[Security] Bump doctrine/orm from 2.4.2 to 2.4.8 #35

dependabot-preview · 2019-11-14T03:32:51Z

Bumps doctrine/orm from 2.4.2 to 2.4.8. This update includes a security fix.

Vulnerabilities fixed

Sourced from The PHP Security Advisories Database.

Security Misconfiguration Vulnerability in various Doctrine projects

Affected versions: >=2.0.0, <2.4.8; >=2.5.0, <2.5.1

Release notes

Sourced from doctrine/orm's releases.

v2.4.8
    Release Notes - Doctrine 2 - ORM - Version 2.4.8
Bug

[DDC-3310] - [GH-1138](https://github-redirect.dependabot.com/Join column index names doctrine/orm#1138) Join column index names

[DDC-3343] - `PersistentCollection::removeElement` schedules an entity for deletion when relationship is EXTRA_LAZY, with `orphanRemoval` false.

[DDC-3464] - [GH-1231](https://github-redirect.dependabot.com/Backport 'Merge pull request #1098 from encoder32/DDC-1590' to 2.4 branch doctrine/orm#1231) Backport &[Update #39](https://github-redirect.dependabot.com/[2.0.x] Fixed an undefined index by a HydrationException doctrine/orm#39);Merge pull request [#1098](https://github-redirect.dependabot.com/#DDC-1590: Fix Inheritance in Code-Generation doctrine/orm#1098) from encoder32/DDC-1590&[Update #39](https://github-redirect.dependabot.com/[2.0.x] Fixed an undefined index by a HydrationException doctrine/orm#39); to 2.4 branch

[DDC-3482] - [GH-1242](https://github-redirect.dependabot.com/Attempting to lock a proxy object fails as UOW doesn't init proxy first doctrine/orm#1242) Attempting to lock a proxy object fails as UOW doesn&[Update #39](https://github-redirect.dependabot.com/[2.0.x] Fixed an undefined index by a HydrationException doctrine/orm#39);t init proxy first

[DDC-3493] - New (PHP 5.5) "class" keyword - wrong parsing by EntityGenerator

[DDC-3494] - [GH-1250](https://github-redirect.dependabot.com/Test case for "class" keyword doctrine/orm#1250) Test case for "class" keyword

[DDC-3500] - [GH-1254](https://github-redirect.dependabot.com/Fix applying ON/WITH conditions to first join in Class Table Inheritance doctrine/orm#1254) Fix applying ON/WITH conditions to first join in Class Table Inheritance

[DDC-3502] - [GH-1256](https://github-redirect.dependabot.com/DDC-3493 - fixed EntityGenerator parsing for php 5.5 "::class" syntax doctrine/orm#1256) DDC-3493 - fixed EntityGenerator parsing for php 5.5 "::class" syntax

[DDC-3518] - [GH-1266](https://github-redirect.dependabot.com/[2.4] Fix schema generation in the test suite doctrine/orm#1266) [2.4] Fix schema generation in the test suite

[DDC-3537] - [GH-1282](https://github-redirect.dependabot.com/Hotfix/#1169 extra lazy one to many should not delete referenced entities (backport to 2.4) doctrine/orm#1282) Hotfix/[#1169](https://github-redirect.dependabot.com/[DDC-3343] Entities should not be deleted when using EXTRA_LAZY and one-to-many doctrine/orm#1169) extra lazy one to many should not delete referenced entities (backport to 2.4)

[DDC-3551] - [GH-1294](https://github-redirect.dependabot.com/Avoid Connection error when calling ClassMetadataFactor::getAllMetadata() doctrine/orm#1294) Avoid Connection error when calling ClassMetadataFactor::getAllMetadata()

[DDC-3560] - [GH-1300](https://github-redirect.dependabot.com/[2.4] #1169 DDC-3343 one-to-omany persister deletes only on EXTRA_LAZY plus orphanRemoval doctrine/orm#1300) [2.4] [#1169](https://github-redirect.dependabot.com/[DDC-3343] Entities should not be deleted when using EXTRA_LAZY and one-to-many doctrine/orm#1169) DDC-3343 one-to-omany persister deletes only on EXTRA_LAZY plus orphanRemoval

[DDC-3608] - [GH-1327](https://github-redirect.dependabot.com/Properly generate default value from yml & xml mapping doctrine/orm#1327) Properly generate default value from yml & xml mapping

[DDC-3619] - spl_object_hash collision

[DDC-3624] - [GH-1338](https://github-redirect.dependabot.com/[DDC-3619] Update identityMap when entity gets managed again doctrine/orm#1338) [DDC-3619] Update identityMap when entity gets managed again

[DDC-3643] - [GH-1352](https://github-redirect.dependabot.com/fix EntityGenerator RegenerateEntityIfExists doctrine/orm#1352) fix EntityGenerator RegenerateEntityIfExists

Improvement

[DDC-3530] - [GH-1276](https://github-redirect.dependabot.com/[2.4] travis: run coverage just once doctrine/orm#1276) travis: run coverage just once
... (truncated)

Commits

5aedac1 Release 2.4.8
caf30b8 [DCOM-293] Fix security misconfiguration vulnerability allowing local remote ...
0cf7e0e Merge branch 'hotfix/#1352-entity-generator-new-class-metadata-hotfix-2.4' in...
2290d1f fix EntityGenerator RegenerateEntityIfExists
ecb1e10 Update docs theme submodule.
9dfa20d Merge branch 'hotfix/#1327-entity-generator-default-property-value-export-2.4...
33baa41 Properly generate default value from yml & xml mapping
1c8f9ca Merge branch 'hotfix/#1338-identity-map-garbage-collection-prevention-on-canc...
7aa33c6 #1338 - Removing redundant test case
0fc476d Adding @group annotations for newly introduced tests
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

You can always request more updates by clicking Bump now in your Dependabot dashboard.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)
Pull request limits (per update run and/or open at any time)
Automerge options (never/patch/minor, and dev/runtime dependencies)
Out-of-range updates (receive only lockfile updates, if desired)
Security updates (receive only security updates, if desired)

Bumps [doctrine/orm](https://github.com/doctrine/doctrine2) from 2.4.2 to 2.4.8. **This update includes a security fix.** - [Release notes](https://github.com/doctrine/doctrine2/releases) - [Commits](doctrine/orm@v2.4.2...v2.4.8) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

dependabot-preview · 2020-06-09T16:58:22Z

This pull request will no longer be automatically closed when a new version is found as this pull request was created by Dependabot Preview and this repo is using a version: 2 config file. You can close this pull request and let Dependabot re-create it the next time it checks for updates.

dependabot-preview · 2020-06-10T05:43:24Z

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot-preview bot added dependencies Pull requests that update a dependency file security Pull requests that address a security vulnerability labels Nov 14, 2019

dependabot-preview bot assigned luckow Nov 14, 2019

dependabot-preview bot force-pushed the dependabot/composer/doctrine/orm-2.4.8 branch from 61b7007 to 9e04ad3 Compare May 4, 2020 08:37

xendk closed this Jun 10, 2020

dependabot-preview bot deleted the dependabot/composer/doctrine/orm-2.4.8 branch June 10, 2020 05:43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Security] Bump doctrine/orm from 2.4.2 to 2.4.8 #35

[Security] Bump doctrine/orm from 2.4.2 to 2.4.8 #35

dependabot-preview bot commented Nov 14, 2019 •

edited

dependabot-preview bot commented Jun 9, 2020

dependabot-preview bot commented Jun 10, 2020

[Security] Bump doctrine/orm from 2.4.2 to 2.4.8 #35

[Security] Bump doctrine/orm from 2.4.2 to 2.4.8 #35

Conversation

dependabot-preview bot commented Nov 14, 2019 • edited

v2.4.8

Bug

Improvement

dependabot-preview bot commented Jun 9, 2020

dependabot-preview bot commented Jun 10, 2020

dependabot-preview bot commented Nov 14, 2019 •

edited