Skip to content

Bump the composer group across 1 directory with 7 updates#9

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/composer/fieldlab-201809/openwebconcept-open-melding-backend-1b4046216dc1/composer-1fee256bf4
Open

Bump the composer group across 1 directory with 7 updates#9
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/composer/fieldlab-201809/openwebconcept-open-melding-backend-1b4046216dc1/composer-1fee256bf4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 11, 2026

Copy link
Copy Markdown

Bumps the composer group with 6 updates in the /fieldlab-201809/openwebconcept-open-melding-backend-1b4046216dc1 directory:

Package From To
erusev/parsedown 1.7.1 1.8.0
guzzlehttp/guzzle 6.3.3 6.5.8
swiftmailer/swiftmailer 6.1.3 6.3.0
symfony/process 4.1.4 4.4.x-dev
symfony/routing 4.1.4 4.4.x-dev
symfony/yaml 4.1.4 4.4.x-dev

Updates erusev/parsedown from 1.7.1 to 1.8.0

Release notes

Sourced from erusev/parsedown's releases.

1.8.0

The first stable release in over six years. Requires PHP 7.1+.

Breaking Changes

  • PHP 7.1 minimum -- dropped support for PHP 5.3, 5.4, 5.5, 5.6, and 7.0.
  • List separation by marker type -- lists using different markers (*, +, -, or switching between . and ) for ordered lists) are now treated as separate lists, matching the CommonMark spec.
  • Lazy blockquotes -- consecutive blockquotes separated by a blank line are no longer merged into one, per CommonMark.
  • Sparse HTML blocks -- blank lines inside block-level HTML are now wrapped in <p> tags instead of being preserved as-is.
  • Empty ATX headings -- # and ## on their own now produce <h1></h1> and <h2></h2> instead of being treated as paragraphs.
  • Extensions accessing block internals may need to update: the element structure uses element instead of text in some places (e.g. $Block['element']['element']['text'] instead of $Block['element']['text']['text']).

Security

  • Regex patterns throughout the parser now use possessive quantifiers (*+, ++) to prevent catastrophic backtracking (ReDoS). This addresses denial-of-service vectors where malformed emphasis markers or other adversarial input could cause memory exhaustion or hangs.
  • Safe mode now sanitizes nested elements correctly via recursive AST traversal. Previously, sanitization only applied at the top level.
  • Extensions can mark self-produced HTML as trusted using allowRawHtmlInSafeMode so it isn't escaped in safe mode, while untrusted input remains escaped.

PHP Compatibility

  • Fixed implicit nullable parameter deprecations for PHP 8.4+.
  • Updated PHPUnit dependency and test infrastructure for modern PHP.
  • CI moved from Travis CI to GitHub Actions.

CommonMark Compliance

  • Setext headings now handle leading/trailing spaces correctly.
  • ATX heading closing # sequences are trimmed properly (e.g. # # of levels # # renders as <h1># of levels #</h1>).
  • Ordered lists support ) as a marker in addition to ..
  • Ordered lists starting with a number other than 1 no longer interrupt paragraphs.
  • One-column tables are now supported.
  • Fenced code blocks require the closing fence to have at least as many backticks/tildes as the opening fence.
  • HTML comments follow the CommonMark spec more closely.
  • Email autolinks validate against the CommonMark email definition.
  • Escaped tilde characters (\~\~) are no longer treated as strikethrough.

New Features

  • Strict mode (setStrictMode(true)) -- requires a space after # in ATX headings (CommonMark-compliant behavior).

Bug Fixes

  • Fixed "Uninitialized string offset" errors on certain inputs.
  • Fixed adjacent blockquotes being incorrectly merged.
  • Fixed line-break standardization when using the line() method directly.
  • Fixed table header validation (headers containing newlines are no longer accepted).
  • Fixed spaces in fenced code block class names.

Version 1.8.0-beta-6

This is a pre-release.

... (truncated)

Commits

Updates guzzlehttp/guzzle from 6.3.3 to 6.5.8

Release notes

Sourced from guzzlehttp/guzzle's releases.

Release 6.5.8

See change log for changes.

Release 6.5.7

See change log for changes.

Release 6.5.6

See change log for changes.

6.5.5

No release notes provided.

6.5.4

No release notes provided.

6.5.3

No release notes provided.

6.5.2

  • idn_to_ascii() fix for old PHP versions #2489

6.5.1

  • Better defaults for PHP installations with old ICU lib #2454
  • IDN support for redirects #2424

6.5.0

No release notes provided.

6.4.1

No release notes provided.

Changelog

Sourced from guzzlehttp/guzzle's changelog.

6.5.8 - 2022-06-20

  • Fix change in port should be considered a change in origin
  • Fix CURLOPT_HTTPAUTH option not cleared on change of origin

6.5.7 - 2022-06-09

  • Fix failure to strip Authorization header on HTTP downgrade
  • Fix failure to strip the Cookie header on change in host or HTTP downgrade

6.5.6 - 2022-05-25

  • Fix cross-domain cookie leakage

6.5.5 - 2020-06-16

  • Unpin version constraint for symfony/polyfill-intl-idn #2678

6.5.4 - 2020-05-25

  • Fix various intl icu issues #2626

6.5.3 - 2020-04-18

  • Use Symfony intl-idn polyfill #2550
  • Remove use of internal functions #2548

6.5.2 - 2019-12-23

  • idn_to_ascii() fix for old PHP versions #2489

6.5.1 - 2019-12-21

  • Better defaults for PHP installations with old ICU lib #2454
  • IDN support for redirects #2424

6.5.0 - 2019-12-07

  • Improvement: Added support for reset internal queue in MockHandler. #2143
  • Improvement: Added support to pass arbitrary options to curl_multi_init. #2287
  • Fix: Gracefully handle passing null to the header option. #2132
  • Fix: RetryMiddleware did not do exponential delay between retries due unit mismatch. #2132 Previously, RetryMiddleware would sleep for 1 millisecond, then 2 milliseconds, then 4 milliseconds. After this change, RetryMiddleware will sleep for 1 second, then 2 seconds, then 4 seconds. Middleware::retry() accepts a second callback parameter to override the default timeouts if needed.
  • Fix: Prevent undefined offset when using array for ssl_key options. #2348
  • Deprecated ClientInterface::VERSION

6.4.1 - 2019-10-23

... (truncated)

Commits

Updates guzzlehttp/psr7 from 1.4.2 to 1.9.1

Release notes

Sourced from guzzlehttp/psr7's releases.

1.9.1

See change log for changes.

1.9.0

See change log for changes.

1.8.5

See change log for changes.

1.8.4

See change log for changes.

1.8.3

See change log for changes.

1.8.2

See change log for changes.

1.8.1

See change log for changes.

1.8.0

See change log for changes.

1.7.0

See change log for changes.

Revert PSR-7 type assertions

1.6.0 introduced a few type assertions to enforce types defined by PSR-7. Unfortunately that break the library for users not strictly following the PSR-7 standard. Since the users impacted by this change seems to be rather large, this hotfix reverts that change with the note that we will reapply it in 2.0.0, so fixing this is recommended regardless of which version you use.

Details are in #282 and #283

1.6.0

Version 1.6.0 is released which will likely be the last minor release in 1.x. We're focussing 2.0 now with support for psr/http-factory, PHP 7.2 requirement and type declarations.

Added

  • Allowed version ^3.0 of ralouphie/getallheaders dependency (#244)
  • Added MIME type for WEBP image format (#246)
  • Added more validation of values according to PSR-7 and RFC standards, e.g. status code range (#250, #272)

Changed

  • Tests don't pass with HHVM 4.0, so HHVM support got dropped. Other libraries like composer have done the same. (#262)
  • Accept port number 0 to be valid (#270)

Fixed

  • Fixed subsequent reads from php://input in ServerRequest (#247)
  • Fixed readable/writable detection for certain stream modes (#248)

... (truncated)

Changelog

Sourced from guzzlehttp/psr7's changelog.

1.9.1 - 2023-04-17

Fixed

  • Fixed header validation issue

1.9.0 - 2022-06-20

Added

  • Added UriComparator::isCrossOrigin method

1.8.5 - 2022-03-20

Fixed

  • Correct header value validation

1.8.4 - 2022-03-20

Fixed

  • Validate header values properly

1.8.3 - 2021-10-05

Fixed

  • Return null in caching stream size if remote size is null

1.8.2 - 2021-04-26

Fixed

  • Handle possibly unset url in stream_get_meta_data

1.8.1 - 2021-03-21

Fixed

  • Issue parsing IPv6 URLs
  • Issue modifying ServerRequest lost all its attributes

1.8.0 - 2021-03-21

Added

  • Locale independent URL parsing
  • Most classes got a @final annotation to prepare for 2.0

... (truncated)

Commits

Updates swiftmailer/swiftmailer from 6.1.3 to 6.3.0

Changelog

Sourced from swiftmailer/swiftmailer's changelog.

6.3.0 (2021-10-18)

  • Fix support for PHP 8.1

6.2.7 (2021-03-09)

  • Allow egulias/email-validator 3.1+

6.2.6 (2021-03-05)

  • Fix Bcc support

6.2.5 (2021-01-12)

  • Don't trust properties at destruct time
  • Remove invalid PHPDocs param in EventDispatcher interface
  • Bump license year
  • Removes PHP version from README

6.2.4 (2020-12-08)

  • Prevent flushing of the bubble queue when event handler raises another event
  • Add support for PHP 8
  • Code cleanups

6.2.3 (2019-11-12)

  • no changes

6.2.2 (2019-11-12)

  • fixed compat with PHP 7.4
  • fixed error message when connecting to a stream raises an error before connect()

6.2.1 (2019-04-21)

  • reverted "deprecated Swift_CharacterStream_ArrayCharacterStream and Swift_CharacterStream_NgCharacterStream in favor of Swift_CharacterStream_CharacterStream"

6.2.0 (2019-03-10)

  • added support for symfony/polyfill-intl-dn

... (truncated)

Commits
  • 8a5d507 Prepare 6.3.0 release
  • 56dccc1 Fix changelog
  • bc28df7 bug #1355 PHP 8.1 Support (driesvints)
  • ee8a1d9 PHP 8.1 Support
  • 2a7fb75 minor #1352 Add information about EOM (fabpot)
  • 0863074 Add information about EOM
  • 23e9ffa Change intro doc page title
  • 0cf1030 minor #1336 [Doc] Fixed the syntax of a table in messages.rst (javiereguiluz)
  • 93ab97b [Doc] Fixed the syntax of a table in messages.rst
  • 6044649 minor #1335 [Doc] Fixed a minor issue in a code example (javiereguiluz)
  • Additional commits viewable in compare view

Updates symfony/process from 4.1.4 to 4.4.x-dev

Changelog

Sourced from symfony/process's changelog.

CHANGELOG

7.3

  • Add RunProcessMessage::fromShellCommandline() to instantiate a Process via the fromShellCommandline method

7.1

  • Add Process::setIgnoredSignals() to disable signal propagation to the child process

6.4

  • Add PhpSubprocess to handle PHP subprocesses that take over the configuration from their parent
  • Add RunProcessMessage and RunProcessMessageHandler

5.2.0

  • added Process::setOptions() to set Process specific options
  • added option create_new_console to allow a subprocess to continue to run after the main script exited, both on Linux and on Windows

5.1.0

  • added Process::getStartTime() to retrieve the start time of the process as float

5.0.0

  • removed Process::inheritEnvironmentVariables()
  • removed PhpProcess::setPhpBinary()
  • Process must be instantiated with a command array, use Process::fromShellCommandline() when the command should be parsed by the shell
  • removed Process::setCommandLine()

4.4.0

  • deprecated Process::inheritEnvironmentVariables(): env variables are always inherited.
  • added Process::getLastOutputTime() method

4.2.0

... (truncated)

Commits

Updates symfony/routing from 4.1.4 to 4.4.x-dev

Changelog

Sourced from symfony/routing's changelog.

CHANGELOG

8.1

  • Add a $trailingSlashOnRoot argument to CollectionConfigurator::prefix() to allow disabling the trailing slash on root routes

8.0

  • Remove support for accessing the internal scope of the loader in PHP config files, use only its public API instead
  • Providing a non-array _query parameter to UrlGenerator causes an InvalidParameterException
  • Remove the protected AttributeClassLoader::$routeAnnotationClass property and the setRouteAnnotationClass() method, use AttributeClassLoader::setRouteAttributeClass() instead
  • Remove class aliases in the Annotation namespace, use attributes instead
  • Remove getters and setters in attribute classes in favor of public properties
  • Remove support for the XML configuration format

7.4

  • Add AttributeServicesLoader and RoutingControllerPass to auto-register routes from attributes on services
  • Allow query-specific parameters in UrlGenerator using _query
  • Add support of multiple env names in the Symfony\Component\Routing\Attribute\Route attribute
  • Add argument $parameters to RequestContext's constructor
  • Handle declaring routes using PHP arrays that follow the same shape as corresponding yaml files
  • Add RoutesReference to help writing PHP configs using yaml-like array-shapes
  • Deprecate class aliases in the Annotation namespace, use attributes instead
  • Deprecate getters and setters in attribute classes in favor of public properties
  • Deprecate accessing the internal scope of the loader in PHP config files, use only its public API instead
  • Deprecate XML configuration format, use YAML, PHP or attributes instead

7.3

  • Allow aliases and deprecations in #[Route] attribute
  • Add the Requirement::MONGODB_ID constant to validate MongoDB ObjectIDs in hexadecimal format

7.2

  • Add the Requirement::UID_RFC9562 constant to validate UUIDs in the RFC 9562 format
  • Deprecate the AttributeClassLoader::$routeAnnotationClass property

7.1

  • Add {foo:bar} syntax to define a mapping between a route parameter and its corresponding request attribute

7.0

... (truncated)

Commits

Updates symfony/yaml from 4.1.4 to 4.4.x-dev

Changelog

Sourced from symfony/yaml's changelog.

CHANGELOG

8.0

  • Remove support for parsing duplicate mapping keys whose value is null

7.3

  • Add compact nested mapping support by using the Yaml::DUMP_COMPACT_NESTED_MAPPING flag
  • Add the Yaml::DUMP_FORCE_DOUBLE_QUOTES_ON_VALUES flag to enforce double quotes around string values

7.2

  • Deprecate parsing duplicate mapping keys whose value is null
  • Add support for dumping null as an empty value by using the Yaml::DUMP_NULL_AS_EMPTY flag

7.1

  • Add support for getting all the enum cases with !php/enum Foo

7.0

  • Remove the !php/const: tag, use !php/const instead (without the colon)

6.3

  • Add support to dump int keys as strings by using the Yaml::DUMP_NUMERIC_KEY_AS_STRING flag

6.2

  • Add support for !php/enum and !php/enum *->value
  • Deprecate the !php/const: tag in key which will be replaced by the !php/const tag (without the colon) since 3.4

6.1

  • In cases where it will likely improve readability, strings containing single quotes will be double-quoted

5.4

  • Add a $maxNestingLevel argument to Parser::__construct(), Yaml::parse() and Yaml::parseFile() to bound recursion depth (default 128)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the composer group across 1 directory with 7 updates
bf1dd6f 
Bumps the composer group with 6 updates in the /fieldlab-201809/openwebconcept-open-melding-backend-1b4046216dc1 directory:

| Package | From | To |
| --- | --- | --- |
| [erusev/parsedown](https://github.com/erusev/parsedown) | `1.7.1` | `1.8.0` |
| [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) | `6.3.3` | `6.5.8` |
| [swiftmailer/swiftmailer](https://github.com/swiftmailer/swiftmailer) | `6.1.3` | `6.3.0` |
| [symfony/process](https://github.com/symfony/process) | `4.1.4` | `4.4.x-dev` |
| [symfony/routing](https://github.com/symfony/routing) | `4.1.4` | `4.4.x-dev` |
| [symfony/yaml](https://github.com/symfony/yaml) | `4.1.4` | `4.4.x-dev` |



Updates `erusev/parsedown` from 1.7.1 to 1.8.0
- [Release notes](https://github.com/erusev/parsedown/releases)
- [Commits](erusev/parsedown@1.7.1...1.8.0)

Updates `guzzlehttp/guzzle` from 6.3.3 to 6.5.8
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/6.5.8/CHANGELOG.md)
- [Commits](guzzle/guzzle@6.3.3...6.5.8)

Updates `guzzlehttp/psr7` from 1.4.2 to 1.9.1
- [Release notes](https://github.com/guzzle/psr7/releases)
- [Changelog](https://github.com/guzzle/psr7/blob/1.9.1/CHANGELOG.md)
- [Commits](guzzle/psr7@1.4.2...1.9.1)

Updates `swiftmailer/swiftmailer` from 6.1.3 to 6.3.0
- [Changelog](https://github.com/swiftmailer/swiftmailer/blob/master/CHANGES)
- [Commits](swiftmailer/swiftmailer@v6.1.3...v6.3.0)

Updates `symfony/process` from 4.1.4 to 4.4.x-dev
- [Release notes](https://github.com/symfony/process/releases)
- [Changelog](https://github.com/symfony/process/blob/8.2/CHANGELOG.md)
- [Commits](https://github.com/symfony/process/commits)

Updates `symfony/routing` from 4.1.4 to 4.4.x-dev
- [Release notes](https://github.com/symfony/routing/releases)
- [Changelog](https://github.com/symfony/routing/blob/8.2/CHANGELOG.md)
- [Commits](https://github.com/symfony/routing/commits)

Updates `symfony/yaml` from 4.1.4 to 4.4.x-dev
- [Release notes](https://github.com/symfony/yaml/releases)
- [Changelog](https://github.com/symfony/yaml/blob/8.2/CHANGELOG.md)
- [Commits](https://github.com/symfony/yaml/commits)

---
updated-dependencies:
- dependency-name: erusev/parsedown
  dependency-version: 1.8.0
  dependency-type: indirect
  dependency-group: composer
- dependency-name: guzzlehttp/guzzle
  dependency-version: 6.5.8
  dependency-type: indirect
  dependency-group: composer
- dependency-name: guzzlehttp/psr7
  dependency-version: 1.9.1
  dependency-type: indirect
  dependency-group: composer
- dependency-name: swiftmailer/swiftmailer
  dependency-version: 6.3.0
  dependency-type: indirect
  dependency-group: composer
- dependency-name: symfony/process
  dependency-version: 4.4.x-dev
  dependency-type: indirect
  dependency-group: composer
- dependency-name: symfony/routing
  dependency-version: 4.4.x-dev
  dependency-type: indirect
  dependency-group: composer
- dependency-name: symfony/yaml
  dependency-version: 4.4.x-dev
  dependency-type: indirect
  dependency-group: composer
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file php Pull requests that update php code labels Jun 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file php Pull requests that update php code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants