Secupass icon indicating copy to clipboard operation
Secupass copied to clipboard
verified publisher icon pushpak1300

[Security] Bump symfony/error-handler from 4.4.2 to 4.4.21

Open dependabot-preview[bot] opened this issue 5 years ago • 0 comments

Bumps symfony/error-handler from 4.4.2 to 4.4.21. This update includes a security fix.

Vulnerabilities fixed

Sourced from The PHP Security Advisories Database.

CVE-2020-5274: Fix Exception message escaping rendered by ErrorHandler

Affected versions: >=4.4.0, =5.0.0, <5.0.4

Release notes

Sourced from symfony/error-handler's releases.

v4.4.21

Changelog (https://github.com/symfony/error-handler/compare/v4.4.20...v4.4.21)

  • bug #40388 Added missing type annotations to FlattenException (derrabus)

v4.4.20

Changelog (https://github.com/symfony/error-handler/compare/v4.4.19...v4.4.20)

  • bug #40066 fix parsing return types in DebugClassLoader (nicolas-grekas)
  • bug #40065 fix handling messages with null bytes from anonymous classes (nicolas-grekas)
  • bug #40019 Fix strpos error when trying to call a method without a name (Deuchnord)

v4.4.19

Changelog (https://github.com/symfony/error-handler/compare/v4.4.18...v4.4.19)

  • bug #39794 Dont allow unserializing classes with a destructor - 4.4 (jderusse)

v4.4.18

Changelog (https://github.com/symfony/error-handler/compare/v4.4.17...v4.4.18)

  • no changes

v4.4.17

Changelog (https://github.com/symfony/error-handler/compare/v4.4.16...v4.4.17)

  • no changes

v4.4.16

Changelog (https://github.com/symfony/error-handler/compare/v4.4.15...v4.4.16)

  • no changes

v4.4.15

Changelog (https://github.com/symfony/error-handler/compare/v4.4.14...v4.4.15)

  • bug #38373 Do not check Mockery mocks classes (fancyweb)

v4.4.14

Changelog (https://github.com/symfony/error-handler/compare/v4.4.13...v4.4.14)

  • bug #38271 Escape JSON encoded log context (ro0NL)
  • bug #38100 Parse "x not found" errors correctly on php 8 (derrabus)

v4.4.13

Changelog (https://github.com/symfony/error-handler/compare/v4.4.12...v4.4.13)

  • no changes

v4.4.12

Changelog (https://github.com/symfony/error-handler/compare/v4.4.11...v4.4.12)

... (truncated)

Commits
  • 48e81a3 [ErrorHandler] Added missing type annotations to FlattenException
  • a191550 Skip checking return types on PHP <= 7.2
  • 24279f9 bug #40066 [ErrorHandler] fix parsing return types in DebugClassLoader (nicol...
  • d10d19e [ErrorHandler] fix parsing return types in DebugClassLoader
  • 088eb1d [ErrorHandler] fix handling messages with null bytes from anonymous classes
  • 1812657 [ErrorHandler] Fix strpos error when trying to call a method without a name
  • d603654 Use createMock() and use import instead of FQCN
  • cbdae07 [travis] use PHP 8.0 to patch return types and run deps=low
  • 34542b7 bug #39794 Dont allow unserializing classes with a destructor - 4.4 (jderusse)
  • 89e8975 Dont allow unserializing classes with a destructor - 4.4
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

dependabot-preview[bot] avatar Mar 29 '21 23:03 dependabot-preview[bot]