Skip to content

Updating dependencies to secure versions #14378

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 17, 2024
Merged

Updating dependencies to secure versions #14378

merged 1 commit into from
Dec 17, 2024

Conversation

escopecz
Copy link
Member

@escopecz escopecz commented Dec 16, 2024
edited
Loading

Q A
Bug fix? (use the a.b branch) 🔴🟢
New feature/enhancement? (use the a.x branch) 🔴🟢
Deprecations? 🔴🟢
BC breaks? (use the c.x branch) 🔴🟢
Automated tests included? 🔴🟢
Related user documentation PR URL mautic/user-documentation#...
Related developer documentation PR URL mautic/developer-documentation-new#...
Issue(s) addressed Fixes #...

Description

Dependabot reported several symfony packages with security vulnerabilities:

  1. Bump symfony/security-http from 6.4.11 to 6.4.15 #14377
  2. Bump symfony/process from 6.4.8 to 6.4.15 #14375
  3. Bump symfony/http-client from 6.4.11 to 6.4.16 #14374
  4. Bump symfony/http-foundation from 6.4.10 to 6.4.14 #14373

Running:

  1. composer update symfony/* -W

📋 Steps to test this PR:

  1. Open this PR on Gitpod or pull down for testing locally (see docs on testing PRs here)
  2. Test your most critical features. This PR upgrades just minor and patch releases of some dependencies. It should not break anything.

@escopecz
composer update symfony/* -W
d03641f 
Dependabot reported several symfony packages with security vulnerabilities
@codecov Codecov
Copy link

codecov bot commented Dec 16, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 63.41%. Comparing base (ec4e327) to head (d03641f).
Report is 2 commits behind head on 6.x.

Additional details and impacted files

Impacted file tree graph

@@             Coverage Diff              @@
##                6.x   #14378      +/-   ##
============================================
- Coverage     63.41%   63.41%   -0.01%     
  Complexity    34688    34688              
============================================
  Files          2280     2280              
  Lines        103766   103766              
============================================
- Hits          65801    65800       -1     
- Misses        37965    37966       +1

see 1 file with indirect coverage changes

@escopecz escopecz marked this pull request as ready for review December 16, 2024 12:58
@escopecz escopecz added enhancement Any improvement to an existing feature or functionality dependencies Pull requests that update a dependency file essential This must be done to close the milestone labels Dec 16, 2024
@escopecz escopecz changed the title Updating dependencies Updating dependencies to secure versions Dec 16, 2024
@escopecz escopecz added this to the 6.0 milestone Dec 16, 2024
This was referenced Dec 16, 2024
Closed
Closed
Closed
Closed
matbcvo
matbcvo approved these changes Dec 16, 2024
View reviewed changes
Copy link
Contributor

@matbcvo matbcvo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have tested the PR, and most critical features work as expected.

@escopecz escopecz merged commit 1eac34e into mautic:6.x Dec 17, 2024
17 checks passed
@escopecz escopecz mentioned this pull request Dec 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matbcvo matbcvo matbcvo approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file enhancement Any improvement to an existing feature or functionality essential This must be done to close the milestone
Projects
None yet
Milestone
6.0.0-alpha
Development

Successfully merging this pull request may close these issues.
2 participants
@escopecz @matbcvo