Yassine Guedidi
0a117958c9
Apply PHP-CS-Fixer fixes
2024-01-22 19:15:54 +01:00
Yassine Guedidi
667ea14d42
Add mandatory $class parameter
2023-08-05 17:25:03 +01:00
Kevin Decherf
3ed7f2b751
AnnotationController: fix improper authorization vulnerability
...
This PR is based on 2.5.x branch.
We fix the improper authorization by retrieving the annotation using id
and user id.
We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.
Fixes GHSA-mrqx-mjc4-vfh3
Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com>
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-01-27 23:34:14 +01:00
Jeremy Benoist
7332d1f4e5
Remove support for PHP < 7.2
...
Updating deps
- Removing electrolinux/php-html5lib (0.1.0)
- Updating doctrine/inflector (1.3.1 => 1.4.3)
- Updating doctrine/lexer (1.0.2 => 1.2.1)
- Installing symfony/polyfill-php80 (v1.17.0)
- Updating symfony/service-contracts (v1.1.8 => v2.1.2)
- Installing symfony/deprecation-contracts (v2.1.2)
- Updating symfony/mime (v4.4.8 => v5.1.1)
- Updating friendsofsymfony/rest-bundle (2.7.4 => 2.8.0)
- Updating doctrine/instantiator (1.3.0 => 1.3.1)
- Updating ocramius/proxy-manager (2.1.1 => 2.2.3)
- Updating php-http/discovery (1.7.4 => 1.8.0)
- Updating symfony/http-client-contracts (v1.1.8 => v2.1.2)
- Updating symfony/http-client (v4.4.8 => v5.1.1)
- Updating php-http/httplug-bundle (1.16.0 => 1.18.0)
- Updating symfony/phpunit-bridge (v4.3.11 => v5.1.1)
- Updating doctrine/data-fixtures (1.3.3 => 1.4.3)
- Updating composer/xdebug-handler (1.4.1 => 1.4.2)
- Updating masterminds/html5 (2.7.0 => 2.7.1)
- Updating j0k3r/php-readability (1.2.4 => 1.2.5)
- Updating phpoption/phpoption (1.7.3 => 1.7.4)
- Updating nikic/php-parser (v4.4.0 => v4.5.0)
- Installing thecodingmachine/safe (v1.1.1)
- Updating spomky-labs/otphp (v9.1.4 => v10.0.1)
- Updating pagerfanta/pagerfanta (v2.1.3 => v2.3.0)
Package white-october/pagerfanta-bundle is abandoned, you should avoid using it. Use babdev/pagerfanta-bundle instead.
- Removing white-october/pagerfanta-bundle (v1.3.2)
- Installing babdev/pagerfanta-bundle (v2.4.2)
Upgrading PHPStan to 0.12 and use extension installer
- Removing phpstan/phpdoc-parser (0.3.5)
- Removing nette/utils (v3.1.2)
- Removing nette/schema (v1.0.2)
- Removing nette/robot-loader (v3.2.3)
- Removing nette/php-generator (v3.4.0)
- Removing nette/neon (v3.1.2)
- Removing nette/finder (v2.5.2)
- Removing nette/di (v3.0.4)
- Removing nette/bootstrap (v3.0.2)
- Updating phpstan/phpstan (0.11.19 => 0.12.29)
- Updating phpstan/phpstan-doctrine (0.11.6 => 0.12.16)
- Updating phpstan/phpstan-phpunit (0.11.2 => 0.12.11)
- Updating phpstan/phpstan-symfony (0.11.6 => 0.12.6)
- Installing phpstan/extension-installer (1.0.4)
Upgrading jms/serializer-bundle to version 3 (and willdurand/hateoas-bundle to version 2)
- Removing phpoption/phpoption (1.7.4)
- Removing phpcollection/phpcollection (0.5.0)
- Removing jms/parser-lib (1.0.0)
- Updating jms/metadata (1.7.0 => 2.3.0)
- Updating jms/serializer (1.14.1 => 3.7.0)
- Updating jms/serializer-bundle (2.4.4 => 3.6.0)
- Updating willdurand/hateoas (2.12.0 => 3.6.0)
- Updating willdurand/hateoas-bundle (1.4.0 => 2.1.0)
Upgrading dama/doctrine-test-bundle to version 6
- Updating dama/doctrine-test-bundle (v5.0.3 => v6.2.0)
2020-06-15 08:25:59 +02:00
Jeremy Benoist
db9b6d8d0d
Update fixtures
2018-11-28 22:04:54 +01:00