Skip to content

IBX-11606: Bumped overblog/graphql-bundle and resolved deprecations#98

Merged
konradoboza merged 7 commits into4.6from
ibx-11606-bump-trhirdparty-due-to-security
Apr 16, 2026
Merged

IBX-11606: Bumped overblog/graphql-bundle and resolved deprecations#98
konradoboza merged 7 commits into4.6from
ibx-11606-bump-trhirdparty-due-to-security

Conversation

@konradoboza
Copy link
Copy Markdown
Contributor

@konradoboza konradoboza commented Apr 14, 2026
edited
Loading

🎫 Issue IBX-11606

Description:

Due to GHSA-68jq-c3rv-pcrr which doesn't affect us directly, we needed to bump the requirement of 3rd party package in question (actually it's overblog/graphql which in turn requires the one mentioned above) not to block the installation.

Bumping the requirement to 0.15.0 is not enough due to this issue: overblog/GraphQLBundle#1033. Since 1.0 and 1.6 isn't that much different when it comes to BC breaking, I decided to align with what we have on main to reduce the diff.

Also, we need to have a composer alternative for the previous and the new versions due to PHP7.4 support, ref: https://github.com/overblog/GraphQLBundle/blob/v0.14.4/composer.json#L31.

For QA:

Documentation:

@konradoboza konradoboza force-pushed the ibx-11606-bump-trhirdparty-due-to-security branch from 8f341ba to 06713ab Compare April 14, 2026 21:47
@konradoboza konradoboza force-pushed the ibx-11606-bump-trhirdparty-due-to-security branch from 0b1817a to a4b0d07 Compare April 15, 2026 07:27
This was referenced Apr 15, 2026
Merged
Merged
@konradoboza konradoboza requested a review from a team April 15, 2026 09:10
@ibexa-workflow-automation-1 ibexa-workflow-automation-1 Bot requested review from Steveb-p, ViniTou, alongosz, barw4, bnowak, ciastektk, mikadamczyk, tbialcz and wiewiurdp and removed request for a team April 15, 2026 09:10
@alongosz alongosz force-pushed the ibx-11606-bump-trhirdparty-due-to-security branch from 97864c7 to 4087f79 Compare April 15, 2026 10:38
@konradoboza konradoboza mentioned this pull request Apr 15, 2026
Closed
Steveb-p
Steveb-p reviewed Apr 15, 2026
View reviewed changes
Comment thread src/lib/Relay/DomainConnectionBuilder.php Outdated
Comment thread src/lib/Resolver/RichTextResolver.php Outdated
Comment thread composer.json
@konradoboza konradoboza requested a review from Steveb-p April 15, 2026 11:36
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 15, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@micszo micszo self-assigned this Apr 15, 2026
@micszo micszo removed their assignment Apr 16, 2026
@konradoboza konradoboza merged commit 4b51f76 into 4.6 Apr 16, 2026
8 checks passed
@konradoboza konradoboza deleted the ibx-11606-bump-trhirdparty-due-to-security branch April 16, 2026 09:06
@konradoboza konradoboza mentioned this pull request Apr 16, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Steveb-p Steveb-p Steveb-p approved these changes

@alongosz alongosz alongosz approved these changes

@micszo micszo micszo approved these changes

@barw4 barw4 barw4 approved these changes

@mikadamczyk mikadamczyk Awaiting requested review from mikadamczyk

@bnowak bnowak Awaiting requested review from bnowak

@ciastektk ciastektk Awaiting requested review from ciastektk

@ViniTou ViniTou Awaiting requested review from ViniTou

@wiewiurdp wiewiurdp Awaiting requested review from wiewiurdp

@tbialcz tbialcz Awaiting requested review from tbialcz

Assignees

@tischsoic tischsoic

@konradoboza konradoboza

Labels

QA approved

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@konradoboza @Steveb-p @alongosz @micszo @barw4 @tischsoic