Skip to content

Update Dependencies#130

Merged
dan-tang-ssd merged 1 commit intodevfrom
update-dependencies-20260127
Jan 27, 2026
Merged

Update Dependencies#130
dan-tang-ssd merged 1 commit intodevfrom
update-dependencies-20260127

Conversation

@dan-tang-ssd
Copy link
Member

@dan-tang-ssd dan-tang-ssd commented Jan 27, 2026

This PR is submitted to update dependency.

It is now ready for review.

I run below commands:

composer audit
composer update

Here is the output for running command "composer audit" for reference:

dan@dan-XPS-9320:~/Sites/aef$ composer audit
Found 2 security vulnerability advisories affecting 2 packages:
+-------------------+----------------------------------------------------------------------------------+
| Package           | aws/aws-sdk-php                                                                  |
| Severity          | medium                                                                           |
| CVE               | CVE-2025-14761                                                                   |
| Title             | Key Commitment Issues in S3 Encryption Clients                                   |
| URL               | https://aws.amazon.com/security/security-bulletins/AWS-2025-032/                 |
| Affected versions | >=3.0.0,<3.368.0                                                                 |
| Reported at       | 2025-12-17T20:15:00+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+
+-------------------+----------------------------------------------------------------------------------+
| Package           | symfony/http-foundation                                                          |
| Severity          | high                                                                             |
| CVE               | CVE-2025-64500                                                                   |
| Title             | CVE-2025-64500: Incorrect parsing of PATH_INFO can lead to limited authorization |
|                   | bypass                                                                           |
| URL               | https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead- |
|                   | to-limited-authorization-bypass                                                  |
| Affected versions | >=2.0.0,<3.0.0|>=3.0.0,<4.0.0|>=4.0.0,<5.0.0|>=5.0.0,<5.1.0|>=5.1.0,<5.2.0|>=5.2 |
|                   | .0,<5.3.0|>=5.3.0,<5.4.0|>=5.4.0,<5.4.50|>=6.0.0,<6.1.0|>=6.1.0,<6.2.0|>=6.2.0,< |
|                   | 6.3.0|>=6.3.0,<6.4.0|>=6.4.0,<6.4.29|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3. |
|                   | 0|>=7.3.0,<7.3.7                                                                 |
| Reported at       | 2025-11-12T11:09:14+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+
dan@dan-XPS-9320:~/Sites/aef$

@dan-tang-ssd dan-tang-ssd merged commit afdeff5 into dev Jan 27, 2026
@dan-tang-ssd dan-tang-ssd deleted the update-dependencies-20260127 branch January 27, 2026 15:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dan-tang-ssd