ddev-gitpod
ddev-gitpod copied to clipboard
Published
20 hours ago •
shaal
shaal
[SECURITY] Update drupal/core-recommended from 10.2.3 to 10.4.8
If you have a high test coverage index, and your tests for this pull request are passing, it should be both safe and recommended to merge this update.
Updated packages
Some times an update also needs new or updated dependencies to be installed. Even if this branch is for updating one dependency, it might contain other installs or updates. All of the updates in this branch can be found here:
- symfony/polyfill-php72 v1.29.0 (package was removed)
- symfony/polyfill-php80 v1.29.0 (package was removed)
- composer/semver: 3.4.3 (updated from 3.4.0)
- doctrine/annotations: 1.14.4 (updated from 1.14.3)
- doctrine/deprecations: 1.1.5 (updated from 1.1.3)
- drupal/core: 10.4.8 (updated from 10.2.3)
- drupal/core-composer-scaffold: 10.4.8 (updated from 10.2.3)
- drupal/core-project-message: 10.4.8 (updated from 10.2.3)
- drupal/core-recommended: 10.4.8 (updated from 10.2.3)
- egulias/email-validator: 4.0.4 (updated from 4.0.2)
- guzzlehttp/guzzle: 7.9.3 (updated from 7.8.1)
- guzzlehttp/promises: 2.0.4 (updated from 2.0.2)
- guzzlehttp/psr7: 2.7.1 (updated from 2.6.2)
- masterminds/html5: 2.9.0 (updated from 2.8.1)
- mck89/peast: v1.16.3 (updated from v1.15.4)
- pear/archive_tar: 1.5.0 (updated from 1.4.14)
- pear/pear-core-minimal: v1.10.16 (updated from v1.10.14)
- psr/http-factory: 1.1.0 (updated from 1.0.2)
- psr/log: 3.0.2 (updated from 3.0.0)
- sebastian/diff: 4.0.6 (updated from 4.0.5)
- symfony/console: v6.4.22 (updated from v6.4.3)
- symfony/dependency-injection: v6.4.22 (updated from v6.4.3)
- symfony/deprecation-contracts: v3.5.1 (updated from v3.4.0)
- symfony/error-handler: v6.4.22 (updated from v6.4.3)
- symfony/event-dispatcher: v6.4.13 (updated from v6.4.3)
- symfony/event-dispatcher-contracts: v3.5.1 (updated from v3.4.0)
- symfony/filesystem: v6.4.13 (updated from v6.4.3)
- symfony/finder: v6.4.17 (updated from v6.4.0)
- symfony/http-foundation: v6.4.22 (updated from v6.4.3)
- symfony/http-kernel: v6.4.22 (updated from v6.4.3)
- symfony/mailer: v6.4.21 (updated from v6.4.3)
- symfony/mime: v6.4.21 (updated from v6.4.3)
- symfony/polyfill-ctype: v1.31.0 (updated from v1.28.0)
- symfony/polyfill-iconv: v1.31.0 (updated from v1.28.0)
- symfony/polyfill-intl-grapheme: v1.31.0 (updated from v1.28.0)
- symfony/polyfill-intl-idn: v1.31.0 (updated from v1.28.0)
- symfony/polyfill-intl-normalizer: v1.31.0 (updated from v1.28.0)
- symfony/polyfill-mbstring: v1.31.0 (updated from v1.28.0)
- symfony/polyfill-php81: v1.32.0 (updated from v1.29.0)
- symfony/polyfill-php83: v1.31.0 (updated from v1.28.0)
- symfony/process: v6.4.20 (updated from v6.4.3)
- symfony/psr-http-message-bridge: v6.4.13 (updated from v6.4.3)
- symfony/routing: v6.4.22 (updated from v6.4.3)
- symfony/serializer: v6.4.22 (updated from v6.4.3)
- symfony/service-contracts: v3.5.1 (updated from v3.4.1)
- symfony/string: v6.4.21 (updated from v6.4.3)
- symfony/translation-contracts: v3.5.1 (updated from v3.4.1)
- symfony/validator: v6.4.22 (updated from v6.4.3)
- symfony/var-dumper: v6.4.21 (updated from v6.4.3)
- symfony/var-exporter: v6.4.22 (updated from v6.4.3)
- symfony/yaml: v6.4.21 (updated from v6.4.3)
- twig/twig: v3.19.0 (updated from v3.8.0)
Release notes
Here are the release notes for all versions released between your current running version, and the version this PR updates the package to.
List of release notes
- Release notes for tag 10.4.8
- Release notes for tag 10.4.7
- Release notes for tag 10.4.6
- Release notes for tag 10.4.4
- Release notes for tag 10.4.3
- Release notes for tag 10.4.2
- Release notes for tag 10.4.1
- Release notes for tag 10.4.0
- Release notes for tag 10.4.0-rc1
- Release notes for tag 10.4.0-beta1
- Release notes for tag 10.2.3
- Release notes for tag 10.2.2
- Release notes for tag 10.2.1
- Release notes for tag 10.2.0
- Release notes for tag 10.2.0-rc1
- Release notes for tag 10.2.0-beta1
- Release notes for tag 10.2.0-alpha1
Changed files
Here is a list of changed files between the version you use, and the version this pull request updates to:
List of changed files
composer.json
Changelog
Here is a list of changes between the version you use, and the version this pull request updates to:
- d5e2b84
Drupal 10.4.8 - 8b7bc3b
Back to dev. - 308b63f
Drupal 10.4.7 - 7a64040
Back to dev. - 661bdf9
Drupal 10.4.6 - b06e3a1
Back to dev. - 3abfb1e
Drupal 10.4.4 - 57277c0
Merged 10.4.3. - 0214d0d
Drupal 10.4.3 - ee7864d
Back to dev. - e9d1eb6
Drupal 10.4.2 - a8ba0a0
Issue #3503195 by alexpott, longwave, loopy1492: Twig needs updating for CVE-2025-24374 - 5f15601
Back to dev. - 7ad1354
Drupal 10.4.1 - 78949a6
Back to dev. - 4c2f518
Drupal 10.4.0 - 289f6c4
Issue #3490183 by spokje, andypost: Update Composer dependencies for 10.4.0 - 3fc4a80
Issue #3488365 by andypost, longwave: Upgrade twig/twig to 3.15.0 - 7a2482d
Back to dev. - c7a8a61
Drupal 10.4.0-rc1 - 23912cb
Revert "Issue #3488365 by andypost: Upgrade twig/twig to 3.15.0" - 1dbe684
Issue #3488365 by andypost: Upgrade twig/twig to 3.15.0 - 8b68255
Issue #3486545 by spokje, andypost: Update Composer dependencies for 10.4.0-beta1 - 8ea2d3f
Back to dev. - fb69dfa
Drupal 10.4.0-beta1 - 94ddb1a
Issue #3485956 by mradcliffe, jan kellermann, gillesbailleux, raphaelbertrand, cilefen, larowlan: Recursion limit exceeded with Twig v3.14.1 when editing a node or a block - cd96db5
Issue #3478331 by andypost, smustgrave: Upgrade composer to 2.8.1 for PHP 8.4 - fda00bb
Issue #3473195 by longwave, catch, jurgenhaas, naveenvalecha, quietone: twig/twig has a possible sandbox bypass <v3.14.0 - a118fb0
Issue #3467293 by Spokje, longwave: twig/twig 3.11.0 introduces (for Drupal) breaking changes - 10b8704
Issue #3454556 by xjm: Require Composer 2.7.7 - 047fac2
Issue #3447204 by longwave, quietone: Update Composer dependencies for 10.3.0-beta1 - ce9d855
Drupal 10.4.x-dev - 00ee439
Issue #3439521 by pradhumanjain2311, quietone, smustgrave: Update composer dependencies for Drupal 10.3 - 6c4415d
Issue #3441331 by andypost, longwave, alexpott, Spokje, xjm: Update to Twig 3.9 - bda36ae
Issue #3428052 by Spokje, mondrake: Bump phpstan/phpstan and mglaman/phpstan-drupal to latest - 90f129c
Drupal 10.3.x-dev - 0c41ce5
Issue #3405696 by longwave, Spokje, andypost, quietone, smustgrave, mondrake: Update composer dependencies for Drupal 10.2.0 - b3d5c5e
Issue #3405704 by Spokje, longwave: symfony/psr-http-message-bridge major version bump - ca6e213
Issue #3404694 by Spokje, longwave, mglaman, andypost: Update dependencies for Drupal 10.2 - f87dbd1
Issue #3401901 by Spokje, smustgrave, longwave: Update composer dependencies for Drupal 10.2 beta - b863e81
Issue #3401200 by quietone: Update composer dependencies for Drupal 10.2 beta - 9656162
Issue #3395586 by andy-blum, deviantintegral, longwave, catch: Add Symfony's Filesystem and Finder components to core - 64ebac4
Issue #3393151 by Spokje, quietone: Update composer dependencies for Drupal 10.2 - f4c9ff8
Issue #3392616 by Spokje, longwave: Update to Symfony 6.4 - c600542
Issue #3165762 followup by longwave, smustgrave, Spokje: Move symfony/mailer dependency from drupal/drupal to drupal/core
Working with this branch
If you find you need to update the codebase to be able to merge this branch (for example update some tests or rebuild some assets), please note that violinist will force push to this branch to keep it up to date. This means you should not work on this branch directly, since you might lose your work. Read more about branches created by violinist.io here.
This is an automated pull request from Violinist: Continuously and automatically monitor and update your composer dependencies. Have ideas on how to improve this message? All violinist messages are open-source, and can be improved here.
