Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump zendframework/zendframework from 2.4.7 to 3.0.0 #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump zendframework/zendframework from 2.4.7 to 3.0.0 #1

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Oct 19, 2023

Bumps zendframework/zendframework from 2.4.7 to 3.0.0.

Release notes

Sourced from zendframework/zendframework's releases.

Zend Framework 3.0.0

  • Read the migration documentation.
  • Read the recommended quick start
  • Marks the package as a Composer metapackage; this means the package itself will not be installed, only the requirements it defines.
  • Updates the minimum supported PHP version to 5.6.
  • Updates all components to latest versions, including v3 releases where present. Also adds the following components:
    • zend-mvc-console
    • zend-mvc-plugins
    • zend-mvc-form
    • zend-mvc-i18n
    • zend-json-server
    • zend-xml2json
    • zend-diactoros
    • zend-stratigility
    • zend-psr7bridge
    • zend-hydrator
    • zend-servicemanager-di
  • Removes all bin/* scripts.

Zend Framework 2.5.3

  • #7665 updates component version constraints from ~2.5.0 to ^2.5 to ensure the latest security updates are always installed.

Zend Framework 2.5.2

SECURITY UPDATES

  • ZF2015-06: ZendXml runs a heuristic detection for XML Entity Expansion and XML eXternal Entity vectors when under php-fpm, due to issues with threading in libxml preventing using that library's built-in mechanisms for disabling them. However, the heuristic was determined to be faulty when multibyte encodings are used for the XML. This release contains a patch to ensure that the heuristic will work with multibyte encodings.

    If you use Zend Framework components that utilize DOMDocument or SimpleXML (which includes Zend\XmlRpc, Zend\Soap, Zend\Feed, and several others), and deploy using php-fpm in production (or plan to), we recommend upgrading immediately.

Zend Framework 2.5.1

Zend Framework 2.5.0

Zend Framework 2.4.13

  • Restores php 5.3 compat in Zend\Mail\Header\HeaderValue.

Zend Framework 2.4.12

  • Fix signature issue with AbstractContainer::offsetGet

Zend Framework 2.4.11

SECURITY UPDATES

  • ZF2016-04: zend-mail contained a potential remote code execution vector via the Sendmail transport adapter when the local part of From addresses containing escape sequences were present. This release adds additional validation and filtering of these addresses to prevent the vulnerability.

Zend Framework 2.4.10

... (truncated)

Changelog

Sourced from zendframework/zendframework's changelog.

3.0.0 (2016-06-28)

  • Read the migration documentation.
  • Read the recommended quick start
  • Marks the package as a Composer metapackage; this means the package itself will not be installed, only the requirements it defines.
  • Updates the minimum supported PHP version to 5.6.
  • Updates all components to latest versions, including v3 releases where present. Also adds the following components:
    • zend-mvc-console
    • zend-mvc-plugins
    • zend-mvc-form
    • zend-mvc-i18n
    • zend-json-server
    • zend-xml2json
    • zend-diactoros
    • zend-stratigility
    • zend-psr7bridge
    • zend-hydrator
    • zend-servicemanager-di
  • Removes all bin/* scripts.

2.5.3 (2016-01-27)

  • #7665 updates component version constraints from ~2.5.0 to ^2.5 to ensure the latest security updates are always installed.

2.5.2 (2015-08-03)

SECURITY UPDATES

  • ZF2015-06: ZendXml runs a heuristic detection for XML Entity Expansion and XML eXternal Entity vectors when under php-fpm, due to issues with threading in libxml preventing using that library's built-in mechanisms for disabling them. However, the heuristic was determined to be faulty when multibyte encodings are used for the XML. This release contains a patch to ensure that the heuristic will work with multibyte encodings.

    If you use Zend Framework components that utilize DOMDocument or SimpleXML (which includes Zend\XmlRpc, Zend\Soap, Zend\Feed, and several others), and deploy using php-fpm in production (or plan to), we recommend upgrading immediately.

2.5.1 (2015-06-04)

  • #7571 makes zend-ldap an optional dependency instead of a hard dependency, as zend-ldap has a hard requirement on ext-ldap, blocking installation for many users. If you use zend-ldap, you will need to call composer require zendframework/zend-ldap after upgrading to 2.5.1.

2.5.0 (2015-06-03)

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump zendframework/zendframework from 2.4.7 to 3.0.0
c1b0bb2 
Bumps [zendframework/zendframework](https://github.com/zendframework/zendframework) from 2.4.7 to 3.0.0.
- [Release notes](https://github.com/zendframework/zendframework/releases)
- [Changelog](https://github.com/zendframework/zendframework/blob/master/CHANGELOG.md)
- [Commits](zendframework/zendframework@release-2.4.7...release-3.0.0)

---
updated-dependencies:
- dependency-name: zendframework/zendframework
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Oct 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants