Skip to content

fix: bump dependencies to address security vulnerabilities#101

Merged
william-suppo merged 1 commit into
masterfrom
fix/security-dependency-bumps
Jun 26, 2026
Merged

fix: bump dependencies to address security vulnerabilities#101
william-suppo merged 1 commit into
masterfrom
fix/security-dependency-bumps

Conversation

@william-suppo

Copy link
Copy Markdown
Contributor

Summary

Note: Les branches Symfony 6.0–6.3 et 7.0–7.3 n'ont pas de patch disponible en amont et ne sont plus couvertes par cette contrainte.

- robrichards/xmlseclibs ^3.1.4 → ^3.1.5 (CVE-2026-32313, CVE-2025-66578)
- symfony/http-foundation ^6.0|^7.0|^8.0 → ^6.4.41|^7.4.13|^8.0.13 (CVE-2025-64500, CVE-2026-48736)
- phpunit/phpunit ^10.1 → ^10.5.62 (CVE-2026-24765)

Note: Symfony branches 6.0-6.3 and 7.0-7.3 have no upstream patch available
and are no longer supported by this constraint.
@william-suppo william-suppo linked an issue Jun 26, 2026 that may be closed by this pull request
@william-suppo william-suppo merged commit 2a2a4c0 into master Jun 26, 2026
9 checks passed
@william-suppo william-suppo deleted the fix/security-dependency-bumps branch June 26, 2026 06:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

litesaml/lightsaml appears to be affected by CVE-2026-32313

1 participant