Skip to content
This repository was archived by the owner on May 13, 2025. It is now read-only.

[Security] Bump laravel/framework from 5.5.20 to 5.8.32 #15

Closed
wants to merge 1 commit into from
Closed

[Security] Bump laravel/framework from 5.5.20 to 5.8.32 #15

wants to merge 1 commit into from

Conversation

dependabot-preview[bot]
Copy link
Contributor

Bumps laravel/framework from 5.5.20 to 5.8.32. This update includes security fixes.

Vulnerabilities fixed

Sourced from The PHP Security Advisories Database.

Cookie serialization vulnerability

Affected versions: >=4.0.0, <=4.0.11; >=4.1.0, <=4.1.31; >=4.2.0, <=4.2.22; >=5.0.0, <=5.0.35; >=5.1.0, <=5.1.46; >=5.2.0, <=5.2.45; >=5.3.0, <=5.3.31; >=5.4.0, <=5.4.36; >=5.5.0, <5.5.42; >=5.6.0, <5.6.30

Sourced from The PHP Security Advisories Database.

Exploit of encryption failure vulnerability

Affected versions: >=4.0.0, <=4.0.11; >=4.1.0, <=4.1.31; >=4.2.0, <=4.2.22; >=5.0.0, <=5.0.35; >=5.1.0, <=5.1.46; >=5.2.0, <=5.2.45; >=5.3.0, <=5.3.31; >=5.4.0, <=5.4.36; >=5.5.0, <5.5.40; >=5.6.0, <5.6.15

Release notes

Sourced from laravel/framework's releases.

v5.8.32

v5.8.32 (2019-08-13)

Fixed

  • Fixed top level wildcard validation for distinct validator (#29499)
  • Fixed resolving of columns with schema references in Postgres (#29448)
  • Only remove the event mutex if it was created (#29526)
  • Fixed restoring serialized collection with deleted models (#29533, 74b62bb)

v5.8.31

v5.8.31 (2019-08-06)

Fixed

  • Fixed FatalThrowableError in updateExistingPivot() when pivot is non-existent (#29362)
  • Fixed worker timeout handler when there is no job processing (#29366)
  • Fixed assertJsonValidationErrors() with muliple messages (#29380)
  • Fixed UPDATE queries with alias (#29405)

Changed

  • Illuminate\Cache\ArrayStore::forget() returns false on missing key (#29427)
  • Allow chaining on QueryBuilder::dump() method (#29437)
  • Change visibility to public for hasPivotColumn() method (#29367)
  • Added line break for plain text mails (#29408)
  • Use date_create to prevent date validator warnings (#29342, #29389)

v5.8.30

v5.8.30 (2019-07-30)

Added

  • Added MakesHttpRequests::option() and MakesHttpRequests::optionJson() methods (#29258)
  • Added Blueprint::uuidMorphs() and Blueprint::nullableUuidMorphs() methods (#29289)
  • Added MailgunTransport::getEndpoint() and MailgunTransport::setEndpoint() methods (#29312)
  • Added WEBP to image validation rule (#29309)
  • Added TestResponse::assertSessionHasInput() method (#29327)
  • Added support for custom redis driver (#29275)
  • Added Postgres support for collation() on columns (#29213)

Fixed

  • Fixed collections with JsonSerializable items and mixed values (#29205)
  • Fixed MySQL Schema Grammar $modifiers order (#29265)
  • Fixed UPDATE query bindings on PostgreSQL (#29272)
  • Fixed default theme for Markdown mails (#29274)
  • Fixed UPDATE queries with alias on SQLite (#29276)
  • Fixed UPDATE and DELETE queries with join bindings on PostgreSQL (#29306)
  • Fixed support of DateTime objects and int values in orWhereDay(), orWhereMonth(), orWhereYear() methods in the Builder (#29317)
  • Fixed DELETE queries with joins on PostgreSQL (#29313)
  • Prevented a job from firing if job marked as deleted (#29204, 1003c27)
  • Fixed model deserializing with custom Model::newCollection() (#29196)
... (truncated)
Changelog

Sourced from laravel/framework's changelog.

v5.8.32 (2019-08-13)

Fixed

  • Fixed top level wildcard validation for distinct validator (#29499)
  • Fixed resolving of columns with schema references in Postgres (#29448)
  • Only remove the event mutex if it was created (#29526)
  • Fixed restoring serialized collection with deleted models (#29533, 74b62bb)

v5.8.31 (2019-08-06)

Fixed

  • Fixed FatalThrowableError in updateExistingPivot() when pivot is non-existent (#29362)
  • Fixed worker timeout handler when there is no job processing (#29366)
  • Fixed assertJsonValidationErrors() with muliple messages (#29380)
  • Fixed UPDATE queries with alias (#29405)

Changed

  • Illuminate\Cache\ArrayStore::forget() returns false on missing key (#29427)
  • Allow chaining on QueryBuilder::dump() method (#29437)
  • Change visibility to public for hasPivotColumn() method (#29367)
  • Added line break for plain text mails (#29408)
  • Use date_create to prevent date validator warnings (#29342, #29389)

v5.8.30 (2019-07-30)

Added

  • Added MakesHttpRequests::option() and MakesHttpRequests::optionJson() methods (#29258)
  • Added Blueprint::uuidMorphs() and Blueprint::nullableUuidMorphs() methods (#29289)
  • Added MailgunTransport::getEndpoint() and MailgunTransport::setEndpoint() methods (#29312)
  • Added WEBP to image validation rule (#29309)
  • Added TestResponse::assertSessionHasInput() method (#29327)
  • Added support for custom redis driver (#29275)
  • Added Postgres support for collation() on columns (#29213)

Fixed

  • Fixed collections with JsonSerializable items and mixed values (#29205)
  • Fixed MySQL Schema Grammar $modifiers order (#29265)
  • Fixed UPDATE query bindings on PostgreSQL (#29272)
  • Fixed default theme for Markdown mails (#29274)
  • Fixed UPDATE queries with alias on SQLite (#29276)
  • Fixed UPDATE and DELETE queries with join bindings on PostgreSQL (#29306)
  • Fixed support of DateTime objects and int values in orWhereDay(), orWhereMonth(), orWhereYear() methods in the Builder (#29317)
  • Fixed DELETE queries with joins on PostgreSQL (#29313)
  • Prevented a job from firing if job marked as deleted (#29204, 1003c27)
  • Fixed model deserializing with custom Model::newCollection() (#29196)

Reverted

... (truncated)
Commits
  • ee16d71 version
  • 74b62bb remove unneeded code
  • bd34d38 Merge pull request #29533 from tw99/Job-with-serialized-collection-handles-de...
  • 4c13824 Merge pull request #29535 from derekmd/request-validate-test-coverage
  • 5cc9aee Add Request::validate() macro test coverage
  • f4c873f Handle serialized collection with potentially deleted models
  • 8550ff3 Merge pull request #29526 from lorisleiva/5.8
  • 15bbbc0 Merge pull request #29527 from imanghafoori1/test_session_store
  • e1a57aa add test
  • fc59616 Only remove the event mutex if it was created
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

You can always request more updates by clicking Bump now in your Dependabot dashboard.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

@dependabot-preview
[Security] Bump laravel/framework from 5.5.20 to 5.8.32
03f80cb 
Bumps [laravel/framework](https://github.com/laravel/framework) from 5.5.20 to 5.8.32. **This update includes security fixes.**
- [Release notes](https://github.com/laravel/framework/releases)
- [Changelog](https://github.com/laravel/framework/blob/5.8/CHANGELOG-5.8.md)
- [Commits](laravel/framework@v5.5.20...v5.8.32)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
@dependabot-preview dependabot-preview bot added dependencies Pull requests that update a dependency file security Pull requests that address a security vulnerability labels Aug 16, 2019
@dependabot-preview
Copy link
Contributor Author

Superseded by #18.

@dependabot-preview dependabot-preview bot deleted the dependabot/composer/laravel/framework-5.8.32 branch August 21, 2019 09:23
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file security Pull requests that address a security vulnerability

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants