dependabot[bot]
c106ec7438
Bump jms/serializer-bundle from 5.2.0 to 5.2.1
...
Bumps [jms/serializer-bundle](https://github.com/schmittjoh/JMSSerializerBundle ) from 5.2.0 to 5.2.1.
- [Release notes](https://github.com/schmittjoh/JMSSerializerBundle/releases )
- [Changelog](https://github.com/schmittjoh/JMSSerializerBundle/blob/master/CHANGELOG.md )
- [Commits](https://github.com/schmittjoh/JMSSerializerBundle/compare/5.2.0...5.2.1 )
---
updated-dependencies:
- dependency-name: jms/serializer-bundle
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-06 03:08:16 +00:00
dependabot[bot]
3ef570a474
Bump doctrine/persistence from 3.1.3 to 3.1.4
...
Bumps [doctrine/persistence](https://github.com/doctrine/persistence ) from 3.1.3 to 3.1.4.
- [Release notes](https://github.com/doctrine/persistence/releases )
- [Commits](https://github.com/doctrine/persistence/compare/3.1.3...3.1.4 )
---
updated-dependencies:
- dependency-name: doctrine/persistence
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-06 03:06:39 +00:00
dependabot[bot]
22e0dfb8d6
Bump sass from 1.57.1 to 1.58.0
...
Bumps [sass](https://github.com/sass/dart-sass ) from 1.57.1 to 1.58.0.
- [Release notes](https://github.com/sass/dart-sass/releases )
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sass/dart-sass/compare/1.57.1...1.58.0 )
---
updated-dependencies:
- dependency-name: sass
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-06 03:02:20 +00:00
dependabot[bot]
c4a72d7508
Bump stylelint-webpack-plugin from 3.3.0 to 4.0.0
...
Bumps [stylelint-webpack-plugin](https://github.com/webpack-contrib/stylelint-webpack-plugin ) from 3.3.0 to 4.0.0.
- [Release notes](https://github.com/webpack-contrib/stylelint-webpack-plugin/releases )
- [Changelog](https://github.com/webpack-contrib/stylelint-webpack-plugin/blob/master/CHANGELOG.md )
- [Commits](https://github.com/webpack-contrib/stylelint-webpack-plugin/compare/v3.3.0...v4.0.0 )
---
updated-dependencies:
- dependency-name: stylelint-webpack-plugin
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-06 03:01:46 +00:00
dependabot[bot]
e06f6735e3
Bump jms/serializer from 3.21.0 to 3.22.0
...
Bumps [jms/serializer](https://github.com/schmittjoh/serializer ) from 3.21.0 to 3.22.0.
- [Release notes](https://github.com/schmittjoh/serializer/releases )
- [Changelog](https://github.com/schmittjoh/serializer/blob/master/CHANGELOG.md )
- [Commits](https://github.com/schmittjoh/serializer/compare/3.21.0...3.22.0 )
---
updated-dependencies:
- dependency-name: jms/serializer
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-06 03:01:30 +00:00
Jeremy Benoist
42b03d2834
Fix release script
...
The release script cloned the master branch by default because we never have to clone something else from now.
The script will now clone the tag using the given VERSION parameter.
2023-02-03 10:10:35 +01:00
github-actions[bot]
b32d6d448b
Merge pull request #6272 from wallabag/dependabot/npm_and_yarn/http-cache-semantics-4.1.1
...
Bump http-cache-semantics from 4.1.0 to 4.1.1
2023-02-02 05:50:21 +00:00
dependabot[bot]
e6e171c8ee
Bump http-cache-semantics from 4.1.0 to 4.1.1
...
Bumps [http-cache-semantics](https://github.com/kornelski/http-cache-semantics ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/kornelski/http-cache-semantics/releases )
- [Commits](https://github.com/kornelski/http-cache-semantics/commits )
---
updated-dependencies:
- dependency-name: http-cache-semantics
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-02 05:43:19 +00:00
Jérémy Benoist
cc68ed2b5d
Merge pull request #6270 from wallabag/dependabot/composer/nelmio/api-doc-bundle-4.11.1
2023-02-02 06:43:13 +01:00
Jérémy Benoist
db6a85afb1
Merge pull request #6271 from wallabag/dependabot/composer/phpstan/phpstan-symfony-1.2.22
2023-02-02 06:42:48 +01:00
dependabot[bot]
862660ae1a
Bump phpstan/phpstan-symfony from 1.2.21 to 1.2.22
...
Bumps [phpstan/phpstan-symfony](https://github.com/phpstan/phpstan-symfony ) from 1.2.21 to 1.2.22.
- [Release notes](https://github.com/phpstan/phpstan-symfony/releases )
- [Commits](https://github.com/phpstan/phpstan-symfony/compare/1.2.21...1.2.22 )
---
updated-dependencies:
- dependency-name: phpstan/phpstan-symfony
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-02 03:03:09 +00:00
dependabot[bot]
29d384598d
Bump nelmio/api-doc-bundle from 4.11.0 to 4.11.1
...
Bumps [nelmio/api-doc-bundle](https://github.com/nelmio/NelmioApiDocBundle ) from 4.11.0 to 4.11.1.
- [Release notes](https://github.com/nelmio/NelmioApiDocBundle/releases )
- [Changelog](https://github.com/nelmio/NelmioApiDocBundle/blob/master/CHANGELOG.md )
- [Commits](https://github.com/nelmio/NelmioApiDocBundle/compare/v4.11.0...v4.11.1 )
---
updated-dependencies:
- dependency-name: nelmio/api-doc-bundle
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-02 03:02:10 +00:00
Nicolas Lœuillet
0c313d396b
Merge pull request #6268 from wallabag/dependabot/composer/symfony/symfony-4.4.50
...
Bump symfony/symfony from 4.4.49 to 4.4.50
2023-02-01 21:54:40 +01:00
dependabot[bot]
522db91841
Bump symfony/symfony from 4.4.49 to 4.4.50
...
Bumps [symfony/symfony](https://github.com/symfony/symfony ) from 4.4.49 to 4.4.50.
- [Release notes](https://github.com/symfony/symfony/releases )
- [Changelog](https://github.com/symfony/symfony/blob/v4.4.50/CHANGELOG-4.4.md )
- [Commits](https://github.com/symfony/symfony/compare/v4.4.49...v4.4.50 )
---
updated-dependencies:
- dependency-name: symfony/symfony
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-01 20:46:46 +00:00
Jérémy Benoist
8954100779
Merge pull request #6267 from wallabag/release/2.5.3
...
Prepare 2.5.3
2023-02-01 10:15:18 +01:00
Jeremy Benoist
b795622f06
Prepare 2.5.3
2023-02-01 09:51:02 +01:00
Jérémy Benoist
5ac6b6bff9
Merge pull request from GHSA-mrqx-mjc4-vfh3
...
AnnotationController: fix improper authorization vulnerability
2023-02-01 09:32:22 +01:00
Jérémy Benoist
0f7460dbab
Merge pull request from GHSA-qwx8-mxxx-mg96
...
ExportController: fix improper authorization vulnerability
2023-02-01 09:30:43 +01:00
Jérémy Benoist
315d710f93
Merge pull request #6266 from wallabag/dependabot/composer/phpstan/phpstan-symfony-1.2.21
2023-02-01 07:09:46 +01:00
dependabot[bot]
3c5cfae0d5
Bump phpstan/phpstan-symfony from 1.2.20 to 1.2.21
...
Bumps [phpstan/phpstan-symfony](https://github.com/phpstan/phpstan-symfony ) from 1.2.20 to 1.2.21.
- [Release notes](https://github.com/phpstan/phpstan-symfony/releases )
- [Commits](https://github.com/phpstan/phpstan-symfony/compare/1.2.20...1.2.21 )
---
updated-dependencies:
- dependency-name: phpstan/phpstan-symfony
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-01 03:01:45 +00:00
Jérémy Benoist
849da17750
Merge pull request #6264 from weblate/weblate-wallabag-messages
2023-01-31 12:32:05 +01:00
Quentin PAGÈS
dc4687d75c
Translated using Weblate (Occitan)
...
Currently translated at 92.3% (533 of 577 strings)
2023-01-31 11:50:16 +01:00
Jérémy Benoist
77a9c842fc
Merge pull request #6262 from wallabag/dependabot/github_actions/dependabot/fetch-metadata-1.3.6
2023-01-30 04:55:55 +01:00
dependabot[bot]
8bd2bae841
Bump dependabot/fetch-metadata from 1.3.5 to 1.3.6
...
Bumps [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata ) from 1.3.5 to 1.3.6.
- [Release notes](https://github.com/dependabot/fetch-metadata/releases )
- [Commits](https://github.com/dependabot/fetch-metadata/compare/v1.3.5...v1.3.6 )
---
updated-dependencies:
- dependency-name: dependabot/fetch-metadata
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-30 03:07:21 +00:00
github-actions[bot]
a4f77189f0
Merge pull request #6261 from wallabag/dependabot/npm_and_yarn/eslint-8.33.0
...
Bump eslint from 8.32.0 to 8.33.0
2023-01-30 03:05:51 +00:00
dependabot[bot]
64381d9a62
Bump eslint from 8.32.0 to 8.33.0
...
Bumps [eslint](https://github.com/eslint/eslint ) from 8.32.0 to 8.33.0.
- [Release notes](https://github.com/eslint/eslint/releases )
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md )
- [Commits](https://github.com/eslint/eslint/compare/v8.32.0...v8.33.0 )
---
updated-dependencies:
- dependency-name: eslint
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-30 03:01:24 +00:00
Kevin Decherf
3ed7f2b751
AnnotationController: fix improper authorization vulnerability
...
This PR is based on 2.5.x branch.
We fix the improper authorization by retrieving the annotation using id
and user id.
We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.
Fixes GHSA-mrqx-mjc4-vfh3
Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com>
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-01-27 23:34:14 +01:00
Jérémy Benoist
172d8da64b
Merge pull request #6258 from wallabag/dependabot/composer/nelmio/api-doc-bundle-4.11.0
2023-01-26 05:15:01 +01:00
dependabot[bot]
69b262bfcd
Bump nelmio/api-doc-bundle from 4.10.2 to 4.11.0
...
Bumps [nelmio/api-doc-bundle](https://github.com/nelmio/NelmioApiDocBundle ) from 4.10.2 to 4.11.0.
- [Release notes](https://github.com/nelmio/NelmioApiDocBundle/releases )
- [Changelog](https://github.com/nelmio/NelmioApiDocBundle/blob/master/CHANGELOG.md )
- [Commits](https://github.com/nelmio/NelmioApiDocBundle/compare/v4.10.2...v4.11.0 )
---
updated-dependencies:
- dependency-name: nelmio/api-doc-bundle
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-26 03:01:37 +00:00
Jérémy Benoist
7ab6df9b8a
Merge pull request #6257 from wallabag/dependabot/composer/symfony/phpunit-bridge-6.2.5
2023-01-25 07:31:44 +01:00
dependabot[bot]
f5c67c7973
Bump symfony/phpunit-bridge from 6.2.3 to 6.2.5
...
Bumps [symfony/phpunit-bridge](https://github.com/symfony/phpunit-bridge ) from 6.2.3 to 6.2.5.
- [Release notes](https://github.com/symfony/phpunit-bridge/releases )
- [Changelog](https://github.com/symfony/phpunit-bridge/blob/6.2/CHANGELOG.md )
- [Commits](https://github.com/symfony/phpunit-bridge/compare/v6.2.3...v6.2.5 )
---
updated-dependencies:
- dependency-name: symfony/phpunit-bridge
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-25 03:01:39 +00:00
Jérémy Benoist
2e8ffa51b2
Merge pull request #6256 from wyntonfranklin/config-link-fix
2023-01-24 06:48:05 +01:00
Wynton Franklin
baddc525bb
fix for config links
2023-01-23 18:19:49 -04:00
github-actions[bot]
45ec5de9dc
Merge pull request #6255 from wallabag/dependabot/npm_and_yarn/eslint-plugin-import-2.27.5
...
Bump eslint-plugin-import from 2.27.4 to 2.27.5
2023-01-23 03:12:12 +00:00
dependabot[bot]
04e2f30d61
Bump eslint-plugin-import from 2.27.4 to 2.27.5
...
Bumps [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import ) from 2.27.4 to 2.27.5.
- [Release notes](https://github.com/import-js/eslint-plugin-import/releases )
- [Changelog](https://github.com/import-js/eslint-plugin-import/blob/main/CHANGELOG.md )
- [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.27.4...v2.27.5 )
---
updated-dependencies:
- dependency-name: eslint-plugin-import
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-23 03:07:37 +00:00
Kevin Decherf
0fdd9aa991
ExportController: fix improper authorization vulnerability
...
We fix the improper authorization by duplicating the check done by
the private method EntryController::checkUserAction().
We also replace the ParamConverter used to get the requested Entry with
an explicit call to EntryRepository in order to prevent a resource
enumeration through response discrepancy. Thus, we get the same
exception whether the requested resource does not exist or is not owned
by the requester.
Fixes GHSA-qwx8-mxxx-mg96
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-01-20 15:09:38 +01:00
Jérémy Benoist
31bd2feb77
Merge pull request #6252 from wallabag/dependabot/composer/php-amqplib/php-amqplib-3.5.1
2023-01-20 06:33:55 +01:00
Jérémy Benoist
402d4517f7
Merge pull request #6253 from wallabag/dependabot/composer/phpstan/phpstan-1.9.14
2023-01-20 06:33:31 +01:00
Jérémy Benoist
7c9c1c93ea
Merge pull request #6254 from wallabag/dependabot/composer/doctrine/persistence-3.1.3
2023-01-20 06:33:15 +01:00
dependabot[bot]
c17aafe4f0
Bump doctrine/persistence from 3.1.2 to 3.1.3
...
Bumps [doctrine/persistence](https://github.com/doctrine/persistence ) from 3.1.2 to 3.1.3.
- [Release notes](https://github.com/doctrine/persistence/releases )
- [Commits](https://github.com/doctrine/persistence/compare/3.1.2...3.1.3 )
---
updated-dependencies:
- dependency-name: doctrine/persistence
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-20 03:03:02 +00:00
dependabot[bot]
9a8efde898
Bump phpstan/phpstan from 1.9.13 to 1.9.14
...
Bumps [phpstan/phpstan](https://github.com/phpstan/phpstan ) from 1.9.13 to 1.9.14.
- [Release notes](https://github.com/phpstan/phpstan/releases )
- [Changelog](https://github.com/phpstan/phpstan/blob/1.10.x/CHANGELOG.md )
- [Commits](https://github.com/phpstan/phpstan/compare/1.9.13...1.9.14 )
---
updated-dependencies:
- dependency-name: phpstan/phpstan
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-20 03:02:04 +00:00
dependabot[bot]
4561cb2013
Bump php-amqplib/php-amqplib from 3.5.0 to 3.5.1
...
Bumps [php-amqplib/php-amqplib](https://github.com/php-amqplib/php-amqplib ) from 3.5.0 to 3.5.1.
- [Release notes](https://github.com/php-amqplib/php-amqplib/releases )
- [Changelog](https://github.com/php-amqplib/php-amqplib/blob/master/CHANGELOG.md )
- [Commits](https://github.com/php-amqplib/php-amqplib/compare/v3.5.0...v3.5.1 )
---
updated-dependencies:
- dependency-name: php-amqplib/php-amqplib
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-20 03:01:20 +00:00
Jérémy Benoist
fcd08eb5ff
Merge pull request #6249 from wallabag/dependabot/composer/phpstan/phpstan-1.9.13
2023-01-19 06:51:13 +01:00
Jérémy Benoist
65661a082b
Merge pull request #6250 from wallabag/dependabot/composer/doctrine/migrations-3.5.5
2023-01-19 06:50:56 +01:00
dependabot[bot]
a004c697a3
Bump doctrine/migrations from 3.5.4 to 3.5.5
...
Bumps [doctrine/migrations](https://github.com/doctrine/migrations ) from 3.5.4 to 3.5.5.
- [Release notes](https://github.com/doctrine/migrations/releases )
- [Commits](https://github.com/doctrine/migrations/compare/3.5.4...3.5.5 )
---
updated-dependencies:
- dependency-name: doctrine/migrations
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-19 03:03:36 +00:00
dependabot[bot]
75f2ee12b3
Bump phpstan/phpstan from 1.9.12 to 1.9.13
...
Bumps [phpstan/phpstan](https://github.com/phpstan/phpstan ) from 1.9.12 to 1.9.13.
- [Release notes](https://github.com/phpstan/phpstan/releases )
- [Changelog](https://github.com/phpstan/phpstan/blob/1.10.x/CHANGELOG.md )
- [Commits](https://github.com/phpstan/phpstan/compare/1.9.12...1.9.13 )
---
updated-dependencies:
- dependency-name: phpstan/phpstan
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-19 03:00:55 +00:00
Jérémy Benoist
cee1f887a0
Merge pull request #6246 from wallabag/dependabot/composer/predis/predis-2.1.1
2023-01-18 06:26:55 +01:00
Jérémy Benoist
529a83cde0
Merge pull request #6247 from wallabag/dependabot/composer/doctrine/migrations-3.5.4
2023-01-18 06:26:24 +01:00
Jérémy Benoist
dc916aa6a6
Merge pull request #6248 from wallabag/dependabot/composer/phpstan/phpstan-1.9.12
2023-01-18 06:25:58 +01:00
dependabot[bot]
9d975ba15b
Bump phpstan/phpstan from 1.9.11 to 1.9.12
...
Bumps [phpstan/phpstan](https://github.com/phpstan/phpstan ) from 1.9.11 to 1.9.12.
- [Release notes](https://github.com/phpstan/phpstan/releases )
- [Changelog](https://github.com/phpstan/phpstan/blob/1.10.x/CHANGELOG.md )
- [Commits](https://github.com/phpstan/phpstan/compare/1.9.11...1.9.12 )
---
updated-dependencies:
- dependency-name: phpstan/phpstan
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-18 03:03:15 +00:00