.22.5 => ^7.23.6, node_modules/@babel/helper-environment-visitor: 7.22.5 => 7.22.20 node_modules/@babel/helper-function-name: 7.22.5 => 7.23.0 @babel/template: ^7.22.5 => ^7.22.15 @babel/types: ^7.22.5 => ^7.23.0 node_modules/@babel/helper-string-parser: 7.22.5 => 7.23.4 node_modules/@babel/helper-validator-identifier: 77.22.5 => 7.22.20 node_modules/@babel/highlight: 7.22.5 => 7.23.4 @babel/helper-validator-identifier: 7.22.5 => ^7.22.20 chalk: ^2.0.0 => ^2.4.2 node_modules/@babel/parser: ^7.22.7 => 7.23.9 node_modules/@babel/template: ^7.22.5 => 7.23.9 @babel/code-frame: ^7.22.5 => ^7.23.5 @babel/parser: ^7.22.5 => ^7.23.9 @babel/types: ^7.22.5 => ^7.23.9 node_modules/@babel/traverse: ^7.22.8 => 7.23.9 @babel/code-frame: ^7.22.5 => ^7.23.5 @babel/generator: ^7.22.7 => ^7.23.6 @babel/helper-environment-visitor: ^7.22.5 => ^7.22.20 @babel/helper-function-name: ^7.22.5 => ^7.23.0 @babel/parser: ^7.22.7 => ^7.23.9 @babel/types: ^7.22.5 => ^7.23.9 debug: ^4.1.0 => ^4.3.1 node_modules/@babel/types: ^7.22.5 => 7.23.9 @babel/helper-string-parser: ^7.22.5 => ^7.23.4 @babel/helper-validator-identifier: ^7.22.5 => ^7.22.20 node_modules/browserify-signversion: 4.2.1 => 4.2.2 bn.js: ^5.1.1 => ^5.2.1 browserify-rsa: ^4.0.1 => ^4.1.0 elliptic: ^6.5.3 => ^6.5.4 parse-asn1: ^5.1.5 => ^5.1.6 readable-stream: ^3.6.0 => ^3.6.2 safe-buffer: ^5.2.0 => ^5.2.1 node_modules/follow-redirects: 1.15.2 => 1.15.5 node_modules/nanoid: 3.3.6 => 3.3.7 node_modules/postcss: 8.4.27 => 8.4.35 nanoid: ^3.3.6 => ^3.3.7 @babel/code-frame: 7.22.5 => 7.23.5 @babel/highlight: ^7.22.5 => ^7.23.4 chalk: ^2.4.2 ansi-styles: 3.2.1 color-convert: ^1.9.0 chalk: 2.4.2 ansi-styles: ^3.2.1 color-convert: 1.9.3 color-name: 1.1.3 color-name: 1.1.3 has-flag: 3.0.0 supports-color: 5.5.0 has-flag: ^3.0.0 @babel/generator: 7.22.9 => 7.23.6 @babel/types: ^7.22.5 => ^7.23.6 @babel/helper-environment-visitor: 7.22.5 => 7.22.20 @babel/helper-function-name: 7.22.5 => 7.23.0 @babel/template: ^7.22.5 => ^7.22.15 @babel/types: ^7.22.5 => ^7.23.0 @babel/helper-string-parser: 7.22.5 => 7.23.4 @babel/helper-validator-identifier: 7.22.5 => 7.22.20 @babel/highlight: 7.22.5 => 7.23.4 @babel/helper-validator-identifier: ^7.22.5 => ^7.22.20 chalk: ^2.2.0 => ^2.4.2 @babel/parser: 7.22.7 => 7.23.9 @babel/template: 7.22.5 => 7.23.9 @babel/code-frame: ^7.22.5 => ^7.23.5 @babel/parser: ^7.22.5 => ^7.23.9 @babel/types: ^7.22.5 => ^7.23.9 @babel/traverse: 7.22.8 => 7.23.9 @babel/code-frame: ^7.22.5 => ^7.23.5 @babel/generator: ^7.22.7 => ^7.23.6 @babel/helper-environment-visitor: ^7.22.5 => ^7.22.20 @babel/helper-function-name: ^7.22.5 => ^7.23.0 @babel/parser: ^7.22.7 => ^7.23.9 @babel/types: ^7.22.5 => ^7.23.9 debug: ^4.1.0 => ^4.3.1 @babel/types: 7.22.5 => 7.23.9 @babel/helper-string-parser: ^7.22.5 => ^7.23.4 @babel/helper-validator-identifier: ^7.22.5 => ^7.22.20 browserify-sign: 4.2.1 => 4.2.2 bn.js: ^5.1.1 => ^5.2.1 browserify-rsa: ^4.0.1 => ^4.1.0 elliptic: ^6.5.3 => ^6.5.4 parse-asn1: ^5.1.5 => ^5.1.6 readable-stream: ^3.6.0 => ^3.6.2 safe-buffer: ^5.2.0 => ^5.2.1 follow-redirects: 1.15.2 => 1.15.5 nanoid: 3.2.6 => 3.3.7 postcss: 8.4.27 => 8.4.35 nanoid: ^3.3.6 => ^3.3.7
Composer and NPM dependencies update completed. Security check fails due to 5 abandoned packages. PR ready for review @wunc
1. Composer dependencies update:
2. Adds database migration to create jobs table
3. npm audit
4. npm dependencies update: