{"id":668,"name":"league/commonmark","ecosystem":"packagist","repository_url":"https://github.com/thephpleague/commonmark","issues_count":906,"created_at":"2025-06-06T15:01:36.392Z","updated_at":"2025-06-06T15:01:36.392Z","purl":"pkg:composer/league/commonmark","metadata":{"id":606708,"name":"league/commonmark","ecosystem":"packagist","description":"Highly-extensible PHP Markdown parser which fully supports the CommonMark spec and GitHub-Flavored Markdown (GFM)","homepage":"https://commonmark.thephpleague.com","licenses":"BSD-3-Clause","normalized_licenses":["BSD-3-Clause"],"repository_url":"https://github.com/thephpleague/commonmark","keywords_array":["parser","markdown","github","md","gfm","commonmark","flavored","github-flavored"],"namespace":"league","versions_count":135,"first_release_published_at":"2014-09-08T13:43:41.000Z","latest_release_published_at":"2025-05-05T12:20:28.000Z","latest_release_number":"2.7.0","last_synced_at":"2025-06-06T12:31:02.298Z","created_at":"2022-04-07T10:01:47.646Z","updated_at":"2025-06-06T12:31:02.299Z","registry_url":"https://packagist.org/packages/league/commonmark#","install_command":"composer require league/commonmark","documentation_url":null,"metadata":{"funding":[{"url":"https://www.colinodell.com/sponsor","type":"custom"},{"url":"https://www.paypal.me/colinpodell/10.00","type":"custom"},{"url":"https://github.com/colinodell","type":"github"},{"url":"https://tidelift.com/funding/github/packagist/league/commonmark","type":"tidelift"}]},"repo_metadata":{"id":20490768,"uuid":"23768977","full_name":"thephpleague/commonmark","owner":"thephpleague","description":"Highly-extensible PHP Markdown parser which fully supports the CommonMark and GFM specs.","archived":false,"fork":false,"pushed_at":"2024-11-06T00:07:48.000Z","size":6120,"stargazers_count":2742,"open_issues_count":25,"forks_count":194,"subscribers_count":35,"default_branch":"2.5","last_synced_at":"2024-11-07T00:02:57.338Z","etag":null,"topics":["commonmark","gfm","github-flavored-markdown","hacktoberfest","markdown","php"],"latest_commit_sha":null,"homepage":"https://commonmark.thephpleague.com","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/thephpleague.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG-0.x.md","contributing":".github/CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":".github/SECURITY.md","support":".github/SUPPORT.MD","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"colinodell","tidelift":"packagist/league/commonmark","custom":["https://www.colinodell.com/sponsor","https://www.paypal.me/colinpodell/10.00"]}},"created_at":"2014-09-07T19:37:12.000Z","updated_at":"2024-11-06T11:50:38.000Z","dependencies_parsed_at":"2024-01-13T05:18:13.123Z","dependency_job_id":"84fd2a17-92ac-4d76-a896-b1ed98a24541","html_url":"https://github.com/thephpleague/commonmark","commit_stats":{"total_commits":2130,"total_committers":118,"mean_commits":"18.050847457627118","dds":0.2525821596244131,"last_synced_commit":"f71d0b5d9bbec0ba6ad2eb78eb572a54f7b15e87"},"previous_names":[],"tags_count":125,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/thephpleague","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/refs/heads/2.5","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223593519,"owners_count":17170693,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"thephpleague","name":"The League of Extraordinary Packages","uuid":"527621","kind":"organization","description":"A group of developers who have banded together to build solid, well tested PHP packages using modern coding standards.","email":null,"website":"https://thephpleague.com","location":"Worldwide","twitter":"thephpleague","company":null,"icon_url":"https://avatars.githubusercontent.com/u/527621?v=4","repositories_count":159,"last_synced_at":"2023-04-09T05:41:35.183Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/thephpleague","funding_links":[],"total_stars":71885,"followers":null,"following":null,"created_at":"2022-11-02T16:21:15.697Z","updated_at":"2023-04-09T05:41:36.117Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/thephpleague","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/thephpleague/repositories"},"tags":[{"name":"2.4.2","sha":"91c24291965bd6d7c46c46a12ba7492f83b1cadf","kind":"tag","published_at":"2024-02-02T11:59:45.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.4.2","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.4.2/manifests"},{"name":"2.4.1","sha":"3669d6d5f7a47a93c08ddff335e6d945481a1dd5","kind":"tag","published_at":"2023-08-30T16:55:08.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.4.1","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.4.1/manifests"},{"name":"2.4.0","sha":"d44a24690f16b8c1808bf13b1bd54ae4c63ea048","kind":"tag","published_at":"2023-03-24T15:18:34.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.4.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.4.0/manifests"},{"name":"2.3.9","sha":"c1e114f74e518daca2729ea8c4bf1167038fa4b5","kind":"tag","published_at":"2023-02-15T14:07:34.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.3.9","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.3.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.3.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.3.9/manifests"},{"name":"2.3.8","sha":"c493585c130544c4e91d2e0e131e6d35cb0cbc47","kind":"tag","published_at":"2022-12-10T16:02:20.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.3.8","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.3.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.3.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.3.8/manifests"},{"name":"2.3.7","sha":"a36bd2be4f5387c0f3a8792a0d76b7d68865abbf","kind":"tag","published_at":"2022-11-03T17:30:06.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.3.7","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.3.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.3.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.3.7/manifests"},{"name":"2.3.6","sha":"857afc47ce113454bd629037213378ba3219dd40","kind":"tag","published_at":"2022-10-30T16:45:44.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.3.6","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.3.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.3.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.3.6/manifests"},{"name":"2.3.5","sha":"84d74485fdb7074f4f9dd6f02ab957b1de513257","kind":"tag","published_at":"2022-07-29T10:59:59.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.3.5","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.3.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.3.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.3.5/manifests"},{"name":"2.3.4","sha":"155ec1c95626b16fda0889cf15904d24890a60d5","kind":"tag","published_at":"2022-07-17T16:25:59.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.3.4","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.3.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.3.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.3.4/manifests"},{"name":"2.3.3","sha":"0da1dca5781dd3cfddbe328224d9a7a62571addc","kind":"tag","published_at":"2022-06-07T21:28:31.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.3.3","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.3.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.3.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.3.3/manifests"},{"name":"2.3.2","sha":"6eddb90a9e4a1a8c5773226068fcfb48cb36812a","kind":"tag","published_at":"2022-06-03T14:07:45.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.3.2","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.3.2/manifests"},{"name":"2.2.5","sha":"3a466decc0bd43d9f63ed7c008043a4e9a9cb1b7","kind":"tag","published_at":"2022-06-03T14:05:36.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.2.5","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.2.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.2.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.2.5/manifests"},{"name":"2.3.1","sha":"cb36fee279f7fca01d5d9399ddd1b37e48e2eca1","kind":"tag","published_at":"2022-05-14T15:38:54.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.3.1","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.3.1/manifests"},{"name":"2.2.4","sha":"9981c77d62ebe1d3038e3cb3d79cd83bc50cb465","kind":"tag","published_at":"2022-05-14T15:33:12.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.2.4","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.2.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.2.4/manifests"},{"name":"2.3.0","sha":"32a49eb2b38fe5e5c417ab748a45d0beaab97955","kind":"tag","published_at":"2022-04-07T22:41:28.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.3.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.3.0/manifests"},{"name":"2.2.3","sha":"47b015bc4e50fd4438c1ffef6139a1fb65d2ab71","kind":"tag","published_at":"2022-02-26T21:25:07.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.2.3","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.2.3/manifests"},{"name":"2.1.3","sha":"7cdfc405d1c0ac925965f4f04e75a2652120e9c0","kind":"tag","published_at":"2022-02-26T21:21:02.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.1.3","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.1.3/manifests"},{"name":"2.0.4","sha":"39031adf944087c1d5a4fd9875c65e668f986e96","kind":"tag","published_at":"2022-02-26T21:10:54.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.0.4","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.0.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.0.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.0.4/manifests"},{"name":"2.2.2","sha":"13d7751377732637814f0cda0e3f6d3243f9f769","kind":"tag","published_at":"2022-02-13T15:01:10.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.2.2","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.2.2/manifests"},{"name":"2.1.2","sha":"34712ca82dc1bc44e0bc2594b9ad472b66195ab8","kind":"tag","published_at":"2022-02-13T14:57:30.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.1.2","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.1.2/manifests"},{"name":"2.0.3","sha":"36949f88678df34526871f32055bce429be23b13","kind":"tag","published_at":"2022-02-13T14:22:29.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.0.3","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.0.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.0.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.0.3/manifests"},{"name":"2.2.1","sha":"f8afb78f087777b040e0ab8a6b6ca93f6fc3f18a","kind":"tag","published_at":"2022-01-25T14:37:56.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.2.1","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.2.1/manifests"},{"name":"2.2.0","sha":"c5aadcc15548629787d02b86a7afef03b46271b5","kind":"tag","published_at":"2022-01-22T14:06:36.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.2.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.2.0/manifests"},{"name":"1.6.7","sha":"2b8185c13bc9578367a5bf901881d1c1b5bbd09b","kind":"tag","published_at":"2022-01-13T17:18:17.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.6.7","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.6.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.6.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.6.7/manifests"},{"name":"2.1.1","sha":"17d2b9cb5161a2ea1a8dd30e6991d668e503fb9d","kind":"tag","published_at":"2022-01-02T18:27:39.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.1.1","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.1.1/manifests"},{"name":"2.1.0","sha":"819276bc54e83c160617d3ac0a436c239e479928","kind":"tag","published_at":"2021-12-05T18:28:52.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.1.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.1.0/manifests"},{"name":"2.0.2","sha":"2df87709f44b0dd733df86aef0830dce9b1f0f13","kind":"tag","published_at":"2021-08-14T14:06:13.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.0.2","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.0.2/manifests"},{"name":"2.0.1","sha":"0d57f20aa03129ee7ef5f690e634884315d4238c","kind":"tag","published_at":"2021-07-31T19:16:23.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.0.1","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.0.1/manifests"},{"name":"2.0.0","sha":"167142baf9a6b946f99ad9325b06028606f8238e","kind":"tag","published_at":"2021-07-24T20:13:05.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.0.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.0.0/manifests"},{"name":"2.0.0-rc2","sha":"61f4efe57db6b8c02a1470dd0894fbacf23ef19b","kind":"tag","published_at":"2021-07-17T17:20:55.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.0.0-rc2","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.0.0-rc2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.0.0-rc2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.0.0-rc2/manifests"},{"name":"1.6.6","sha":"c4228d11e30d7493c6836d20872f9582d8ba6dcf","kind":"tag","published_at":"2021-07-17T17:13:26.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.6.6","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.6.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.6.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.6.6/manifests"},{"name":"2.0.0-rc1","sha":"4b7060e5b7aad24c34e72581cbb9728997394765","kind":"tag","published_at":"2021-07-10T19:57:56.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.0.0-rc1","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.0.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.0.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.0.0-rc1/manifests"},{"name":"2.0.0-beta3","sha":"d8b7646c9b8c7e21c6753a77e1cb6c893e0bbcdc","kind":"tag","published_at":"2021-07-03T22:34:11.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.0.0-beta3","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.0.0-beta3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.0.0-beta3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.0.0-beta3/manifests"},{"name":"2.0.0-beta2","sha":"68ef5589dec9fb78d35353a018890eeb1b34d915","kind":"tag","published_at":"2021-06-27T16:40:25.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.0.0-beta2","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.0.0-beta2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.0.0-beta2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.0.0-beta2/manifests"},{"name":"1.6.5","sha":"44ffd8d3c4a9133e4bd0548622b09c55af39db5f","kind":"tag","published_at":"2021-06-26T11:57:16.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.6.5","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.6.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.6.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.6.5/manifests"},{"name":"2.0.0-beta1","sha":"8cde9a26daaaf6bfb0f5b1fdf7c0d7127e5b18be","kind":"tag","published_at":"2021-06-20T19:32:11.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/2.0.0-beta1","html_url":"https://github.com/thephpleague/commonmark/releases/tag/2.0.0-beta1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.0.0-beta1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/2.0.0-beta1/manifests"},{"name":"1.6.4","sha":"c3c8b7217c52572fb42aaf84211abccf75a151b2","kind":"tag","published_at":"2021-06-19T20:08:17.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.6.4","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.6.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.6.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.6.4/manifests"},{"name":"1.6.3","sha":"9b8cd7e3f234f15a25204e1e875571af7cc3dc8b","kind":"tag","published_at":"2021-06-19T15:03:40.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.6.3","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.6.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.6.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.6.3/manifests"},{"name":"1.6.2","sha":"7d70d2f19c84bcc16275ea47edabee24747352eb","kind":"tag","published_at":"2021-05-12T11:39:45.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.6.2","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.6.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.6.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.6.2/manifests"},{"name":"1.6.1","sha":"2651c497f005de305c7ba3f232cbd87b8c00ee8c","kind":"tag","published_at":"2021-05-08T16:08:05.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.6.1","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.6.1/manifests"},{"name":"1.6.0","sha":"19a9673b833cc37770439097b381d86cd125bfe8","kind":"tag","published_at":"2021-05-01T19:01:06.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.6.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.6.0/manifests"},{"name":"1.5.8","sha":"08fa59b8e4e34ea8a773d55139ae9ac0e0aecbaf","kind":"tag","published_at":"2021-03-28T18:51:43.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.5.8","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.5.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.5.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.5.8/manifests"},{"name":"1.5.7","sha":"11df9b36fd4f1d2b727a73bf14931d81373b9a54","kind":"tag","published_at":"2020-10-31T13:49:37.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.5.7","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.5.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.5.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.5.7/manifests"},{"name":"1.5.6","sha":"a56e91e0fa1f6d0049153a9c34f63488f6b7ce61","kind":"tag","published_at":"2020-10-17T21:33:07.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.5.6","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.5.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.5.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.5.6/manifests"},{"name":"1.5.5","sha":"45832dfed6007b984c0d40addfac48d403dc6432","kind":"tag","published_at":"2020-09-13T14:44:51.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.5.5","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.5.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.5.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.5.5/manifests"},{"name":"1.5.4","sha":"21819c989e69bab07e933866ad30c7e3f32984ba","kind":"tag","published_at":"2020-08-18T01:19:29.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.5.4","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.5.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.5.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.5.4/manifests"},{"name":"1.5.3","sha":"2574454b97e4103dc4e36917bd783b25624aefcd","kind":"tag","published_at":"2020-07-19T22:47:33.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.5.3","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.5.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.5.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.5.3/manifests"},{"name":"1.5.2","sha":"9bc3b1d6148b3d9dfcced033f672d77cb8e535b1","kind":"tag","published_at":"2020-07-19T22:14:26.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.5.2","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.5.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.5.2/manifests"},{"name":"1.5.1","sha":"6d74caf6abeed5fd85d6ec20da23d7269cd0b46f","kind":"tag","published_at":"2020-06-27T12:50:12.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.5.1","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.5.1/manifests"},{"name":"1.5.0","sha":"fc33ca12575e98e57cdce7d5f38b2ca5335714b3","kind":"tag","published_at":"2020-06-21T20:50:16.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.5.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.5.0/manifests"},{"name":"1.4.3","sha":"412639f7cfbc0b31ad2455b2fe965095f66ae505","kind":"tag","published_at":"2020-05-04T22:15:33.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.4.3","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.4.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.4.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.4.3/manifests"},{"name":"1.4.2","sha":"9e780d972185e4f737a03bade0fd34a9e67bbf31","kind":"tag","published_at":"2020-04-24T13:40:00.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.4.2","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.4.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.4.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.4.2/manifests"},{"name":"1.4.1","sha":"c995966d35424bae20f76f8b31248099487a3f57","kind":"tag","published_at":"2020-04-20T13:36:55.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.4.1","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.4.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.4.1/manifests"},{"name":"1.4.0","sha":"517cbe1c6faf90afeb38a0e917c73acc6d3051ce","kind":"tag","published_at":"2020-04-18T20:46:28.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.4.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.4.0/manifests"},{"name":"1.3.4","sha":"dd3261eb9a322e009fa5d96d19b9ae19708ce04b","kind":"tag","published_at":"2020-04-13T20:52:27.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.3.4","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.3.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.3.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.3.4/manifests"},{"name":"1.3.3","sha":"5a67afc2572ec6d430526cdc9c637ef124812389","kind":"tag","published_at":"2020-04-05T16:01:54.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.3.3","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.3.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.3.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.3.3/manifests"},{"name":"1.3.2","sha":"75542a366ccbe1896ed79fcf3e8e68206d6c4257","kind":"tag","published_at":"2020-03-25T19:55:37.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.3.2","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.3.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.3.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.3.2/manifests"},{"name":"1.3.1","sha":"8015f806173c6ee54de25a87c2d69736696e88db","kind":"tag","published_at":"2020-02-28T18:54:10.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.3.1","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.3.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.3.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.3.1/manifests"},{"name":"1.3.0","sha":"4f30be7a2cbf3bfa5788abab71384713e48f451f","kind":"tag","published_at":"2020-02-08T23:42:10.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.3.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.3.0/manifests"},{"name":"1.2.2","sha":"34cf4ddb3892c715ae785c880e6691d839cff88d","kind":"tag","published_at":"2020-01-16T01:18:17.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.2.2","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.2.2/manifests"},{"name":"1.1.3","sha":"b9ffbab283593d94ed486f73ea2a2e8ac022e24b","kind":"tag","published_at":"2020-01-16T01:09:57.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.1.3","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.1.3/manifests"},{"name":"1.2.1","sha":"74e08793c41c72c8ed7a22df803f2ffcaf77efb7","kind":"tag","published_at":"2020-01-15T03:32:46.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.2.1","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.2.1/manifests"},{"name":"1.2.0","sha":"2533c389fd2a7573d4f7be279b1c33cf941c8dfc","kind":"tag","published_at":"2020-01-09T22:41:13.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.2.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.2.0/manifests"},{"name":"1.1.2","sha":"772e03fa9c6477ef5ef2d154fefd8a2a8d8ed03c","kind":"tag","published_at":"2019-12-10T02:55:11.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.1.2","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.1.2/manifests"},{"name":"1.1.1","sha":"d74654d85954e3b9451d67faaebacd210fc70252","kind":"tag","published_at":"2019-11-11T22:23:33.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.1.1","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.1.1/manifests"},{"name":"1.1.0","sha":"d927c05e9a391688b1e59a606c97465a90531789","kind":"tag","published_at":"2019-10-31T13:30:39.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.1.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.1.0/manifests"},{"name":"1.0.0","sha":"7a40f2b0931602c504c2a9692d9f1e33635fd5ef","kind":"tag","published_at":"2019-06-29T11:19:05.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.0.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.0.0/manifests"},{"name":"1.0.0-rc1","sha":"a6721350ecae7594962e2cf99ff68b450cf20194","kind":"tag","published_at":"2019-06-20T01:47:38.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.0.0-rc1","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.0.0-rc1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.0.0-rc1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.0.0-rc1/manifests"},{"name":"0.19.3","sha":"c6ecea928b432ae417fa9942840bbfd8c332448c","kind":"tag","published_at":"2019-06-18T18:29:19.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.19.3","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.19.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.19.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.19.3/manifests"},{"name":"1.0.0-beta4","sha":"a080b1e8b38ebb2776fa5192391b2f3f024424f2","kind":"tag","published_at":"2019-06-05T21:46:23.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.0.0-beta4","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.0.0-beta4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.0.0-beta4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.0.0-beta4/manifests"},{"name":"1.0.0-beta3","sha":"322dd4bbd56c5e5444088dd64bdca762245079c1","kind":"tag","published_at":"2019-05-28T00:52:39.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.0.0-beta3","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.0.0-beta3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.0.0-beta3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.0.0-beta3/manifests"},{"name":"1.0.0-beta2","sha":"e96544a3ae4daf7d85ddc2544fe7b47cf3b48c99","kind":"tag","published_at":"2019-05-27T17:49:07.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.0.0-beta2","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.0.0-beta2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.0.0-beta2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.0.0-beta2/manifests"},{"name":"1.0.0-beta1","sha":"211be90ed241f45e688c2dcc3487d019802b0715","kind":"tag","published_at":"2019-05-26T21:53:15.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/1.0.0-beta1","html_url":"https://github.com/thephpleague/commonmark/releases/tag/1.0.0-beta1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.0.0-beta1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/1.0.0-beta1/manifests"},{"name":"0.19.2","sha":"8401e1c1e409a08fcf558aadb6951c33749d701e","kind":"tag","published_at":"2019-05-19T13:39:42.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.19.2","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.19.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.19.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.19.2/manifests"},{"name":"0.19.1","sha":"d42b2d4a5d0a8eb2a4514f828ecb6f5db13a7c6f","kind":"tag","published_at":"2019-04-11T04:37:09.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.19.1","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.19.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.19.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.19.1/manifests"},{"name":"0.19.0","sha":"deb4f7ed434ba9b7a147efd3726be4895eb9b157","kind":"tag","published_at":"2019-04-11T02:28:38.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.19.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.19.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.19.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.19.0/manifests"},{"name":"0.18.5","sha":"f94e18d68260f43a7d846279cad88405854b1306","kind":"tag","published_at":"2019-03-28T13:52:37.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.18.5","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.18.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.18.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.18.5/manifests"},{"name":"0.18.4","sha":"93fa5e85c2e5e7f59ee2537449abc677096fb1c8","kind":"tag","published_at":"2019-03-24T02:45:43.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.18.4","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.18.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.18.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.18.4/manifests"},{"name":"0.18.3","sha":"b1ec41ce15c3bd6f7cbe86a645b3efc78d927446","kind":"tag","published_at":"2019-03-21T22:47:41.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.18.3","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.18.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.18.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.18.3/manifests"},{"name":"0.18.2","sha":"ad51c7cafb90e0bbd9f34b71d18d05994547e352","kind":"tag","published_at":"2019-03-17T01:42:11.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.18.2","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.18.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.18.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.18.2/manifests"},{"name":"0.18.1","sha":"e5029f74ba39e043ce4b3ca6c05dc719d8aafd94","kind":"commit","published_at":"2018-12-30T01:55:29.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.18.1","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.18.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.18.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.18.1/manifests"},{"name":"0.18.0","sha":"006af077d4b1b7eb1d9760964f9f984ba188632c","kind":"commit","published_at":"2018-09-18T13:13:55.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.18.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.18.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.18.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.18.0/manifests"},{"name":"0.17.5","sha":"82d7ab62d7f68391cb9d323f3ccce50be24a5369","kind":"commit","published_at":"2018-03-29T14:35:19.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.17.5","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.17.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.17.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.17.5/manifests"},{"name":"0.17.4","sha":"b02bfcbaca5a83666494eef5caa9d338c279a0ce","kind":"commit","published_at":"2018-03-29T03:10:21.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.17.4","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.17.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.17.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.17.4/manifests"},{"name":"0.17.3","sha":"fae7d27d6667365b0f497418014916d9918827ab","kind":"commit","published_at":"2018-03-26T20:05:02.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.17.3","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.17.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.17.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.17.3/manifests"},{"name":"0.17.2","sha":"ea1f655153cd618876634d86000b9b60c15bacd2","kind":"commit","published_at":"2018-03-26T01:39:03.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.17.2","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.17.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.17.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.17.2/manifests"},{"name":"0.17.1","sha":"38b2fca6b8493abd9314fcf6b5b042cfba6a0f11","kind":"commit","published_at":"2018-03-18T13:01:30.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.17.1","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.17.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.17.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.17.1/manifests"},{"name":"0.17.0","sha":"3b4c2224524776a584de663c7a04bc8eb2e1544d","kind":"commit","published_at":"2017-12-30T22:08:48.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.17.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.17.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.17.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.17.0/manifests"},{"name":"0.16.0","sha":"c0e41be0f80c51ad3170c9c713f74a0b8dec59ce","kind":"commit","published_at":"2017-10-31T00:49:55.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.16.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.16.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.16.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.16.0/manifests"},{"name":"0.15.7","sha":"36d82f166e441dfa28643f8d01dd8bdd3a579adf","kind":"commit","published_at":"2017-10-26T15:41:07.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.15.7","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.15.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.15.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.15.7/manifests"},{"name":"0.15.6","sha":"91742543c25fecedc84a4883d2919213e04a73b7","kind":"commit","published_at":"2017-08-08T11:47:33.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.15.6","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.15.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.15.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.15.6/manifests"},{"name":"0.15.5","sha":"1162ff74f8ab66593d62c58142310101b415cd2a","kind":"commit","published_at":"2017-08-05T19:40:59.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.15.5","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.15.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.15.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.15.5/manifests"},{"name":"0.15.4","sha":"c4c8e6bf99e62d9568875d9fc3ef473fe3e18e0c","kind":"commit","published_at":"2017-05-09T12:47:53.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.15.4","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.15.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.15.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.15.4/manifests"},{"name":"0.15.3","sha":"c8b43ee5821362216f8e9ac684f0f59de164edcc","kind":"commit","published_at":"2016-12-19T00:11:43.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.15.3","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.15.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.15.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.15.3/manifests"},{"name":"0.15.2","sha":"c3b08b911e7344e45b87529eabc8b559d48093d4","kind":"commit","published_at":"2016-11-22T17:30:29.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.15.2","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.15.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.15.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.15.2/manifests"},{"name":"0.15.1","sha":"20bdba6777e6c63f861711501eec8887e65412fc","kind":"commit","published_at":"2016-11-08T15:28:32.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.15.1","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.15.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.15.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.15.1/manifests"},{"name":"0.15.0","sha":"19fb96643beba24e681c371dc133e25409742664","kind":"commit","published_at":"2016-09-14T15:44:35.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.15.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.15.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.15.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.15.0/manifests"},{"name":"0.14.0","sha":"b73c0b7288bd0e6f9f56bd0b20d0657214b91838","kind":"commit","published_at":"2016-07-02T18:48:39.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.14.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.14.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.14.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.14.0/manifests"},{"name":"0.13.4","sha":"83f8210427fb01f671e272bb8d44b4ed3a94d459","kind":"commit","published_at":"2016-06-14T14:49:29.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.13.4","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.13.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.13.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.13.4/manifests"},{"name":"0.13.3","sha":"35816f39eb2498484fbb7b1495633a976ee1a8de","kind":"commit","published_at":"2016-05-21T18:41:30.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.13.3","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.13.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.13.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.13.3/manifests"},{"name":"0.13.2","sha":"35ac362082ca983a8123df2ee2cdfcf456ab6295","kind":"commit","published_at":"2016-03-27T19:10:13.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.13.2","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.13.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.13.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.13.2/manifests"},{"name":"0.13.1","sha":"2c10de455649e3a544d45016d9df457248bcd37f","kind":"commit","published_at":"2016-03-09T15:20:24.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.13.1","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.13.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.13.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.13.1/manifests"},{"name":"0.13.0","sha":"a4e93bc4fd1a8ff8f534040c4a07371ea5f4b484","kind":"commit","published_at":"2016-01-14T04:29:54.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.13.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.13.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.13.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.13.0/manifests"},{"name":"0.12.0","sha":"3eb64850ee688623db494398a5284a7a4cdf7b47","kind":"commit","published_at":"2015-11-04T14:24:41.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.12.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.12.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.12.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.12.0/manifests"},{"name":"0.11.3","sha":"d22d6a6a4b049faccc2f8e491cce6076eeb165c7","kind":"commit","published_at":"2015-09-25T12:40:32.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.11.3","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.11.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.11.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.11.3/manifests"},{"name":"0.11.2","sha":"467d06b442cc2da542cc0e34a81236142623a66b","kind":"commit","published_at":"2015-09-23T14:07:24.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.11.2","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.11.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.11.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.11.2/manifests"},{"name":"0.11.1","sha":"38551450ca8a065f5caa5f5fc64a777b3630bef2","kind":"commit","published_at":"2015-09-22T12:05:57.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.11.1","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.11.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.11.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.11.1/manifests"},{"name":"0.11.0","sha":"1af805de706b10705dea159a7ba927c4def2c0a1","kind":"commit","published_at":"2015-09-19T15:04:43.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.11.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.11.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.11.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.11.0/manifests"},{"name":"0.10.0","sha":"984455f72d4f07669c1f5c545768f60c4e871585","kind":"commit","published_at":"2015-07-25T14:37:05.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.10.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.10.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.10.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.10.0/manifests"},{"name":"0.9.0","sha":"8b681a57233f00578195573d7d251c2f143c1a5d","kind":"commit","published_at":"2015-06-19T00:39:51.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.9.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.9.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.9.0/manifests"},{"name":"0.8.0","sha":"91696c88df298f75fdd2075e4bb19c6dbd7338ca","kind":"commit","published_at":"2015-04-29T18:01:46.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.8.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.8.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.8.0/manifests"},{"name":"0.7.2","sha":"7fecb7bdef265e45c80c53e1000e2056a9463401","kind":"commit","published_at":"2015-03-08T17:48:53.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.7.2","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.7.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.7.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.7.2/manifests"},{"name":"0.7.1","sha":"7b428e962fb83a13715e057c65c88873d3165df0","kind":"commit","published_at":"2015-03-01T21:29:05.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.7.1","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.7.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.7.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.7.1/manifests"},{"name":"0.7.0","sha":"5f5137889b2aec36f8a1009ebe8673dac45f004e","kind":"commit","published_at":"2015-02-16T23:59:27.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.7.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.7.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.7.0/manifests"},{"name":"0.6.1","sha":"ad1b89403026158529620e0f6096be0eae96817c","kind":"commit","published_at":"2015-01-25T16:08:20.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.6.1","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.6.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.6.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.6.1/manifests"},{"name":"0.6.0","sha":"c352207aab15706a1ca9c25e5bd30c847899a0c9","kind":"tag","published_at":"2015-01-09T19:27:44.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.6.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.6.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.6.0/manifests"},{"name":"0.5.1","sha":"356dbd781b898163994c8e094b902d74dcdafcca","kind":"commit","published_at":"2014-12-27T15:58:34.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.5.1","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.5.1/manifests"},{"name":"0.5.0","sha":"132babb2eb0ed51ecf2541eb3c585004cc6d4f1d","kind":"tag","published_at":"2014-12-24T22:51:43.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.5.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.5.0/manifests"},{"name":"0.4.0","sha":"f841f3fc1cd4b38a08dc51032c7d8db9fd0fd3e6","kind":"tag","published_at":"2014-12-15T18:53:41.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.4.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.4.0/manifests"},{"name":"0.3.0","sha":"8256de6ff7b73a0633ef5bfa3f72e8964ffce1a5","kind":"tag","published_at":"2014-11-29T01:57:29.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.3.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.3.0/manifests"},{"name":"0.2.1","sha":"9f02985aab63a8d1bfa33376191706608ee7c9fd","kind":"tag","published_at":"2014-11-10T01:30:42.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.2.1","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.2.1/manifests"},{"name":"0.2.0","sha":"d143807ca5efa982229952bb7b0ae18d61a53aa6","kind":"tag","published_at":"2014-11-10T00:29:04.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.2.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.2.0/manifests"},{"name":"0.1.2","sha":"d1b296681790a3ec8e9ccf0bf7b0014784309cd5","kind":"tag","published_at":"2014-09-28T12:54:54.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.1.2","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.1.2/manifests"},{"name":"0.1.1","sha":"e04632ab466a88857d0071da013c1e8626bf2609","kind":"tag","published_at":"2014-09-08T18:03:15.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.1.1","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.1.1/manifests"},{"name":"0.1.0","sha":"ccad94ba70f3eba5b803fe1652e11f8e1584788b","kind":"tag","published_at":"2014-09-08T13:43:57.000Z","download_url":"https://codeload.github.com/thephpleague/commonmark/tar.gz/0.1.0","html_url":"https://github.com/thephpleague/commonmark/releases/tag/0.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thephpleague%2Fcommonmark/tags/0.1.0/manifests"}]},"repo_metadata_updated_at":"2024-11-11T02:10:37.970Z","dependent_packages_count":477,"downloads":320012534,"downloads_period":"total","dependent_repos_count":238335,"rankings":{"downloads":0.029825423484342875,"dependent_repos_count":0.021513420218214535,"dependent_packages_count":0.08140873787119818,"stargazers_count":0.13763699525971343,"forks_count":0.33101330653934635,"docker_downloads_count":0.039848721540556464,"average":0.10687443415222864},"purl":"pkg:composer/league/commonmark","advisories":[{"uuid":"GSA_kwCzR0hTQS0zNTI3LXF2MnEtcGZ2eM4ABHen","url":"https://github.com/advisories/GHSA-3527-qv2q-pfvx","title":"league/commonmark contains a XSS vulnerability in Attributes extension","description":"### Summary\nCross-site scripting (XSS) vulnerability in the [Attributes extension](https://commonmark.thephpleague.com/extensions/attributes/) of the league/commonmark library (versions 1.5.0 through 2.6.x) allows remote attackers to insert malicious JavaScript calls into HTML.\n\n### Details\n\nThe league/commonmark library provides configuration options such as `html_input: 'strip'` and `allow_unsafe_links: false` to mitigate cross-site scripting (XSS) attacks by stripping raw HTML and disallowing unsafe links. However, when the Attributes Extension is enabled, it introduces a way for users to inject arbitrary HTML attributes into elements via Markdown syntax using curly braces.\n\nAs a result, even with the secure configuration shown above, an attacker can inject dangerous attributes into applications using this extension via a payload such as:\n\n```md\n![](){onerror=alert(1)}\n```\n\nWhich results in the following HTML:\n\n```html\n\u003cp\u003e\u003cimg onerror=\"alert(1)\" src=\"\" alt=\"\" /\u003e\u003c/p\u003e\n```\n\nWhich causes the JS to execute immediately on page load.\n\n### Patches\n\nVersion 2.7.0 contains three changes to prevent this XSS attack vector:\n\n- All attributes starting with `on` are considered unsafe and blocked by default\n- [Support for an explicit allowlist of allowed HTML attributes](https://commonmark.thephpleague.com/2.7/extensions/attributes/#configuration)\n- Manually-added `href` and `src` attributes now respect the existing `allow_unsafe_links` configuration option\n\n### Workarounds\n\nIf upgrading is not feasible, please consider:\n\n- Disabling the `AttributesExtension` for untrusted users\n- [Filtering the rendered HTML through a library like HTMLPurifier](https://commonmark.thephpleague.com/security/#additional-filtering)","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2025-05-05T20:40:36.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/thephpleague/commonmark/security/advisories/GHSA-3527-qv2q-pfvx","https://github.com/thephpleague/commonmark/commit/f0d626cf05ad3e99e6db26ebcb9091b6cd1cd89b","https://nvd.nist.gov/vuln/detail/CVE-2025-46734","https://github.com/advisories/GHSA-3527-qv2q-pfvx"],"source_kind":"github","identifiers":["GHSA-3527-qv2q-pfvx","CVE-2025-46734"],"repository_url":"https://github.com/thephpleague/commonmark","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"2.7.0","vulnerable_version_range":"\u003c 2.7.0"}],"ecosystem":"packagist","package_name":"league/commonmark"}],"created_at":"2025-05-05T21:08:09.079Z","updated_at":"2025-05-05T22:07:03.000Z","epss_percentage":null,"epss_percentile":null},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN2NDMtODc3eC1xZ21x","url":"https://github.com/advisories/GHSA-3v43-877x-qgmq","title":"Moderate severity vulnerability that affects league/commonmark","description":"## CVE-2019-10010\n\n### Impact\n\nIn `league/commonmark` 0.18.2 and below, malicious users can insert double-encoded HTML entities into their Markdown like this:\n\n```md\n[XSS](javascript\u0026amp;colon;alert%28\u0026#039;XSS\u0026#039;%29)\n```\n\nThis library would (correctly) unescape the `\u0026amp;` entity to `\u0026` during the parsing step.  However, **the renderer step would fail to properly re-escape the resulting `\u0026colon;` string**, thus producing the following malicious HTML output:\n\n```html\n\u003cp\u003e\u003ca href=\"javascript\u0026colon;alert('XSS')\"\u003eXSS\u003c/a\u003e\u003c/p\u003e\n```\n\nBrowsers would interpret `\u0026colon;` as a `:` character and allow the JS to be executed when the link is clicked.\n\nThis vulnerability was present in the upstream library this project was forked from and therefore exists in all prior versions of `league/commonmark`.\n\n### Solution\n\nThe new [0.18.3](https://github.com/thephpleague/commonmark/releases/tag/0.18.3) release mirrors [the fix made upstream](https://github.com/commonmark/commonmark.js/commit/c89b35c5fc99bdf1d2181f7f0c9fcb8a1abc27c8) - we no longer attempt to preserve entities when rendering HTML attributes like `href`, `src`, `title`, etc.\n\nThe `$preserveEntities` parameter of `Xml::escape()` is therefore no longer used internally, so it has been deprecated and marked for removal in the next major release (0.19.0).\n\n### Credits\n\n - Mohit Fawaz for identifying the issue\n - Sebastiaan Knijnenburg and Ross Tuck for responsibly disclosing/relaying the issue\n - John MacFarlane for investigating it and implementing the upstream fix we mirrored here\n\n### References\n\n - https://nvd.nist.gov/vuln/detail/CVE-2019-10010\n - https://github.com/thephpleague/commonmark/releases/tag/0.18.3\n - https://github.com/thephpleague/commonmark/issues/353\n- https://github.com/FriendsOfPHP/security-advisories/blob/master/league/commonmark/CVE-2019-10010.yaml","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2019-09-17T22:47:47.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/thephpleague/commonmark/security/advisories/GHSA-3v43-877x-qgmq","https://nvd.nist.gov/vuln/detail/CVE-2019-10010","https://github.com/thephpleague/commonmark/issues/353","https://github.com/advisories/GHSA-3v43-877x-qgmq","https://github.com/thephpleague/commonmark/releases/tag/0.18.3","https://github.com/FriendsOfPHP/security-advisories/blob/master/league/commonmark/CVE-2019-10010.yaml"],"source_kind":"github","identifiers":["GHSA-3v43-877x-qgmq","CVE-2019-10010"],"repository_url":"https://github.com/thephpleague/commonmark","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"0.18.3","vulnerable_version_range":"\u003c 0.18.3"}],"ecosystem":"packagist","package_name":"league/commonmark"}],"created_at":"2022-12-21T16:13:28.101Z","updated_at":"2024-02-06T13:16:11.000Z","epss_percentage":0.00231,"epss_percentile":0.45908},{"uuid":"GSA_kwCzR0hTQS1jMnBjLWc1cWYtcmZyZs4ABCNG","url":"https://github.com/advisories/GHSA-c2pc-g5qf-rfrf","title":"league/commonmark's quadratic complexity bugs may lead to a denial of service","description":"### Impact\n\nSeveral polynomial time complexity issues in league/commonmark may lead to unbounded resource exhaustion and subsequent denial of service.\n\nMalicious users could trigger that inefficient code with carefully crafted Markdown inputs that are specifically designed to ensure the worst-case performance is reached.  Sending multiple such requests in parallel could tie up all available CPU resources and/or PHP-FPM processes, leading to denial of service for legitimate users.\n\n### Patches\n\nThese vulnerabilities have been patched in version 2.6.0.  All users on older versions are highly encouraged to upgrade as soon as possible.\n\n### Workarounds\n\nIf you cannot upgrade, you may be able to mitigate the issues by:\n\n- Setting very low `memory_limit` and `max_execution_time` PHP configurations to prevent runaway resource usage\n- Implementing rate-limiting, bot protection, or other approaches to reduce the risk of simultaneous bad requests hitting your site\n- Limiting the size of inputs fed into this library (specifically the max length of each line)\n- Limiting the use of this library to trusted users\n\n### References\n\nMost of these issues were discovered in other Markdown parsers. You can read more about them here:\n\n* https://github.com/commonmark/commonmark.js/issues/129\n* https://github.com/commonmark/commonmark.js/issues/157\n* https://github.com/commonmark/commonmark.js/issues/172\n* https://github.com/github/cmark-gfm/security/advisories/GHSA-r572-jvj2-3m8p\n* https://github.com/github/cmark-gfm/security/advisories/GHSA-24f7-9frr-5h2r\n* https://github.com/github/cmark-gfm/security/advisories/GHSA-29g3-96g3-jg6c\n* https://github.com/github/cmark-gfm/security/advisories/GHSA-r8vr-c48j-fcc5\n* https://github.com/github/cmark-gfm/security/advisories/GHSA-w4qg-3vf7-m9x5\n* https://github.com/github/cmark-gfm/security/advisories/GHSA-66g8-4hjf-77xh\n\nFor general information about this type of issue:\n\n* https://en.wikipedia.org/wiki/Time_complexity\n* https://cwe.mitre.org/data/definitions/407.html\n","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2024-12-09T20:42:07.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/github/cmark-gfm/security/advisories/GHSA-24f7-9frr-5h2r","https://github.com/github/cmark-gfm/security/advisories/GHSA-29g3-96g3-jg6c","https://github.com/github/cmark-gfm/security/advisories/GHSA-66g8-4hjf-77xh","https://github.com/github/cmark-gfm/security/advisories/GHSA-r572-jvj2-3m8p","https://github.com/github/cmark-gfm/security/advisories/GHSA-r8vr-c48j-fcc5","https://github.com/github/cmark-gfm/security/advisories/GHSA-w4qg-3vf7-m9x5","https://github.com/thephpleague/commonmark/security/advisories/GHSA-c2pc-g5qf-rfrf","https://github.com/commonmark/commonmark.js/issues/129","https://github.com/commonmark/commonmark.js/issues/157","https://github.com/commonmark/commonmark.js/issues/172","https://github.com/advisories/GHSA-c2pc-g5qf-rfrf"],"source_kind":"github","identifiers":["GHSA-c2pc-g5qf-rfrf"],"repository_url":"https://github.com/github/cmark-gfm","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"2.6.0","vulnerable_version_range":"\u003c 2.6.0"}],"ecosystem":"packagist","package_name":"league/commonmark"}],"created_at":"2024-12-09T21:07:48.369Z","updated_at":"2024-12-09T20:42:08.000Z","epss_percentage":null,"epss_percentile":null},{"uuid":"GSA_kwCzR0hTQS1xeDc2LWM1M2YtNWM3cc4AAUX9","url":"https://github.com/advisories/GHSA-qx76-c53f-5c7q","title":"PHP League CommonMark vulnerable to Cross-Site Scripting (XSS)","description":"Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library versions 0.15.6 through 0.18.x before 0.18.1 allows remote attackers to insert unsafe URLs into HTML (even if allow_unsafe_links is false) via a newline character (e.g., writing javascript as javascri%0apt).","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2022-05-14T01:40:50.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://nvd.nist.gov/vuln/detail/CVE-2018-20583","https://github.com/thephpleague/commonmark/issues/337","https://commonmark.thephpleague.com/changelog/","https://github.com/thephpleague/commonmark/releases/tag/0.18.1","https://github.com/FriendsOfPHP/security-advisories/blob/master/league/commonmark/CVE-2018-20583.yaml","https://github.com/advisories/GHSA-qx76-c53f-5c7q"],"source_kind":"github","identifiers":["GHSA-qx76-c53f-5c7q","CVE-2018-20583"],"repository_url":"https://github.com/thephpleague/commonmark","blast_radius":0.0,"packages":[{"versions":[{"first_patched_version":"0.18.1","vulnerable_version_range":"\u003e= 0.15.6, \u003c 0.18.1"}],"ecosystem":"packagist","package_name":"league/commonmark"}],"created_at":"2022-12-21T16:11:59.663Z","updated_at":"2024-02-06T13:14:23.000Z","epss_percentage":0.00329,"epss_percentile":0.54837}],"docker_usage_url":"https://docker.ecosyste.ms/usage/packagist/league/commonmark","docker_dependents_count":965,"docker_downloads_count":748647308,"usage_url":"https://repos.ecosyste.ms/usage/packagist/league/commonmark","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/packagist/league/commonmark/dependencies","status":null,"funding_links":["https://www.colinodell.com/sponsor","https://www.paypal.me/colinpodell/10.00","https://github.com/colinodell","https://tidelift.com/funding/github/packagist/league/commonmark","https://github.com/sponsors/colinodell"],"critical":true,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/packagist.org/packages/league%2Fcommonmark/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/packagist.org/packages/league%2Fcommonmark/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/packagist.org/packages/league%2Fcommonmark/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/packagist.org/packages/league%2Fcommonmark/related_packages","maintainers":[{"uuid":"frankdejonge","login":"frankdejonge","name":null,"email":null,"url":null,"packages_count":128,"html_url":"https://packagist.org/users/frankdejonge","role":null,"created_at":"2022-11-10T10:41:04.421Z","updated_at":"2022-11-10T10:41:04.421Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/packagist.org/maintainers/frankdejonge/packages"},{"uuid":"colinodell","login":"colinodell","name":null,"email":null,"url":null,"packages_count":26,"html_url":"https://packagist.org/users/colinodell","role":null,"created_at":"2022-11-10T10:41:04.423Z","updated_at":"2022-11-10T10:41:04.423Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/packagist.org/maintainers/colinodell/packages"}],"registry":{"name":"packagist.org","url":"https://packagist.org","ecosystem":"packagist","default":true,"packages_count":457422,"maintainers_count":130144,"namespaces_count":155729,"keywords_count":138268,"github":"packagist","metadata":{"funded_packages_count":29639},"icon_url":"https://github.com/packagist.png","created_at":"2022-04-04T15:19:23.222Z","updated_at":"2025-06-06T05:10:12.193Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/packagist.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/packagist.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/packagist.org/namespaces"}},"unique_repositories_count":746,"unique_repositories_count_past_30_days":2,"recent_issues":[{"uuid":"4536730937","node_id":"PR_kwDOOjFM6c7gC1Uw","number":8,"state":"closed","title":"Bump the composer group across 1 directory with 10 updates","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-28T01:39:08.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-28T00:33:55.000Z","updated_at":"2026-05-28T01:39:10.000Z","time_to_close":3913,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"composer","update_count":10,"packages":[{"name":"laravel/framework","old_version":"10.48.22","new_version":"10.48.29","repository_url":"https://github.com/laravel/framework"},{"name":"phpunit/phpunit","old_version":"10.5.36","new_version":"10.5.62","repository_url":"https://github.com/sebastianbergmann/phpunit"},{"name":"league/commonmark","old_version":"2.5.3","new_version":"2.8.2"},{"name":"nesbot/carbon","old_version":"2.72.5","new_version":"2.73.0"},{"name":"psy/psysh","old_version":"0.12.4","new_version":"0.12.23","repository_url":"https://github.com/bobthecow/psysh"},{"name":"symfony/http-foundation","old_version":"6.4.12","new_version":"6.4.41"},{"name":"symfony/mailer","old_version":"6.4.12","new_version":"6.4.40"},{"name":"symfony/mime","old_version":"6.4.12","new_version":"6.4.41"},{"name":"symfony/process","old_version":"6.4.12","new_version":"6.4.41"},{"name":"symfony/routing","old_version":"6.4.12","new_version":"6.4.41"}],"path":null,"ecosystem":"packagist"},"body":"Bumps the composer group with 3 updates in the / directory: [laravel/framework](https://github.com/laravel/framework), [phpunit/phpunit](https://github.com/sebastianbergmann/phpunit) and [psy/psysh](https://github.com/bobthecow/psysh).\n\nUpdates `laravel/framework` from 10.48.22 to 10.48.29\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laravel/framework/commit/8f7f9247cb8aad1a769d6b9815a6623d89b46b47\"\u003e\u003ccode\u003e8f7f924\u003c/code\u003e\u003c/a\u003e version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laravel/framework/commit/a4f7a8f9b83e21882abeef78c3174c66b0f4a26b\"\u003e\u003ccode\u003ea4f7a8f\u003c/code\u003e\u003c/a\u003e [10.x] Fix attribute name used on \u003ccode\u003eValidator\u003c/code\u003e instance within certain rule cl...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laravel/framework/commit/fc47dcac927dc76eac2f4cab304fedb00a2dbe50\"\u003e\u003ccode\u003efc47dca\u003c/code\u003e\u003c/a\u003e backport emulate prepares\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laravel/framework/commit/dd5c90d39a7a0bbb1e9a5fdb8931806d2fef4e73\"\u003e\u003ccode\u003edd5c90d\u003c/code\u003e\u003c/a\u003e Update CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laravel/framework/commit/e714e7e0c1ae51bf747e3df5b10fa60c54e3e0e1\"\u003e\u003ccode\u003ee714e7e\u003c/code\u003e\u003c/a\u003e Update version to v10.48.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laravel/framework/commit/62cb852a08e2a4c2c849291ea2063962f9a85abf\"\u003e\u003ccode\u003e62cb852\u003c/code\u003e\u003c/a\u003e Apply fixes from StyleCI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laravel/framework/commit/7f427c4f34749ccaa2fded11ea42c0ba3c8f5436\"\u003e\u003ccode\u003e7f427c4\u003c/code\u003e\u003c/a\u003e backport cloud support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laravel/framework/commit/a39f4db06010683a46252677c3caa36b8f6dc707\"\u003e\u003ccode\u003ea39f4db\u003c/code\u003e\u003c/a\u003e add cloud class\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laravel/framework/commit/eb0be33e4b806b92f396357b99ffcb2d3ef67957\"\u003e\u003ccode\u003eeb0be33\u003c/code\u003e\u003c/a\u003e Update version to v10.48.27\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laravel/framework/commit/c9c8a5a83ae3c8ad1c94702c6eb61fee8a13cb4f\"\u003e\u003ccode\u003ec9c8a5a\u003c/code\u003e\u003c/a\u003e r2 backport\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/laravel/framework/compare/v10.48.22...v10.48.29\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `phpunit/phpunit` from 10.5.36 to 10.5.62\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sebastianbergmann/phpunit/releases\"\u003ephpunit/phpunit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ePHPUnit 10.5.62\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTo prevent Poisoned Pipeline Execution (PPE) attacks using prepared \u003ccode\u003e.coverage\u003c/code\u003e files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eLearn how to install or update PHPUnit 10.5 in the \u003ca href=\"https://docs.phpunit.de/en/10.5/installation.html\"\u003edocumentation\u003c/a\u003e.\u003c/p\u003e\n\u003ch4\u003eKeep up to date with PHPUnit:\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eYou can follow \u003ca href=\"https://phpc.social/@phpunit\"\u003e\u003ccode\u003e@​phpunit@phpc.social\u003c/code\u003e\u003c/a\u003e to stay up to date with PHPUnit's development.\u003c/li\u003e\n\u003cli\u003eYou can subscribe to the \u003ca href=\"https://phpunit.de/newsletter\"\u003ePHPUnit Updates\u003c/a\u003e newsletter to receive updates about and tips for PHPUnit.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePHPUnit 10.5.61\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ePHPUnit\\Framework\\MockObject\u003c/code\u003e exceptions are now subtypes of \u003ccode\u003ePHPUnit\\Exception\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eLearn how to install or update PHPUnit 10.5 in the \u003ca href=\"https://docs.phpunit.de/en/10.5/installation.html\"\u003edocumentation\u003c/a\u003e.\u003c/p\u003e\n\u003ch4\u003eKeep up to date with PHPUnit:\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eYou can follow \u003ca href=\"https://phpc.social/@phpunit\"\u003e\u003ccode\u003e@​phpunit@phpc.social\u003c/code\u003e\u003c/a\u003e to stay up to date with PHPUnit's development.\u003c/li\u003e\n\u003cli\u003eYou can subscribe to the \u003ca href=\"https://phpunit.de/newsletter\"\u003ePHPUnit Updates\u003c/a\u003e newsletter to receive updates about and tips for PHPUnit.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePHPUnit 10.5.60\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes; \u003ccode\u003ephpunit.phar\u003c/code\u003e rebuilt with PHP 8.4 to work around PHP-Scoper issue \u003ca href=\"https://redirect.github.com/humbug/php-scoper/issues/1139\"\u003e#1139\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eLearn how to install or update PHPUnit 10.5 in the \u003ca href=\"https://docs.phpunit.de/en/10.5/installation.html\"\u003edocumentation\u003c/a\u003e.\u003c/p\u003e\n\u003ch4\u003eKeep up to date with PHPUnit:\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eYou can follow \u003ca href=\"https://phpc.social/@phpunit\"\u003e\u003ccode\u003e@​phpunit@phpc.social\u003c/code\u003e\u003c/a\u003e to stay up to date with PHPUnit's development.\u003c/li\u003e\n\u003cli\u003eYou can subscribe to the \u003ca href=\"https://phpunit.de/newsletter\"\u003ePHPUnit Updates\u003c/a\u003e newsletter to receive updates about and tips for PHPUnit.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePHPUnit 10.5.59\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/sebastianbergmann/phpunit/pull/6338\"\u003e#6338\u003c/a\u003e: Removed code from \u003ccode\u003ePHPUnit\\Runner\\TestSuiteSorter\u003c/code\u003e that was only used in the tests for this class\u003c/li\u003e\n\u003cli\u003eUpdated list of deprecated PHP configuration settings for PHP 8.4, PHP 8.5, and PHP 8.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eLearn how to install or update PHPUnit 10.5 in the \u003ca href=\"https://docs.phpunit.de/en/10.5/installation.html\"\u003edocumentation\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sebastianbergmann/phpunit/blob/10.5.62/ChangeLog-10.5.md\"\u003ephpunit/phpunit's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[10.5.62] - 2026-01-27\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTo prevent Poisoned Pipeline Execution (PPE) attacks using prepared \u003ccode\u003e.coverage\u003c/code\u003e files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[10.5.61] - 2026-01-24\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ePHPUnit\\Framework\\MockObject\u003c/code\u003e exceptions are now subtypes of \u003ccode\u003ePHPUnit\\Exception\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[10.5.60] - 2025-12-06\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes; \u003ccode\u003ephpunit.phar\u003c/code\u003e rebuilt with PHP 8.4 to work around PHP-Scoper issue \u003ca href=\"https://redirect.github.com/humbug/php-scoper/issues/1139\"\u003e#1139\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[10.5.59] - 2025-12-01\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/sebastianbergmann/phpunit/pull/6338\"\u003e#6338\u003c/a\u003e: Removed code from \u003ccode\u003ePHPUnit\\Runner\\TestSuiteSorter\u003c/code\u003e that was only used in the tests for this class\u003c/li\u003e\n\u003cli\u003eUpdated list of deprecated PHP configuration settings for PHP 8.4, PHP 8.5, and PHP 8.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[10.5.58] - 2025-09-28\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/sebastianbergmann/phpunit/issues/6368\"\u003e#6368\u003c/a\u003e: \u003ccode\u003efailOnPhpunitWarning=\u0026quot;false\u0026quot;\u003c/code\u003e has no effect\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[10.5.57] - 2025-09-24\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes; \u003ccode\u003ephpunit.phar\u003c/code\u003e rebuilt with updated dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[10.5.56] - 2025-09-23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes; \u003ccode\u003ephpunit.phar\u003c/code\u003e rebuilt with updated dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[10.5.55] - 2025-09-14\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/sebastianbergmann/phpunit/issues/6366\"\u003e#6366\u003c/a\u003e: Exclude \u003ccode\u003e__sleep()\u003c/code\u003e and \u003ccode\u003e__wakeup()\u003c/code\u003e from test double code generation on PHP \u0026gt;= 8.5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[10.5.54] - 2025-09-11\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not use \u003ccode\u003e__sleep()\u003c/code\u003e method (which will be deprecated in PHP 8.5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[10.5.53] - 2025-08-20\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sebastianbergmann/phpunit/commit/3f7dd5066ebde5809296a81f0b19e8b00e5aab49\"\u003e\u003ccode\u003e3f7dd50\u003c/code\u003e\u003c/a\u003e Prepare release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sebastianbergmann/phpunit/commit/9c95cf0cdfdc72e74597aa0cf3c4769ed32b83f0\"\u003e\u003ccode\u003e9c95cf0\u003c/code\u003e\u003c/a\u003e Merge branch '9.6' into 10.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sebastianbergmann/phpunit/commit/fea06253ecc0a32faf787bd31b261f56f351d049\"\u003e\u003ccode\u003efea0625\u003c/code\u003e\u003c/a\u003e Prepare release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sebastianbergmann/phpunit/commit/1a677f663f09de85b97e1a7d03823890594cdba9\"\u003e\u003ccode\u003e1a677f6\u003c/code\u003e\u003c/a\u003e Merge branch '8.5' into 9.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sebastianbergmann/phpunit/commit/1015741814413c156abb0f53d7db7bbd03c6e858\"\u003e\u003ccode\u003e1015741\u003c/code\u003e\u003c/a\u003e Prepare release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sebastianbergmann/phpunit/commit/e5cda18b342c4e346d47c6e6cc5c51c0e681c8fd\"\u003e\u003ccode\u003ee5cda18\u003c/code\u003e\u003c/a\u003e Fix bad merge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sebastianbergmann/phpunit/commit/a8b932bd41c5a6d689b2751f1be68406c97ea55c\"\u003e\u003ccode\u003ea8b932b\u003c/code\u003e\u003c/a\u003e Merge branch '9.6' into 10.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sebastianbergmann/phpunit/commit/1cce5f3ac2eec234cc0ce2f90ab9d5b80b240bea\"\u003e\u003ccode\u003e1cce5f3\u003c/code\u003e\u003c/a\u003e Merge branch '8.5' into 9.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sebastianbergmann/phpunit/commit/3141742e00620e2968d3d2e732d320de76685fda\"\u003e\u003ccode\u003e3141742\u003c/code\u003e\u003c/a\u003e Do not run PHPT test when its temporary file for code coverage information ex...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sebastianbergmann/phpunit/commit/0b3170aaebeb461133937cfd92e5beb0348c0a2b\"\u003e\u003ccode\u003e0b3170a\u003c/code\u003e\u003c/a\u003e We do not need to unserialize() objects here\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sebastianbergmann/phpunit/compare/10.5.36...10.5.62\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `league/commonmark` from 2.5.3 to 2.8.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.8.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (\u003ca href=\"https://github.com/thephpleague/commonmark/security/advisories/GHSA-4v6x-c7xx-hw9f\"\u003eGHSA-4v6x-c7xx-hw9f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kocal\"\u003e\u003ccode\u003e@​Kocal\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1106\"\u003ethephpleague/commonmark#1106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/freost\"\u003e\u003ccode\u003e@​freost\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1107\"\u003ethephpleague/commonmark#1107\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.8.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded a new \u003ccode\u003eHighlightExtension\u003c/code\u003e for marking important text using \u003ccode\u003e==\u003c/code\u003e syntax (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1100\"\u003e#1100\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eAutolinkExtension\u003c/code\u003e incorrectly matching URLs after invalid \u003ccode\u003ewww.\u003c/code\u003e prefix (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1095\"\u003e#1095\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1103\"\u003e#1103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samwilson\"\u003e\u003ccode\u003e@​samwilson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1090\"\u003ethephpleague/commonmark#1090\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ossobuffo\"\u003e\u003ccode\u003e@​ossobuffo\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1100\"\u003ethephpleague/commonmark#1100\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.7.1...2.8.0\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.7.1...2.8.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.7.1\u003c/h2\u003e\n\u003ch2\u003eNotable Changes\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOptimized several regular expressions in \u003ccode\u003eRegexHelper\u003c/code\u003e to improve performance (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/674\"\u003e#674\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1086\"\u003e#1086\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eEmbedProcessor\u003c/code\u003e no longer calls \u003ccode\u003eupdateEmbeds()\u003c/code\u003e when there are no embeds to update (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed missing \u003ccode\u003ebenchmark.php\u003c/code\u003e CSV path validation for non-existent files (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1068\"\u003e#1068\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.8.1] - 2026-03-05\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (GHSA-4v6x-c7xx-hw9f)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.8.0] - 2025-11-26\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded a new \u003ccode\u003eHighlightExtension\u003c/code\u003e for marking important text using \u003ccode\u003e==\u003c/code\u003e syntax (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1100\"\u003e#1100\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eAutolinkExtension\u003c/code\u003e incorrectly matching URLs after invalid \u003ccode\u003ewww.\u003c/code\u003e prefix (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1095\"\u003e#1095\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1103\"\u003e#1103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.7.1] - 2025-07-20\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOptimized several regular expressions in \u003ccode\u003eRegexHelper\u003c/code\u003e to improve performance (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/674\"\u003e#674\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1086\"\u003e#1086\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eEmbedProcessor\u003c/code\u003e no longer calls \u003ccode\u003eupdateEmbeds()\u003c/code\u003e when there are no embeds to update (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed missing \u003ccode\u003ebenchmark.php\u003c/code\u003e CSV path validation for non-existent files (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1068\"\u003e#1068\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.7.0] - 2025-05-05\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address a potential cross-site scripting (XSS) vulnerability when using the \u003ccode\u003eAttributesExtension\u003c/code\u003e with untrusted user input.\u003c/p\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eattributes/allow\u003c/code\u003e config option to specify which attributes users are allowed to set on elements (default allows virtually all attributes)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eAttributesExtension\u003c/code\u003e blocks all attributes starting with \u003ccode\u003eon\u003c/code\u003e unless explicitly allowed via the \u003ccode\u003eattributes/allow\u003c/code\u003e config option\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eallow_unsafe_links\u003c/code\u003e option is now respected by the \u003ccode\u003eAttributesExtension\u003c/code\u003e when users specify \u003ccode\u003ehref\u003c/code\u003e and \u003ccode\u003esrc\u003c/code\u003e attributes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.6.2] - 2025-04-18\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Attributes extension parsing regression (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1071\"\u003e#1071\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.6.1] - 2024-12-29\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/84b1ca48347efdbe775426f108622a42735a6579\"\u003e\u003ccode\u003e84b1ca4\u003c/code\u003e\u003c/a\u003e Almost forgot this entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/bcf54f5a38cf8e42cca45248b04caba13317459f\"\u003e\u003ccode\u003ebcf54f5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/7a68ed1c6765bd2650fed6d9857985bdfe655c71\"\u003e\u003ccode\u003e7a68ed1\u003c/code\u003e\u003c/a\u003e Prepare to release 2.8.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/5c0c4c8fe5a31e8260be99e0afad7136a27c79e6\"\u003e\u003ccode\u003e5c0c4c8\u003c/code\u003e\u003c/a\u003e Fix DisallowedRawHtml bypass via newline/tab in tag names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/f6e74434dd1a91f195f80cb0184b746a4187272a\"\u003e\u003ccode\u003ef6e7443\u003c/code\u003e\u003c/a\u003e Add regression test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/0719b6744cc68bc8b037fb30db86b62ec370c557\"\u003e\u003ccode\u003e0719b67\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e from freost/fix-php85-deprecation-error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/63ff2e0b12742f379803b5f21aa6f5b50abcd412\"\u003e\u003ccode\u003e63ff2e0\u003c/code\u003e\u003c/a\u003e Fix PHP 8.5 deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/8608e9c006d9f44acf8d983b126a813bd8def780\"\u003e\u003ccode\u003e8608e9c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1106\"\u003e#1106\u003c/a\u003e from Kocal/patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.5.3...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nesbot/carbon` from 2.72.5 to 2.73.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/CarbonPHP/carbon/releases\"\u003enesbot/carbon's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.73.0\u003c/h2\u003e\n\u003cp\u003eComplete commits list: \u003ca href=\"https://github.com/briannesbitt/Carbon/compare/2.72.6...2.73.0\"\u003ehttps://github.com/briannesbitt/Carbon/compare/2.72.6...2.73.0\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eSummary:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport PHP 8.4 \u003ca href=\"https://redirect.github.com/CarbonPHP/carbon/pull/13\"\u003eCarbonPHP/carbon#13\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.72.6\u003c/h2\u003e\n\u003cp\u003eComplete commits list: \u003ca href=\"https://github.com/CarbonPHP/carbon/compare/2.72.5...2.72.6\"\u003ehttps://github.com/CarbonPHP/carbon/compare/2.72.5...2.72.6\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eSummary:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eValidate locale earlier\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CarbonPHP/carbon/commit/9228ce90e1035ff2f0db84b40ec2e023ed802075\"\u003e\u003ccode\u003e9228ce9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/CarbonPHP/carbon/issues/13\"\u003e#13\u003c/a\u003e from thecaliskan/2.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CarbonPHP/carbon/commit/142f0f5ca773f383e2868dfa0f7ea59c2ef1865f\"\u003e\u003ccode\u003e142f0f5\u003c/code\u003e\u003c/a\u003e changed CS rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CarbonPHP/carbon/commit/dc27804306d1197bc5f8f46f298acf13fa35ed7b\"\u003e\u003ccode\u003edc27804\u003c/code\u003e\u003c/a\u003e changed CS rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CarbonPHP/carbon/commit/8910c5114f60f2a918aa2d9ae2c14056dcb71e87\"\u003e\u003ccode\u003e8910c51\u003c/code\u003e\u003c/a\u003e changed expected result for PHP 8.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CarbonPHP/carbon/commit/d1e695f7b2daae2def15568f41b89391b86ef5e2\"\u003e\u003ccode\u003ed1e695f\u003c/code\u003e\u003c/a\u003e Added PHP 8.3 and PHP 8.4 test for laravel and removed PHP 8.4 lowest test ma...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CarbonPHP/carbon/commit/5dca8dc5fcd18b1e88206c16b2adeef055cea408\"\u003e\u003ccode\u003e5dca8dc\u003c/code\u003e\u003c/a\u003e Fixes for PHP 8.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CarbonPHP/carbon/commit/8c3e607078c363b4805a46511e73aa75c2bbebe2\"\u003e\u003ccode\u003e8c3e607\u003c/code\u003e\u003c/a\u003e Fixes for implicit nullability deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CarbonPHP/carbon/commit/5f4c750da3f2f18e39dbdbf9ba788f12ca361904\"\u003e\u003ccode\u003e5f4c750\u003c/code\u003e\u003c/a\u003e upgraded phpunit version on tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CarbonPHP/carbon/commit/a4932f3bb087a8dafaedaace90a2b6e9012ba828\"\u003e\u003ccode\u003ea4932f3\u003c/code\u003e\u003c/a\u003e Fixed CS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CarbonPHP/carbon/commit/d6f5afbe807670ae002f32c73c64b5c14ac00229\"\u003e\u003ccode\u003ed6f5afb\u003c/code\u003e\u003c/a\u003e Added PHP 8.4 support\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/CarbonPHP/carbon/compare/2.72.5...2.73.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `psy/psysh` from 0.12.4 to 0.12.23\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bobthecow/psysh/releases\"\u003epsy/psysh's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ePsySH v0.12.23\u003c/h2\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix interactive readline bracket matching inside interpolated strings. Fixes \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/930\"\u003e#930\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid infinite recursion in \u003ccode\u003eShellOutput\u003c/code\u003e write tracking (e.g. \u003ccode\u003eprint_r\u003c/code\u003e on an \u003ccode\u003eException\u003c/code\u003e with \u003ccode\u003ezend.exception_ignore_args = Off\u003c/code\u003e). Fixes \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/934\"\u003e#934\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude \u003ccode\u003e--warm-autoload\u003c/code\u003e in project trust restrictions\u003c/li\u003e\n\u003cli\u003eExclude Symfony Console DI components from the autoload warmer (they're an optional dependency and blow up when not installed)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUnder the hood\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTighter callable types throughout\u003c/li\u003e\n\u003cli\u003eAdded MediaWiki downstream smoke tests, updated to 8.3\u003c/li\u003e\n\u003cli\u003eFixed Drush downstream tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePsySH v0.12.22\u003c/h2\u003e\n\u003ch2\u003eRuntime config and clipboard support\u003c/h2\u003e\n\u003cp\u003ePsySH has a new \u003ccode\u003econfig\u003c/code\u003e command for inspecting and updating runtime-configurable settings during the current session. You can tweak things like \u003ccode\u003epager\u003c/code\u003e, \u003ccode\u003etheme\u003c/code\u003e, \u003ccode\u003everbosity\u003c/code\u003e, \u003ccode\u003euseSuggestions\u003c/code\u003e, \u003ccode\u003euseSyntaxHighlighting\u003c/code\u003e, \u003ccode\u003eclipboardCommand\u003c/code\u003e, and \u003ccode\u003esemicolonsSuppressReturn\u003c/code\u003e without restarting the shell. Fixes \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/361\"\u003e#361\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThere’s also a new \u003ccode\u003ecopy\u003c/code\u003e command for copying the last result (\u003ccode\u003e$_\u003c/code\u003e) or any expression to your clipboard. Works with system clipboard commands, or via OSC 52 for SSH and remote terminals.\u003c/p\u003e\n\u003cp\u003eConfigure with \u003ccode\u003eclipboardCommand\u003c/code\u003e or \u003ccode\u003euseOsc52Clipboard\u003c/code\u003e in your config.\u003c/p\u003e\n\u003ch2\u003eSemicolon-based return suppression\u003c/h2\u003e\n\u003cp\u003eOptionally suppress return values by ending a statement with \u003ccode\u003e;\u003c/code\u003e, similar to MATLAB/Octave behavior. Supports a \u003ccode\u003e'double'\u003c/code\u003e mode requiring \u003ccode\u003e;;\u003c/code\u003e for suppression (if \u003ccode\u003erequireSemicolons\u003c/code\u003e is also enabled, both \u003ccode\u003etrue\u003c/code\u003e and \u003ccode\u003e'double'\u003c/code\u003e require \u003ccode\u003e;;\u003c/code\u003e).\u003c/p\u003e\n\u003cpre lang=\"php\"\u003e\u003ccode\u003e'semicolonsSuppressReturn' =\u0026gt; true,\r\n'semicolonsSuppressReturn' =\u0026gt; 'double', // Always require ;; to suppress\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eOutput and exception display improvements\u003c/h2\u003e\n\u003cp\u003eStrings are now valid PHP!\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePsySH now preserves backslashes and other characters it previously mangled in a few cases. Fixes \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/351\"\u003e#351\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/568\"\u003e#568\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMultiline strings are rendered using heredoc-style output rather than triple-quoted strings \u003ccode\u003e\u0026quot;\u0026quot;\u0026quot;\u003c/code\u003e. The old format is available via \u003ccode\u003euseDeprecatedMultilineStrings\u003c/code\u003e until the next major release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProviding an \u003ccode\u003eexceptionDetails\u003c/code\u003e callback via config renders additional context about exceptions (e.g. validation errors) alongside the error message. Fixes \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/648\"\u003e#648\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eA few other improvements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMore consistent compact (and non-compact) output spacing.\u003c/li\u003e\n\u003cli\u003eResponsive \u003ccode\u003ehelp\u003c/code\u003e layout adapts to terminal width.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBetter completion for everyone\u003c/h2\u003e\n\u003cp\u003eLegacy readline now shares PsySH’s newer completion engine, which brings much better parity between ext-readline/libedit and experimental interactive readline. Command argument completion, better multiline buffering, and a handful of command-dispatch edge cases now work much more consistently outside experimental readline too.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/4dcc0f08047d52bbde475eda481146fd8e27e1a4\"\u003e\u003ccode\u003e4dcc0f0\u003c/code\u003e\u003c/a\u003e Merge branch 'release/v0.12.23'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/e70ea1a49f035d71428c4366c8a148bc1deb372f\"\u003e\u003ccode\u003ee70ea1a\u003c/code\u003e\u003c/a\u003e Bump to v0.12.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/961a5542422b60137ea47be409e69b761735d242\"\u003e\u003ccode\u003e961a554\u003c/code\u003e\u003c/a\u003e Bump composer/class-map-generator from 1.7.2 to 1.7.3 in /build\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/901a8225f6591e939dd322e06e393c06c1badc05\"\u003e\u003ccode\u003e901a822\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 6.0.0 to 6.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/f1dea55169d8b02902437595a51651f5b044c59d\"\u003e\u003ccode\u003ef1dea55\u003c/code\u003e\u003c/a\u003e Bump shivammathur/setup-php from 2.37.0 to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/77c2c06fbd40531d3e0a4080fa6d436411125eef\"\u003e\u003ccode\u003e77c2c06\u003c/code\u003e\u003c/a\u003e Fix drush downstream tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/a6a4cddcbef208c44fffbd27b5893f34a50d15ea\"\u003e\u003ccode\u003ea6a4cdd\u003c/code\u003e\u003c/a\u003e Track ShellOutput writes without listener\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/316df3b9ee2ff9baeb1e3e36968e4c86d9db3133\"\u003e\u003ccode\u003e316df3b\u003c/code\u003e\u003c/a\u003e Bump symfony/polyfill-mbstring from 1.33.0 to 1.37.0 in /build\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/d828ff92e07a743e0a355799cea0722db19b2cd6\"\u003e\u003ccode\u003ed828ff9\u003c/code\u003e\u003c/a\u003e Bump symfony/polyfill-iconv from 1.36.0 to 1.37.0 in /build\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/ced60861f07b42d7670da8f6bd244f003df73ef6\"\u003e\u003ccode\u003eced6086\u003c/code\u003e\u003c/a\u003e Fix interactive readline bracket matching in interpolated strings\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/bobthecow/psysh/compare/v0.12.4...v0.12.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `symfony/http-foundation` from 6.4.12 to 6.4.41\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/http-foundation/releases\"\u003esymfony/http-foundation's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.41\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v6.4.35...v6.4.41\"\u003ehttps://github.com/symfony/http-foundation/compare/v6.4.35...v6.4.41\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity #cve-2026-48736  Block IPv6 transition forms in IpUtils::PRIVATE_SUBNETS (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.35\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v6.4.34...v6.4.35\"\u003ehttps://github.com/symfony/http-foundation/compare/v6.4.34...v6.4.35\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63603\"\u003e#63603\u003c/a\u003e  Fix session cookie_lifetime not applied in mock session storage (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.34\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v6.4.33...v6.4.34\"\u003ehttps://github.com/symfony/http-foundation/compare/v6.4.33...v6.4.34\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63448\"\u003e#63448\u003c/a\u003e  Handle empty session data in updateTimestamp() to fix compat with PHP 8.6 (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63319\"\u003e#63319\u003c/a\u003e  BinaryFileResponse: always return 206 if Range is valid (\u003ca href=\"https://github.com/Jimbolino\"\u003e\u003ccode\u003e@​Jimbolino\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63262\"\u003e#63262\u003c/a\u003e  Reject invalid paths (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/54304\"\u003e#54304\u003c/a\u003e  When calling UploadedFile::getErrorMessage() to a file which has no error and is uploaded successfully, it should not return an error (\u003ca href=\"https://github.com/ArmCyber\"\u003e\u003ccode\u003e@​ArmCyber\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63230\"\u003e#63230\u003c/a\u003e  fix engine declaration on mysql pdo table creations (\u003ca href=\"https://github.com/tandev\"\u003e\u003ccode\u003e@​tandev\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.33\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v6.4.32...v6.4.33\"\u003ehttps://github.com/symfony/http-foundation/compare/v6.4.32...v6.4.33\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63137\"\u003e#63137\u003c/a\u003e  Fix PdoSessionHandler charset-collation mismatch with the Doctrine DBAL (\u003ca href=\"https://github.com/samy-mahmoudi\"\u003e\u003ccode\u003e@​samy-mahmoudi\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.32\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v6.4.31...v6.4.32\"\u003ehttps://github.com/symfony/http-foundation/compare/v6.4.31...v6.4.32\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63012\"\u003e#63012\u003c/a\u003e  Fix double-prefixing of session keys when using redis/memcached (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.31\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v6.4.30...v6.4.31\"\u003ehttps://github.com/symfony/http-foundation/compare/v6.4.30...v6.4.31\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62799\"\u003esymfony/symfony#62799\u003c/a\u003e [Cache][HttpFoundation] Fix VARBINARY columns on sqlsrv (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.30\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v6.4.29...v6.4.30\"\u003ehttps://github.com/symfony/http-foundation/compare/v6.4.29...v6.4.30\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62287\"\u003esymfony/symfony#62287\u003c/a\u003e [HttpFoundation] Fix AcceptHeader overwrites items with different parameters (\u003ca href=\"https://github.com/yoeunes\"\u003e\u003ccode\u003e@​yoeunes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.29\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v6.4.28...v6.4.29\"\u003ehttps://github.com/symfony/http-foundation/compare/v6.4.28...v6.4.29\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v6.4.27...v6.4.28\"\u003ehttps://github.com/symfony/http-foundation/compare/v6.4.27...v6.4.28\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62324\"\u003esymfony/symfony#62324\u003c/a\u003e [HttpFoundation] Fix parsing hosts and schemes in URLs (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62246\"\u003esymfony/symfony#62246\u003c/a\u003e [HttpFoundation] Allow Request::setFormat() to override predefined formats (\u003ca href=\"https://github.com/longwave\"\u003e\u003ccode\u003e@​longwave\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/48d76c29a67a301e0f7779a512bf76417395ffef\"\u003e\u003ccode\u003e48d76c2\u003c/code\u003e\u003c/a\u003e security #cve-2026-48736 [HttpFoundation] Block IPv6 transition forms in IpUt...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/10d5daa7a22d64037a4bd5195d387ecc0d2c5b3c\"\u003e\u003ccode\u003e10d5daa\u003c/code\u003e\u003c/a\u003e [HttpFoundation] Fix tests for PHP 8.6: session.cookie_samesite=Lax\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/3ebc78a9507545259ec5c71afdc49d4c452e3eda\"\u003e\u003ccode\u003e3ebc78a\u003c/code\u003e\u003c/a\u003e [HttpFoundation] Block IPv6 transition forms in IpUtils::PRIVATE_SUBNETS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/5402ad19bef111ffdd076d33d87bd400c0c38243\"\u003e\u003ccode\u003e5402ad1\u003c/code\u003e\u003c/a\u003e Remove wrong documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/92eeee6f81feb0ea2d5dce2fe17819f4004f8716\"\u003e\u003ccode\u003e92eeee6\u003c/code\u003e\u003c/a\u003e CS fixes - native_function_invocation \u0026amp; static_lambda\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/cffffd0a2c037117b742b4f8b379a22a2a33f6d2\"\u003e\u003ccode\u003ecffffd0\u003c/code\u003e\u003c/a\u003e [HttpFoundation] Fix session cookie_lifetime not applied in mock session storage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/5bb346d1b4b2a616e5c3d99b3ee4d5810735c535\"\u003e\u003ccode\u003e5bb346d\u003c/code\u003e\u003c/a\u003e [HttpFoundation] Handle empty session data in updateTimestamp() to fix compat...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/31b030e12f6662a7016add28fe29b70327dacf86\"\u003e\u003ccode\u003e31b030e\u003c/code\u003e\u003c/a\u003e stop using with*() without expects()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/31e2a27d480546f031bd4fc6f1ec8a7abdd62bb1\"\u003e\u003ccode\u003e31e2a27\u003c/code\u003e\u003c/a\u003e BinaryFileResponse: always return 206 if Range is valid\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/2ed100bf25d94ac1b28d71cc66050219d4caa97d\"\u003e\u003ccode\u003e2ed100b\u003c/code\u003e\u003c/a\u003e [HttpFoundation] Reject invalid paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/symfony/http-foundation/compare/v6.4.12...v6.4.41\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `symfony/mailer` from 6.4.12 to 6.4.40\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/mailer/releases\"\u003esymfony/mailer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.40\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v6.4.31...v6.4.40\"\u003ehttps://github.com/symfony/mailer/compare/v6.4.31...v6.4.40\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity #cve-2026-45068  Add end-of-options separator before recipients in SendmailTransport; reject addresses starting with a dash (\u003ca href=\"https://github.com/alexandre-daubois\"\u003e\u003ccode\u003e@​alexandre-daubois\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.34\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v6.4.33...v6.4.34\"\u003ehttps://github.com/symfony/mailer/compare/v6.4.33...v6.4.34\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/mailer/issues/63278\"\u003e#63278\u003c/a\u003e  Fix Mailjet SMTP relay X-MJ-TemplateErrorReporting header format to MailjetApiTransport (\u003ca href=\"https://github.com/mwijngaard\"\u003e\u003ccode\u003e@​mwijngaard\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.31\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v6.4.30...v6.4.31\"\u003ehttps://github.com/symfony/mailer/compare/v6.4.30...v6.4.31\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62756\"\u003esymfony/symfony#62756\u003c/a\u003e [Mailer] do not use PHPUnit mock objects without configured expectations (\u003ca href=\"https://github.com/xabbuh\"\u003e\u003ccode\u003e@​xabbuh\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v6.4.26...v6.4.27\"\u003ehttps://github.com/symfony/mailer/compare/v6.4.26...v6.4.27\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62145\"\u003esymfony/symfony#62145\u003c/a\u003e [Mailer] Fix parsing message ids in SMTP responses (\u003ca href=\"https://github.com/hacfi\"\u003e\u003ccode\u003e@​hacfi\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61876\"\u003esymfony/symfony#61876\u003c/a\u003e [Mailer][MailJet] Fix forbidden headers case-sensitive comparison (\u003ca href=\"https://github.com/benjamintoussaint\"\u003e\u003ccode\u003e@​benjamintoussaint\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v6.4.25...v6.4.26\"\u003ehttps://github.com/symfony/mailer/compare/v6.4.25...v6.4.26\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61727\"\u003esymfony/symfony#61727\u003c/a\u003e  Replace __sleep/wakeup() by __(un)serialize() for throwing and internal usages (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v6.4.24...v6.4.25\"\u003ehttps://github.com/symfony/mailer/compare/v6.4.24...v6.4.25\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61402\"\u003esymfony/symfony#61402\u003c/a\u003e  Remove calls to deprecated methods of SplObjectStorage (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.24\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v6.4.23...v6.4.24\"\u003ehttps://github.com/symfony/mailer/compare/v6.4.23...v6.4.24\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61223\"\u003esymfony/symfony#61223\u003c/a\u003e [Mailer][Brevo] Update Webhook IPs (\u003ca href=\"https://github.com/jarbey\"\u003e\u003ccode\u003e@​jarbey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61106\"\u003esymfony/symfony#61106\u003c/a\u003e Fix \u003ccode\u003e@var\u003c/code\u003e phpdoc (\u003ca href=\"https://github.com/fabpot\"\u003e\u003ccode\u003e@​fabpot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61062\"\u003esymfony/symfony#61062\u003c/a\u003e [Brevo Mailer] Webhook IP Addresses have changed (\u003ca href=\"https://github.com/richardhj\"\u003e\u003ccode\u003e@​richardhj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.23\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v6.4.22...v6.4.23\"\u003ehttps://github.com/symfony/mailer/compare/v6.4.22...v6.4.23\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/60914\"\u003esymfony/symfony#60914\u003c/a\u003e [Console] Fix command option mode (InputOption::VALUE_REQUIRED) (\u003ca href=\"https://github.com/gharlan\"\u003e\u003ccode\u003e@​gharlan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/60772\"\u003esymfony/symfony#60772\u003c/a\u003e [Mailer] [Transport] Send clone of \u003ccode\u003eRawMessage\u003c/code\u003e instance in \u003ccode\u003eRoundRobinTransport\u003c/code\u003e (\u003ca href=\"https://github.com/jnoordsij\"\u003e\u003ccode\u003e@​jnoordsij\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/60640\"\u003esymfony/symfony#60640\u003c/a\u003e [Mailer] use STARTTLS for SMTP with MailerSend (\u003ca href=\"https://github.com/xabbuh\"\u003e\u003ccode\u003e@​xabbuh\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.21\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v6.4.20...v6.4.21\"\u003ehttps://github.com/symfony/mailer/compare/v6.4.20...v6.4.21\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/60256\"\u003esymfony/symfony#60256\u003c/a\u003e [Mailer][Postmark] drop the \u003ccode\u003eDate\u003c/code\u003e header using the API transport (\u003ca href=\"https://github.com/xabbuh\"\u003e\u003ccode\u003e@​xabbuh\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/60057\"\u003esymfony/symfony#60057\u003c/a\u003e [Mailer] Fix \u003ccode\u003eTrying to access array offset on value of type null\u003c/code\u003e error by adding null checking (\u003ca href=\"https://github.com/khushaalan\"\u003e\u003ccode\u003e@​khushaalan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/94fd44f3052e02340b0dd4447a7d7a5856e32da2\"\u003e\u003ccode\u003e94fd44f\u003c/code\u003e\u003c/a\u003e Merge branch '5.4' into 6.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/5b5385bc21c3549a80abc1353ccf8eb0b6861c61\"\u003e\u003ccode\u003e5b5385b\u003c/code\u003e\u003c/a\u003e [Mailer] Add end-of-options separator before recipients in SendmailTransport;...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/602519c3466621897c556125dbf644ec8dde2b38\"\u003e\u003ccode\u003e602519c\u003c/code\u003e\u003c/a\u003e PHP CS Fixer: backports changes toward 6.4 branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/a2918c6f34e601472ee891b517ab223e216ca5a3\"\u003e\u003ccode\u003ea2918c6\u003c/code\u003e\u003c/a\u003e CS fixes - native_function_invocation \u0026amp; static_lambda\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/d56a83b4ba1de6375d0745de9299daf078426fd1\"\u003e\u003ccode\u003ed56a83b\u003c/code\u003e\u003c/a\u003e [CS] Back config from 8.1 and apply heredoc_indentation rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/01b846f48e53ee4096692a383637a1fa4d577301\"\u003e\u003ccode\u003e01b846f\u003c/code\u003e\u003c/a\u003e [Mailer] Clarify the purpose of SentMessage's \u0026quot;message id\u0026quot; concept\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/8835f93333474780fda1b987cae37e33c3e026ca\"\u003e\u003ccode\u003e8835f93\u003c/code\u003e\u003c/a\u003e do not use PHPUnit mock objects without configured expectations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/2f096718ed718996551f66e3a24e12b2ed027f95\"\u003e\u003ccode\u003e2f09671\u003c/code\u003e\u003c/a\u003e [Mailer] Relax regexp to parse message ids\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/39d50fa744bbddc7bf2ede95573aa4da705fc1a9\"\u003e\u003ccode\u003e39d50fa\u003c/code\u003e\u003c/a\u003e [Mailer] Fix parsing message ids in SMTP responses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/012185cd31689b799d39505bd706be6d3a57cd3f\"\u003e\u003ccode\u003e012185c\u003c/code\u003e\u003c/a\u003e Replace __sleep/wakeup() by __(un)serialize() for throwing and internal usages\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/symfony/mailer/compare/v6.4.12...v6.4.40\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `symfony/mime` from 6.4.12 to 6.4.41\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/mime/releases\"\u003esymfony/mime's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.41\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mime/compare/v6.4.40...v6.4.41\"\u003ehttps://github.com/symfony/mime/compare/v6.4.40...v6.4.41\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/mime/issues/64343\"\u003e#64343\u003c/a\u003e  Harden __unserialize against __toString trampolines (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.40\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mime/compare/v6.4.37...v6.4.40\"\u003ehttps://github.com/symfony/mime/compare/v6.4.37...v6.4.40\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity #cve-2026-45067  Reject email addresses containing line breaks in Address (\u003ca href=\"https://github.com/alexandre-daubois\"\u003e\u003ccode\u003e@​alexandre-daubois\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.37\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mime/compare/v6.4.36...v6.4.37\"\u003ehttps://github.com/symfony/mime/compare/v6.4.36...v6.4.37\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/mime/issues/64047\"\u003e#64047\u003c/a\u003e  Preserve inline part filename instead of overwriting it with the Content-ID (\u003ca href=\"https://github.com/ousamabenyounes\"\u003e\u003ccode\u003e@​ousamabenyounes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/mime/issues/64044\"\u003e#64044\u003c/a\u003e  Apply tagged MIME type guessers in File::getMimeType() (\u003ca href=\"https://github.com/ousamabenyounes\"\u003e\u003ccode\u003e@​ousamabenyounes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.36\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mime/compare/v6.4.35...v6.4.36\"\u003ehttps://github.com/symfony/mime/compare/v6.4.35...v6.4.36\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/mime/issues/63683\"\u003e#63683\u003c/a\u003e  Fix image method to use DataPart content ID (\u003ca href=\"https://github.com/pavelwitassek\"\u003e\u003ccode\u003e@​pavelwitassek\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.35\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mime/compare/v6.4.34...v6.4.35\"\u003ehttps://github.com/symfony/mime/compare/v6.4.34...v6.4.35\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/mime/issues/63584\"\u003e#63584\u003c/a\u003e  Use shell_exec() instead of passthru() in FileBinaryMimeTypeGuesser (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.34\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mime/compare/v6.4.33...v6.4.34\"\u003ehttps://github.com/symfony/mime/compare/v6.4.33...v6.4.34\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.32\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mime/compare/v6.4.31...v6.4.32\"\u003ehttps://github.com/symfony/mime/compare/v6.4.31...v6.4.32\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.30\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mime/compare/v6.4.29...v6.4.30\"\u003ehttps://github.com/symfony/mime/compare/v6.4.29...v6.4.30\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mime/compare/v6.4.25...v6.4.26\"\u003ehttps://github.com/symfony/mime/compare/v6.4.25...v6.4.26\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61766\"\u003esymfony/symfony#61766\u003c/a\u003e  Fix ord()-related PHP 8.5 deprecations (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61727\"\u003esymfony/symfony#61727\u003c/a\u003e  Replace __sleep/wakeup() by __(un)serialize() for throwing and internal usages (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.24\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mime/compare/v6.4.23...v6.4.24\"\u003ehttps://github.com/symfony/mime/compare/v6.4.23...v6.4.24\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mime/commit/5575d37f8841e4e31d5df79ab3db078ae557ff8e\"\u003e\u003ccode\u003e5575d37\u003c/code\u003e\u003c/a\u003e [Routing][RateLimiter][Mime][Security] Harden __unserialize against __toStrin...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mime/commit/7ccfb0cc6ff707ac9ca34b6ddab0bc6187436cbe\"\u003e\u003ccode\u003e7ccfb0c\u003c/code\u003e\u003c/a\u003e Merge branch '5.4' into 6.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mime/commit/8f89d3a319b92486b0bcc43c0479d19fdb0e2f64\"\u003e\u003ccode\u003e8f89d3a\u003c/code\u003e\u003c/a\u003e [Mime] Reject email addresses containing line breaks in Address\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mime/commit/f2f05cbae7ac01c045330d168fc655580916ac1f\"\u003e\u003ccode\u003ef2f05cb\u003c/code\u003e\u003c/a\u003e [Mime] Fix transient test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mime/commit/330077bc7fbe314758aff62834b758d06ac6d260\"\u003e\u003ccode\u003e330077b\u003c/code\u003e\u003c/a\u003e bug \u003ca href=\"https://redirect.github.com/symfony/mime/issues/64047\"\u003e#64047\u003c/a\u003e [Mime] Preserve inline part filename instead of overwriting it wit...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mime/commit/4c7099f8d130a575c1f179191df261856e26ee1b\"\u003e\u003ccode\u003e4c7099f\u003c/code\u003e\u003c/a\u003e [Mime] Preserve inline part filename instead of overwriting it with the Conte...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mime/commit/e2ae51ddb09ddeadd3c711e30b365b670e1794bc\"\u003e\u003ccode\u003ee2ae51d\u003c/code\u003e\u003c/a\u003e [FrameworkBundle] Apply tagged MIME type guessers in File::getMimeType()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mime/commit/3d4867881cef7ebb42e2e8846e09053472edf9b3\"\u003e\u003ccode\u003e3d48678\u003c/code\u003e\u003c/a\u003e More CS fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mime/commit/05099f572e09a71bd5adb7ad9fab4b5aadcf5481\"\u003e\u003ccode\u003e05099f5\u003c/code\u003e\u003c/a\u003e CS fixes - native_function_invocation \u0026amp; static_lambda\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mime/commit/f56fd2b0a89486fd3c8e44770919656988add0fb\"\u003e\u003ccode\u003ef56fd2b\u003c/code\u003e\u003c/a\u003e [CS] Back config from 8.1 and apply heredoc_indentation rule\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/symfony/mime/compare/v6.4.12...v6.4.41\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `symfony/process` from 6.4.12 to 6.4.41\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/process/releases\"\u003esymfony/process's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.41\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v6.4.39...v6.4.41\"\u003ehttps://github.com/symfony/process/compare/v6.4.39...v6.4.41\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/process/issues/64347\"\u003e#64347\u003c/a\u003e  Stop leaking CGI/FastCGI request-context vars to subprocesses (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.39\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v6.4.33...v6.4.39\"\u003ehttps://github.com/symfony/process/compare/v6.4.33...v6.4.39\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/process/issues/64058\"\u003e#64058\u003c/a\u003e  Ignore array env values before proc_open (\u003ca href=\"https://github.com/dionisvl\"\u003e\u003ccode\u003e@​dionisvl\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.33\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v6.4.32...v6.4.33\"\u003ehttps://github.com/symfony/process/compare/v6.4.32...v6.4.33\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity #cve-2026-24739  Fix escaping for MSYS on Windows (nicolas-grekas)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/process/issues/63164\"\u003e#63164\u003c/a\u003e  Fix escaping for MSYS on Windows (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.32\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v6.4.31...v6.4.32\"\u003ehttps://github.com/symfony/process/compare/v6.4.31...v6.4.32\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/process/issues/63004\"\u003e#63004\u003c/a\u003e  Ignore invalid env var names (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.31\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v6.4.30...v6.4.31\"\u003ehttps://github.com/symfony/process/compare/v6.4.30...v6.4.31\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62775\"\u003esymfony/symfony#62775\u003c/a\u003e [Process] Fix dealing with broken stdin pipes (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v6.4.25...v6.4.26\"\u003ehttps://github.com/symfony/process/compare/v6.4.25...v6.4.26\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61727\"\u003esymfony/symfony#61727\u003c/a\u003e  Replace __sleep/wakeup() by __(un)serialize() for throwing and internal usages (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v6.4.24...v6.4.25\"\u003ehttps://github.com/symfony/process/compare/v6.4.24...v6.4.25\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61401\"\u003esymfony/symfony#61401\u003c/a\u003e [Process] Enhance hasSystemCallBeenInterrupted function for non-english locale (\u003ca href=\"https://github.com/christianseel\"\u003e\u003ccode\u003e@​christianseel\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.24\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v6.4.23...v6.4.24\"\u003ehttps://github.com/symfony/process/compare/v6.4.23...v6.4.24\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.20\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v6.4.19...v6.4.20\"\u003ehttps://github.com/symfony/process/compare/v6.4.19...v6.4.20\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/59949\"\u003esymfony/symfony#59949\u003c/a\u003e [Process] Use a pipe for stderr in pty mode to avoid mixed output between stdout and stderr (\u003ca href=\"https://github.com/joelwurtz\"\u003e\u003ccode\u003e@​joelwurtz\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.19\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v6.4.18...v6.4.19\"\u003ehttps://github.com/symfony/process/compare/v6.4.18...v6.4.19\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/c8fc09bdfe9fde9aaa89b415a4477feaccec16a7\"\u003e\u003ccode\u003ec8fc09b\u003c/code\u003e\u003c/a\u003e [Process] Stop leaking CGI/FastCGI request-context vars to subprocesses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/6c93071cb8c91dce5a41960d125e019e64ef6cb5\"\u003e\u003ccode\u003e6c93071\u003c/code\u003e\u003c/a\u003e [Process] Ignore array env values before proc_open\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/7b8e6e883ecdb0d9295cde593081afe8805207c3\"\u003e\u003ccode\u003e7b8e6e8\u003c/code\u003e\u003c/a\u003e More CS fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/57313310a02ecd61cff81ca37baec68af4dd743f\"\u003e\u003ccode\u003e5731331\u003c/code\u003e\u003c/a\u003e CS fixes - native_function_invocation \u0026amp; static_lambda\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/736ed5259a08c4c503e56dbea9f1ef709f290892\"\u003e\u003ccode\u003e736ed52\u003c/code\u003e\u003c/a\u003e [CS] Back config from 8.1 and apply heredoc_indentation rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/c46e854e79b52d07666e43924a20cb6dc546644e\"\u003e\u003ccode\u003ec46e854\u003c/code\u003e\u003c/a\u003e [Process] Fix escaping for MSYS on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/c593135be689b21e6164b1e8f6f5dbf1506b065c\"\u003e\u003ccode\u003ec593135\u003c/code\u003e\u003c/a\u003e [Process] Adjust Process mustRun method phpdoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/e579464d74525bf5eca45cbc984126a461879c3e\"\u003e\u003ccode\u003ee579464\u003c/code\u003e\u003c/a\u003e [Process] Ignore invalid env var names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/8541b7308fca001320e90bca8a73a28aa5604a6e\"\u003e\u003ccode\u003e8541b73\u003c/code\u003e\u003c/a\u003e [Process] Fix dealing with broken stdin pipes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/48bad913268c8cafabbf7034b39c8bb24fbc5ab8\"\u003e\u003ccode\u003e48bad91\u003c/code\u003e\u003c/a\u003e Replace __sleep/wakeup() by __(un)serialize() for throwing and internal usages\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/symfony/process/compare/v6.4.12...v6.4.41\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `symfony/routing` from 6.4.12 to 6.4.41\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/routing/releases\"\u003esymfony/routing's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.41\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v6.4.40...v6.4.41\"\u003ehttps://github.com/symfony/routing/compare/v6.4.40...v6.4.41\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity #cve-2026-48784  Fix dot-segment encoding for chained \u0026quot;../\u0026quot; and \u0026quot;./\u0026quot; in generated URLs (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/routing/issues/64343\"\u003e#64343\u003c/a\u003e  Harden __unserialize against __toString trampolines (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.40\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v6.4.37...v6.4.40\"\u003ehttps://github.com/symfony/routing/compare/v6.4.37...v6.4.40\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity #cve-2026-45065  Fix regex alternation anchoring in \u003ccode\u003eUrlGenerator\u003c/code\u003e requirement validation (\u003ca href=\"https://github.com/alexandre-daubois\"\u003e\u003ccode\u003e@​alexandre-daubois\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.37\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v6.4.34...v6.4.37\"\u003ehttps://github.com/symfony/routing/compare/v6.4.34...v6.4.37\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/routing/issues/63981\"\u003e#63981\u003c/a\u003e  Honor the Request's method in UrlMatcher::matchRequest() (\u003ca href=\"https://github.com/ousamabenyounes\"\u003e\u003ccode\u003e@​ousamabenyounes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.34\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v6.4.33...v6.4.34\"\u003ehttps://github.com/symfony/routing/compare/v6.4.33...v6.4.34\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/routing/issues/54236\"\u003e#54236\u003c/a\u003e  Fix exclude option being ignored for non-glob and PSR-4 resources (\u003ca href=\"https://github.com/NeilPeyssard\"\u003e\u003ccode\u003e@​NeilPeyssard\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.32\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v6.4.31...v6.4.32\"\u003ehttps://github.com/symfony/routing/compare/v6.4.31...v6.4.32\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.30\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v6.4.29...v6.4.30\"\u003ehttps://github.com/symfony/routing/compare/v6.4.29...v6.4.30\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62459\"\u003esymfony/symfony#62459\u003c/a\u003e [Routing] Fix case sensitivity for static host matching in compiled routes (\u003ca href=\"https://github.com/yoeunes\"\u003e\u003ccode\u003e@​yoeunes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62461\"\u003esymfony/symfony#62461\u003c/a\u003e [Routing] Fix localized prefix updates breaking aliases (\u003ca href=\"https://github.com/yoeunes\"\u003e\u003ccode\u003e@​yoeunes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62460\"\u003esymfony/symfony#62460\u003c/a\u003e [Routing] Fix addNamePrefix breaking aliases to external routes (\u003ca href=\"https://github.com/yoeunes\"\u003e\u003ccode\u003e@​yoeunes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v6.4.27...v6.4.28\"\u003ehttps://github.com/symfony/routing/compare/v6.4.27...v6.4.28\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62290\"\u003esymfony/symfony#62290\u003c/a\u003e [Routing] Fix matching the \u0026quot;0\u0026quot; URL (\u003ca href=\"https://github.com/cs278\"\u003e\u003ccode\u003e@​cs278\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v6.4.25...v6.4.26\"\u003ehttps://github.com/symfony/routing/compare/v6.4.25...v6.4.26\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61727\"\u003esymfony/symfony#61727\u003c/a\u003e  Replace __sleep/wakeup() by __(un)serialize() for throwing and internal usages (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.24\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v6.4.23...v6.4.24\"\u003ehttps://github.com/symfony/routing/compare/v6.4.23...v6.4.24\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.22\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v6.4.21...v6.4.22\"\u003ehttps://github.com/symfony/routing/compare/v6.4.21...v6.4.22\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/af04c79671fd8df0805a44c83fa2b0ba56c8329e\"\u003e\u003ccode\u003eaf04c79\u003c/code\u003e\u003c/a\u003e Merge branch '5.4' into 6.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/be4ce34035aa79b8bc3ba1a7d1694435a216f68b\"\u003e\u003ccode\u003ebe4ce34\u003c/code\u003e\u003c/a\u003e [Routing][RateLimiter][Mime][Security] Harden __unserialize against __toStrin...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/f4ca0c533854c26e3b27e981da760807f89e1a42\"\u003e\u003ccode\u003ef4ca0c5\u003c/code\u003e\u003c/a\u003e [Routing] Fix dot-segment encoding for chained \u0026quot;../\u0026quot; and \u0026quot;./\u0026quot; in generated URLs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/0cd0d2fb05382c95dff6b33c51a7c96cbdbc136d\"\u003e\u003ccode\u003e0cd0d2f\u003c/code\u003e\u003c/a\u003e Merge branch '5.4' into 6.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/48035d186798d27d375d95aad37db8fe097e4048\"\u003e\u003ccode\u003e48035d1\u003c/code\u003e\u003c/a\u003e [Routing] Honor the Request's method in UrlMatcher::matchRequest()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/275b31328b2e58cab004be0cf086380e2a5c5ee7\"\u003e\u003ccode\u003e275b313\u003c/code\u003e\u003c/a\u003e [Routing] Fix regex alternation anchoring in UrlGenerator requirement validation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/1425c2c2c11c5499c3415035c746d7918661a76e\"\u003e\u003ccode\u003e1425c2c\u003c/code\u003e\u003c/a\u003e More CS fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/883d14018234cc6f293faff5e3fd0d3d9b6bc2fb\"\u003e\u003ccode\u003e883d140\u003c/code\u003e\u003c/a\u003e CS fixes - native_function_invocation \u0026amp; static_lambda\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/4bcf92a7914e1253ccece9502678a4154a25e14a\"\u003e\u003ccode\u003e4bcf92a\u003c/code\u003e\u003c/a\u003e [CS] Back config from 8.1 and apply heredoc_indentation rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/5ab3a3e1a03535ec5ca6ce2d39e4369a1096ae47\"\u003e\u003ccode\u003e5ab3a3e\u003c/code\u003e\u003c/a\u003e [Config][Routing] Fix exclude option being ignored for non-glob and PSR-4 res...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/symfony/routing/compare/v6.4.12...v6.4.41\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/yanis-Ramssamy/GestionEcole/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/yanis-Ramssamy/GestionEcole/pull/8","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/yanis-Ramssamy%2FGestionEcole/issues/8","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8/packages"},{"uuid":"4536539250","node_id":"PR_kwDOSB1VTc7gCNSY","number":40,"state":"closed","title":"Bump the composer group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-27T23:50:49.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-27T23:48:43.000Z","updated_at":"2026-05-27T23:50:51.000Z","time_to_close":126,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"composer","update_count":6,"packages":[{"name":"league/commonmark","old_version":"2.6.1","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"},{"name":"psy/psysh","old_version":"0.12.8","new_version":"0.12.23","repository_url":"https://github.com/bobthecow/psysh"},{"name":"symfony/http-foundation","old_version":"7.2.5","new_version":"7.4.13","repository_url":"https://github.com/symfony/http-foundation"},{"name":"symfony/mailer","old_version":"7.2.3","new_version":"7.4.12","repository_url":"https://github.com/symfony/mailer"},{"name":"symfony/routing","old_version":"7.2.3","new_version":"7.4.13","repository_url":"https://github.com/symfony/routing"},{"name":"symfony/yaml","old_version":"7.2.5","new_version":"7.4.13","repository_url":"https://github.com/symfony/yaml"}],"path":null,"ecosystem":"packagist"},"body":"Bumps the composer group with 6 updates in the /laravel-inertia directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [league/commonmark](https://github.com/thephpleague/commonmark) | `2.6.1` | `2.8.2` |\n| [psy/psysh](https://github.com/bobthecow/psysh) | `0.12.8` | `0.12.23` |\n| [symfony/http-foundation](https://github.com/symfony/http-foundation) | `7.2.5` | `7.4.13` |\n| [symfony/mailer](https://github.com/symfony/mailer) | `7.2.3` | `7.4.12` |\n| [symfony/routing](https://github.com/symfony/routing) | `7.2.3` | `7.4.13` |\n| [symfony/yaml](https://github.com/symfony/yaml) | `7.2.5` | `7.4.13` |\n\n\nUpdates `league/commonmark` from 2.6.1 to 2.8.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.8.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (\u003ca href=\"https://github.com/thephpleague/commonmark/security/advisories/GHSA-4v6x-c7xx-hw9f\"\u003eGHSA-4v6x-c7xx-hw9f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kocal\"\u003e\u003ccode\u003e@​Kocal\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1106\"\u003ethephpleague/commonmark#1106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/freost\"\u003e\u003ccode\u003e@​freost\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1107\"\u003ethephpleague/commonmark#1107\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.8.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded a new \u003ccode\u003eHighlightExtension\u003c/code\u003e for marking important text using \u003ccode\u003e==\u003c/code\u003e syntax (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1100\"\u003e#1100\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eAutolinkExtension\u003c/code\u003e incorrectly matching URLs after invalid \u003ccode\u003ewww.\u003c/code\u003e prefix (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1095\"\u003e#1095\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1103\"\u003e#1103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samwilson\"\u003e\u003ccode\u003e@​samwilson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1090\"\u003ethephpleague/commonmark#1090\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ossobuffo\"\u003e\u003ccode\u003e@​ossobuffo\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1100\"\u003ethephpleague/commonmark#1100\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.7.1...2.8.0\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.7.1...2.8.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.7.1\u003c/h2\u003e\n\u003ch2\u003eNotable Changes\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOptimized several regular expressions in \u003ccode\u003eRegexHelper\u003c/code\u003e to improve performance (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/674\"\u003e#674\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1086\"\u003e#1086\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eEmbedProcessor\u003c/code\u003e no longer calls \u003ccode\u003eupdateEmbeds()\u003c/code\u003e when there are no embeds to update (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed missing \u003ccode\u003ebenchmark.php\u003c/code\u003e CSV path validation for non-existent files (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1068\"\u003e#1068\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.8.1] - 2026-03-05\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (GHSA-4v6x-c7xx-hw9f)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.8.0] - 2025-11-26\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded a new \u003ccode\u003eHighlightExtension\u003c/code\u003e for marking important text using \u003ccode\u003e==\u003c/code\u003e syntax (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1100\"\u003e#1100\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eAutolinkExtension\u003c/code\u003e incorrectly matching URLs after invalid \u003ccode\u003ewww.\u003c/code\u003e prefix (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1095\"\u003e#1095\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1103\"\u003e#1103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.7.1] - 2025-07-20\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOptimized several regular expressions in \u003ccode\u003eRegexHelper\u003c/code\u003e to improve performance (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/674\"\u003e#674\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1086\"\u003e#1086\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eEmbedProcessor\u003c/code\u003e no longer calls \u003ccode\u003eupdateEmbeds()\u003c/code\u003e when there are no embeds to update (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed missing \u003ccode\u003ebenchmark.php\u003c/code\u003e CSV path validation for non-existent files (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1068\"\u003e#1068\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.7.0] - 2025-05-05\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address a potential cross-site scripting (XSS) vulnerability when using the \u003ccode\u003eAttributesExtension\u003c/code\u003e with untrusted user input.\u003c/p\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eattributes/allow\u003c/code\u003e config option to specify which attributes users are allowed to set on elements (default allows virtually all attributes)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eAttributesExtension\u003c/code\u003e blocks all attributes starting with \u003ccode\u003eon\u003c/code\u003e unless explicitly allowed via the \u003ccode\u003eattributes/allow\u003c/code\u003e config option\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eallow_unsafe_links\u003c/code\u003e option is now respected by the \u003ccode\u003eAttributesExtension\u003c/code\u003e when users specify \u003ccode\u003ehref\u003c/code\u003e and \u003ccode\u003esrc\u003c/code\u003e attributes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.6.2] - 2025-04-18\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Attributes extension parsing regression (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1071\"\u003e#1071\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/84b1ca48347efdbe775426f108622a42735a6579\"\u003e\u003ccode\u003e84b1ca4\u003c/code\u003e\u003c/a\u003e Almost forgot this entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/bcf54f5a38cf8e42cca45248b04caba13317459f\"\u003e\u003ccode\u003ebcf54f5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/7a68ed1c6765bd2650fed6d9857985bdfe655c71\"\u003e\u003ccode\u003e7a68ed1\u003c/code\u003e\u003c/a\u003e Prepare to release 2.8.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/5c0c4c8fe5a31e8260be99e0afad7136a27c79e6\"\u003e\u003ccode\u003e5c0c4c8\u003c/code\u003e\u003c/a\u003e Fix DisallowedRawHtml bypass via newline/tab in tag names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/f6e74434dd1a91f195f80cb0184b746a4187272a\"\u003e\u003ccode\u003ef6e7443\u003c/code\u003e\u003c/a\u003e Add regression test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/0719b6744cc68bc8b037fb30db86b62ec370c557\"\u003e\u003ccode\u003e0719b67\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e from freost/fix-php85-deprecation-error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/63ff2e0b12742f379803b5f21aa6f5b50abcd412\"\u003e\u003ccode\u003e63ff2e0\u003c/code\u003e\u003c/a\u003e Fix PHP 8.5 deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/8608e9c006d9f44acf8d983b126a813bd8def780\"\u003e\u003ccode\u003e8608e9c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1106\"\u003e#1106\u003c/a\u003e from Kocal/patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.6.1...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `psy/psysh` from 0.12.8 to 0.12.23\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bobthecow/psysh/releases\"\u003epsy/psysh's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ePsySH v0.12.23\u003c/h2\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix interactive readline bracket matching inside interpolated strings. Fixes \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/930\"\u003e#930\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid infinite recursion in \u003ccode\u003eShellOutput\u003c/code\u003e write tracking (e.g. \u003ccode\u003eprint_r\u003c/code\u003e on an \u003ccode\u003eException\u003c/code\u003e with \u003ccode\u003ezend.exception_ignore_args = Off\u003c/code\u003e). Fixes \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/934\"\u003e#934\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude \u003ccode\u003e--warm-autoload\u003c/code\u003e in project trust restrictions\u003c/li\u003e\n\u003cli\u003eExclude Symfony Console DI components from the autoload warmer (they're an optional dependency and blow up when not installed)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUnder the hood\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTighter callable types throughout\u003c/li\u003e\n\u003cli\u003eAdded MediaWiki downstream smoke tests, updated to 8.3\u003c/li\u003e\n\u003cli\u003eFixed Drush downstream tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePsySH v0.12.22\u003c/h2\u003e\n\u003ch2\u003eRuntime config and clipboard support\u003c/h2\u003e\n\u003cp\u003ePsySH has a new \u003ccode\u003econfig\u003c/code\u003e command for inspecting and updating runtime-configurable settings during the current session. You can tweak things like \u003ccode\u003epager\u003c/code\u003e, \u003ccode\u003etheme\u003c/code\u003e, \u003ccode\u003everbosity\u003c/code\u003e, \u003ccode\u003euseSuggestions\u003c/code\u003e, \u003ccode\u003euseSyntaxHighlighting\u003c/code\u003e, \u003ccode\u003eclipboardCommand\u003c/code\u003e, and \u003ccode\u003esemicolonsSuppressReturn\u003c/code\u003e without restarting the shell. Fixes \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/361\"\u003e#361\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThere’s also a new \u003ccode\u003ecopy\u003c/code\u003e command for copying the last result (\u003ccode\u003e$_\u003c/code\u003e) or any expression to your clipboard. Works with system clipboard commands, or via OSC 52 for SSH and remote terminals.\u003c/p\u003e\n\u003cp\u003eConfigure with \u003ccode\u003eclipboardCommand\u003c/code\u003e or \u003ccode\u003euseOsc52Clipboard\u003c/code\u003e in your config.\u003c/p\u003e\n\u003ch2\u003eSemicolon-based return suppression\u003c/h2\u003e\n\u003cp\u003eOptionally suppress return values by ending a statement with \u003ccode\u003e;\u003c/code\u003e, similar to MATLAB/Octave behavior. Supports a \u003ccode\u003e'double'\u003c/code\u003e mode requiring \u003ccode\u003e;;\u003c/code\u003e for suppression (if \u003ccode\u003erequireSemicolons\u003c/code\u003e is also enabled, both \u003ccode\u003etrue\u003c/code\u003e and \u003ccode\u003e'double'\u003c/code\u003e require \u003ccode\u003e;;\u003c/code\u003e).\u003c/p\u003e\n\u003cpre lang=\"php\"\u003e\u003ccode\u003e'semicolonsSuppressReturn' =\u0026gt; true,\r\n'semicolonsSuppressReturn' =\u0026gt; 'double', // Always require ;; to suppress\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eOutput and exception display improvements\u003c/h2\u003e\n\u003cp\u003eStrings are now valid PHP!\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePsySH now preserves backslashes and other characters it previously mangled in a few cases. Fixes \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/351\"\u003e#351\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/568\"\u003e#568\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMultiline strings are rendered using heredoc-style output rather than triple-quoted strings \u003ccode\u003e\u0026quot;\u0026quot;\u0026quot;\u003c/code\u003e. The old format is available via \u003ccode\u003euseDeprecatedMultilineStrings\u003c/code\u003e until the next major release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProviding an \u003ccode\u003eexceptionDetails\u003c/code\u003e callback via config renders additional context about exceptions (e.g. validation errors) alongside the error message. Fixes \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/648\"\u003e#648\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eA few other improvements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMore consistent compact (and non-compact) output spacing.\u003c/li\u003e\n\u003cli\u003eResponsive \u003ccode\u003ehelp\u003c/code\u003e layout adapts to terminal width.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBetter completion for everyone\u003c/h2\u003e\n\u003cp\u003eLegacy readline now shares PsySH’s newer completion engine, which brings much better parity between ext-readline/libedit and experimental interactive readline. Command argument completion, better multiline buffering, and a handful of command-dispatch edge cases now work much more consistently outside experimental readline too.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/4dcc0f08047d52bbde475eda481146fd8e27e1a4\"\u003e\u003ccode\u003e4dcc0f0\u003c/code\u003e\u003c/a\u003e Merge branch 'release/v0.12.23'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/e70ea1a49f035d71428c4366c8a148bc1deb372f\"\u003e\u003ccode\u003ee70ea1a\u003c/code\u003e\u003c/a\u003e Bump to v0.12.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/961a5542422b60137ea47be409e69b761735d242\"\u003e\u003ccode\u003e961a554\u003c/code\u003e\u003c/a\u003e Bump composer/class-map-generator from 1.7.2 to 1.7.3 in /build\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/901a8225f6591e939dd322e06e393c06c1badc05\"\u003e\u003ccode\u003e901a822\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 6.0.0 to 6.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/f1dea55169d8b02902437595a51651f5b044c59d\"\u003e\u003ccode\u003ef1dea55\u003c/code\u003e\u003c/a\u003e Bump shivammathur/setup-php from 2.37.0 to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/77c2c06fbd40531d3e0a4080fa6d436411125eef\"\u003e\u003ccode\u003e77c2c06\u003c/code\u003e\u003c/a\u003e Fix drush downstream tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/a6a4cddcbef208c44fffbd27b5893f34a50d15ea\"\u003e\u003ccode\u003ea6a4cdd\u003c/code\u003e\u003c/a\u003e Track ShellOutput writes without listener\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/316df3b9ee2ff9baeb1e3e36968e4c86d9db3133\"\u003e\u003ccode\u003e316df3b\u003c/code\u003e\u003c/a\u003e Bump symfony/polyfill-mbstring from 1.33.0 to 1.37.0 in /build\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/d828ff92e07a743e0a355799cea0722db19b2cd6\"\u003e\u003ccode\u003ed828ff9\u003c/code\u003e\u003c/a\u003e Bump symfony/polyfill-iconv from 1.36.0 to 1.37.0 in /build\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/ced60861f07b42d7670da8f6bd244f003df73ef6\"\u003e\u003ccode\u003eced6086\u003c/code\u003e\u003c/a\u003e Fix interactive readline bracket matching in interpolated strings\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/bobthecow/psysh/compare/v0.12.8...v0.12.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `symfony/http-foundation` from 7.2.5 to 7.4.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/http-foundation/releases\"\u003esymfony/http-foundation's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.4.13\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.7...v7.4.13\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.7...v7.4.13\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity #cve-2026-48736  Block IPv6 transition forms in IpUtils::PRIVATE_SUBNETS (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.7...v7.4.8\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.7...v7.4.8\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.6...v7.4.7\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.6...v7.4.7\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63603\"\u003e#63603\u003c/a\u003e  Fix session cookie_lifetime not applied in mock session storage (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.5...v7.4.6\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.5...v7.4.6\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63448\"\u003e#63448\u003c/a\u003e  Handle empty session data in updateTimestamp() to fix compat with PHP 8.6 (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63319\"\u003e#63319\u003c/a\u003e  BinaryFileResponse: always return 206 if Range is valid (\u003ca href=\"https://github.com/Jimbolino\"\u003e\u003ccode\u003e@​Jimbolino\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63262\"\u003e#63262\u003c/a\u003e  Reject invalid paths (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/54304\"\u003e#54304\u003c/a\u003e  When calling UploadedFile::getErrorMessage() to a file which has no error and is uploaded successfully, it should not return an error (\u003ca href=\"https://github.com/ArmCyber\"\u003e\u003ccode\u003e@​ArmCyber\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63230\"\u003e#63230\u003c/a\u003e  fix engine declaration on mysql pdo table creations (\u003ca href=\"https://github.com/tandev\"\u003e\u003ccode\u003e@​tandev\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.5\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.4...v7.4.5\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.4...v7.4.5\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63137\"\u003e#63137\u003c/a\u003e  Fix PdoSessionHandler charset-collation mismatch with the Doctrine DBAL (\u003ca href=\"https://github.com/samy-mahmoudi\"\u003e\u003ccode\u003e@​samy-mahmoudi\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.3...v7.4.4\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.3...v7.4.4\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63012\"\u003e#63012\u003c/a\u003e  Fix double-prefixing of session keys when using redis/memcached (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.2...v7.4.3\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.2...v7.4.3\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62799\"\u003esymfony/symfony#62799\u003c/a\u003e [Cache][HttpFoundation] Fix VARBINARY columns on sqlsrv (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.0...v7.4.1\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.0...v7.4.1\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62663\"\u003esymfony/symfony#62663\u003c/a\u003e [HttpFoundation] Improve logic in Request::createFromGlobals() (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.0-RC3...v7.4.0\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.0-RC3...v7.4.0\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0-RC1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/http-foundation/blob/8.1/CHANGELOG.md\"\u003esymfony/http-foundation's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCHANGELOG\u003c/h1\u003e\n\u003ch2\u003e8.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eBinaryFileResponse::shouldDeleteFileAfterSend()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDeprecate setting public properties of \u003ccode\u003eRequest\u003c/code\u003e and \u003ccode\u003eResponse\u003c/code\u003e objects directly; use setters or constructor arguments instead\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eSessionHasFlashMessage\u003c/code\u003e test constraint\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse::__construct()\u003c/code\u003e now accepts a \u003ccode\u003eResponseHeaderBag\u003c/code\u003e as its third argument\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eParameterBag::getInt()\u003c/code\u003e and \u003ccode\u003eParameterBag::getBoolean()\u003c/code\u003e now throw \u003ccode\u003eUnexpectedValueException\u003c/code\u003e instead of silently returning \u003ccode\u003e0\u003c/code\u003e/\u003ccode\u003efalse\u003c/code\u003e when the value cannot be converted\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop HTTP method override support for methods GET, HEAD, CONNECT and TRACE\u003c/li\u003e\n\u003cli\u003eAdd argument \u003ccode\u003e$subtypeFallback\u003c/code\u003e to \u003ccode\u003eRequest::getFormat()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRemove the following deprecated session options from \u003ccode\u003eNativeSessionStorage\u003c/code\u003e: \u003ccode\u003ereferer_check\u003c/code\u003e, \u003ccode\u003euse_only_cookies\u003c/code\u003e, \u003ccode\u003euse_trans_sid\u003c/code\u003e, \u003ccode\u003esid_length\u003c/code\u003e, \u003ccode\u003esid_bits_per_character\u003c/code\u003e, \u003ccode\u003etrans_sid_hosts\u003c/code\u003e, \u003ccode\u003etrans_sid_tags\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eTrigger PHP warning when using \u003ccode\u003eRequest::sendHeaders()\u003c/code\u003e after headers have already been sent; use a \u003ccode\u003eStreamedResponse\u003c/code\u003e instead\u003c/li\u003e\n\u003cli\u003eAdd arguments \u003ccode\u003e$v4Bytes\u003c/code\u003e and \u003ccode\u003e$v6Bytes\u003c/code\u003e to \u003ccode\u003eIpUtils::anonymize()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd argument \u003ccode\u003e$partitioned\u003c/code\u003e to \u003ccode\u003eResponseHeaderBag::clearCookie()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd argument \u003ccode\u003e$expiration\u003c/code\u003e to \u003ccode\u003eUriSigner::sign()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003eRequest::get()\u003c/code\u003e, use properties \u003ccode\u003e-\u0026gt;attributes\u003c/code\u003e, \u003ccode\u003equery\u003c/code\u003e or \u003ccode\u003erequest\u003c/code\u003e directly instead\u003c/li\u003e\n\u003cli\u003eRemove accepting null \u003ccode\u003e$format\u003c/code\u003e argument to \u003ccode\u003eRequest::setFormat()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e#[WithHttpStatus]\u003c/code\u003e to define status codes: 404 for \u003ccode\u003eSignedUriException\u003c/code\u003e and 403 for \u003ccode\u003eExpiredSignedUriException\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the \u003ccode\u003eQUERY\u003c/code\u003e HTTP method\u003c/li\u003e\n\u003cli\u003eAdd support for structured MIME suffix\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eRequest::set/getAllowedHttpMethodOverride()\u003c/code\u003e to list which HTTP methods can be overridden\u003c/li\u003e\n\u003cli\u003eDeprecate using \u003ccode\u003eRequest::sendHeaders()\u003c/code\u003e after headers have already been sent; use a \u003ccode\u003eStreamedResponse\u003c/code\u003e instead\u003c/li\u003e\n\u003cli\u003eDeprecate method \u003ccode\u003eRequest::get()\u003c/code\u003e, use properties \u003ccode\u003e-\u0026gt;attributes\u003c/code\u003e, \u003ccode\u003equery\u003c/code\u003e or \u003ccode\u003erequest\u003c/code\u003e directly instead\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eRequest::createFromGlobals()\u003c/code\u003e parse the body of PUT, DELETE, PATCH and QUERY requests\u003c/li\u003e\n\u003cli\u003eDeprecate HTTP method override for methods GET, HEAD, CONNECT and TRACE; it will be ignored in Symfony 8.0\u003c/li\u003e\n\u003cli\u003eDeprecate accepting null \u003ccode\u003e$format\u003c/code\u003e argument to \u003ccode\u003eRequest::setFormat()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for iterable of string in \u003ccode\u003eStreamedResponse\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eEventStreamResponse\u003c/code\u003e and \u003ccode\u003eServerEvent\u003c/code\u003e classes to streamline server event streaming\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003evalkey:\u003c/code\u003e / \u003ccode\u003evalkeys:\u003c/code\u003e schemes for sessions\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest::getPreferredLanguage()\u003c/code\u003e now favors a more preferred language above exactly matching a locale\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eUriSigner\u003c/code\u003e to use a \u003ccode\u003eClockInterface\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUriSigner::verify()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/bc354f47c62301e990b7874fa662326368508e2c\"\u003e\u003ccode\u003ebc354f4\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/48d76c29a67a301e0f7779a512bf76417395ffef\"\u003e\u003ccode\u003e48d76c2\u003c/code\u003e\u003c/a\u003e security #cve-2026-48736 [HttpFoundation] Block IPv6 transition forms in IpUt...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/fda5ebe3a23cd930790cb70aeac9c58d5a262b09\"\u003e\u003ccode\u003efda5ebe\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/5979ae84168d6f551009278ee576676dfb87f90a\"\u003e\u003ccode\u003e5979ae8\u003c/code\u003e\u003c/a\u003e Ignore Doctrine DBAL deprecations that can't be worked around\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/10d5daa7a22d64037a4bd5195d387ecc0d2c5b3c\"\u003e\u003ccode\u003e10d5daa\u003c/code\u003e\u003c/a\u003e [HttpFoundation] Fix tests for PHP 8.6: session.cookie_samesite=Lax\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/3ebc78a9507545259ec5c71afdc49d4c452e3eda\"\u003e\u003ccode\u003e3ebc78a\u003c/code\u003e\u003c/a\u003e [HttpFoundation] Block IPv6 transition forms in IpUtils::PRIVATE_SUBNETS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/051a9622b64ac1f639665c593afbff1128cddb16\"\u003e\u003ccode\u003e051a962\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/5402ad19bef111ffdd076d33d87bd400c0c38243\"\u003e\u003ccode\u003e5402ad1\u003c/code\u003e\u003c/a\u003e Remove wrong documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/c38f205c479a5f74d34034f29e59240e1ec4b795\"\u003e\u003ccode\u003ec38f205\u003c/code\u003e\u003c/a\u003e [7.4] Remove usages of named arguments in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/a762b60b37023abc3fb0d870adbdaa523606a7af\"\u003e\u003ccode\u003ea762b60\u003c/code\u003e\u003c/a\u003e Update XSD references in phpunit.xml.dist files\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.2.5...v7.4.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `symfony/mailer` from 7.2.3 to 7.4.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/mailer/releases\"\u003esymfony/mailer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.4.12\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v7.4.3...v7.4.12\"\u003ehttps://github.com/symfony/mailer/compare/v7.4.3...v7.4.12\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity #cve-2026-45068  Add end-of-options separator before recipients in SendmailTransport; reject addresses starting with a dash (\u003ca href=\"https://github.com/alexandre-daubois\"\u003e\u003ccode\u003e@​alexandre-daubois\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v7.4.7...v7.4.8\"\u003ehttps://github.com/symfony/mailer/compare/v7.4.7...v7.4.8\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v7.4.5...v7.4.6\"\u003ehttps://github.com/symfony/mailer/compare/v7.4.5...v7.4.6\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/mailer/issues/63468\"\u003e#63468\u003c/a\u003e  Fix webhook rejection by switching to form-encoded request parsing (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/mailer/issues/63435\"\u003e#63435\u003c/a\u003e  Fix handling postal transport apikey (\u003ca href=\"https://github.com/MarcHagen\"\u003e\u003ccode\u003e@​MarcHagen\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/mailer/issues/63354\"\u003e#63354\u003c/a\u003e  Fix invalid encoding of custom headers in SES API (\u003ca href=\"https://github.com/lacatoire\"\u003e\u003ccode\u003e@​lacatoire\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/mailer/issues/63264\"\u003e#63264\u003c/a\u003e  Also bypass Sender header within MicrosoftGraphApiTransport (\u003ca href=\"https://github.com/deeky666\"\u003e\u003ccode\u003e@​deeky666\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/mailer/issues/63278\"\u003e#63278\u003c/a\u003e  Fix Mailjet SMTP relay X-MJ-TemplateErrorReporting header format to MailjetApiTransport (\u003ca href=\"https://github.com/mwijngaard\"\u003e\u003ccode\u003e@​mwijngaard\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v7.4.3...v7.4.4\"\u003ehttps://github.com/symfony/mailer/compare/v7.4.3...v7.4.4\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/mailer/issues/62984\"\u003e#62984\u003c/a\u003e  Also bypass \u003ccode\u003eReturn-Path\u003c/code\u003e header within \u003ccode\u003eMicrosoftGraphApiTransport\u003c/code\u003e (\u003ca href=\"https://github.com/zoglo\"\u003e\u003ccode\u003e@​zoglo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v7.4.2...v7.4.3\"\u003ehttps://github.com/symfony/mailer/compare/v7.4.2...v7.4.3\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62756\"\u003esymfony/symfony#62756\u003c/a\u003e [Mailer] do not use PHPUnit mock objects without configured expectations (\u003ca href=\"https://github.com/xabbuh\"\u003e\u003ccode\u003e@​xabbuh\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v7.4.0-RC3...v7.4.0\"\u003ehttps://github.com/symfony/mailer/compare/v7.4.0-RC3...v7.4.0\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efeature \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62469\"\u003esymfony/symfony#62469\u003c/a\u003e [Security] Keep SymfonyCasts as backers of the Security components v7.4 🤗 (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0-RC1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v7.4.0-BETA2...v7.4.0-RC1\"\u003ehttps://github.com/symfony/mailer/compare/v7.4.0-BETA2...v7.4.0-RC1\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62333\"\u003esymfony/symfony#62333\u003c/a\u003e  Postal mailer transport message ID retrieval (\u003ca href=\"https://github.com/lalcebo\"\u003e\u003ccode\u003e@​lalcebo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0-BETA1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v7.3.4...v7.4.0-BETA1\"\u003ehttps://github.com/symfony/mailer/compare/v7.3.4...v7.4.0-BETA1\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efeature \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61775\"\u003esymfony/symfony#61775\u003c/a\u003e [Mailer][Mandrill] Add \u003ccode\u003esubaccount\u003c/code\u003e to the payload (\u003ca href=\"https://github.com/andrehoong-pixieset\"\u003e\u003ccode\u003e@​andrehoong-pixieset\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeature \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61758\"\u003esymfony/symfony#61758\u003c/a\u003e [Mailer][Sendgrid] Add support for \u003ccode\u003eglobal\u003c/code\u003e region (\u003ca href=\"https://github.com/sonnymilton\"\u003e\u003ccode\u003e@​sonnymilton\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeature \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61555\"\u003esymfony/symfony#61555\u003c/a\u003e [Mailer][Sweego] Add support for new webhook events (\u003ca href=\"https://github.com/welcoMattic\"\u003e\u003ccode\u003e@​welcoMattic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeature \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61455\"\u003esymfony/symfony#61455\u003c/a\u003e [Mailer][Sendgrid] Add suppression groups support (\u003ca href=\"https://github.com/KiloSierraCharlie\"\u003e\u003ccode\u003e@​KiloSierraCharlie\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeature \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61315\"\u003esymfony/symfony#61315\u003c/a\u003e [Mailer] Add compatibility for Mailtrap's sandbox (\u003ca href=\"https://github.com/KiloSierraCharlie\"\u003e\u003ccode\u003e@​KiloSierraCharlie\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeature \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61290\"\u003esymfony/symfony#61290\u003c/a\u003e [Mailer] Add MicrosoftGraph API Transport (\u003ca href=\"https://github.com/bobvandevijver\"\u003e\u003ccode\u003e@​bobvandevijver\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeature \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/60110\"\u003esymfony/symfony#60110\u003c/a\u003e [Mailer] [Transport] Allow exception logging for \u003ccode\u003eRoundRobinTransport\u003c/code\u003e mailer (\u003ca href=\"https://github.com/jnoordsij\"\u003e\u003ccode\u003e@​jnoordsij\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/mailer/blob/8.1/CHANGELOG.md\"\u003esymfony/mailer's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCHANGELOG\u003c/h1\u003e\n\u003ch2\u003e8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove \u003ccode\u003eTransportFactoryTestCase\u003c/code\u003e, extend \u003ccode\u003eAbstractTransportFactoryTestCase\u003c/code\u003e instead\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003elogger\u003c/code\u003e (constructor) property to \u003ccode\u003eRoundRobinTransport\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd DSN param \u003ccode\u003eretry_period\u003c/code\u003e to override default email transport retry period\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eDsn::getBooleanOption()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd DSN param \u003ccode\u003esource_ip\u003c/code\u003e to allow binding to a (specific) IPv4 or IPv6 address.\u003c/li\u003e\n\u003cli\u003eAdd DSN param \u003ccode\u003erequire_tls\u003c/code\u003e to enforce use of TLS/STARTTLS\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eDkimSignedMessageListener\u003c/code\u003e, \u003ccode\u003eSmimeEncryptedMessageListener\u003c/code\u003e, and \u003ccode\u003eSmimeSignedMessageListener\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate \u003ccode\u003eTransportFactoryTestCase\u003c/code\u003e, extend \u003ccode\u003eAbstractTransportFactoryTestCase\u003c/code\u003e instead\u003c/p\u003e\n\u003cp\u003eThe \u003ccode\u003etestIncompleteDsnException()\u003c/code\u003e test is no longer provided by default. If you make use of it by implementing the \u003ccode\u003eincompleteDsnProvider()\u003c/code\u003e data providers,\nyou now need to use the \u003ccode\u003eIncompleteDsnTestTrait\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMake \u003ccode\u003eTransportFactoryTestCase\u003c/code\u003e compatible with PHPUnit 10+\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport unicode email addresses such as \u0026quot;dømi@dømi.example\u0026quot;\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDispatch Postmark's \u0026quot;406 - Inactive recipient\u0026quot; API error code as a \u003ccode\u003ePostmarkDeliveryEvent\u003c/code\u003e instead of throwing an exception\u003c/li\u003e\n\u003cli\u003eAdd DSN param \u003ccode\u003eauto_tls\u003c/code\u003e to disable automatic STARTTLS\u003c/li\u003e\n\u003cli\u003eAdd support for allowing some users even if \u003ccode\u003erecipients\u003c/code\u003e is defined in \u003ccode\u003eEnvelopeListener\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove the OhMySmtp bridge in favor of the MailPace bridge\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd DSN parameter \u003ccode\u003epeer_fingerprint\u003c/code\u003e to verify TLS certificate fingerprint\u003c/li\u003e\n\u003cli\u003eChange the default port for the \u003ccode\u003emailjet+smtp\u003c/code\u003e transport from 465 to 587\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/5cefb712a25f320579615ba9e1942abaeade7dff\"\u003e\u003ccode\u003e5cefb71\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/94fd44f3052e02340b0dd4447a7d7a5856e32da2\"\u003e\u003ccode\u003e94fd44f\u003c/code\u003e\u003c/a\u003e Merge branch '5.4' into 6.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/5b5385bc21c3549a80abc1353ccf8eb0b6861c61\"\u003e\u003ccode\u003e5b5385b\u003c/code\u003e\u003c/a\u003e [Mailer] Add end-of-options separator before recipients in SendmailTransport;...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/0a4f0730345a76eb1ba1b081a82dcdb952d2362e\"\u003e\u003ccode\u003e0a4f073\u003c/code\u003e\u003c/a\u003e [7.4] Remove usages of named arguments in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/e8faa3338410d1ed1892a24b7ed91b5a75c83143\"\u003e\u003ccode\u003ee8faa33\u003c/code\u003e\u003c/a\u003e Update XSD references in phpunit.xml.dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/2c39419b2aa2f463ef5801d6e66fa06dcca0fefe\"\u003e\u003ccode\u003e2c39419\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/602519c3466621897c556125dbf644ec8dde2b38\"\u003e\u003ccode\u003e602519c\u003c/code\u003e\u003c/a\u003e PHP CS Fixer: backports changes toward 6.4 branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/9902e35b1b77db550b289eb6ec7d945149b0dbde\"\u003e\u003ccode\u003e9902e35\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/a2918c6f34e601472ee891b517ab223e216ca5a3\"\u003e\u003ccode\u003ea2918c6\u003c/code\u003e\u003c/a\u003e CS fixes - native_function_invocation \u0026amp; static_lambda\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/d56a83b4ba1de6375d0745de9299daf078426fd1\"\u003e\u003ccode\u003ed56a83b\u003c/code\u003e\u003c/a\u003e [CS] Back config from 8.1 and apply heredoc_indentation rule\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/symfony/mailer/compare/v7.2.3...v7.4.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `symfony/routing` from 7.2.3 to 7.4.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/routing/releases\"\u003esymfony/routing's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.4.13\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v7.4.12...v7.4.13\"\u003ehttps://github.com/symfony/routing/compare/v7.4.12...v7.4.13\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity #cve-2026-48784  Fix dot-segment encoding for chained \u0026quot;../\u0026quot; and \u0026quot;./\u0026quot; in generated URLs (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/routing/issues/64343\"\u003e#64343\u003c/a\u003e  Harden __unserialize against __toString trampolines (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.12\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v7.4.9...v7.4.12\"\u003ehttps://github.com/symfony/routing/compare/v7.4.9...v7.4.12\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity #cve-2026-45065  Fix regex alternation anchoring in \u003ccode\u003eUrlGenerator\u003c/code\u003e requirement validation (\u003ca href=\"https://github.com/alexandre-daubois\"\u003e\u003ccode\u003e@​alexandre-daubois\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.9\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v7.4.6...v7.4.9\"\u003ehttps://github.com/symfony/routing/compare/v7.4.6...v7.4.9\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/routing/issues/63981\"\u003e#63981\u003c/a\u003e  Honor the Request's method in UrlMatcher::matchRequest() (\u003ca href=\"https://github.com/ousamabenyounes\"\u003e\u003ccode\u003e@​ousamabenyounes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v7.4.7...v7.4.8\"\u003ehttps://github.com/symfony/routing/compare/v7.4.7...v7.4.8\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v7.4.5...v7.4.6\"\u003ehttps://github.com/symfony/routing/compare/v7.4.5...v7.4.6\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/routing/issues/54236\"\u003e#54236\u003c/a\u003e  Fix exclude option being ignored for non-glob and PSR-4 resources (\u003ca href=\"https://github.com/NeilPeyssard\"\u003e\u003ccode\u003e@​NeilPeyssard\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/routing/issues/60662\"\u003e#60662\u003c/a\u003e  assign attribute aliases to localized route if applicable (\u003ca href=\"https://github.com/alcohol\"\u003e\u003ccode\u003e@​alcohol\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v7.4.3...v7.4.4\"\u003ehttps://github.com/symfony/routing/compare/v7.4.3...v7.4.4\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v7.4.2...v7.4.3\"\u003ehttps://github.com/symfony/routing/compare/v7.4.2...v7.4.3\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62791\"\u003esymfony/symfony#62791\u003c/a\u003e [Routing] Fix simple parameter mappings in routes (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62747\"\u003esymfony/symfony#62747\u003c/a\u003e [Routing] Do not renumber query parameters with numeric key (\u003ca href=\"https://github.com/tillhoerner\"\u003e\u003ccode\u003e@​tillhoerner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v7.4.0-RC3...v7.4.0\"\u003ehttps://github.com/symfony/routing/compare/v7.4.0-RC3...v7.4.0\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efeature \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62469\"\u003esymfony/symfony#62469\u003c/a\u003e [Security] Keep SymfonyCasts as backers of the Security components v7.4 🤗 (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0-RC3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v7.4.0-RC2...v7.4.0-RC3\"\u003ehttps://github.com/symfony/routing/compare/v7.4.0-RC2...v7.4.0-RC3\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62459\"\u003esymfony/symfony#62459\u003c/a\u003e [Routing] Fix case sensitivity for static host matching in compiled routes (\u003ca href=\"https://github.com/yoeunes\"\u003e\u003ccode\u003e@​yoeunes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62461\"\u003esymfony/symfony#62461\u003c/a\u003e [Routing] Fix localized prefix updates breaking aliases (\u003ca href=\"https://github.com/yoeunes\"\u003e\u003ccode\u003e@​yoeunes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62460\"\u003esymfony/symfony#62460\u003c/a\u003e [Routing] Fix addNamePrefix breaking aliases to external routes (\u003ca href=\"https://github.com/yoeunes\"\u003e\u003ccode\u003e@​yoeunes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/routing/blob/8.1/CHANGELOG.md\"\u003esymfony/routing's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCHANGELOG\u003c/h1\u003e\n\u003ch2\u003e8.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a \u003ccode\u003e$trailingSlashOnRoot\u003c/code\u003e argument to \u003ccode\u003eCollectionConfigurator::prefix()\u003c/code\u003e to allow disabling the trailing slash on root routes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove support for accessing the internal scope of the loader in PHP config files, use only its public API instead\u003c/li\u003e\n\u003cli\u003eProviding a non-array \u003ccode\u003e_query\u003c/code\u003e parameter to \u003ccode\u003eUrlGenerator\u003c/code\u003e causes an \u003ccode\u003eInvalidParameterException\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRemove the protected \u003ccode\u003eAttributeClassLoader::$routeAnnotationClass\u003c/code\u003e property and the \u003ccode\u003esetRouteAnnotationClass()\u003c/code\u003e method, use \u003ccode\u003eAttributeClassLoader::setRouteAttributeClass()\u003c/code\u003e instead\u003c/li\u003e\n\u003cli\u003eRemove class aliases in the \u003ccode\u003eAnnotation\u003c/code\u003e namespace, use attributes instead\u003c/li\u003e\n\u003cli\u003eRemove getters and setters in attribute classes in favor of public properties\u003c/li\u003e\n\u003cli\u003eRemove support for the XML configuration format\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eAttributeServicesLoader\u003c/code\u003e and \u003ccode\u003eRoutingControllerPass\u003c/code\u003e to auto-register routes from attributes on services\u003c/li\u003e\n\u003cli\u003eAllow query-specific parameters in \u003ccode\u003eUrlGenerator\u003c/code\u003e using \u003ccode\u003e_query\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support of multiple env names in the  \u003ccode\u003eSymfony\\Component\\Routing\\Attribute\\Route\u003c/code\u003e attribute\u003c/li\u003e\n\u003cli\u003eAdd argument \u003ccode\u003e$parameters\u003c/code\u003e to \u003ccode\u003eRequestContext\u003c/code\u003e's constructor\u003c/li\u003e\n\u003cli\u003eHandle declaring routes using PHP arrays that follow the same shape as corresponding yaml files\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eRoutesReference\u003c/code\u003e to help writing PHP configs using yaml-like array-shapes\u003c/li\u003e\n\u003cli\u003eDeprecate class aliases in the \u003ccode\u003eAnnotation\u003c/code\u003e namespace, use attributes instead\u003c/li\u003e\n\u003cli\u003eDeprecate getters and setters in attribute classes in favor of public properties\u003c/li\u003e\n\u003cli\u003eDeprecate accessing the internal scope of the loader in PHP config files, use only its public API instead\u003c/li\u003e\n\u003cli\u003eDeprecate XML configuration format, use YAML, PHP or attributes instead\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow aliases and deprecations in \u003ccode\u003e#[Route]\u003c/code\u003e attribute\u003c/li\u003e\n\u003cli\u003eAdd the \u003ccode\u003eRequirement::MONGODB_ID\u003c/code\u003e constant to validate MongoDB ObjectIDs in hexadecimal format\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd the \u003ccode\u003eRequirement::UID_RFC9562\u003c/code\u003e constant to validate UUIDs in the RFC 9562 format\u003c/li\u003e\n\u003cli\u003eDeprecate the \u003ccode\u003eAttributeClassLoader::$routeAnnotationClass\u003c/code\u003e property\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e{foo:bar}\u003c/code\u003e syntax to define a mapping between a route parameter and its corresponding request attribute\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e7.0\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/3a162171bb008e5e0f15dce6581373a4c0e8390d\"\u003e\u003ccode\u003e3a16217\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/af04c79671fd8df0805a44c83fa2b0ba56c8329e\"\u003e\u003ccode\u003eaf04c79\u003c/code\u003e\u003c/a\u003e Merge branch '5.4' into 6.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/e6f3f03a59fa732bc41ca9e75b65554802afa0f4\"\u003e\u003ccode\u003ee6f3f03\u003c/code\u003e\u003c/a\u003e Fix tests and merge resolution after merging 6.4 into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/5156fe8035e9c0a9de486d685a04e54c58c2f419\"\u003e\u003ccode\u003e5156fe8\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/be4ce34035aa79b8bc3ba1a7d1694435a216f68b\"\u003e\u003ccode\u003ebe4ce34\u003c/code\u003e\u003c/a\u003e [Routing][RateLimiter][Mime][Security] Harden __unserialize against __toStrin...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/f4ca0c533854c26e3b27e981da760807f89e1a42\"\u003e\u003ccode\u003ef4ca0c5\u003c/code\u003e\u003c/a\u003e [Routing] Fix dot-segment encoding for chained \u0026quot;../\u0026quot; and \u0026quot;./\u0026quot; in generated URLs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/3b04a5ec4887a8135a12ebf0f4cbc5b8fc8ee204\"\u003e\u003ccode\u003e3b04a5e\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/0cd0d2fb05382c95dff6b33c51a7c96cbdbc136d\"\u003e\u003ccode\u003e0cd0d2f\u003c/code\u003e\u003c/a\u003e Merge branch '5.4' into 6.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/287771d8bc86eacb30678dd10eda6c64a859951f\"\u003e\u003ccode\u003e287771d\u003c/code\u003e\u003c/a\u003e [7.4] Remove usages of named arguments in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/453501c5a24f08739f3da39d693ab1006947c119\"\u003e\u003ccode\u003e453501c\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/symfony/routing/compare/v7.2.3...v7.4.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `symfony/yaml` from 7.2.5 to 7.4.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/yaml/releases\"\u003esymfony/yaml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.4.13\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/yaml/compare/v7.4.12...v7.4.13\"\u003ehttps://github.com/symfony/yaml/compare/v7.4.12...v7.4.13\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/yaml/issues/64316\"\u003e#64316\u003c/a\u003e  Allow trailing newlines after the end-of-document marker (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.12\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/yaml/compare/v7.4.11...v7.4.12\"\u003ehttps://github.com/symfony/yaml/compare/v7.4.11...v7.4.12\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity #cve-2026-45305  Harden the Parser::cleanup() regexes against catastrophic backtracking (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esecurity #cve-2026-45304  Bound collection-alias resolution in the parser (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esecurity #cve-2026-45133  Bound recursion depth in the parser (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/yaml/compare/v7.4.10...v7.4.11\"\u003ehttps://github.com/symfony/yaml/compare/v7.4.10...v7.4.11\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/yaml/issues/64196\"\u003e#64196\u003c/a\u003e  Reject non-stringables when using \u0026quot;!!binary\u0026quot; (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/yaml/compare/v7.4.6...v7.4.10\"\u003ehttps://github.com/symfony/yaml/compare/v7.4.6...v7.4.10\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/yaml/issues/64119\"\u003e#64119\u003c/a\u003e  fix flow collection drops \u003ccode\u003e\u0026amp;anchor\u003c/code\u003e and \u003ccode\u003e!!str \u0026amp;anchor\u003c/code\u003e items (\u003ca href=\"https://github.com/ousamabenyounes\"\u003e\u003ccode\u003e@​ousamabenyounes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/yaml/compare/v7.4.7...v7.4.8\"\u003ehttps://github.com/symfony/yaml/compare/v7.4.7...v7.4.8\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/yaml/compare/v7.4.5...v7.4.6\"\u003ehttps://github.com/symfony/yaml/compare/v7.4.5...v7.4.6\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/yaml/issues/57292\"\u003e#57292\u003c/a\u003e  Fix parsing nested mappings in sequences (\u003ca href=\"https://github.com/HypeMC\"\u003e\u003ccode\u003e@​HypeMC\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/yaml/compare/v7.4.0...v7.4.1\"\u003ehttps://github.com/symfony/yaml/compare/v7.4.0...v7.4.1\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62612\"\u003esymfony/symfony#62612\u003c/a\u003e [Yaml] Fix regression handling blank lines in unquoted scalars (\u003ca href=\"https://github.com/yoeunes\"\u003e\u003ccode\u003e@​yoeunes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/yaml/compare/v7.4.0-RC3...v7.4.0\"\u003ehttps://github.com/symfony/yaml/compare/v7.4.0-RC3...v7.4.0\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0-RC2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/yaml/compare/v7.4.0-RC1...v7.4.0-RC2\"\u003ehttps://github.com/symfony/yaml/compare/v7.4.0-RC1...v7.4.0-RC2\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62409\"\u003esymfony/symfony#62409\u003c/a\u003e [Yaml] Align unquoted multiline scalar parsing with spec for comments (\u003ca href=\"https://github.com/yoeunes\"\u003e\u003ccode\u003e@​yoeunes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0-RC1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/yaml/compare/v7.4.0-BETA2...v7.4.0-RC1\"\u003ehttps://github.com/symfony/yaml/compare/v7.4.0-BETA2...v7.4.0-RC1\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/yaml/blob/8.1/CHANGELOG.md\"\u003esymfony/yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCHANGELOG\u003c/h1\u003e\n\u003ch2\u003e8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove support for parsing duplicate mapping keys whose value is \u003ccode\u003enull\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd compact nested mapping support by using the \u003ccode\u003eYaml::DUMP_COMPACT_NESTED_MAPPING\u003c/code\u003e flag\u003c/li\u003e\n\u003cli\u003eAdd the \u003ccode\u003eYaml::DUMP_FORCE_DOUBLE_QUOTES_ON_VALUES\u003c/code\u003e flag to enforce double quotes around string values\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate parsing duplicate mapping keys whose value is \u003ccode\u003enull\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for dumping \u003ccode\u003enull\u003c/code\u003e as an empty value by using the \u003ccode\u003eYaml::DUMP_NULL_AS_EMPTY\u003c/code\u003e flag\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for getting all the enum cases with \u003ccode\u003e!php/enum Foo\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove the \u003ccode\u003e!php/const:\u003c/code\u003e tag, use \u003ccode\u003e!php/const\u003c/code\u003e instead (without the colon)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support to dump int keys as strings by using the \u003ccode\u003eYaml::DUMP_NUMERIC_KEY_AS_STRING\u003c/code\u003e flag\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for \u003ccode\u003e!php/enum\u003c/code\u003e and \u003ccode\u003e!php/enum *-\u0026gt;value\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDeprecate the \u003ccode\u003e!php/const:\u003c/code\u003e tag in key which will be replaced by the \u003ccode\u003e!php/const\u003c/code\u003e tag (without the colon) since 3.4\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIn cases where it will likely improve readability, strings containing single quotes will be double-quoted\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a \u003ccode\u003e$maxNestingLevel\u003c/code\u003e argument to \u003ccode\u003eParser::__construct()\u003c/code\u003e, \u003ccode\u003eYaml::parse()\u003c/code\u003e and \u003ccode\u003eYaml::parseFile()\u003c/code\u003e to bound recursion depth (default 128)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/yaml/commit/a7ec3b1156faf8815db7683ec7c1e7338e6f977c\"\u003e\u003ccode\u003ea7ec3b1\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/yaml/commit/e8fdf3408c85806198d5826e604ffc6830d33152\"\u003e\u003ccode\u003ee8fdf34\u003c/code\u003e\u003c/a\u003e CS fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/yaml/commit/4b5658cbd0d9addde73c09299d179e2724b011b1\"\u003e\u003ccode\u003e4b5658c\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/yaml/commit/69b7344651917c541eb1ad85de52ef3649909f3c\"\u003e\u003ccode\u003e69b7344\u003c/code\u003e\u003c/a\u003e Merge branch '5.4' into 6.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/yaml/commit/ae0bbb46f77ff56591d0a0259c7f458f4b3e1f77\"\u003e\u003ccode\u003eae0bbb4\u003c/code\u003e\u003c/a\u003e [Yaml] Allow trailing newlines after the end-of-document marker\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/yaml/commit/8b6952b56ca6417f25f7a65758cadd0ce02edc51\"\u003e\u003ccode\u003e8b6952b\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/yaml/commit/68dcd1f1602dac9d9221e25729683e0ce8733f3b\"\u003e\u003ccode\u003e68dcd1f\u003c/code\u003e\u003c/a\u003e Merge branch '5.4' into 6.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/yaml/commit/b0b27055f055f0d314c5c68ed0c10f0bbd90aee0\"\u003e\u003ccode\u003eb0b2705\u003c/code\u003e\u003c/a\u003e [Yaml] Harden the Parser::cleanup() regexes against catastrophic backtracking\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/yaml/commit/5a351ff7a15e631cd7abaa44f2a5e5fc3f0c43f6\"\u003e\u003ccode\u003e5a351ff\u003c/code\u003e\u003c/a\u003e [Yaml] Bound collection-alias resolution in the parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/yaml/commit/e2eb64a57763815ccae07ac1c7653d6cc1c326fd\"\u003e\u003ccode\u003ee2eb64a\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/symfony/yaml/compare/v7.2.5...v7.4.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/drago1520/coolify-examples/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/drago1520/coolify-examples/pull/40","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/drago1520%2Fcoolify-examples/issues/40","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/40/packages"},{"uuid":"4346744692","node_id":"PR_kwDORNs4gM7WhFvD","number":27,"state":"open","title":"Bump the composer group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-28T22:53:44.000Z","updated_at":"2026-04-28T22:53:55.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"composer","update_count":6,"packages":[{"name":"phpoffice/phpspreadsheet","old_version":"5.0.0","new_version":"5.7.0","repository_url":"https://github.com/PHPOffice/PhpSpreadsheet"},{"name":"google/protobuf","old_version":"4.31.1","new_version":"4.33.6","repository_url":"https://github.com/protocolbuffers/protobuf-php"},{"name":"league/commonmark","old_version":"2.7.0","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"},{"name":"psy/psysh","old_version":"0.12.8","new_version":"0.12.22","repository_url":"https://github.com/bobthecow/psysh"},{"name":"symfony/http-foundation","old_version":"7.3.0","new_version":"7.4.8","repository_url":"https://github.com/symfony/http-foundation"},{"name":"symfony/process","old_version":"7.3.0","new_version":"7.4.8","repository_url":"https://github.com/symfony/process"}],"path":null,"ecosystem":"packagist"},"body":"Bumps the composer group with 6 updates in the /Wber directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [phpoffice/phpspreadsheet](https://github.com/PHPOffice/PhpSpreadsheet) | `5.0.0` | `5.7.0` |\n| [google/protobuf](https://github.com/protocolbuffers/protobuf-php) | `4.31.1` | `4.33.6` |\n| [league/commonmark](https://github.com/thephpleague/commonmark) | `2.7.0` | `2.8.2` |\n| [psy/psysh](https://github.com/bobthecow/psysh) | `0.12.8` | `0.12.22` |\n| [symfony/http-foundation](https://github.com/symfony/http-foundation) | `7.3.0` | `7.4.8` |\n| [symfony/process](https://github.com/symfony/process) | `7.3.0` | `7.4.8` |\n\n\nUpdates `phpoffice/phpspreadsheet` from 5.0.0 to 5.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/PHPOffice/PhpSpreadsheet/releases\"\u003ephpoffice/phpspreadsheet's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.7.0\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity patches.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMake Reader/Csv Extendable, add new preferred Reader/CsvNoEscape class. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4836\"\u003e#4836\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4836\"\u003ePHPOffice/PhpSpreadsheet#4836\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4837\"\u003e#4837\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4837\"\u003ePHPOffice/PhpSpreadsheet#4837\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4845\"\u003e#4845\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4845\"\u003ePHPOffice/PhpSpreadsheet#4845\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eXLOOKUP function. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/1453\"\u003e#1453\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/1453\"\u003ePHPOffice/PhpSpreadsheet#1453\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4844\"\u003e#4844\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4844\"\u003ePHPOffice/PhpSpreadsheet#4844\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIntroduction of a benchmark test suite, independent of the default unit test suite. Users can use it as a template for experimenting and making decisions concerning performance. [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4824\"\u003e#4824\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4824\"\u003ePHPOffice/PhpSpreadsheet#4824\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCollection/Cells::MAX_COLUMN_ID - use Cell/AddressRange::MAX_COLUMN_INT.\u003c/li\u003e\n\u003cli\u003eWriter/Xls/Worksheet constants MAX_XLS_COLUMN, MAX_XLS_COLUMN_STRING, MAX_XLS_ROW - use Cell/AddressRange MAX_COLUMN_INT_XLS, MAX_COLUMN_XLS, MAX_ROW_XLS\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsistent handling of row and column limits. [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4820\"\u003e#4820\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4820\"\u003ePHPOffice/PhpSpreadsheet#4820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProblems with Html Conditional Formatting Colorscale. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4838\"\u003e#4838\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4838\"\u003ePHPOffice/PhpSpreadsheet#4838\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4839\"\u003e#4839\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4839\"\u003ePHPOffice/PhpSpreadsheet#4839\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed an issue where Date detection could misclassify invalid numeric values as dates. [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4841\"\u003e#4841\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4841\"\u003ePHPOffice/PhpSpreadsheet#4841\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOds Reader/Writer Integer Styles with Leading Zeros. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/1606\"\u003e#1606\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/1606\"\u003ePHPOffice/PhpSpreadsheet#1606\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4822\"\u003e#4822\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4822\"\u003ePHPOffice/PhpSpreadsheet#4822\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eXlsx Writer Data URI for Images. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4823\"\u003e#4823\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4823\"\u003ePHPOffice/PhpSpreadsheet#4823\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4831\"\u003e#4831\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4831\"\u003ePHPOffice/PhpSpreadsheet#4831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eConfusion Checking for Union Arguments. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4832\"\u003e#4832\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4832\"\u003ePHPOffice/PhpSpreadsheet#4832\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4835\"\u003e#4835\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4835\"\u003ePHPOffice/PhpSpreadsheet#4835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReader Xlsx Hyperlink with Anchor. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4842\"\u003e#4842\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4842\"\u003ePHPOffice/PhpSpreadsheet#4842\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4843\"\u003e#4843\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4843\"\u003ePHPOffice/PhpSpreadsheet#4843\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.5.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMuch improved handling of Styles by Ods Reader. The relevant changes are listed at the end of the \u0026quot;Fixed\u0026quot; section below.\u003c/li\u003e\n\u003cli\u003eOption to use OldCalculatedValue in ToArray and Relatives. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/1810\"\u003e#1810\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/1810\"\u003ePHPOffice/PhpSpreadsheet#1810\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4787\"\u003e#4787\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4787\"\u003ePHPOffice/PhpSpreadsheet#4787\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd checkbox style (Xlsx and Html). [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4781\"\u003e#4781\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4781\"\u003ePHPOffice/PhpSpreadsheet#4781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOption to whitelist external images. [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4793\"\u003e#4793\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4793\"\u003ePHPOffice/PhpSpreadsheet#4793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWriter/Html add ability to set line ending. [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4779\"\u003e#4779\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4779\"\u003ePHPOffice/PhpSpreadsheet#4779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWriter/Html optionally save formulas as data attributes. [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4783\"\u003e#4783\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4783\"\u003ePHPOffice/PhpSpreadsheet#4783\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUser-supplied headers and footers in PDF. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/3159\"\u003e#3159\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/3159\"\u003ePHPOffice/PhpSpreadsheet#3159\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4789\"\u003e#4789\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4789\"\u003ePHPOffice/PhpSpreadsheet#4789\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eWriter/Html constant BODY_LINE no longer makes sense with a configurable line ending. No replacement.\u003c/li\u003e\n\u003cli\u003eCalculation classes FormulaParser and FormulaToken are unused. No replacement.\u003c/li\u003e\n\u003cli\u003eWriter/Xls/Worksheet methods insertBitMap, positionImage, writeObjPicture, processBitmapGd, and processBitmap are unused. No replacement.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove performance in value binders. [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4780\"\u003e#4780\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4780\"\u003ePHPOffice/PhpSpreadsheet#4780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHandle Unions as Function Arguments. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4656\"\u003e#4656\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4656\"\u003ePHPOffice/PhpSpreadsheet#4656\u003c/a\u003e) [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/316\"\u003e#316\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/316\"\u003ePHPOffice/PhpSpreadsheet#316\u003c/a\u003e) [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/503\"\u003e#503\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/503\"\u003ePHPOffice/PhpSpreadsheet#503\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4657\"\u003e#4657\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4657\"\u003ePHPOffice/PhpSpreadsheet#4657\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUnexpected Behavior of CONCATENATE. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4061\"\u003e#4061\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4061\"\u003ePHPOffice/PhpSpreadsheet#4061\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4797\"\u003e#4797\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4797\"\u003ePHPOffice/PhpSpreadsheet#4797\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImage Css size in millimeters. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4800\"\u003e#4800\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4800\"\u003ePHPOffice/PhpSpreadsheet#4800\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4801\"\u003e#4801\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4801\"\u003ePHPOffice/PhpSpreadsheet#4801\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/PHPOffice/PhpSpreadsheet/blob/master/CHANGELOG.md\"\u003ephpoffice/phpspreadsheet's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2026-04-19 - 5.7.0\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity patches.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2026-04-09 - 5.6.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMake Reader/Csv Extendable, add new preferred Reader/CsvNoEscape class. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4836\"\u003e#4836\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4836\"\u003ePHPOffice/PhpSpreadsheet#4836\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4837\"\u003e#4837\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4837\"\u003ePHPOffice/PhpSpreadsheet#4837\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4845\"\u003e#4845\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4845\"\u003ePHPOffice/PhpSpreadsheet#4845\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eXLOOKUP function. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/1453\"\u003e#1453\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/1453\"\u003ePHPOffice/PhpSpreadsheet#1453\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4844\"\u003e#4844\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4844\"\u003ePHPOffice/PhpSpreadsheet#4844\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIntroduction of a benchmark test suite, independent of the default unit test suite. Users can use it as a template for experimenting and making decisions concerning performance. [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4824\"\u003e#4824\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4824\"\u003ePHPOffice/PhpSpreadsheet#4824\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRemoved\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eNothing yet.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eNothing yet.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMoved\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eNothing yet.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCollection/Cells::MAX_COLUMN_ID - use Cell/AddressRange::MAX_COLUMN_INT.\u003c/li\u003e\n\u003cli\u003eWriter/Xls/Worksheet constants MAX_XLS_COLUMN, MAX_XLS_COLUMN_STRING, MAX_XLS_ROW - use Cell/AddressRange MAX_COLUMN_INT_XLS, MAX_COLUMN_XLS, MAX_ROW_XLS\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsistent handling of row and column limits. [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4820\"\u003e#4820\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4820\"\u003ePHPOffice/PhpSpreadsheet#4820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProblems with Html Conditional Formatting Colorscale. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4838\"\u003e#4838\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4838\"\u003ePHPOffice/PhpSpreadsheet#4838\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4839\"\u003e#4839\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4839\"\u003ePHPOffice/PhpSpreadsheet#4839\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed an issue where Date detection could misclassify invalid numeric values as dates. [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4841\"\u003e#4841\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4841\"\u003ePHPOffice/PhpSpreadsheet#4841\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOds Reader/Writer Integer Styles with Leading Zeros. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/1606\"\u003e#1606\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/1606\"\u003ePHPOffice/PhpSpreadsheet#1606\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4822\"\u003e#4822\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4822\"\u003ePHPOffice/PhpSpreadsheet#4822\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eXlsx Writer Data URI for Images. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4823\"\u003e#4823\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4823\"\u003ePHPOffice/PhpSpreadsheet#4823\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4831\"\u003e#4831\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4831\"\u003ePHPOffice/PhpSpreadsheet#4831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eConfusion Checking for Union Arguments. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4832\"\u003e#4832\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4832\"\u003ePHPOffice/PhpSpreadsheet#4832\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4835\"\u003e#4835\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4835\"\u003ePHPOffice/PhpSpreadsheet#4835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReader Xlsx Hyperlink with Anchor. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4842\"\u003e#4842\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4842\"\u003ePHPOffice/PhpSpreadsheet#4842\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4843\"\u003e#4843\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4843\"\u003ePHPOffice/PhpSpreadsheet#4843\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2026-02-28 - 5.5.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMuch improved handling of Styles by Ods Reader. The relevant changes are listed at the end of the \u0026quot;Fixed\u0026quot; section below.\u003c/li\u003e\n\u003cli\u003eOption to use OldCalculatedValue in ToArray and Relatives. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/1810\"\u003e#1810\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/1810\"\u003ePHPOffice/PhpSpreadsheet#1810\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4787\"\u003e#4787\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4787\"\u003ePHPOffice/PhpSpreadsheet#4787\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd checkbox style (Xlsx and Html). [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4781\"\u003e#4781\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4781\"\u003ePHPOffice/PhpSpreadsheet#4781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOption to whitelist external images. [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4793\"\u003e#4793\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4793\"\u003ePHPOffice/PhpSpreadsheet#4793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWriter/Html add ability to set line ending. [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4779\"\u003e#4779\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4779\"\u003ePHPOffice/PhpSpreadsheet#4779\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PHPOffice/PhpSpreadsheet/commit/9f55d3b9b7bcb1084fda8340e4b7ce4ed10cd0c8\"\u003e\u003ccode\u003e9f55d3b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4859\"\u003e#4859\u003c/a\u003e from oleibman/updchangelog20260419\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PHPOffice/PhpSpreadsheet/commit/2e35213f2a5c8430f8f46294e7d472c30cf123be\"\u003e\u003ccode\u003e2e35213\u003c/code\u003e\u003c/a\u003e Update Changelog for New Release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PHPOffice/PhpSpreadsheet/commit/9019a9c9da1daee02d55c40f45f23a3c7eba5b62\"\u003e\u003ccode\u003e9019a9c\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PHPOffice/PhpSpreadsheet/commit/f1eb4e6980d537ec85fc20be5950f9ad65d47ffd\"\u003e\u003ccode\u003ef1eb4e6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PHPOffice/PhpSpreadsheet/commit/9b90dee03deb0d28761479c4a3a06fba5f7e012e\"\u003e\u003ccode\u003e9b90dee\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4857\"\u003e#4857\u003c/a\u003e from oleibman/changelog20260406\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PHPOffice/PhpSpreadsheet/commit/f302b3265a3c471438192eea5a8cca26c1d52e88\"\u003e\u003ccode\u003ef302b32\u003c/code\u003e\u003c/a\u003e Prepare Changelog For New Release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PHPOffice/PhpSpreadsheet/commit/4a476071b3e0d633906251d95e73ad7464a32337\"\u003e\u003ccode\u003e4a47607\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4850\"\u003e#4850\u003c/a\u003e from oleibman/updatestan\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PHPOffice/PhpSpreadsheet/commit/8a9e9b561043ad5c9ed869a9c9b6658a7b1c50c3\"\u003e\u003ccode\u003e8a9e9b5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4845\"\u003e#4845\u003c/a\u003e from oleibman/csvnonutf8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PHPOffice/PhpSpreadsheet/commit/5d6d7d537f941ecfff5990f33558bad74d075be5\"\u003e\u003ccode\u003e5d6d7d5\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into csvnonutf8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PHPOffice/PhpSpreadsheet/commit/6f23fe3d8c3b2604360bbc4d1778a1f41d6c1d52\"\u003e\u003ccode\u003e6f23fe3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4844\"\u003e#4844\u003c/a\u003e from oleibman/xlookup\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/PHPOffice/PhpSpreadsheet/compare/5.0.0...5.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google/protobuf` from 4.31.1 to 4.33.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf-php/commit/84b008c23915ed94536737eae46f41ba3bccfe67\"\u003e\u003ccode\u003e84b008c\u003c/code\u003e\u003c/a\u003e 4.33.6 sync\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf-php/commit/1debe453db83159b98a38df5a3737feb1e8ef016\"\u003e\u003ccode\u003e1debe45\u003c/code\u003e\u003c/a\u003e 5.34.0 sync\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf-php/commit/3f6644d863943ebedafacfbfff2cb1c967a766b2\"\u003e\u003ccode\u003e3f6644d\u003c/code\u003e\u003c/a\u003e 5.34.0RC2 sync\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf-php/commit/6fd2d13a7591515c8d09e6278f1a42a78e1adeac\"\u003e\u003ccode\u003e6fd2d13\u003c/code\u003e\u003c/a\u003e 4.29.6 sync\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf-php/commit/ebe8010a61b2ae0cff0d246fe1c4d44e9f7dfa6d\"\u003e\u003ccode\u003eebe8010\u003c/code\u003e\u003c/a\u003e 4.33.5 sync\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf-php/commit/a217acb35241a96fd6d6280e2b2540c30bd028f7\"\u003e\u003ccode\u003ea217acb\u003c/code\u003e\u003c/a\u003e 5.34.0RC1 sync\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf-php/commit/22d28025cda0d223a2e48c2e16c5284ecc9f5402\"\u003e\u003ccode\u003e22d2802\u003c/code\u003e\u003c/a\u003e 4.33.4 sync\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf-php/commit/281537d44d6c270606354e65bfa75a0969dbd629\"\u003e\u003ccode\u003e281537d\u003c/code\u003e\u003c/a\u003e 4.33.3 sync\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf-php/commit/fbd96b7bf1343f4b0d8fb358526c7ba4d72f1318\"\u003e\u003ccode\u003efbd96b7\u003c/code\u003e\u003c/a\u003e 4.33.2 sync\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf-php/commit/0cd73ccf0cd26c3e72299cce1ea6144091a57e12\"\u003e\u003ccode\u003e0cd73cc\u003c/code\u003e\u003c/a\u003e 4.33.1 sync\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protocolbuffers/protobuf-php/compare/v4.31.1...v4.33.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `league/commonmark` from 2.7.0 to 2.8.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.8.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (\u003ca href=\"https://github.com/thephpleague/commonmark/security/advisories/GHSA-4v6x-c7xx-hw9f\"\u003eGHSA-4v6x-c7xx-hw9f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kocal\"\u003e\u003ccode\u003e@​Kocal\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1106\"\u003ethephpleague/commonmark#1106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/freost\"\u003e\u003ccode\u003e@​freost\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1107\"\u003ethephpleague/commonmark#1107\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.8.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded a new \u003ccode\u003eHighlightExtension\u003c/code\u003e for marking important text using \u003ccode\u003e==\u003c/code\u003e syntax (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1100\"\u003e#1100\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eAutolinkExtension\u003c/code\u003e incorrectly matching URLs after invalid \u003ccode\u003ewww.\u003c/code\u003e prefix (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1095\"\u003e#1095\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1103\"\u003e#1103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samwilson\"\u003e\u003ccode\u003e@​samwilson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1090\"\u003ethephpleague/commonmark#1090\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ossobuffo\"\u003e\u003ccode\u003e@​ossobuffo\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1100\"\u003ethephpleague/commonmark#1100\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.7.1...2.8.0\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.7.1...2.8.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.7.1\u003c/h2\u003e\n\u003ch2\u003eNotable Changes\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOptimized several regular expressions in \u003ccode\u003eRegexHelper\u003c/code\u003e to improve performance (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/674\"\u003e#674\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1086\"\u003e#1086\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eEmbedProcessor\u003c/code\u003e no longer calls \u003ccode\u003eupdateEmbeds()\u003c/code\u003e when there are no embeds to update (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed missing \u003ccode\u003ebenchmark.php\u003c/code\u003e CSV path validation for non-existent files (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1068\"\u003e#1068\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.8.1] - 2026-03-05\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (GHSA-4v6x-c7xx-hw9f)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.8.0] - 2025-11-26\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded a new \u003ccode\u003eHighlightExtension\u003c/code\u003e for marking important text using \u003ccode\u003e==\u003c/code\u003e syntax (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1100\"\u003e#1100\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eAutolinkExtension\u003c/code\u003e incorrectly matching URLs after invalid \u003ccode\u003ewww.\u003c/code\u003e prefix (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1095\"\u003e#1095\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1103\"\u003e#1103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.7.1] - 2025-07-20\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOptimized several regular expressions in \u003ccode\u003eRegexHelper\u003c/code\u003e to improve performance (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/674\"\u003e#674\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1086\"\u003e#1086\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eEmbedProcessor\u003c/code\u003e no longer calls \u003ccode\u003eupdateEmbeds()\u003c/code\u003e when there are no embeds to update (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed missing \u003ccode\u003ebenchmark.php\u003c/code\u003e CSV path validation for non-existent files (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1068\"\u003e#1068\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/84b1ca48347efdbe775426f108622a42735a6579\"\u003e\u003ccode\u003e84b1ca4\u003c/code\u003e\u003c/a\u003e Almost forgot this entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/bcf54f5a38cf8e42cca45248b04caba13317459f\"\u003e\u003ccode\u003ebcf54f5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/7a68ed1c6765bd2650fed6d9857985bdfe655c71\"\u003e\u003ccode\u003e7a68ed1\u003c/code\u003e\u003c/a\u003e Prepare to release 2.8.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/5c0c4c8fe5a31e8260be99e0afad7136a27c79e6\"\u003e\u003ccode\u003e5c0c4c8\u003c/code\u003e\u003c/a\u003e Fix DisallowedRawHtml bypass via newline/tab in tag names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/f6e74434dd1a91f195f80cb0184b746a4187272a\"\u003e\u003ccode\u003ef6e7443\u003c/code\u003e\u003c/a\u003e Add regression test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/0719b6744cc68bc8b037fb30db86b62ec370c557\"\u003e\u003ccode\u003e0719b67\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e from freost/fix-php85-deprecation-error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/63ff2e0b12742f379803b5f21aa6f5b50abcd412\"\u003e\u003ccode\u003e63ff2e0\u003c/code\u003e\u003c/a\u003e Fix PHP 8.5 deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/8608e9c006d9f44acf8d983b126a813bd8def780\"\u003e\u003ccode\u003e8608e9c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1106\"\u003e#1106\u003c/a\u003e from Kocal/patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.7.0...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `psy/psysh` from 0.12.8 to 0.12.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bobthecow/psysh/releases\"\u003epsy/psysh's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ePsySH v0.12.22\u003c/h2\u003e\n\u003ch2\u003eRuntime config and clipboard support\u003c/h2\u003e\n\u003cp\u003ePsySH has a new \u003ccode\u003econfig\u003c/code\u003e command for inspecting and updating runtime-configurable settings during the current session. You can tweak things like \u003ccode\u003epager\u003c/code\u003e, \u003ccode\u003etheme\u003c/code\u003e, \u003ccode\u003everbosity\u003c/code\u003e, \u003ccode\u003euseSuggestions\u003c/code\u003e, \u003ccode\u003euseSyntaxHighlighting\u003c/code\u003e, \u003ccode\u003eclipboardCommand\u003c/code\u003e, and \u003ccode\u003esemicolonsSuppressReturn\u003c/code\u003e without restarting the shell. Fixes \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/361\"\u003e#361\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThere’s also a new \u003ccode\u003ecopy\u003c/code\u003e command for copying the last result (\u003ccode\u003e$_\u003c/code\u003e) or any expression to your clipboard. Works with system clipboard commands, or via OSC 52 for SSH and remote terminals.\u003c/p\u003e\n\u003cp\u003eConfigure with \u003ccode\u003eclipboardCommand\u003c/code\u003e or \u003ccode\u003euseOsc52Clipboard\u003c/code\u003e in your config.\u003c/p\u003e\n\u003ch2\u003eSemicolon-based return suppression\u003c/h2\u003e\n\u003cp\u003eOptionally suppress return values by ending a statement with \u003ccode\u003e;\u003c/code\u003e, similar to MATLAB/Octave behavior. Supports a \u003ccode\u003e'double'\u003c/code\u003e mode requiring \u003ccode\u003e;;\u003c/code\u003e for suppression (if \u003ccode\u003erequireSemicolons\u003c/code\u003e is also enabled, both \u003ccode\u003etrue\u003c/code\u003e and \u003ccode\u003e'double'\u003c/code\u003e require \u003ccode\u003e;;\u003c/code\u003e).\u003c/p\u003e\n\u003cpre lang=\"php\"\u003e\u003ccode\u003e'semicolonsSuppressReturn' =\u0026gt; true,\r\n'semicolonsSuppressReturn' =\u0026gt; 'double', // Always require ;; to suppress\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eOutput and exception display improvements\u003c/h2\u003e\n\u003cp\u003eStrings are now valid PHP!\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePsySH now preserves backslashes and other characters it previously mangled in a few cases. Fixes \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/351\"\u003e#351\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/568\"\u003e#568\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMultiline strings are rendered using heredoc-style output rather than triple-quoted strings \u003ccode\u003e\u0026quot;\u0026quot;\u0026quot;\u003c/code\u003e. The old format is available via \u003ccode\u003euseDeprecatedMultilineStrings\u003c/code\u003e until the next major release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProviding an \u003ccode\u003eexceptionDetails\u003c/code\u003e callback via config renders additional context about exceptions (e.g. validation errors) alongside the error message. Fixes \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/648\"\u003e#648\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eA few other improvements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMore consistent compact (and non-compact) output spacing.\u003c/li\u003e\n\u003cli\u003eResponsive \u003ccode\u003ehelp\u003c/code\u003e layout adapts to terminal width.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBetter completion for everyone\u003c/h2\u003e\n\u003cp\u003eLegacy readline now shares PsySH’s newer completion engine, which brings much better parity between ext-readline/libedit and experimental interactive readline. Command argument completion, better multiline buffering, and a handful of command-dispatch edge cases now work much more consistently outside experimental readline too.\u003c/p\u003e\n\u003cp\u003eCommands can now define their own argument completions via \u003ccode\u003eCommandArgumentCompletionAware\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eInteractive readline polish\u003c/h2\u003e\n\u003cp\u003eNew in the experimental interactive readline:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eLive syntax highlighting\u003c/strong\u003e — code is highlighted as you type. Can be disabled via \u003ccode\u003euseSyntaxHighlighting\u003c/code\u003e if you don't like colors, I guess.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAllman-style indenting\u003c/strong\u003e — opening brackets on a new line get proper indentation.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eImproved auto-dedent\u003c/strong\u003e — closing brackets automatically reduce indentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003epsy\\info()\u003c/code\u003e and \u003ccode\u003e--info\u003c/code\u003e also report more detail about readline and autocomplete state.\u003c/p\u003e\n\u003cp\u003eRun psysh with \u003ccode\u003e--experimental-readline\u003c/code\u003e and try it out. It's getting kind of awesome!\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/3be75d5b9244936dd4ac62ade2bfb004d13acf0f\"\u003e\u003ccode\u003e3be75d5\u003c/code\u003e\u003c/a\u003e Merge branch 'release/v0.12.22'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/8042a8fec59c72b9a9b5586f9bfe79e26c069aeb\"\u003e\u003ccode\u003e8042a8f\u003c/code\u003e\u003c/a\u003e Bump to v0.12.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/fd4cb699ef9df41ecd48f175edde3feaf4d8d794\"\u003e\u003ccode\u003efd4cb69\u003c/code\u003e\u003c/a\u003e Fix phan warning\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/2b350a413b82010f6e88fbb794aa7364d5ca9ecf\"\u003e\u003ccode\u003e2b350a4\u003c/code\u003e\u003c/a\u003e Fix throw special casing in really old php-parser versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/193e14994706fbe344291741bed2215622b1a659\"\u003e\u003ccode\u003e193e149\u003c/code\u003e\u003c/a\u003e Fix a code cleaner bug with \u003ccode\u003ethrow new Exception\u003c/code\u003e in PHP 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/f583f74b314459c5f838095ce7a341fdd81690b2\"\u003e\u003ccode\u003ef583f74\u003c/code\u003e\u003c/a\u003e Restore VarDumper hard-ref handling, suppress link-only markers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/1e6a0d6e8800e0d82c86b85b7de9e37ac65a74fd\"\u003e\u003ccode\u003e1e6a0d6\u003c/code\u003e\u003c/a\u003e Prefer use statements over FQNs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/484e600e2ac5f0e403796863865de6d8a6a66ebd\"\u003e\u003ccode\u003e484e600\u003c/code\u003e\u003c/a\u003e Simplify theme identity, no-op updates when unchanged\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/f01e492b18146675b218061c0c31b13fe58e3a9a\"\u003e\u003ccode\u003ef01e492\u003c/code\u003e\u003c/a\u003e Standardize test temp dir creation and cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/6f33aea84464ed64b0c684c78fedf1f6620483d8\"\u003e\u003ccode\u003e6f33aea\u003c/code\u003e\u003c/a\u003e Add token-based fallback for incomplete member completion\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/bobthecow/psysh/compare/v0.12.8...v0.12.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `symfony/http-foundation` from 7.3.0 to 7.4.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/http-foundation/releases\"\u003esymfony/http-foundation's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.4.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.7...v7.4.8\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.7...v7.4.8\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.6...v7.4.7\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.6...v7.4.7\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63603\"\u003e#63603\u003c/a\u003e  Fix session cookie_lifetime not applied in mock session storage (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.5...v7.4.6\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.5...v7.4.6\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63448\"\u003e#63448\u003c/a\u003e  Handle empty session data in updateTimestamp() to fix compat with PHP 8.6 (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63319\"\u003e#63319\u003c/a\u003e  BinaryFileResponse: always return 206 if Range is valid (\u003ca href=\"https://github.com/Jimbolino\"\u003e\u003ccode\u003e@​Jimbolino\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63262\"\u003e#63262\u003c/a\u003e  Reject invalid paths (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/54304\"\u003e#54304\u003c/a\u003e  When calling UploadedFile::getErrorMessage() to a file which has no error and is uploaded successfully, it should not return an error (\u003ca href=\"https://github.com/ArmCyber\"\u003e\u003ccode\u003e@​ArmCyber\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63230\"\u003e#63230\u003c/a\u003e  fix engine declaration on mysql pdo table creations (\u003ca href=\"https://github.com/tandev\"\u003e\u003ccode\u003e@​tandev\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.5\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.4...v7.4.5\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.4...v7.4.5\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63137\"\u003e#63137\u003c/a\u003e  Fix PdoSessionHandler charset-collation mismatch with the Doctrine DBAL (\u003ca href=\"https://github.com/samy-mahmoudi\"\u003e\u003ccode\u003e@​samy-mahmoudi\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.3...v7.4.4\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.3...v7.4.4\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63012\"\u003e#63012\u003c/a\u003e  Fix double-prefixing of session keys when using redis/memcached (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.2...v7.4.3\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.2...v7.4.3\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62799\"\u003esymfony/symfony#62799\u003c/a\u003e [Cache][HttpFoundation] Fix VARBINARY columns on sqlsrv (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.0...v7.4.1\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.0...v7.4.1\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62663\"\u003esymfony/symfony#62663\u003c/a\u003e [HttpFoundation] Improve logic in Request::createFromGlobals() (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.0-RC3...v7.4.0\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.0-RC3...v7.4.0\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0-RC1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.0-BETA2...v7.4.0-RC1\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.0-BETA2...v7.4.0-RC1\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62287\"\u003esymfony/symfony#62287\u003c/a\u003e [HttpFoundation] Fix AcceptHeader overwrites items with different parameters (\u003ca href=\"https://github.com/yoeunes\"\u003e\u003ccode\u003e@​yoeunes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62324\"\u003esymfony/symfony#62324\u003c/a\u003e [HttpFoundation] Fix parsing hosts and schemes in URLs (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/http-foundation/blob/8.1/CHANGELOG.md\"\u003esymfony/http-foundation's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCHANGELOG\u003c/h1\u003e\n\u003ch2\u003e8.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eBinaryFileResponse::shouldDeleteFileAfterSend()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDeprecate setting public properties of \u003ccode\u003eRequest\u003c/code\u003e and \u003ccode\u003eResponse\u003c/code\u003e objects directly; use setters or constructor arguments instead\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop HTTP method override support for methods GET, HEAD, CONNECT and TRACE\u003c/li\u003e\n\u003cli\u003eAdd argument \u003ccode\u003e$subtypeFallback\u003c/code\u003e to \u003ccode\u003eRequest::getFormat()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRemove the following deprecated session options from \u003ccode\u003eNativeSessionStorage\u003c/code\u003e: \u003ccode\u003ereferer_check\u003c/code\u003e, \u003ccode\u003euse_only_cookies\u003c/code\u003e, \u003ccode\u003euse_trans_sid\u003c/code\u003e, \u003ccode\u003esid_length\u003c/code\u003e, \u003ccode\u003esid_bits_per_character\u003c/code\u003e, \u003ccode\u003etrans_sid_hosts\u003c/code\u003e, \u003ccode\u003etrans_sid_tags\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eTrigger PHP warning when using \u003ccode\u003eRequest::sendHeaders()\u003c/code\u003e after headers have already been sent; use a \u003ccode\u003eStreamedResponse\u003c/code\u003e instead\u003c/li\u003e\n\u003cli\u003eAdd arguments \u003ccode\u003e$v4Bytes\u003c/code\u003e and \u003ccode\u003e$v6Bytes\u003c/code\u003e to \u003ccode\u003eIpUtils::anonymize()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd argument \u003ccode\u003e$partitioned\u003c/code\u003e to \u003ccode\u003eResponseHeaderBag::clearCookie()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd argument \u003ccode\u003e$expiration\u003c/code\u003e to \u003ccode\u003eUriSigner::sign()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003eRequest::get()\u003c/code\u003e, use properties \u003ccode\u003e-\u0026gt;attributes\u003c/code\u003e, \u003ccode\u003equery\u003c/code\u003e or \u003ccode\u003erequest\u003c/code\u003e directly instead\u003c/li\u003e\n\u003cli\u003eRemove accepting null \u003ccode\u003e$format\u003c/code\u003e argument to \u003ccode\u003eRequest::setFormat()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e#[WithHttpStatus]\u003c/code\u003e to define status codes: 404 for \u003ccode\u003eSignedUriException\u003c/code\u003e and 403 for \u003ccode\u003eExpiredSignedUriException\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the \u003ccode\u003eQUERY\u003c/code\u003e HTTP method\u003c/li\u003e\n\u003cli\u003eAdd support for structured MIME suffix\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eRequest::set/getAllowedHttpMethodOverride()\u003c/code\u003e to list which HTTP methods can be overridden\u003c/li\u003e\n\u003cli\u003eDeprecate using \u003ccode\u003eRequest::sendHeaders()\u003c/code\u003e after headers have already been sent; use a \u003ccode\u003eStreamedResponse\u003c/code\u003e instead\u003c/li\u003e\n\u003cli\u003eDeprecate method \u003ccode\u003eRequest::get()\u003c/code\u003e, use properties \u003ccode\u003e-\u0026gt;attributes\u003c/code\u003e, \u003ccode\u003equery\u003c/code\u003e or \u003ccode\u003erequest\u003c/code\u003e directly instead\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eRequest::createFromGlobals()\u003c/code\u003e parse the body of PUT, DELETE, PATCH and QUERY requests\u003c/li\u003e\n\u003cli\u003eDeprecate HTTP method override for methods GET, HEAD, CONNECT and TRACE; it will be ignored in Symfony 8.0\u003c/li\u003e\n\u003cli\u003eDeprecate accepting null \u003ccode\u003e$format\u003c/code\u003e argument to \u003ccode\u003eRequest::setFormat()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for iterable of string in \u003ccode\u003eStreamedResponse\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eEventStreamResponse\u003c/code\u003e and \u003ccode\u003eServerEvent\u003c/code\u003e classes to streamline server event streaming\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003evalkey:\u003c/code\u003e / \u003ccode\u003evalkeys:\u003c/code\u003e schemes for sessions\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest::getPreferredLanguage()\u003c/code\u003e now favors a more preferred language above exactly matching a locale\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eUriSigner\u003c/code\u003e to use a \u003ccode\u003eClockInterface\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUriSigner::verify()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd optional \u003ccode\u003e$requests\u003c/code\u003e parameter to \u003ccode\u003eRequestStack::__construct()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd optional \u003ccode\u003e$v4Bytes\u003c/code\u003e and \u003ccode\u003e$v6Bytes\u003c/code\u003e parameters to \u003ccode\u003eIpUtils::anonymize()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/9381209597ec66c25be154cbf2289076e64d1eab\"\u003e\u003ccode\u003e9381209\u003c/code\u003e\u003c/a\u003e Configure deprecation triggers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/f94b3e7b7dafd40e666f0c9ff2084133bae41e81\"\u003e\u003ccode\u003ef94b3e7\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/cffffd0a2c037117b742b4f8b379a22a2a33f6d2\"\u003e\u003ccode\u003ecffffd0\u003c/code\u003e\u003c/a\u003e [HttpFoundation] Fix session cookie_lifetime not applied in mock session storage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/fd97d5e926e988a363cef56fbbf88c5c528e9065\"\u003e\u003ccode\u003efd97d5e\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/5bb346d1b4b2a616e5c3d99b3ee4d5810735c535\"\u003e\u003ccode\u003e5bb346d\u003c/code\u003e\u003c/a\u003e [HttpFoundation] Handle empty session data in updateTimestamp() to fix compat...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/17de1a39c0ed8dc062df993d65c7269502a2ec78\"\u003e\u003ccode\u003e17de1a3\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/31b030e12f6662a7016add28fe29b70327dacf86\"\u003e\u003ccode\u003e31b030e\u003c/code\u003e\u003c/a\u003e stop using with*() without expects()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/36ba5c7a025c05a92cd4a753abbe1781442c8414\"\u003e\u003ccode\u003e36ba5c7\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/31e2a27d480546f031bd4fc6f1ec8a7abdd62bb1\"\u003e\u003ccode\u003e31e2a27\u003c/code\u003e\u003c/a\u003e BinaryFileResponse: always return 206 if Range is valid\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/669ac23030db4cc4314e7a9ada4e258752266ec1\"\u003e\u003ccode\u003e669ac23\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.3.0...v7.4.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `symfony/process` from 7.3.0 to 7.4.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/process/releases\"\u003esymfony/process's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.4.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v7.4.7...v7.4.8\"\u003ehttps://github.com/symfony/process/compare/v7.4.7...v7.4.8\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/process/issues/63611\"\u003e#63611\u003c/a\u003e  Throw InvalidArgumentException when env block exceeds Windows limit (Nadim AL ABDOU)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.5\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v7.4.4...v7.4.5\"\u003ehttps://github.com/symfony/process/compare/v7.4.4...v7.4.5\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity #cve-2026-24739  Fix escaping for MSYS on Windows (nicolas-grekas)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/process/issues/63164\"\u003e#63164\u003c/a\u003e  Fix escaping for MSYS on Windows (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v7.4.3...v7.4.4\"\u003ehttps://github.com/symfony/process/compare/v7.4.3...v7.4.4\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/process/issues/63004\"\u003e#63004\u003c/a\u003e  Ignore invalid env var names (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v7.4.2...v7.4.3\"\u003ehttps://github.com/symfony/process/compare/v7.4.2...v7.4.3\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62775\"\u003esymfony/symfony#62775\u003c/a\u003e [Process] Fix dealing with broken stdin pipes (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v7.4.0-RC3...v7.4.0\"\u003ehttps://github.com/symfony/process/compare/v7.4.0-RC3...v7.4.0\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0-RC1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v7.4.0-BETA2...v7.4.0-RC1\"\u003ehttps://github.com/symfony/process/compare/v7.4.0-BETA2...v7.4.0-RC1\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0-BETA1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v7.3.4...v7.4.0-BETA1\"\u003ehttps://github.com/symfony/process/compare/v7.3.4...v7.4.0-BETA1\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.3.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v7.3.10...v7.3.11\"\u003ehttps://github.com/symfony/process/compare/v7.3.10...v7.3.11\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity #cve-2026-24739  Fix escaping for MSYS on Windows (nicolas-grekas)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/process/issues/63164\"\u003e#63164\u003c/a\u003e  Fix escaping for MSYS on Windows (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.3.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v7.3.9...v7.3.10\"\u003ehttps://github.com/symfony/process/compare/v7.3.9...v7.3.10\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/process/issues/63004\"\u003e#63004\u003c/a\u003e  Ignore invalid env var names (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.3.9\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v7.3.8...v7.3.9\"\u003ehttps://github.com/symfony/process/compare/v7.3.8...v7.3.9\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/60f19cd3badc8de688421e21e4305eba50f8089a\"\u003e\u003ccode\u003e60f19cd\u003c/code\u003e\u003c/a\u003e Configure deprecation triggers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/95b070ee7180a0d49d48786fccf3b935c01d6f3b\"\u003e\u003ccode\u003e95b070e\u003c/code\u003e\u003c/a\u003e [Process] Throw InvalidArgumentException when env block exceeds Windows limit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/608476f4604102976d687c483ac63a79ba18cc97\"\u003e\u003ccode\u003e608476f\u003c/code\u003e\u003c/a\u003e Merge branch '7.3' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/81fe4ea2c3b8677fa2adfd8e48ba42374ede0e3b\"\u003e\u003ccode\u003e81fe4ea\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/c46e854e79b52d07666e43924a20cb6dc546644e\"\u003e\u003ccode\u003ec46e854\u003c/code\u003e\u003c/a\u003e [Process] Fix escaping for MSYS on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/626f07a53f4b4e2f00e11824cc29f928d797783b\"\u003e\u003ccode\u003e626f07a\u003c/code\u003e\u003c/a\u003e Merge branch '7.3' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/4424bc14e7dedec472440cc991f961f22343caaa\"\u003e\u003ccode\u003e4424bc1\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/c593135be689b21e6164b1e8f6f5dbf1506b065c\"\u003e\u003ccode\u003ec593135\u003c/code\u003e\u003c/a\u003e [Process] Adjust Process mustRun method phpdoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/f532042054c29ec9181b94ec5d5a42736c052eb1\"\u003e\u003ccode\u003ef532042\u003c/code\u003e\u003c/a\u003e Merge branch '7.3' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/6d13a9300772cf6f22f490574b80d9bf3481d07a\"\u003e\u003ccode\u003e6d13a93\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.3\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/symfony/process/compare/v7.3.0...v7.4.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mahmoud2001858833/order/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/mahmoud2001858833/order/pull/27","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mahmoud2001858833%2Forder/issues/27","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/27/packages"},{"uuid":"4330496784","node_id":"PR_kwDOBKAl187Vs-cH","number":50,"state":"closed","title":"Bump league/commonmark from 2.8.1 to 2.8.2","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-26T09:14:11.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-26T09:13:26.000Z","updated_at":"2026-04-26T09:14:13.000Z","time_to_close":45,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"league/commonmark","old_version":"2.8.1","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":null,"ecosystem":"packagist"},"body":"Bumps [league/commonmark](https://github.com/thephpleague/commonmark) from 2.8.1 to 2.8.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.8.1\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/scify/Memor-i-Studio/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/scify/Memor-i-Studio/pull/50","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/scify%2FMemor-i-Studio/issues/50","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/50/packages"},{"uuid":"4286721820","node_id":"PR_kwDOSFx3Rc7ThTp3","number":15,"state":"open","title":"chore(deps): bump league/commonmark from 2.8.0 to 2.8.2","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-18T04:41:26.000Z","updated_at":"2026-04-18T06:02:30.237Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"league/commonmark","old_version":"2.8.0","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":null,"ecosystem":"packagist"},"body":"Bumps [league/commonmark](https://github.com/thephpleague/commonmark) from 2.8.0 to 2.8.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.8.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (\u003ca href=\"https://github.com/thephpleague/commonmark/security/advisories/GHSA-4v6x-c7xx-hw9f\"\u003eGHSA-4v6x-c7xx-hw9f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kocal\"\u003e\u003ccode\u003e@​Kocal\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1106\"\u003ethephpleague/commonmark#1106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/freost\"\u003e\u003ccode\u003e@​freost\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1107\"\u003ethephpleague/commonmark#1107\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.8.1] - 2026-03-05\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (GHSA-4v6x-c7xx-hw9f)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/84b1ca48347efdbe775426f108622a42735a6579\"\u003e\u003ccode\u003e84b1ca4\u003c/code\u003e\u003c/a\u003e Almost forgot this entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/bcf54f5a38cf8e42cca45248b04caba13317459f\"\u003e\u003ccode\u003ebcf54f5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/7a68ed1c6765bd2650fed6d9857985bdfe655c71\"\u003e\u003ccode\u003e7a68ed1\u003c/code\u003e\u003c/a\u003e Prepare to release 2.8.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/5c0c4c8fe5a31e8260be99e0afad7136a27c79e6\"\u003e\u003ccode\u003e5c0c4c8\u003c/code\u003e\u003c/a\u003e Fix DisallowedRawHtml bypass via newline/tab in tag names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/f6e74434dd1a91f195f80cb0184b746a4187272a\"\u003e\u003ccode\u003ef6e7443\u003c/code\u003e\u003c/a\u003e Add regression test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/0719b6744cc68bc8b037fb30db86b62ec370c557\"\u003e\u003ccode\u003e0719b67\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e from freost/fix-php85-deprecation-error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/63ff2e0b12742f379803b5f21aa6f5b50abcd412\"\u003e\u003ccode\u003e63ff2e0\u003c/code\u003e\u003c/a\u003e Fix PHP 8.5 deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/8608e9c006d9f44acf8d983b126a813bd8def780\"\u003e\u003ccode\u003e8608e9c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1106\"\u003e#1106\u003c/a\u003e from Kocal/patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.0...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.8.0\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ltac0203-pixel/fleximo-oss/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/ltac0203-pixel/fleximo-oss/pull/15","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ltac0203-pixel%2Ffleximo-oss/issues/15","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/15/packages"},{"uuid":"4264493431","node_id":"PR_kwDON4ub4c7SbTgX","number":12,"state":"closed","title":"Bump the composer group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-17T23:16:36.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-14T20:14:57.000Z","updated_at":"2026-04-17T23:16:38.000Z","time_to_close":270099,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"composer","update_count":2,"packages":[{"name":"composer/composer","old_version":"2.9.3","new_version":"2.9.6","repository_url":"https://github.com/composer/composer"},{"name":"league/commonmark","old_version":"2.8.0","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":null,"ecosystem":"packagist"},"body":"Bumps the composer group with 2 updates in the /workbench directory: [composer/composer](https://github.com/composer/composer) and [league/commonmark](https://github.com/thephpleague/commonmark).\n\nUpdates `composer/composer` from 2.9.3 to 2.9.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/composer/composer/releases\"\u003ecomposer/composer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.9.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: Fixed command injection via malicious Perforce reference (GHSA-gqw4-4w2p-838q / CVE-2026-40261)\u003c/li\u003e\n\u003cli\u003eSecurity: Fixed command injection via malicious Perforce repository definition (GHSA-wg36-wvj6-r67p / CVE-2026-40176)\u003c/li\u003e\n\u003cli\u003eSecurity: Fixed git credentials remaining in git mirror .git/config after clone or update failed (2bcbfc3d)\u003c/li\u003e\n\u003cli\u003eSecurity: Fixed usage of insecure 3DES ciphers when ext-curl is missing (5e71d77e)\u003c/li\u003e\n\u003cli\u003eSecurity: Fixed Perforce unescaped user input in queryP4User shell command (ef3fc088)\u003c/li\u003e\n\u003cli\u003eSecurity: Hardened git/hg/perforce/fossil identifier validation to ensure branch names starting with \u003ccode\u003e-\u003c/code\u003e do not cause issues (6621d45, d836b90, 5e08c764)\u003c/li\u003e\n\u003cli\u003eFixed inconsistent treatment of SingleCommandApplication script commands wrt autoloading (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12758\"\u003e#12758\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed GitHub API authentication errors not being visible to the user (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12737\"\u003e#12737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed some platform package parsing failing when Composer runs in web SAPIs (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12735\"\u003e#12735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed error reporting for clarity when a constraint cannot be parsed (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12743\"\u003e#12743\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/composer/composer/compare/2.9.5...2.9.6\"\u003ehttps://github.com/composer/composer/compare/2.9.5...2.9.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.9.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for new \u003ccode\u003epie\u003c/code\u003e \u003ccode\u003edownload-url-methods\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12727\"\u003e#12727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed detection of 7z when installed as 7za on some linux systems (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12731\"\u003e#12731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed warning because of the symfony/process CVE, 2.9.4 had a workaround already\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/composer/composer/compare/2.9.4...2.9.5\"\u003ehttps://github.com/composer/composer/compare/2.9.4...2.9.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.9.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded active plugins to the diagnose command output (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12706\"\u003e#12706\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTP/3\u003c/code\u003e causing issues with proxies (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12699\"\u003e#12699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eshow\u003c/code\u003e command regression with long descriptions containing unicode characters (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12704\"\u003e#12704\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed regression handling invalid unicode sequences in output (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12707\"\u003e#12707\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003egit rev-list\u003c/code\u003e usages to support older pre-2.33 git versions (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12705\"\u003e#12705\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed issue handling paths with \u003ccode\u003e=\u003c/code\u003e in them on Windows (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12726\"\u003e#12726\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/composer/composer/compare/2.9.3...2.9.4\"\u003ehttps://github.com/composer/composer/compare/2.9.3...2.9.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/composer/composer/blob/main/CHANGELOG.md\"\u003ecomposer/composer's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e[2.9.6] 2026-04-14\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: Fixed command injection via malicious Perforce reference (GHSA-gqw4-4w2p-838q / CVE-2026-40261)\u003c/li\u003e\n\u003cli\u003eSecurity: Fixed command injection via malicious Perforce repository definition (GHSA-wg36-wvj6-r67p / CVE-2026-40176)\u003c/li\u003e\n\u003cli\u003eSecurity: Fixed git credentials remaining in git mirror .git/config after clone or update failed (2bcbfc3d)\u003c/li\u003e\n\u003cli\u003eSecurity: Fixed usage of insecure 3DES ciphers when ext-curl is missing (5e71d77e)\u003c/li\u003e\n\u003cli\u003eSecurity: Fixed Perforce unescaped user input in queryP4User shell command (ef3fc088)\u003c/li\u003e\n\u003cli\u003eSecurity: Hardened git/hg/perforce/fossil identifier validation to ensure branch names starting with \u003ccode\u003e-\u003c/code\u003e do not cause issues (6621d45, d836b90, 5e08c764)\u003c/li\u003e\n\u003cli\u003eFixed inconsistent treatment of SingleCommandApplication script commands wrt autoloading (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12758\"\u003e#12758\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed GitHub API authentication errors not being visible to the user (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12737\"\u003e#12737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed some platform package parsing failing when Composer runs in web SAPIs (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12735\"\u003e#12735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed error reporting for clarity when a constraint cannot be parsed (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12743\"\u003e#12743\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e[2.9.5] 2026-01-29\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for new \u003ccode\u003epie\u003c/code\u003e \u003ccode\u003edownload-url-methods\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12727\"\u003e#12727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed detection of 7z when installed as 7za on some linux systems (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12731\"\u003e#12731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed warning because of the symfony/process CVE, 2.9.4 had a workaround already\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e[2.9.4] 2026-01-22\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded active plugins to the diagnose command output (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12706\"\u003e#12706\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTP/3\u003c/code\u003e causing issues with proxies (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12699\"\u003e#12699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eshow\u003c/code\u003e command regression with long descriptions containing unicode characters (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12704\"\u003e#12704\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed regression handling invalid unicode sequences in output (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12707\"\u003e#12707\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003egit rev-list\u003c/code\u003e usages to support older pre-2.33 git versions (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12705\"\u003e#12705\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed issue handling paths with \u003ccode\u003e=\u003c/code\u003e in them on Windows (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12726\"\u003e#12726\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/composer/composer/commit/9afc32c056d65f9bc4af64ca2aa264a0a38568e5\"\u003e\u003ccode\u003e9afc32c\u003c/code\u003e\u003c/a\u003e Release 2.9.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/composer/composer/commit/e00073c3d424708644e45480d929933de922c4d9\"\u003e\u003ccode\u003ee00073c\u003c/code\u003e\u003c/a\u003e Fix some perforce type issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/composer/composer/commit/4fcc13d428f28479b01f757341aadd625412b454\"\u003e\u003ccode\u003e4fcc13d\u003c/code\u003e\u003c/a\u003e Convert perforce util to use array process args to avoid injections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/composer/composer/commit/fd82721e1bdbded81dbc2b5acaa2f54d7513964f\"\u003e\u003ccode\u003efd82721\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/composer/composer/commit/15f2541d942f3958930bbe86d11cd9c7bd4d2830\"\u003e\u003ccode\u003e15f2541\u003c/code\u003e\u003c/a\u003e Fix --no-plugins handling regression in \u003ca href=\"https://redirect.github.com/composer/composer/issues/12758\"\u003e#12758\u003c/a\u003e, fixes \u003ca href=\"https://redirect.github.com/composer/composer/issues/12789\"\u003e#12789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/composer/composer/commit/4f02616e6fba3b1baf8d45725f847841b44fc15c\"\u003e\u003ccode\u003e4f02616\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/composer/composer/commit/91f077050c13e49e22554b991c81378ce8b5ee16\"\u003e\u003ccode\u003e91f0770\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/composer/composer/commit/d836b901648dfb0f8c94c02bbd91bb68a25e16d8\"\u003e\u003ccode\u003ed836b90\u003c/code\u003e\u003c/a\u003e Fix fossil driver identifier validation for getFileContent\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/composer/composer/commit/028a251c3fec3d561f8728506411581c9093dd70\"\u003e\u003ccode\u003e028a251\u003c/code\u003e\u003c/a\u003e Fix tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/composer/composer/commit/5e08c764257b5ab0948af93010a39bd5644b153d\"\u003e\u003ccode\u003e5e08c76\u003c/code\u003e\u003c/a\u003e Fix fossil update call when calling it with valid branch names like --dry-run...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/composer/composer/compare/2.9.3...2.9.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `league/commonmark` from 2.8.0 to 2.8.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.8.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (\u003ca href=\"https://github.com/thephpleague/commonmark/security/advisories/GHSA-4v6x-c7xx-hw9f\"\u003eGHSA-4v6x-c7xx-hw9f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kocal\"\u003e\u003ccode\u003e@​Kocal\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1106\"\u003ethephpleague/commonmark#1106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/freost\"\u003e\u003ccode\u003e@​freost\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1107\"\u003ethephpleague/commonmark#1107\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.8.1] - 2026-03-05\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (GHSA-4v6x-c7xx-hw9f)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/84b1ca48347efdbe775426f108622a42735a6579\"\u003e\u003ccode\u003e84b1ca4\u003c/code\u003e\u003c/a\u003e Almost forgot this entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/bcf54f5a38cf8e42cca45248b04caba13317459f\"\u003e\u003ccode\u003ebcf54f5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/7a68ed1c6765bd2650fed6d9857985bdfe655c71\"\u003e\u003ccode\u003e7a68ed1\u003c/code\u003e\u003c/a\u003e Prepare to release 2.8.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/5c0c4c8fe5a31e8260be99e0afad7136a27c79e6\"\u003e\u003ccode\u003e5c0c4c8\u003c/code\u003e\u003c/a\u003e Fix DisallowedRawHtml bypass via newline/tab in tag names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/f6e74434dd1a91f195f80cb0184b746a4187272a\"\u003e\u003ccode\u003ef6e7443\u003c/code\u003e\u003c/a\u003e Add regression test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/0719b6744cc68bc8b037fb30db86b62ec370c557\"\u003e\u003ccode\u003e0719b67\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e from freost/fix-php85-deprecation-error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/63ff2e0b12742f379803b5f21aa6f5b50abcd412\"\u003e\u003ccode\u003e63ff2e0\u003c/code\u003e\u003c/a\u003e Fix PHP 8.5 deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/8608e9c006d9f44acf8d983b126a813bd8def780\"\u003e\u003ccode\u003e8608e9c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1106\"\u003e#1106\u003c/a\u003e from Kocal/patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.0...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/pixelated-au/streamline/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/pixelated-au/streamline/pull/12","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/pixelated-au%2Fstreamline/issues/12","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/12/packages"},{"uuid":"4120046985","node_id":"PR_kwDOLMfA7c7MpgrA","number":195,"state":"closed","title":"chore(deps): bump league/commonmark from 2.8.1 to 2.8.2 in /laravel_project","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-03-24T09:52:23.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-23T11:07:25.000Z","updated_at":"2026-03-24T09:52:25.000Z","time_to_close":81898,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"league/commonmark","old_version":"2.8.1","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":"/laravel_project","ecosystem":"packagist"},"body":"Bumps [league/commonmark](https://github.com/thephpleague/commonmark) from 2.8.1 to 2.8.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.8.1\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/shumasod/laravel_project/pull/195","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/shumasod%2Flaravel_project/issues/195","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/195/packages"},{"uuid":"4119965793","node_id":"PR_kwDOMpW6Tc7MpQR-","number":246,"state":"open","title":"Bump league/commonmark from 2.5.3 to 2.8.2","user":"dependabot[bot]","labels":["Stale","dependencies","php"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-23T10:51:35.000Z","updated_at":"2026-04-07T05:43:53.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"league/commonmark","old_version":"2.5.3","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":null,"ecosystem":"packagist"},"body":"Bumps [league/commonmark](https://github.com/thephpleague/commonmark) from 2.5.3 to 2.8.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.8.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (\u003ca href=\"https://github.com/thephpleague/commonmark/security/advisories/GHSA-4v6x-c7xx-hw9f\"\u003eGHSA-4v6x-c7xx-hw9f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kocal\"\u003e\u003ccode\u003e@​Kocal\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1106\"\u003ethephpleague/commonmark#1106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/freost\"\u003e\u003ccode\u003e@​freost\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1107\"\u003ethephpleague/commonmark#1107\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.8.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded a new \u003ccode\u003eHighlightExtension\u003c/code\u003e for marking important text using \u003ccode\u003e==\u003c/code\u003e syntax (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1100\"\u003e#1100\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eAutolinkExtension\u003c/code\u003e incorrectly matching URLs after invalid \u003ccode\u003ewww.\u003c/code\u003e prefix (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1095\"\u003e#1095\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1103\"\u003e#1103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samwilson\"\u003e\u003ccode\u003e@​samwilson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1090\"\u003ethephpleague/commonmark#1090\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ossobuffo\"\u003e\u003ccode\u003e@​ossobuffo\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1100\"\u003ethephpleague/commonmark#1100\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.7.1...2.8.0\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.7.1...2.8.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.7.1\u003c/h2\u003e\n\u003ch2\u003eNotable Changes\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOptimized several regular expressions in \u003ccode\u003eRegexHelper\u003c/code\u003e to improve performance (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/674\"\u003e#674\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1086\"\u003e#1086\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eEmbedProcessor\u003c/code\u003e no longer calls \u003ccode\u003eupdateEmbeds()\u003c/code\u003e when there are no embeds to update (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed missing \u003ccode\u003ebenchmark.php\u003c/code\u003e CSV path validation for non-existent files (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1068\"\u003e#1068\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.8.1] - 2026-03-05\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (GHSA-4v6x-c7xx-hw9f)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.8.0] - 2025-11-26\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded a new \u003ccode\u003eHighlightExtension\u003c/code\u003e for marking important text using \u003ccode\u003e==\u003c/code\u003e syntax (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1100\"\u003e#1100\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eAutolinkExtension\u003c/code\u003e incorrectly matching URLs after invalid \u003ccode\u003ewww.\u003c/code\u003e prefix (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1095\"\u003e#1095\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1103\"\u003e#1103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.7.1] - 2025-07-20\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOptimized several regular expressions in \u003ccode\u003eRegexHelper\u003c/code\u003e to improve performance (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/674\"\u003e#674\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1086\"\u003e#1086\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eEmbedProcessor\u003c/code\u003e no longer calls \u003ccode\u003eupdateEmbeds()\u003c/code\u003e when there are no embeds to update (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed missing \u003ccode\u003ebenchmark.php\u003c/code\u003e CSV path validation for non-existent files (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1068\"\u003e#1068\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.7.0] - 2025-05-05\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address a potential cross-site scripting (XSS) vulnerability when using the \u003ccode\u003eAttributesExtension\u003c/code\u003e with untrusted user input.\u003c/p\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eattributes/allow\u003c/code\u003e config option to specify which attributes users are allowed to set on elements (default allows virtually all attributes)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eAttributesExtension\u003c/code\u003e blocks all attributes starting with \u003ccode\u003eon\u003c/code\u003e unless explicitly allowed via the \u003ccode\u003eattributes/allow\u003c/code\u003e config option\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eallow_unsafe_links\u003c/code\u003e option is now respected by the \u003ccode\u003eAttributesExtension\u003c/code\u003e when users specify \u003ccode\u003ehref\u003c/code\u003e and \u003ccode\u003esrc\u003c/code\u003e attributes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.6.2] - 2025-04-18\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Attributes extension parsing regression (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1071\"\u003e#1071\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.6.1] - 2024-12-29\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/84b1ca48347efdbe775426f108622a42735a6579\"\u003e\u003ccode\u003e84b1ca4\u003c/code\u003e\u003c/a\u003e Almost forgot this entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/bcf54f5a38cf8e42cca45248b04caba13317459f\"\u003e\u003ccode\u003ebcf54f5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/7a68ed1c6765bd2650fed6d9857985bdfe655c71\"\u003e\u003ccode\u003e7a68ed1\u003c/code\u003e\u003c/a\u003e Prepare to release 2.8.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/5c0c4c8fe5a31e8260be99e0afad7136a27c79e6\"\u003e\u003ccode\u003e5c0c4c8\u003c/code\u003e\u003c/a\u003e Fix DisallowedRawHtml bypass via newline/tab in tag names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/f6e74434dd1a91f195f80cb0184b746a4187272a\"\u003e\u003ccode\u003ef6e7443\u003c/code\u003e\u003c/a\u003e Add regression test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/0719b6744cc68bc8b037fb30db86b62ec370c557\"\u003e\u003ccode\u003e0719b67\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e from freost/fix-php85-deprecation-error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/63ff2e0b12742f379803b5f21aa6f5b50abcd412\"\u003e\u003ccode\u003e63ff2e0\u003c/code\u003e\u003c/a\u003e Fix PHP 8.5 deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/8608e9c006d9f44acf8d983b126a813bd8def780\"\u003e\u003ccode\u003e8608e9c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1106\"\u003e#1106\u003c/a\u003e from Kocal/patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.5.3...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.5.3\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Gaurav-vats-12/finance_manager/pull/246","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Gaurav-vats-12%2Ffinance_manager/issues/246","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/246/packages"},{"uuid":"4117469273","node_id":"PR_kwDOGL3rTc7Mic4k","number":59,"state":"open","title":"Bump league/commonmark from 2.8.0 to 2.8.2","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-23T00:17:37.000Z","updated_at":"2026-03-23T00:17:49.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"league/commonmark","old_version":"2.8.0","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":null,"ecosystem":"packagist"},"body":"Bumps [league/commonmark](https://github.com/thephpleague/commonmark) from 2.8.0 to 2.8.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.8.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (\u003ca href=\"https://github.com/thephpleague/commonmark/security/advisories/GHSA-4v6x-c7xx-hw9f\"\u003eGHSA-4v6x-c7xx-hw9f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kocal\"\u003e\u003ccode\u003e@​Kocal\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1106\"\u003ethephpleague/commonmark#1106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/freost\"\u003e\u003ccode\u003e@​freost\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1107\"\u003ethephpleague/commonmark#1107\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.8.1] - 2026-03-05\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (GHSA-4v6x-c7xx-hw9f)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/84b1ca48347efdbe775426f108622a42735a6579\"\u003e\u003ccode\u003e84b1ca4\u003c/code\u003e\u003c/a\u003e Almost forgot this entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/bcf54f5a38cf8e42cca45248b04caba13317459f\"\u003e\u003ccode\u003ebcf54f5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/7a68ed1c6765bd2650fed6d9857985bdfe655c71\"\u003e\u003ccode\u003e7a68ed1\u003c/code\u003e\u003c/a\u003e Prepare to release 2.8.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/5c0c4c8fe5a31e8260be99e0afad7136a27c79e6\"\u003e\u003ccode\u003e5c0c4c8\u003c/code\u003e\u003c/a\u003e Fix DisallowedRawHtml bypass via newline/tab in tag names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/f6e74434dd1a91f195f80cb0184b746a4187272a\"\u003e\u003ccode\u003ef6e7443\u003c/code\u003e\u003c/a\u003e Add regression test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/0719b6744cc68bc8b037fb30db86b62ec370c557\"\u003e\u003ccode\u003e0719b67\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e from freost/fix-php85-deprecation-error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/63ff2e0b12742f379803b5f21aa6f5b50abcd412\"\u003e\u003ccode\u003e63ff2e0\u003c/code\u003e\u003c/a\u003e Fix PHP 8.5 deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/8608e9c006d9f44acf8d983b126a813bd8def780\"\u003e\u003ccode\u003e8608e9c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1106\"\u003e#1106\u003c/a\u003e from Kocal/patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.0...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.8.0\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/alleyinteractive/wp-component-library/pull/59","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/alleyinteractive%2Fwp-component-library/issues/59","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/59/packages"},{"uuid":"4104658057","node_id":"PR_kwDOFRr9wM7L_aKE","number":1371,"state":"open","title":"build(deps): bump league/commonmark from 2.8.1 to 2.8.2 in /laravel in the composer group across 1 directory","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-19T22:53:25.000Z","updated_at":"2026-03-19T22:53:33.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"league/commonmark","old_version":"2.8.1","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":"/laravel in the composer group across 1 directory","ecosystem":"packagist"},"body":"Bumps the composer group with 1 update in the /laravel directory: [league/commonmark](https://github.com/thephpleague/commonmark).\n\nUpdates `league/commonmark` from 2.8.1 to 2.8.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.8.1\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/sentry-demos/empower/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/sentry-demos/empower/pull/1371","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sentry-demos%2Fempower/issues/1371","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1371/packages"},{"uuid":"4104653499","node_id":"PR_kwDOQI3tls7L_ZQL","number":90,"state":"closed","title":"chore(deps): bump league/commonmark from 2.8.1 to 2.8.2 in the composer group across 1 directory","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-21T02:16:06.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-19T22:52:22.000Z","updated_at":"2026-03-21T02:16:08.000Z","time_to_close":98624,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"league/commonmark","old_version":"2.8.1","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":"the composer group across 1 directory","ecosystem":"packagist"},"body":"Bumps the composer group with 1 update in the / directory: [league/commonmark](https://github.com/thephpleague/commonmark).\n\nUpdates `league/commonmark` from 2.8.1 to 2.8.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.8.1\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/bherila/2025-website/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/bherila/2025-website/pull/90","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bherila%2F2025-website/issues/90","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/90/packages"},{"uuid":"4104653180","node_id":"PR_kwDOFU3g4s7L_ZMK","number":1375,"state":"open","title":"chore(deps): bump league/commonmark from 2.8.1 to 2.8.2","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-19T22:52:16.000Z","updated_at":"2026-03-19T23:33:12.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"league/commonmark","old_version":"2.8.1","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":null,"ecosystem":"packagist"},"body":"Bumps [league/commonmark](https://github.com/thephpleague/commonmark) from 2.8.1 to 2.8.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.8.1\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/UN-OCHA/rwint9-site/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/UN-OCHA/rwint9-site/pull/1375","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/UN-OCHA%2Frwint9-site/issues/1375","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1375/packages"},{"uuid":"4104652632","node_id":"PR_kwDOLbsHGs7L_ZE9","number":212,"state":"closed","title":"Bump league/commonmark from 2.8.1 to 2.8.2","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-28T00:43:06.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-19T22:52:08.000Z","updated_at":"2026-03-28T00:43:14.000Z","time_to_close":697858,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"league/commonmark","old_version":"2.8.1","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":null,"ecosystem":"packagist"},"body":"Bumps [league/commonmark](https://github.com/thephpleague/commonmark) from 2.8.1 to 2.8.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.8.1\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/AkibaAT/fvn.li/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/AkibaAT/fvn.li/pull/212","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AkibaAT%2Ffvn.li/issues/212","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/212/packages"},{"uuid":"4104652344","node_id":"PR_kwDOANKTxs7L_ZAx","number":3132,"state":"open","title":"Bump league/commonmark from 2.8.1 to 2.8.2 in /drupal","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-19T22:52:06.000Z","updated_at":"2026-03-19T22:58:52.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"league/commonmark","old_version":"2.8.1","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":"/drupal","ecosystem":"packagist"},"body":"Bumps [league/commonmark](https://github.com/thephpleague/commonmark) from 2.8.1 to 2.8.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.8.1\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/vrk-kpa/opendata/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/vrk-kpa/opendata/pull/3132","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/vrk-kpa%2Fopendata/issues/3132","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3132/packages"},{"uuid":"4104650572","node_id":"PR_kwDOLtht9M7L_Yoe","number":411,"state":"open","title":"Bump league/commonmark from 2.8.1 to 2.8.2 in the composer group across 1 directory","user":"dependabot[bot]","labels":["size/S","☑️ auto-merge","🤖 bot"],"assignees":["guibranco"],"locked":false,"comments_count":7,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-19T22:51:39.000Z","updated_at":"2026-03-19T22:52:31.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"league/commonmark","old_version":"2.8.1","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":"the composer group across 1 directory","ecosystem":"packagist"},"body":"Bumps the composer group with 1 update in the / directory: [league/commonmark](https://github.com/thephpleague/commonmark).\n\nUpdates `league/commonmark` from 2.8.1 to 2.8.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.8.1\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/GuilhermeStracini/POC-GHActions-CI-PHPLaravel/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/GuilhermeStracini/POC-GHActions-CI-PHPLaravel/pull/411","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GuilhermeStracini%2FPOC-GHActions-CI-PHPLaravel/issues/411","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/411/packages"},{"uuid":"4104650433","node_id":"PR_kwDOOSCRDc7L_Ymq","number":14,"state":"closed","title":"(chore): Bump league/commonmark from 2.8.1 to 2.8.2","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-03-19T22:51:50.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-19T22:51:36.000Z","updated_at":"2026-03-19T22:52:13.000Z","time_to_close":14,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"(chore): Bump","packages":[{"name":"league/commonmark","old_version":"2.8.1","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":null,"ecosystem":"packagist"},"body":"Bumps [league/commonmark](https://github.com/thephpleague/commonmark) from 2.8.1 to 2.8.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.8.1\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/yardinternet/wp-live-content/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/yardinternet/wp-live-content/pull/14","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/yardinternet%2Fwp-live-content/issues/14","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/14/packages"},{"uuid":"4104648759","node_id":"PR_kwDOQV6fE87L_YP3","number":180,"state":"open","title":"chore(deps): bump league/commonmark from 2.8.1 to 2.8.2","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-19T22:51:10.000Z","updated_at":"2026-03-23T10:35:38.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"league/commonmark","old_version":"2.8.1","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":null,"ecosystem":"packagist"},"body":"Bumps [league/commonmark](https://github.com/thephpleague/commonmark) from 2.8.1 to 2.8.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.8.1\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/David-Crty/databasement/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/David-Crty/databasement/pull/180","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/David-Crty%2Fdatabasement/issues/180","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/180/packages"},{"uuid":"4104647643","node_id":"PR_kwDORTC5Dc7L_YAP","number":47,"state":"closed","title":"chore(deps): bump league/commonmark from 2.8.0 to 2.8.2 in /minimal-templates/laravel","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-20T04:40:14.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-19T22:50:56.000Z","updated_at":"2026-03-20T04:40:16.000Z","time_to_close":20958,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"league/commonmark","old_version":"2.8.0","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":"/minimal-templates/laravel","ecosystem":"packagist"},"body":"Bumps [league/commonmark](https://github.com/thephpleague/commonmark) from 2.8.0 to 2.8.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.8.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (\u003ca href=\"https://github.com/thephpleague/commonmark/security/advisories/GHSA-4v6x-c7xx-hw9f\"\u003eGHSA-4v6x-c7xx-hw9f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kocal\"\u003e\u003ccode\u003e@​Kocal\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1106\"\u003ethephpleague/commonmark#1106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/freost\"\u003e\u003ccode\u003e@​freost\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1107\"\u003ethephpleague/commonmark#1107\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.8.1] - 2026-03-05\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (GHSA-4v6x-c7xx-hw9f)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/84b1ca48347efdbe775426f108622a42735a6579\"\u003e\u003ccode\u003e84b1ca4\u003c/code\u003e\u003c/a\u003e Almost forgot this entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/bcf54f5a38cf8e42cca45248b04caba13317459f\"\u003e\u003ccode\u003ebcf54f5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/7a68ed1c6765bd2650fed6d9857985bdfe655c71\"\u003e\u003ccode\u003e7a68ed1\u003c/code\u003e\u003c/a\u003e Prepare to release 2.8.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/5c0c4c8fe5a31e8260be99e0afad7136a27c79e6\"\u003e\u003ccode\u003e5c0c4c8\u003c/code\u003e\u003c/a\u003e Fix DisallowedRawHtml bypass via newline/tab in tag names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/f6e74434dd1a91f195f80cb0184b746a4187272a\"\u003e\u003ccode\u003ef6e7443\u003c/code\u003e\u003c/a\u003e Add regression test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/0719b6744cc68bc8b037fb30db86b62ec370c557\"\u003e\u003ccode\u003e0719b67\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e from freost/fix-php85-deprecation-error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/63ff2e0b12742f379803b5f21aa6f5b50abcd412\"\u003e\u003ccode\u003e63ff2e0\u003c/code\u003e\u003c/a\u003e Fix PHP 8.5 deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/8608e9c006d9f44acf8d983b126a813bd8def780\"\u003e\u003ccode\u003e8608e9c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1106\"\u003e#1106\u003c/a\u003e from Kocal/patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.0...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.8.0\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/yuuu-takahashi/starter-templates/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/yuuu-takahashi/starter-templates/pull/47","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/yuuu-takahashi%2Fstarter-templates/issues/47","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/47/packages"},{"uuid":"4104645271","node_id":"PR_kwDOOy2BcM7L_XfL","number":231,"state":"open","title":"chore(deps): bump league/commonmark from 2.8.1 to 2.8.2","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-19T22:50:20.000Z","updated_at":"2026-03-19T22:52:22.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"league/commonmark","old_version":"2.8.1","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":null,"ecosystem":"packagist"},"body":"Bumps [league/commonmark](https://github.com/thephpleague/commonmark) from 2.8.1 to 2.8.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.8.1\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/marcelorodrigo/freshguard/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/marcelorodrigo/freshguard/pull/231","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/marcelorodrigo%2Ffreshguard/issues/231","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/231/packages"},{"uuid":"4104644039","node_id":"PR_kwDOAOCN0M7L_XNk","number":11805,"state":"closed","title":"Bump league/commonmark from 2.8.1 to 2.8.2","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-03-22T21:56:30.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-19T22:50:04.000Z","updated_at":"2026-03-22T21:56:40.000Z","time_to_close":255986,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"league/commonmark","old_version":"2.8.1","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":null,"ecosystem":"packagist"},"body":"Bumps [league/commonmark](https://github.com/thephpleague/commonmark) from 2.8.1 to 2.8.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.8.1\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/invoiceninja/invoiceninja/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/invoiceninja/invoiceninja/pull/11805","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/invoiceninja%2Finvoiceninja/issues/11805","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/11805/packages"}],"issue_packages":[{"old_version":"2.5.3","new_version":"2.8.2","update_type":"minor","path":null,"pr_created_at":"2026-05-28T00:33:55.000Z","version_change":"2.5.3 → 2.8.2","issue":{"uuid":"4536730937","node_id":"PR_kwDOOjFM6c7gC1Uw","number":8,"state":"closed","title":"Bump the composer group across 1 directory with 10 updates","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-28T01:39:08.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-28T00:33:55.000Z","updated_at":"2026-05-28T01:39:10.000Z","time_to_close":3913,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"composer","update_count":10,"packages":[{"name":"laravel/framework","old_version":"10.48.22","new_version":"10.48.29","repository_url":"https://github.com/laravel/framework"},{"name":"phpunit/phpunit","old_version":"10.5.36","new_version":"10.5.62","repository_url":"https://github.com/sebastianbergmann/phpunit"},{"name":"league/commonmark","old_version":"2.5.3","new_version":"2.8.2"},{"name":"nesbot/carbon","old_version":"2.72.5","new_version":"2.73.0"},{"name":"psy/psysh","old_version":"0.12.4","new_version":"0.12.23","repository_url":"https://github.com/bobthecow/psysh"},{"name":"symfony/http-foundation","old_version":"6.4.12","new_version":"6.4.41"},{"name":"symfony/mailer","old_version":"6.4.12","new_version":"6.4.40"},{"name":"symfony/mime","old_version":"6.4.12","new_version":"6.4.41"},{"name":"symfony/process","old_version":"6.4.12","new_version":"6.4.41"},{"name":"symfony/routing","old_version":"6.4.12","new_version":"6.4.41"}],"path":null,"ecosystem":"packagist"},"body":"Bumps the composer group with 3 updates in the / directory: [laravel/framework](https://github.com/laravel/framework), [phpunit/phpunit](https://github.com/sebastianbergmann/phpunit) and [psy/psysh](https://github.com/bobthecow/psysh).\n\nUpdates `laravel/framework` from 10.48.22 to 10.48.29\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laravel/framework/commit/8f7f9247cb8aad1a769d6b9815a6623d89b46b47\"\u003e\u003ccode\u003e8f7f924\u003c/code\u003e\u003c/a\u003e version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laravel/framework/commit/a4f7a8f9b83e21882abeef78c3174c66b0f4a26b\"\u003e\u003ccode\u003ea4f7a8f\u003c/code\u003e\u003c/a\u003e [10.x] Fix attribute name used on \u003ccode\u003eValidator\u003c/code\u003e instance within certain rule cl...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laravel/framework/commit/fc47dcac927dc76eac2f4cab304fedb00a2dbe50\"\u003e\u003ccode\u003efc47dca\u003c/code\u003e\u003c/a\u003e backport emulate prepares\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laravel/framework/commit/dd5c90d39a7a0bbb1e9a5fdb8931806d2fef4e73\"\u003e\u003ccode\u003edd5c90d\u003c/code\u003e\u003c/a\u003e Update CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laravel/framework/commit/e714e7e0c1ae51bf747e3df5b10fa60c54e3e0e1\"\u003e\u003ccode\u003ee714e7e\u003c/code\u003e\u003c/a\u003e Update version to v10.48.28\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laravel/framework/commit/62cb852a08e2a4c2c849291ea2063962f9a85abf\"\u003e\u003ccode\u003e62cb852\u003c/code\u003e\u003c/a\u003e Apply fixes from StyleCI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laravel/framework/commit/7f427c4f34749ccaa2fded11ea42c0ba3c8f5436\"\u003e\u003ccode\u003e7f427c4\u003c/code\u003e\u003c/a\u003e backport cloud support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laravel/framework/commit/a39f4db06010683a46252677c3caa36b8f6dc707\"\u003e\u003ccode\u003ea39f4db\u003c/code\u003e\u003c/a\u003e add cloud class\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laravel/framework/commit/eb0be33e4b806b92f396357b99ffcb2d3ef67957\"\u003e\u003ccode\u003eeb0be33\u003c/code\u003e\u003c/a\u003e Update version to v10.48.27\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/laravel/framework/commit/c9c8a5a83ae3c8ad1c94702c6eb61fee8a13cb4f\"\u003e\u003ccode\u003ec9c8a5a\u003c/code\u003e\u003c/a\u003e r2 backport\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/laravel/framework/compare/v10.48.22...v10.48.29\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `phpunit/phpunit` from 10.5.36 to 10.5.62\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sebastianbergmann/phpunit/releases\"\u003ephpunit/phpunit's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ePHPUnit 10.5.62\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTo prevent Poisoned Pipeline Execution (PPE) attacks using prepared \u003ccode\u003e.coverage\u003c/code\u003e files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eLearn how to install or update PHPUnit 10.5 in the \u003ca href=\"https://docs.phpunit.de/en/10.5/installation.html\"\u003edocumentation\u003c/a\u003e.\u003c/p\u003e\n\u003ch4\u003eKeep up to date with PHPUnit:\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eYou can follow \u003ca href=\"https://phpc.social/@phpunit\"\u003e\u003ccode\u003e@​phpunit@phpc.social\u003c/code\u003e\u003c/a\u003e to stay up to date with PHPUnit's development.\u003c/li\u003e\n\u003cli\u003eYou can subscribe to the \u003ca href=\"https://phpunit.de/newsletter\"\u003ePHPUnit Updates\u003c/a\u003e newsletter to receive updates about and tips for PHPUnit.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePHPUnit 10.5.61\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ePHPUnit\\Framework\\MockObject\u003c/code\u003e exceptions are now subtypes of \u003ccode\u003ePHPUnit\\Exception\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eLearn how to install or update PHPUnit 10.5 in the \u003ca href=\"https://docs.phpunit.de/en/10.5/installation.html\"\u003edocumentation\u003c/a\u003e.\u003c/p\u003e\n\u003ch4\u003eKeep up to date with PHPUnit:\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eYou can follow \u003ca href=\"https://phpc.social/@phpunit\"\u003e\u003ccode\u003e@​phpunit@phpc.social\u003c/code\u003e\u003c/a\u003e to stay up to date with PHPUnit's development.\u003c/li\u003e\n\u003cli\u003eYou can subscribe to the \u003ca href=\"https://phpunit.de/newsletter\"\u003ePHPUnit Updates\u003c/a\u003e newsletter to receive updates about and tips for PHPUnit.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePHPUnit 10.5.60\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes; \u003ccode\u003ephpunit.phar\u003c/code\u003e rebuilt with PHP 8.4 to work around PHP-Scoper issue \u003ca href=\"https://redirect.github.com/humbug/php-scoper/issues/1139\"\u003e#1139\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eLearn how to install or update PHPUnit 10.5 in the \u003ca href=\"https://docs.phpunit.de/en/10.5/installation.html\"\u003edocumentation\u003c/a\u003e.\u003c/p\u003e\n\u003ch4\u003eKeep up to date with PHPUnit:\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eYou can follow \u003ca href=\"https://phpc.social/@phpunit\"\u003e\u003ccode\u003e@​phpunit@phpc.social\u003c/code\u003e\u003c/a\u003e to stay up to date with PHPUnit's development.\u003c/li\u003e\n\u003cli\u003eYou can subscribe to the \u003ca href=\"https://phpunit.de/newsletter\"\u003ePHPUnit Updates\u003c/a\u003e newsletter to receive updates about and tips for PHPUnit.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePHPUnit 10.5.59\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/sebastianbergmann/phpunit/pull/6338\"\u003e#6338\u003c/a\u003e: Removed code from \u003ccode\u003ePHPUnit\\Runner\\TestSuiteSorter\u003c/code\u003e that was only used in the tests for this class\u003c/li\u003e\n\u003cli\u003eUpdated list of deprecated PHP configuration settings for PHP 8.4, PHP 8.5, and PHP 8.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eLearn how to install or update PHPUnit 10.5 in the \u003ca href=\"https://docs.phpunit.de/en/10.5/installation.html\"\u003edocumentation\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sebastianbergmann/phpunit/blob/10.5.62/ChangeLog-10.5.md\"\u003ephpunit/phpunit's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[10.5.62] - 2026-01-27\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTo prevent Poisoned Pipeline Execution (PPE) attacks using prepared \u003ccode\u003e.coverage\u003c/code\u003e files in pull requests, a PHPT test will no longer be run if the temporary file for writing code coverage information already exists before the test runs\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[10.5.61] - 2026-01-24\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ePHPUnit\\Framework\\MockObject\u003c/code\u003e exceptions are now subtypes of \u003ccode\u003ePHPUnit\\Exception\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[10.5.60] - 2025-12-06\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes; \u003ccode\u003ephpunit.phar\u003c/code\u003e rebuilt with PHP 8.4 to work around PHP-Scoper issue \u003ca href=\"https://redirect.github.com/humbug/php-scoper/issues/1139\"\u003e#1139\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[10.5.59] - 2025-12-01\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/sebastianbergmann/phpunit/pull/6338\"\u003e#6338\u003c/a\u003e: Removed code from \u003ccode\u003ePHPUnit\\Runner\\TestSuiteSorter\u003c/code\u003e that was only used in the tests for this class\u003c/li\u003e\n\u003cli\u003eUpdated list of deprecated PHP configuration settings for PHP 8.4, PHP 8.5, and PHP 8.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[10.5.58] - 2025-09-28\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/sebastianbergmann/phpunit/issues/6368\"\u003e#6368\u003c/a\u003e: \u003ccode\u003efailOnPhpunitWarning=\u0026quot;false\u0026quot;\u003c/code\u003e has no effect\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[10.5.57] - 2025-09-24\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes; \u003ccode\u003ephpunit.phar\u003c/code\u003e rebuilt with updated dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[10.5.56] - 2025-09-23\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo changes; \u003ccode\u003ephpunit.phar\u003c/code\u003e rebuilt with updated dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[10.5.55] - 2025-09-14\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/sebastianbergmann/phpunit/issues/6366\"\u003e#6366\u003c/a\u003e: Exclude \u003ccode\u003e__sleep()\u003c/code\u003e and \u003ccode\u003e__wakeup()\u003c/code\u003e from test double code generation on PHP \u0026gt;= 8.5\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[10.5.54] - 2025-09-11\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eDo not use \u003ccode\u003e__sleep()\u003c/code\u003e method (which will be deprecated in PHP 8.5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[10.5.53] - 2025-08-20\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sebastianbergmann/phpunit/commit/3f7dd5066ebde5809296a81f0b19e8b00e5aab49\"\u003e\u003ccode\u003e3f7dd50\u003c/code\u003e\u003c/a\u003e Prepare release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sebastianbergmann/phpunit/commit/9c95cf0cdfdc72e74597aa0cf3c4769ed32b83f0\"\u003e\u003ccode\u003e9c95cf0\u003c/code\u003e\u003c/a\u003e Merge branch '9.6' into 10.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sebastianbergmann/phpunit/commit/fea06253ecc0a32faf787bd31b261f56f351d049\"\u003e\u003ccode\u003efea0625\u003c/code\u003e\u003c/a\u003e Prepare release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sebastianbergmann/phpunit/commit/1a677f663f09de85b97e1a7d03823890594cdba9\"\u003e\u003ccode\u003e1a677f6\u003c/code\u003e\u003c/a\u003e Merge branch '8.5' into 9.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sebastianbergmann/phpunit/commit/1015741814413c156abb0f53d7db7bbd03c6e858\"\u003e\u003ccode\u003e1015741\u003c/code\u003e\u003c/a\u003e Prepare release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sebastianbergmann/phpunit/commit/e5cda18b342c4e346d47c6e6cc5c51c0e681c8fd\"\u003e\u003ccode\u003ee5cda18\u003c/code\u003e\u003c/a\u003e Fix bad merge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sebastianbergmann/phpunit/commit/a8b932bd41c5a6d689b2751f1be68406c97ea55c\"\u003e\u003ccode\u003ea8b932b\u003c/code\u003e\u003c/a\u003e Merge branch '9.6' into 10.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sebastianbergmann/phpunit/commit/1cce5f3ac2eec234cc0ce2f90ab9d5b80b240bea\"\u003e\u003ccode\u003e1cce5f3\u003c/code\u003e\u003c/a\u003e Merge branch '8.5' into 9.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sebastianbergmann/phpunit/commit/3141742e00620e2968d3d2e732d320de76685fda\"\u003e\u003ccode\u003e3141742\u003c/code\u003e\u003c/a\u003e Do not run PHPT test when its temporary file for code coverage information ex...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sebastianbergmann/phpunit/commit/0b3170aaebeb461133937cfd92e5beb0348c0a2b\"\u003e\u003ccode\u003e0b3170a\u003c/code\u003e\u003c/a\u003e We do not need to unserialize() objects here\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sebastianbergmann/phpunit/compare/10.5.36...10.5.62\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `league/commonmark` from 2.5.3 to 2.8.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.8.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (\u003ca href=\"https://github.com/thephpleague/commonmark/security/advisories/GHSA-4v6x-c7xx-hw9f\"\u003eGHSA-4v6x-c7xx-hw9f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kocal\"\u003e\u003ccode\u003e@​Kocal\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1106\"\u003ethephpleague/commonmark#1106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/freost\"\u003e\u003ccode\u003e@​freost\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1107\"\u003ethephpleague/commonmark#1107\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.8.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded a new \u003ccode\u003eHighlightExtension\u003c/code\u003e for marking important text using \u003ccode\u003e==\u003c/code\u003e syntax (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1100\"\u003e#1100\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eAutolinkExtension\u003c/code\u003e incorrectly matching URLs after invalid \u003ccode\u003ewww.\u003c/code\u003e prefix (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1095\"\u003e#1095\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1103\"\u003e#1103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samwilson\"\u003e\u003ccode\u003e@​samwilson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1090\"\u003ethephpleague/commonmark#1090\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ossobuffo\"\u003e\u003ccode\u003e@​ossobuffo\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1100\"\u003ethephpleague/commonmark#1100\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.7.1...2.8.0\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.7.1...2.8.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.7.1\u003c/h2\u003e\n\u003ch2\u003eNotable Changes\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOptimized several regular expressions in \u003ccode\u003eRegexHelper\u003c/code\u003e to improve performance (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/674\"\u003e#674\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1086\"\u003e#1086\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eEmbedProcessor\u003c/code\u003e no longer calls \u003ccode\u003eupdateEmbeds()\u003c/code\u003e when there are no embeds to update (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed missing \u003ccode\u003ebenchmark.php\u003c/code\u003e CSV path validation for non-existent files (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1068\"\u003e#1068\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.8.1] - 2026-03-05\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (GHSA-4v6x-c7xx-hw9f)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.8.0] - 2025-11-26\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded a new \u003ccode\u003eHighlightExtension\u003c/code\u003e for marking important text using \u003ccode\u003e==\u003c/code\u003e syntax (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1100\"\u003e#1100\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eAutolinkExtension\u003c/code\u003e incorrectly matching URLs after invalid \u003ccode\u003ewww.\u003c/code\u003e prefix (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1095\"\u003e#1095\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1103\"\u003e#1103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.7.1] - 2025-07-20\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOptimized several regular expressions in \u003ccode\u003eRegexHelper\u003c/code\u003e to improve performance (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/674\"\u003e#674\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1086\"\u003e#1086\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eEmbedProcessor\u003c/code\u003e no longer calls \u003ccode\u003eupdateEmbeds()\u003c/code\u003e when there are no embeds to update (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed missing \u003ccode\u003ebenchmark.php\u003c/code\u003e CSV path validation for non-existent files (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1068\"\u003e#1068\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.7.0] - 2025-05-05\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address a potential cross-site scripting (XSS) vulnerability when using the \u003ccode\u003eAttributesExtension\u003c/code\u003e with untrusted user input.\u003c/p\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eattributes/allow\u003c/code\u003e config option to specify which attributes users are allowed to set on elements (default allows virtually all attributes)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eAttributesExtension\u003c/code\u003e blocks all attributes starting with \u003ccode\u003eon\u003c/code\u003e unless explicitly allowed via the \u003ccode\u003eattributes/allow\u003c/code\u003e config option\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eallow_unsafe_links\u003c/code\u003e option is now respected by the \u003ccode\u003eAttributesExtension\u003c/code\u003e when users specify \u003ccode\u003ehref\u003c/code\u003e and \u003ccode\u003esrc\u003c/code\u003e attributes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.6.2] - 2025-04-18\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Attributes extension parsing regression (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1071\"\u003e#1071\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.6.1] - 2024-12-29\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/84b1ca48347efdbe775426f108622a42735a6579\"\u003e\u003ccode\u003e84b1ca4\u003c/code\u003e\u003c/a\u003e Almost forgot this entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/bcf54f5a38cf8e42cca45248b04caba13317459f\"\u003e\u003ccode\u003ebcf54f5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/7a68ed1c6765bd2650fed6d9857985bdfe655c71\"\u003e\u003ccode\u003e7a68ed1\u003c/code\u003e\u003c/a\u003e Prepare to release 2.8.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/5c0c4c8fe5a31e8260be99e0afad7136a27c79e6\"\u003e\u003ccode\u003e5c0c4c8\u003c/code\u003e\u003c/a\u003e Fix DisallowedRawHtml bypass via newline/tab in tag names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/f6e74434dd1a91f195f80cb0184b746a4187272a\"\u003e\u003ccode\u003ef6e7443\u003c/code\u003e\u003c/a\u003e Add regression test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/0719b6744cc68bc8b037fb30db86b62ec370c557\"\u003e\u003ccode\u003e0719b67\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e from freost/fix-php85-deprecation-error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/63ff2e0b12742f379803b5f21aa6f5b50abcd412\"\u003e\u003ccode\u003e63ff2e0\u003c/code\u003e\u003c/a\u003e Fix PHP 8.5 deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/8608e9c006d9f44acf8d983b126a813bd8def780\"\u003e\u003ccode\u003e8608e9c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1106\"\u003e#1106\u003c/a\u003e from Kocal/patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.5.3...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nesbot/carbon` from 2.72.5 to 2.73.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/CarbonPHP/carbon/releases\"\u003enesbot/carbon's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.73.0\u003c/h2\u003e\n\u003cp\u003eComplete commits list: \u003ca href=\"https://github.com/briannesbitt/Carbon/compare/2.72.6...2.73.0\"\u003ehttps://github.com/briannesbitt/Carbon/compare/2.72.6...2.73.0\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eSummary:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eSupport PHP 8.4 \u003ca href=\"https://redirect.github.com/CarbonPHP/carbon/pull/13\"\u003eCarbonPHP/carbon#13\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.72.6\u003c/h2\u003e\n\u003cp\u003eComplete commits list: \u003ca href=\"https://github.com/CarbonPHP/carbon/compare/2.72.5...2.72.6\"\u003ehttps://github.com/CarbonPHP/carbon/compare/2.72.5...2.72.6\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eSummary:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eValidate locale earlier\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CarbonPHP/carbon/commit/9228ce90e1035ff2f0db84b40ec2e023ed802075\"\u003e\u003ccode\u003e9228ce9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/CarbonPHP/carbon/issues/13\"\u003e#13\u003c/a\u003e from thecaliskan/2.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CarbonPHP/carbon/commit/142f0f5ca773f383e2868dfa0f7ea59c2ef1865f\"\u003e\u003ccode\u003e142f0f5\u003c/code\u003e\u003c/a\u003e changed CS rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CarbonPHP/carbon/commit/dc27804306d1197bc5f8f46f298acf13fa35ed7b\"\u003e\u003ccode\u003edc27804\u003c/code\u003e\u003c/a\u003e changed CS rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CarbonPHP/carbon/commit/8910c5114f60f2a918aa2d9ae2c14056dcb71e87\"\u003e\u003ccode\u003e8910c51\u003c/code\u003e\u003c/a\u003e changed expected result for PHP 8.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CarbonPHP/carbon/commit/d1e695f7b2daae2def15568f41b89391b86ef5e2\"\u003e\u003ccode\u003ed1e695f\u003c/code\u003e\u003c/a\u003e Added PHP 8.3 and PHP 8.4 test for laravel and removed PHP 8.4 lowest test ma...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CarbonPHP/carbon/commit/5dca8dc5fcd18b1e88206c16b2adeef055cea408\"\u003e\u003ccode\u003e5dca8dc\u003c/code\u003e\u003c/a\u003e Fixes for PHP 8.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CarbonPHP/carbon/commit/8c3e607078c363b4805a46511e73aa75c2bbebe2\"\u003e\u003ccode\u003e8c3e607\u003c/code\u003e\u003c/a\u003e Fixes for implicit nullability deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CarbonPHP/carbon/commit/5f4c750da3f2f18e39dbdbf9ba788f12ca361904\"\u003e\u003ccode\u003e5f4c750\u003c/code\u003e\u003c/a\u003e upgraded phpunit version on tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CarbonPHP/carbon/commit/a4932f3bb087a8dafaedaace90a2b6e9012ba828\"\u003e\u003ccode\u003ea4932f3\u003c/code\u003e\u003c/a\u003e Fixed CS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/CarbonPHP/carbon/commit/d6f5afbe807670ae002f32c73c64b5c14ac00229\"\u003e\u003ccode\u003ed6f5afb\u003c/code\u003e\u003c/a\u003e Added PHP 8.4 support\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/CarbonPHP/carbon/compare/2.72.5...2.73.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `psy/psysh` from 0.12.4 to 0.12.23\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bobthecow/psysh/releases\"\u003epsy/psysh's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ePsySH v0.12.23\u003c/h2\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix interactive readline bracket matching inside interpolated strings. Fixes \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/930\"\u003e#930\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid infinite recursion in \u003ccode\u003eShellOutput\u003c/code\u003e write tracking (e.g. \u003ccode\u003eprint_r\u003c/code\u003e on an \u003ccode\u003eException\u003c/code\u003e with \u003ccode\u003ezend.exception_ignore_args = Off\u003c/code\u003e). Fixes \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/934\"\u003e#934\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude \u003ccode\u003e--warm-autoload\u003c/code\u003e in project trust restrictions\u003c/li\u003e\n\u003cli\u003eExclude Symfony Console DI components from the autoload warmer (they're an optional dependency and blow up when not installed)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUnder the hood\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTighter callable types throughout\u003c/li\u003e\n\u003cli\u003eAdded MediaWiki downstream smoke tests, updated to 8.3\u003c/li\u003e\n\u003cli\u003eFixed Drush downstream tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePsySH v0.12.22\u003c/h2\u003e\n\u003ch2\u003eRuntime config and clipboard support\u003c/h2\u003e\n\u003cp\u003ePsySH has a new \u003ccode\u003econfig\u003c/code\u003e command for inspecting and updating runtime-configurable settings during the current session. You can tweak things like \u003ccode\u003epager\u003c/code\u003e, \u003ccode\u003etheme\u003c/code\u003e, \u003ccode\u003everbosity\u003c/code\u003e, \u003ccode\u003euseSuggestions\u003c/code\u003e, \u003ccode\u003euseSyntaxHighlighting\u003c/code\u003e, \u003ccode\u003eclipboardCommand\u003c/code\u003e, and \u003ccode\u003esemicolonsSuppressReturn\u003c/code\u003e without restarting the shell. Fixes \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/361\"\u003e#361\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThere’s also a new \u003ccode\u003ecopy\u003c/code\u003e command for copying the last result (\u003ccode\u003e$_\u003c/code\u003e) or any expression to your clipboard. Works with system clipboard commands, or via OSC 52 for SSH and remote terminals.\u003c/p\u003e\n\u003cp\u003eConfigure with \u003ccode\u003eclipboardCommand\u003c/code\u003e or \u003ccode\u003euseOsc52Clipboard\u003c/code\u003e in your config.\u003c/p\u003e\n\u003ch2\u003eSemicolon-based return suppression\u003c/h2\u003e\n\u003cp\u003eOptionally suppress return values by ending a statement with \u003ccode\u003e;\u003c/code\u003e, similar to MATLAB/Octave behavior. Supports a \u003ccode\u003e'double'\u003c/code\u003e mode requiring \u003ccode\u003e;;\u003c/code\u003e for suppression (if \u003ccode\u003erequireSemicolons\u003c/code\u003e is also enabled, both \u003ccode\u003etrue\u003c/code\u003e and \u003ccode\u003e'double'\u003c/code\u003e require \u003ccode\u003e;;\u003c/code\u003e).\u003c/p\u003e\n\u003cpre lang=\"php\"\u003e\u003ccode\u003e'semicolonsSuppressReturn' =\u0026gt; true,\r\n'semicolonsSuppressReturn' =\u0026gt; 'double', // Always require ;; to suppress\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eOutput and exception display improvements\u003c/h2\u003e\n\u003cp\u003eStrings are now valid PHP!\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePsySH now preserves backslashes and other characters it previously mangled in a few cases. Fixes \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/351\"\u003e#351\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/568\"\u003e#568\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMultiline strings are rendered using heredoc-style output rather than triple-quoted strings \u003ccode\u003e\u0026quot;\u0026quot;\u0026quot;\u003c/code\u003e. The old format is available via \u003ccode\u003euseDeprecatedMultilineStrings\u003c/code\u003e until the next major release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProviding an \u003ccode\u003eexceptionDetails\u003c/code\u003e callback via config renders additional context about exceptions (e.g. validation errors) alongside the error message. Fixes \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/648\"\u003e#648\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eA few other improvements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMore consistent compact (and non-compact) output spacing.\u003c/li\u003e\n\u003cli\u003eResponsive \u003ccode\u003ehelp\u003c/code\u003e layout adapts to terminal width.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBetter completion for everyone\u003c/h2\u003e\n\u003cp\u003eLegacy readline now shares PsySH’s newer completion engine, which brings much better parity between ext-readline/libedit and experimental interactive readline. Command argument completion, better multiline buffering, and a handful of command-dispatch edge cases now work much more consistently outside experimental readline too.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/4dcc0f08047d52bbde475eda481146fd8e27e1a4\"\u003e\u003ccode\u003e4dcc0f0\u003c/code\u003e\u003c/a\u003e Merge branch 'release/v0.12.23'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/e70ea1a49f035d71428c4366c8a148bc1deb372f\"\u003e\u003ccode\u003ee70ea1a\u003c/code\u003e\u003c/a\u003e Bump to v0.12.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/961a5542422b60137ea47be409e69b761735d242\"\u003e\u003ccode\u003e961a554\u003c/code\u003e\u003c/a\u003e Bump composer/class-map-generator from 1.7.2 to 1.7.3 in /build\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/901a8225f6591e939dd322e06e393c06c1badc05\"\u003e\u003ccode\u003e901a822\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 6.0.0 to 6.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/f1dea55169d8b02902437595a51651f5b044c59d\"\u003e\u003ccode\u003ef1dea55\u003c/code\u003e\u003c/a\u003e Bump shivammathur/setup-php from 2.37.0 to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/77c2c06fbd40531d3e0a4080fa6d436411125eef\"\u003e\u003ccode\u003e77c2c06\u003c/code\u003e\u003c/a\u003e Fix drush downstream tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/a6a4cddcbef208c44fffbd27b5893f34a50d15ea\"\u003e\u003ccode\u003ea6a4cdd\u003c/code\u003e\u003c/a\u003e Track ShellOutput writes without listener\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/316df3b9ee2ff9baeb1e3e36968e4c86d9db3133\"\u003e\u003ccode\u003e316df3b\u003c/code\u003e\u003c/a\u003e Bump symfony/polyfill-mbstring from 1.33.0 to 1.37.0 in /build\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/d828ff92e07a743e0a355799cea0722db19b2cd6\"\u003e\u003ccode\u003ed828ff9\u003c/code\u003e\u003c/a\u003e Bump symfony/polyfill-iconv from 1.36.0 to 1.37.0 in /build\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/ced60861f07b42d7670da8f6bd244f003df73ef6\"\u003e\u003ccode\u003eced6086\u003c/code\u003e\u003c/a\u003e Fix interactive readline bracket matching in interpolated strings\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/bobthecow/psysh/compare/v0.12.4...v0.12.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `symfony/http-foundation` from 6.4.12 to 6.4.41\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/http-foundation/releases\"\u003esymfony/http-foundation's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.41\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v6.4.35...v6.4.41\"\u003ehttps://github.com/symfony/http-foundation/compare/v6.4.35...v6.4.41\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity #cve-2026-48736  Block IPv6 transition forms in IpUtils::PRIVATE_SUBNETS (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.35\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v6.4.34...v6.4.35\"\u003ehttps://github.com/symfony/http-foundation/compare/v6.4.34...v6.4.35\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63603\"\u003e#63603\u003c/a\u003e  Fix session cookie_lifetime not applied in mock session storage (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.34\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v6.4.33...v6.4.34\"\u003ehttps://github.com/symfony/http-foundation/compare/v6.4.33...v6.4.34\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63448\"\u003e#63448\u003c/a\u003e  Handle empty session data in updateTimestamp() to fix compat with PHP 8.6 (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63319\"\u003e#63319\u003c/a\u003e  BinaryFileResponse: always return 206 if Range is valid (\u003ca href=\"https://github.com/Jimbolino\"\u003e\u003ccode\u003e@​Jimbolino\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63262\"\u003e#63262\u003c/a\u003e  Reject invalid paths (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/54304\"\u003e#54304\u003c/a\u003e  When calling UploadedFile::getErrorMessage() to a file which has no error and is uploaded successfully, it should not return an error (\u003ca href=\"https://github.com/ArmCyber\"\u003e\u003ccode\u003e@​ArmCyber\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63230\"\u003e#63230\u003c/a\u003e  fix engine declaration on mysql pdo table creations (\u003ca href=\"https://github.com/tandev\"\u003e\u003ccode\u003e@​tandev\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.33\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v6.4.32...v6.4.33\"\u003ehttps://github.com/symfony/http-foundation/compare/v6.4.32...v6.4.33\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63137\"\u003e#63137\u003c/a\u003e  Fix PdoSessionHandler charset-collation mismatch with the Doctrine DBAL (\u003ca href=\"https://github.com/samy-mahmoudi\"\u003e\u003ccode\u003e@​samy-mahmoudi\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.32\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v6.4.31...v6.4.32\"\u003ehttps://github.com/symfony/http-foundation/compare/v6.4.31...v6.4.32\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63012\"\u003e#63012\u003c/a\u003e  Fix double-prefixing of session keys when using redis/memcached (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.31\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v6.4.30...v6.4.31\"\u003ehttps://github.com/symfony/http-foundation/compare/v6.4.30...v6.4.31\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62799\"\u003esymfony/symfony#62799\u003c/a\u003e [Cache][HttpFoundation] Fix VARBINARY columns on sqlsrv (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.30\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v6.4.29...v6.4.30\"\u003ehttps://github.com/symfony/http-foundation/compare/v6.4.29...v6.4.30\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62287\"\u003esymfony/symfony#62287\u003c/a\u003e [HttpFoundation] Fix AcceptHeader overwrites items with different parameters (\u003ca href=\"https://github.com/yoeunes\"\u003e\u003ccode\u003e@​yoeunes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.29\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v6.4.28...v6.4.29\"\u003ehttps://github.com/symfony/http-foundation/compare/v6.4.28...v6.4.29\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v6.4.27...v6.4.28\"\u003ehttps://github.com/symfony/http-foundation/compare/v6.4.27...v6.4.28\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62324\"\u003esymfony/symfony#62324\u003c/a\u003e [HttpFoundation] Fix parsing hosts and schemes in URLs (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62246\"\u003esymfony/symfony#62246\u003c/a\u003e [HttpFoundation] Allow Request::setFormat() to override predefined formats (\u003ca href=\"https://github.com/longwave\"\u003e\u003ccode\u003e@​longwave\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/48d76c29a67a301e0f7779a512bf76417395ffef\"\u003e\u003ccode\u003e48d76c2\u003c/code\u003e\u003c/a\u003e security #cve-2026-48736 [HttpFoundation] Block IPv6 transition forms in IpUt...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/10d5daa7a22d64037a4bd5195d387ecc0d2c5b3c\"\u003e\u003ccode\u003e10d5daa\u003c/code\u003e\u003c/a\u003e [HttpFoundation] Fix tests for PHP 8.6: session.cookie_samesite=Lax\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/3ebc78a9507545259ec5c71afdc49d4c452e3eda\"\u003e\u003ccode\u003e3ebc78a\u003c/code\u003e\u003c/a\u003e [HttpFoundation] Block IPv6 transition forms in IpUtils::PRIVATE_SUBNETS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/5402ad19bef111ffdd076d33d87bd400c0c38243\"\u003e\u003ccode\u003e5402ad1\u003c/code\u003e\u003c/a\u003e Remove wrong documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/92eeee6f81feb0ea2d5dce2fe17819f4004f8716\"\u003e\u003ccode\u003e92eeee6\u003c/code\u003e\u003c/a\u003e CS fixes - native_function_invocation \u0026amp; static_lambda\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/cffffd0a2c037117b742b4f8b379a22a2a33f6d2\"\u003e\u003ccode\u003ecffffd0\u003c/code\u003e\u003c/a\u003e [HttpFoundation] Fix session cookie_lifetime not applied in mock session storage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/5bb346d1b4b2a616e5c3d99b3ee4d5810735c535\"\u003e\u003ccode\u003e5bb346d\u003c/code\u003e\u003c/a\u003e [HttpFoundation] Handle empty session data in updateTimestamp() to fix compat...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/31b030e12f6662a7016add28fe29b70327dacf86\"\u003e\u003ccode\u003e31b030e\u003c/code\u003e\u003c/a\u003e stop using with*() without expects()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/31e2a27d480546f031bd4fc6f1ec8a7abdd62bb1\"\u003e\u003ccode\u003e31e2a27\u003c/code\u003e\u003c/a\u003e BinaryFileResponse: always return 206 if Range is valid\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/2ed100bf25d94ac1b28d71cc66050219d4caa97d\"\u003e\u003ccode\u003e2ed100b\u003c/code\u003e\u003c/a\u003e [HttpFoundation] Reject invalid paths\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/symfony/http-foundation/compare/v6.4.12...v6.4.41\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `symfony/mailer` from 6.4.12 to 6.4.40\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/mailer/releases\"\u003esymfony/mailer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.40\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v6.4.31...v6.4.40\"\u003ehttps://github.com/symfony/mailer/compare/v6.4.31...v6.4.40\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity #cve-2026-45068  Add end-of-options separator before recipients in SendmailTransport; reject addresses starting with a dash (\u003ca href=\"https://github.com/alexandre-daubois\"\u003e\u003ccode\u003e@​alexandre-daubois\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.34\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v6.4.33...v6.4.34\"\u003ehttps://github.com/symfony/mailer/compare/v6.4.33...v6.4.34\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/mailer/issues/63278\"\u003e#63278\u003c/a\u003e  Fix Mailjet SMTP relay X-MJ-TemplateErrorReporting header format to MailjetApiTransport (\u003ca href=\"https://github.com/mwijngaard\"\u003e\u003ccode\u003e@​mwijngaard\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.31\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v6.4.30...v6.4.31\"\u003ehttps://github.com/symfony/mailer/compare/v6.4.30...v6.4.31\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62756\"\u003esymfony/symfony#62756\u003c/a\u003e [Mailer] do not use PHPUnit mock objects without configured expectations (\u003ca href=\"https://github.com/xabbuh\"\u003e\u003ccode\u003e@​xabbuh\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.27\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v6.4.26...v6.4.27\"\u003ehttps://github.com/symfony/mailer/compare/v6.4.26...v6.4.27\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62145\"\u003esymfony/symfony#62145\u003c/a\u003e [Mailer] Fix parsing message ids in SMTP responses (\u003ca href=\"https://github.com/hacfi\"\u003e\u003ccode\u003e@​hacfi\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61876\"\u003esymfony/symfony#61876\u003c/a\u003e [Mailer][MailJet] Fix forbidden headers case-sensitive comparison (\u003ca href=\"https://github.com/benjamintoussaint\"\u003e\u003ccode\u003e@​benjamintoussaint\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v6.4.25...v6.4.26\"\u003ehttps://github.com/symfony/mailer/compare/v6.4.25...v6.4.26\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61727\"\u003esymfony/symfony#61727\u003c/a\u003e  Replace __sleep/wakeup() by __(un)serialize() for throwing and internal usages (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v6.4.24...v6.4.25\"\u003ehttps://github.com/symfony/mailer/compare/v6.4.24...v6.4.25\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61402\"\u003esymfony/symfony#61402\u003c/a\u003e  Remove calls to deprecated methods of SplObjectStorage (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.24\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v6.4.23...v6.4.24\"\u003ehttps://github.com/symfony/mailer/compare/v6.4.23...v6.4.24\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61223\"\u003esymfony/symfony#61223\u003c/a\u003e [Mailer][Brevo] Update Webhook IPs (\u003ca href=\"https://github.com/jarbey\"\u003e\u003ccode\u003e@​jarbey\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61106\"\u003esymfony/symfony#61106\u003c/a\u003e Fix \u003ccode\u003e@var\u003c/code\u003e phpdoc (\u003ca href=\"https://github.com/fabpot\"\u003e\u003ccode\u003e@​fabpot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61062\"\u003esymfony/symfony#61062\u003c/a\u003e [Brevo Mailer] Webhook IP Addresses have changed (\u003ca href=\"https://github.com/richardhj\"\u003e\u003ccode\u003e@​richardhj\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.23\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v6.4.22...v6.4.23\"\u003ehttps://github.com/symfony/mailer/compare/v6.4.22...v6.4.23\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/60914\"\u003esymfony/symfony#60914\u003c/a\u003e [Console] Fix command option mode (InputOption::VALUE_REQUIRED) (\u003ca href=\"https://github.com/gharlan\"\u003e\u003ccode\u003e@​gharlan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/60772\"\u003esymfony/symfony#60772\u003c/a\u003e [Mailer] [Transport] Send clone of \u003ccode\u003eRawMessage\u003c/code\u003e instance in \u003ccode\u003eRoundRobinTransport\u003c/code\u003e (\u003ca href=\"https://github.com/jnoordsij\"\u003e\u003ccode\u003e@​jnoordsij\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/60640\"\u003esymfony/symfony#60640\u003c/a\u003e [Mailer] use STARTTLS for SMTP with MailerSend (\u003ca href=\"https://github.com/xabbuh\"\u003e\u003ccode\u003e@​xabbuh\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.21\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v6.4.20...v6.4.21\"\u003ehttps://github.com/symfony/mailer/compare/v6.4.20...v6.4.21\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/60256\"\u003esymfony/symfony#60256\u003c/a\u003e [Mailer][Postmark] drop the \u003ccode\u003eDate\u003c/code\u003e header using the API transport (\u003ca href=\"https://github.com/xabbuh\"\u003e\u003ccode\u003e@​xabbuh\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/60057\"\u003esymfony/symfony#60057\u003c/a\u003e [Mailer] Fix \u003ccode\u003eTrying to access array offset on value of type null\u003c/code\u003e error by adding null checking (\u003ca href=\"https://github.com/khushaalan\"\u003e\u003ccode\u003e@​khushaalan\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/94fd44f3052e02340b0dd4447a7d7a5856e32da2\"\u003e\u003ccode\u003e94fd44f\u003c/code\u003e\u003c/a\u003e Merge branch '5.4' into 6.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/5b5385bc21c3549a80abc1353ccf8eb0b6861c61\"\u003e\u003ccode\u003e5b5385b\u003c/code\u003e\u003c/a\u003e [Mailer] Add end-of-options separator before recipients in SendmailTransport;...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/602519c3466621897c556125dbf644ec8dde2b38\"\u003e\u003ccode\u003e602519c\u003c/code\u003e\u003c/a\u003e PHP CS Fixer: backports changes toward 6.4 branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/a2918c6f34e601472ee891b517ab223e216ca5a3\"\u003e\u003ccode\u003ea2918c6\u003c/code\u003e\u003c/a\u003e CS fixes - native_function_invocation \u0026amp; static_lambda\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/d56a83b4ba1de6375d0745de9299daf078426fd1\"\u003e\u003ccode\u003ed56a83b\u003c/code\u003e\u003c/a\u003e [CS] Back config from 8.1 and apply heredoc_indentation rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/01b846f48e53ee4096692a383637a1fa4d577301\"\u003e\u003ccode\u003e01b846f\u003c/code\u003e\u003c/a\u003e [Mailer] Clarify the purpose of SentMessage's \u0026quot;message id\u0026quot; concept\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/8835f93333474780fda1b987cae37e33c3e026ca\"\u003e\u003ccode\u003e8835f93\u003c/code\u003e\u003c/a\u003e do not use PHPUnit mock objects without configured expectations\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/2f096718ed718996551f66e3a24e12b2ed027f95\"\u003e\u003ccode\u003e2f09671\u003c/code\u003e\u003c/a\u003e [Mailer] Relax regexp to parse message ids\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/39d50fa744bbddc7bf2ede95573aa4da705fc1a9\"\u003e\u003ccode\u003e39d50fa\u003c/code\u003e\u003c/a\u003e [Mailer] Fix parsing message ids in SMTP responses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/012185cd31689b799d39505bd706be6d3a57cd3f\"\u003e\u003ccode\u003e012185c\u003c/code\u003e\u003c/a\u003e Replace __sleep/wakeup() by __(un)serialize() for throwing and internal usages\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/symfony/mailer/compare/v6.4.12...v6.4.40\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `symfony/mime` from 6.4.12 to 6.4.41\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/mime/releases\"\u003esymfony/mime's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.41\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mime/compare/v6.4.40...v6.4.41\"\u003ehttps://github.com/symfony/mime/compare/v6.4.40...v6.4.41\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/mime/issues/64343\"\u003e#64343\u003c/a\u003e  Harden __unserialize against __toString trampolines (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.40\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mime/compare/v6.4.37...v6.4.40\"\u003ehttps://github.com/symfony/mime/compare/v6.4.37...v6.4.40\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity #cve-2026-45067  Reject email addresses containing line breaks in Address (\u003ca href=\"https://github.com/alexandre-daubois\"\u003e\u003ccode\u003e@​alexandre-daubois\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.37\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mime/compare/v6.4.36...v6.4.37\"\u003ehttps://github.com/symfony/mime/compare/v6.4.36...v6.4.37\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/mime/issues/64047\"\u003e#64047\u003c/a\u003e  Preserve inline part filename instead of overwriting it with the Content-ID (\u003ca href=\"https://github.com/ousamabenyounes\"\u003e\u003ccode\u003e@​ousamabenyounes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/mime/issues/64044\"\u003e#64044\u003c/a\u003e  Apply tagged MIME type guessers in File::getMimeType() (\u003ca href=\"https://github.com/ousamabenyounes\"\u003e\u003ccode\u003e@​ousamabenyounes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.36\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mime/compare/v6.4.35...v6.4.36\"\u003ehttps://github.com/symfony/mime/compare/v6.4.35...v6.4.36\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/mime/issues/63683\"\u003e#63683\u003c/a\u003e  Fix image method to use DataPart content ID (\u003ca href=\"https://github.com/pavelwitassek\"\u003e\u003ccode\u003e@​pavelwitassek\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.35\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mime/compare/v6.4.34...v6.4.35\"\u003ehttps://github.com/symfony/mime/compare/v6.4.34...v6.4.35\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/mime/issues/63584\"\u003e#63584\u003c/a\u003e  Use shell_exec() instead of passthru() in FileBinaryMimeTypeGuesser (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.34\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mime/compare/v6.4.33...v6.4.34\"\u003ehttps://github.com/symfony/mime/compare/v6.4.33...v6.4.34\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.32\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mime/compare/v6.4.31...v6.4.32\"\u003ehttps://github.com/symfony/mime/compare/v6.4.31...v6.4.32\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.30\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mime/compare/v6.4.29...v6.4.30\"\u003ehttps://github.com/symfony/mime/compare/v6.4.29...v6.4.30\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mime/compare/v6.4.25...v6.4.26\"\u003ehttps://github.com/symfony/mime/compare/v6.4.25...v6.4.26\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61766\"\u003esymfony/symfony#61766\u003c/a\u003e  Fix ord()-related PHP 8.5 deprecations (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61727\"\u003esymfony/symfony#61727\u003c/a\u003e  Replace __sleep/wakeup() by __(un)serialize() for throwing and internal usages (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.24\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mime/compare/v6.4.23...v6.4.24\"\u003ehttps://github.com/symfony/mime/compare/v6.4.23...v6.4.24\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mime/commit/5575d37f8841e4e31d5df79ab3db078ae557ff8e\"\u003e\u003ccode\u003e5575d37\u003c/code\u003e\u003c/a\u003e [Routing][RateLimiter][Mime][Security] Harden __unserialize against __toStrin...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mime/commit/7ccfb0cc6ff707ac9ca34b6ddab0bc6187436cbe\"\u003e\u003ccode\u003e7ccfb0c\u003c/code\u003e\u003c/a\u003e Merge branch '5.4' into 6.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mime/commit/8f89d3a319b92486b0bcc43c0479d19fdb0e2f64\"\u003e\u003ccode\u003e8f89d3a\u003c/code\u003e\u003c/a\u003e [Mime] Reject email addresses containing line breaks in Address\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mime/commit/f2f05cbae7ac01c045330d168fc655580916ac1f\"\u003e\u003ccode\u003ef2f05cb\u003c/code\u003e\u003c/a\u003e [Mime] Fix transient test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mime/commit/330077bc7fbe314758aff62834b758d06ac6d260\"\u003e\u003ccode\u003e330077b\u003c/code\u003e\u003c/a\u003e bug \u003ca href=\"https://redirect.github.com/symfony/mime/issues/64047\"\u003e#64047\u003c/a\u003e [Mime] Preserve inline part filename instead of overwriting it wit...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mime/commit/4c7099f8d130a575c1f179191df261856e26ee1b\"\u003e\u003ccode\u003e4c7099f\u003c/code\u003e\u003c/a\u003e [Mime] Preserve inline part filename instead of overwriting it with the Conte...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mime/commit/e2ae51ddb09ddeadd3c711e30b365b670e1794bc\"\u003e\u003ccode\u003ee2ae51d\u003c/code\u003e\u003c/a\u003e [FrameworkBundle] Apply tagged MIME type guessers in File::getMimeType()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mime/commit/3d4867881cef7ebb42e2e8846e09053472edf9b3\"\u003e\u003ccode\u003e3d48678\u003c/code\u003e\u003c/a\u003e More CS fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mime/commit/05099f572e09a71bd5adb7ad9fab4b5aadcf5481\"\u003e\u003ccode\u003e05099f5\u003c/code\u003e\u003c/a\u003e CS fixes - native_function_invocation \u0026amp; static_lambda\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mime/commit/f56fd2b0a89486fd3c8e44770919656988add0fb\"\u003e\u003ccode\u003ef56fd2b\u003c/code\u003e\u003c/a\u003e [CS] Back config from 8.1 and apply heredoc_indentation rule\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/symfony/mime/compare/v6.4.12...v6.4.41\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `symfony/process` from 6.4.12 to 6.4.41\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/process/releases\"\u003esymfony/process's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.41\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v6.4.39...v6.4.41\"\u003ehttps://github.com/symfony/process/compare/v6.4.39...v6.4.41\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/process/issues/64347\"\u003e#64347\u003c/a\u003e  Stop leaking CGI/FastCGI request-context vars to subprocesses (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.39\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v6.4.33...v6.4.39\"\u003ehttps://github.com/symfony/process/compare/v6.4.33...v6.4.39\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/process/issues/64058\"\u003e#64058\u003c/a\u003e  Ignore array env values before proc_open (\u003ca href=\"https://github.com/dionisvl\"\u003e\u003ccode\u003e@​dionisvl\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.33\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v6.4.32...v6.4.33\"\u003ehttps://github.com/symfony/process/compare/v6.4.32...v6.4.33\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity #cve-2026-24739  Fix escaping for MSYS on Windows (nicolas-grekas)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/process/issues/63164\"\u003e#63164\u003c/a\u003e  Fix escaping for MSYS on Windows (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.32\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v6.4.31...v6.4.32\"\u003ehttps://github.com/symfony/process/compare/v6.4.31...v6.4.32\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/process/issues/63004\"\u003e#63004\u003c/a\u003e  Ignore invalid env var names (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.31\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v6.4.30...v6.4.31\"\u003ehttps://github.com/symfony/process/compare/v6.4.30...v6.4.31\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62775\"\u003esymfony/symfony#62775\u003c/a\u003e [Process] Fix dealing with broken stdin pipes (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v6.4.25...v6.4.26\"\u003ehttps://github.com/symfony/process/compare/v6.4.25...v6.4.26\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61727\"\u003esymfony/symfony#61727\u003c/a\u003e  Replace __sleep/wakeup() by __(un)serialize() for throwing and internal usages (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.25\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v6.4.24...v6.4.25\"\u003ehttps://github.com/symfony/process/compare/v6.4.24...v6.4.25\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61401\"\u003esymfony/symfony#61401\u003c/a\u003e [Process] Enhance hasSystemCallBeenInterrupted function for non-english locale (\u003ca href=\"https://github.com/christianseel\"\u003e\u003ccode\u003e@​christianseel\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.24\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v6.4.23...v6.4.24\"\u003ehttps://github.com/symfony/process/compare/v6.4.23...v6.4.24\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.20\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v6.4.19...v6.4.20\"\u003ehttps://github.com/symfony/process/compare/v6.4.19...v6.4.20\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/59949\"\u003esymfony/symfony#59949\u003c/a\u003e [Process] Use a pipe for stderr in pty mode to avoid mixed output between stdout and stderr (\u003ca href=\"https://github.com/joelwurtz\"\u003e\u003ccode\u003e@​joelwurtz\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.19\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v6.4.18...v6.4.19\"\u003ehttps://github.com/symfony/process/compare/v6.4.18...v6.4.19\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/c8fc09bdfe9fde9aaa89b415a4477feaccec16a7\"\u003e\u003ccode\u003ec8fc09b\u003c/code\u003e\u003c/a\u003e [Process] Stop leaking CGI/FastCGI request-context vars to subprocesses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/6c93071cb8c91dce5a41960d125e019e64ef6cb5\"\u003e\u003ccode\u003e6c93071\u003c/code\u003e\u003c/a\u003e [Process] Ignore array env values before proc_open\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/7b8e6e883ecdb0d9295cde593081afe8805207c3\"\u003e\u003ccode\u003e7b8e6e8\u003c/code\u003e\u003c/a\u003e More CS fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/57313310a02ecd61cff81ca37baec68af4dd743f\"\u003e\u003ccode\u003e5731331\u003c/code\u003e\u003c/a\u003e CS fixes - native_function_invocation \u0026amp; static_lambda\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/736ed5259a08c4c503e56dbea9f1ef709f290892\"\u003e\u003ccode\u003e736ed52\u003c/code\u003e\u003c/a\u003e [CS] Back config from 8.1 and apply heredoc_indentation rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/c46e854e79b52d07666e43924a20cb6dc546644e\"\u003e\u003ccode\u003ec46e854\u003c/code\u003e\u003c/a\u003e [Process] Fix escaping for MSYS on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/c593135be689b21e6164b1e8f6f5dbf1506b065c\"\u003e\u003ccode\u003ec593135\u003c/code\u003e\u003c/a\u003e [Process] Adjust Process mustRun method phpdoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/e579464d74525bf5eca45cbc984126a461879c3e\"\u003e\u003ccode\u003ee579464\u003c/code\u003e\u003c/a\u003e [Process] Ignore invalid env var names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/8541b7308fca001320e90bca8a73a28aa5604a6e\"\u003e\u003ccode\u003e8541b73\u003c/code\u003e\u003c/a\u003e [Process] Fix dealing with broken stdin pipes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/48bad913268c8cafabbf7034b39c8bb24fbc5ab8\"\u003e\u003ccode\u003e48bad91\u003c/code\u003e\u003c/a\u003e Replace __sleep/wakeup() by __(un)serialize() for throwing and internal usages\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/symfony/process/compare/v6.4.12...v6.4.41\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `symfony/routing` from 6.4.12 to 6.4.41\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/routing/releases\"\u003esymfony/routing's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.41\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v6.4.40...v6.4.41\"\u003ehttps://github.com/symfony/routing/compare/v6.4.40...v6.4.41\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity #cve-2026-48784  Fix dot-segment encoding for chained \u0026quot;../\u0026quot; and \u0026quot;./\u0026quot; in generated URLs (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/routing/issues/64343\"\u003e#64343\u003c/a\u003e  Harden __unserialize against __toString trampolines (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.40\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v6.4.37...v6.4.40\"\u003ehttps://github.com/symfony/routing/compare/v6.4.37...v6.4.40\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity #cve-2026-45065  Fix regex alternation anchoring in \u003ccode\u003eUrlGenerator\u003c/code\u003e requirement validation (\u003ca href=\"https://github.com/alexandre-daubois\"\u003e\u003ccode\u003e@​alexandre-daubois\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.37\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v6.4.34...v6.4.37\"\u003ehttps://github.com/symfony/routing/compare/v6.4.34...v6.4.37\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/routing/issues/63981\"\u003e#63981\u003c/a\u003e  Honor the Request's method in UrlMatcher::matchRequest() (\u003ca href=\"https://github.com/ousamabenyounes\"\u003e\u003ccode\u003e@​ousamabenyounes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.34\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v6.4.33...v6.4.34\"\u003ehttps://github.com/symfony/routing/compare/v6.4.33...v6.4.34\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/routing/issues/54236\"\u003e#54236\u003c/a\u003e  Fix exclude option being ignored for non-glob and PSR-4 resources (\u003ca href=\"https://github.com/NeilPeyssard\"\u003e\u003ccode\u003e@​NeilPeyssard\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.32\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v6.4.31...v6.4.32\"\u003ehttps://github.com/symfony/routing/compare/v6.4.31...v6.4.32\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.30\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v6.4.29...v6.4.30\"\u003ehttps://github.com/symfony/routing/compare/v6.4.29...v6.4.30\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62459\"\u003esymfony/symfony#62459\u003c/a\u003e [Routing] Fix case sensitivity for static host matching in compiled routes (\u003ca href=\"https://github.com/yoeunes\"\u003e\u003ccode\u003e@​yoeunes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62461\"\u003esymfony/symfony#62461\u003c/a\u003e [Routing] Fix localized prefix updates breaking aliases (\u003ca href=\"https://github.com/yoeunes\"\u003e\u003ccode\u003e@​yoeunes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62460\"\u003esymfony/symfony#62460\u003c/a\u003e [Routing] Fix addNamePrefix breaking aliases to external routes (\u003ca href=\"https://github.com/yoeunes\"\u003e\u003ccode\u003e@​yoeunes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.28\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v6.4.27...v6.4.28\"\u003ehttps://github.com/symfony/routing/compare/v6.4.27...v6.4.28\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62290\"\u003esymfony/symfony#62290\u003c/a\u003e [Routing] Fix matching the \u0026quot;0\u0026quot; URL (\u003ca href=\"https://github.com/cs278\"\u003e\u003ccode\u003e@​cs278\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.26\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v6.4.25...v6.4.26\"\u003ehttps://github.com/symfony/routing/compare/v6.4.25...v6.4.26\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61727\"\u003esymfony/symfony#61727\u003c/a\u003e  Replace __sleep/wakeup() by __(un)serialize() for throwing and internal usages (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.24\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v6.4.23...v6.4.24\"\u003ehttps://github.com/symfony/routing/compare/v6.4.23...v6.4.24\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.4.22\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v6.4.21...v6.4.22\"\u003ehttps://github.com/symfony/routing/compare/v6.4.21...v6.4.22\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/af04c79671fd8df0805a44c83fa2b0ba56c8329e\"\u003e\u003ccode\u003eaf04c79\u003c/code\u003e\u003c/a\u003e Merge branch '5.4' into 6.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/be4ce34035aa79b8bc3ba1a7d1694435a216f68b\"\u003e\u003ccode\u003ebe4ce34\u003c/code\u003e\u003c/a\u003e [Routing][RateLimiter][Mime][Security] Harden __unserialize against __toStrin...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/f4ca0c533854c26e3b27e981da760807f89e1a42\"\u003e\u003ccode\u003ef4ca0c5\u003c/code\u003e\u003c/a\u003e [Routing] Fix dot-segment encoding for chained \u0026quot;../\u0026quot; and \u0026quot;./\u0026quot; in generated URLs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/0cd0d2fb05382c95dff6b33c51a7c96cbdbc136d\"\u003e\u003ccode\u003e0cd0d2f\u003c/code\u003e\u003c/a\u003e Merge branch '5.4' into 6.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/48035d186798d27d375d95aad37db8fe097e4048\"\u003e\u003ccode\u003e48035d1\u003c/code\u003e\u003c/a\u003e [Routing] Honor the Request's method in UrlMatcher::matchRequest()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/275b31328b2e58cab004be0cf086380e2a5c5ee7\"\u003e\u003ccode\u003e275b313\u003c/code\u003e\u003c/a\u003e [Routing] Fix regex alternation anchoring in UrlGenerator requirement validation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/1425c2c2c11c5499c3415035c746d7918661a76e\"\u003e\u003ccode\u003e1425c2c\u003c/code\u003e\u003c/a\u003e More CS fixes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/883d14018234cc6f293faff5e3fd0d3d9b6bc2fb\"\u003e\u003ccode\u003e883d140\u003c/code\u003e\u003c/a\u003e CS fixes - native_function_invocation \u0026amp; static_lambda\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/4bcf92a7914e1253ccece9502678a4154a25e14a\"\u003e\u003ccode\u003e4bcf92a\u003c/code\u003e\u003c/a\u003e [CS] Back config from 8.1 and apply heredoc_indentation rule\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/5ab3a3e1a03535ec5ca6ce2d39e4369a1096ae47\"\u003e\u003ccode\u003e5ab3a3e\u003c/code\u003e\u003c/a\u003e [Config][Routing] Fix exclude option being ignored for non-glob and PSR-4 res...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/symfony/routing/compare/v6.4.12...v6.4.41\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/yanis-Ramssamy/GestionEcole/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/yanis-Ramssamy/GestionEcole/pull/8","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/yanis-Ramssamy%2FGestionEcole/issues/8","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8/packages"}},{"old_version":"2.6.1","new_version":"2.8.2","update_type":"minor","path":null,"pr_created_at":"2026-05-27T23:48:43.000Z","version_change":"2.6.1 → 2.8.2","issue":{"uuid":"4536539250","node_id":"PR_kwDOSB1VTc7gCNSY","number":40,"state":"closed","title":"Bump the composer group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-27T23:50:49.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-27T23:48:43.000Z","updated_at":"2026-05-27T23:50:51.000Z","time_to_close":126,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"composer","update_count":6,"packages":[{"name":"league/commonmark","old_version":"2.6.1","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"},{"name":"psy/psysh","old_version":"0.12.8","new_version":"0.12.23","repository_url":"https://github.com/bobthecow/psysh"},{"name":"symfony/http-foundation","old_version":"7.2.5","new_version":"7.4.13","repository_url":"https://github.com/symfony/http-foundation"},{"name":"symfony/mailer","old_version":"7.2.3","new_version":"7.4.12","repository_url":"https://github.com/symfony/mailer"},{"name":"symfony/routing","old_version":"7.2.3","new_version":"7.4.13","repository_url":"https://github.com/symfony/routing"},{"name":"symfony/yaml","old_version":"7.2.5","new_version":"7.4.13","repository_url":"https://github.com/symfony/yaml"}],"path":null,"ecosystem":"packagist"},"body":"Bumps the composer group with 6 updates in the /laravel-inertia directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [league/commonmark](https://github.com/thephpleague/commonmark) | `2.6.1` | `2.8.2` |\n| [psy/psysh](https://github.com/bobthecow/psysh) | `0.12.8` | `0.12.23` |\n| [symfony/http-foundation](https://github.com/symfony/http-foundation) | `7.2.5` | `7.4.13` |\n| [symfony/mailer](https://github.com/symfony/mailer) | `7.2.3` | `7.4.12` |\n| [symfony/routing](https://github.com/symfony/routing) | `7.2.3` | `7.4.13` |\n| [symfony/yaml](https://github.com/symfony/yaml) | `7.2.5` | `7.4.13` |\n\n\nUpdates `league/commonmark` from 2.6.1 to 2.8.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.8.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (\u003ca href=\"https://github.com/thephpleague/commonmark/security/advisories/GHSA-4v6x-c7xx-hw9f\"\u003eGHSA-4v6x-c7xx-hw9f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kocal\"\u003e\u003ccode\u003e@​Kocal\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1106\"\u003ethephpleague/commonmark#1106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/freost\"\u003e\u003ccode\u003e@​freost\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1107\"\u003ethephpleague/commonmark#1107\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.8.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded a new \u003ccode\u003eHighlightExtension\u003c/code\u003e for marking important text using \u003ccode\u003e==\u003c/code\u003e syntax (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1100\"\u003e#1100\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eAutolinkExtension\u003c/code\u003e incorrectly matching URLs after invalid \u003ccode\u003ewww.\u003c/code\u003e prefix (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1095\"\u003e#1095\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1103\"\u003e#1103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samwilson\"\u003e\u003ccode\u003e@​samwilson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1090\"\u003ethephpleague/commonmark#1090\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ossobuffo\"\u003e\u003ccode\u003e@​ossobuffo\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1100\"\u003ethephpleague/commonmark#1100\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.7.1...2.8.0\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.7.1...2.8.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.7.1\u003c/h2\u003e\n\u003ch2\u003eNotable Changes\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOptimized several regular expressions in \u003ccode\u003eRegexHelper\u003c/code\u003e to improve performance (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/674\"\u003e#674\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1086\"\u003e#1086\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eEmbedProcessor\u003c/code\u003e no longer calls \u003ccode\u003eupdateEmbeds()\u003c/code\u003e when there are no embeds to update (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed missing \u003ccode\u003ebenchmark.php\u003c/code\u003e CSV path validation for non-existent files (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1068\"\u003e#1068\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.8.1] - 2026-03-05\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (GHSA-4v6x-c7xx-hw9f)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.8.0] - 2025-11-26\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded a new \u003ccode\u003eHighlightExtension\u003c/code\u003e for marking important text using \u003ccode\u003e==\u003c/code\u003e syntax (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1100\"\u003e#1100\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eAutolinkExtension\u003c/code\u003e incorrectly matching URLs after invalid \u003ccode\u003ewww.\u003c/code\u003e prefix (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1095\"\u003e#1095\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1103\"\u003e#1103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.7.1] - 2025-07-20\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOptimized several regular expressions in \u003ccode\u003eRegexHelper\u003c/code\u003e to improve performance (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/674\"\u003e#674\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1086\"\u003e#1086\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eEmbedProcessor\u003c/code\u003e no longer calls \u003ccode\u003eupdateEmbeds()\u003c/code\u003e when there are no embeds to update (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed missing \u003ccode\u003ebenchmark.php\u003c/code\u003e CSV path validation for non-existent files (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1068\"\u003e#1068\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.7.0] - 2025-05-05\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address a potential cross-site scripting (XSS) vulnerability when using the \u003ccode\u003eAttributesExtension\u003c/code\u003e with untrusted user input.\u003c/p\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eattributes/allow\u003c/code\u003e config option to specify which attributes users are allowed to set on elements (default allows virtually all attributes)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eAttributesExtension\u003c/code\u003e blocks all attributes starting with \u003ccode\u003eon\u003c/code\u003e unless explicitly allowed via the \u003ccode\u003eattributes/allow\u003c/code\u003e config option\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eallow_unsafe_links\u003c/code\u003e option is now respected by the \u003ccode\u003eAttributesExtension\u003c/code\u003e when users specify \u003ccode\u003ehref\u003c/code\u003e and \u003ccode\u003esrc\u003c/code\u003e attributes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.6.2] - 2025-04-18\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Attributes extension parsing regression (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1071\"\u003e#1071\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/84b1ca48347efdbe775426f108622a42735a6579\"\u003e\u003ccode\u003e84b1ca4\u003c/code\u003e\u003c/a\u003e Almost forgot this entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/bcf54f5a38cf8e42cca45248b04caba13317459f\"\u003e\u003ccode\u003ebcf54f5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/7a68ed1c6765bd2650fed6d9857985bdfe655c71\"\u003e\u003ccode\u003e7a68ed1\u003c/code\u003e\u003c/a\u003e Prepare to release 2.8.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/5c0c4c8fe5a31e8260be99e0afad7136a27c79e6\"\u003e\u003ccode\u003e5c0c4c8\u003c/code\u003e\u003c/a\u003e Fix DisallowedRawHtml bypass via newline/tab in tag names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/f6e74434dd1a91f195f80cb0184b746a4187272a\"\u003e\u003ccode\u003ef6e7443\u003c/code\u003e\u003c/a\u003e Add regression test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/0719b6744cc68bc8b037fb30db86b62ec370c557\"\u003e\u003ccode\u003e0719b67\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e from freost/fix-php85-deprecation-error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/63ff2e0b12742f379803b5f21aa6f5b50abcd412\"\u003e\u003ccode\u003e63ff2e0\u003c/code\u003e\u003c/a\u003e Fix PHP 8.5 deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/8608e9c006d9f44acf8d983b126a813bd8def780\"\u003e\u003ccode\u003e8608e9c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1106\"\u003e#1106\u003c/a\u003e from Kocal/patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.6.1...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `psy/psysh` from 0.12.8 to 0.12.23\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bobthecow/psysh/releases\"\u003epsy/psysh's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ePsySH v0.12.23\u003c/h2\u003e\n\u003ch2\u003eBug fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix interactive readline bracket matching inside interpolated strings. Fixes \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/930\"\u003e#930\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAvoid infinite recursion in \u003ccode\u003eShellOutput\u003c/code\u003e write tracking (e.g. \u003ccode\u003eprint_r\u003c/code\u003e on an \u003ccode\u003eException\u003c/code\u003e with \u003ccode\u003ezend.exception_ignore_args = Off\u003c/code\u003e). Fixes \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/934\"\u003e#934\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude \u003ccode\u003e--warm-autoload\u003c/code\u003e in project trust restrictions\u003c/li\u003e\n\u003cli\u003eExclude Symfony Console DI components from the autoload warmer (they're an optional dependency and blow up when not installed)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eUnder the hood\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eTighter callable types throughout\u003c/li\u003e\n\u003cli\u003eAdded MediaWiki downstream smoke tests, updated to 8.3\u003c/li\u003e\n\u003cli\u003eFixed Drush downstream tests\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ePsySH v0.12.22\u003c/h2\u003e\n\u003ch2\u003eRuntime config and clipboard support\u003c/h2\u003e\n\u003cp\u003ePsySH has a new \u003ccode\u003econfig\u003c/code\u003e command for inspecting and updating runtime-configurable settings during the current session. You can tweak things like \u003ccode\u003epager\u003c/code\u003e, \u003ccode\u003etheme\u003c/code\u003e, \u003ccode\u003everbosity\u003c/code\u003e, \u003ccode\u003euseSuggestions\u003c/code\u003e, \u003ccode\u003euseSyntaxHighlighting\u003c/code\u003e, \u003ccode\u003eclipboardCommand\u003c/code\u003e, and \u003ccode\u003esemicolonsSuppressReturn\u003c/code\u003e without restarting the shell. Fixes \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/361\"\u003e#361\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThere’s also a new \u003ccode\u003ecopy\u003c/code\u003e command for copying the last result (\u003ccode\u003e$_\u003c/code\u003e) or any expression to your clipboard. Works with system clipboard commands, or via OSC 52 for SSH and remote terminals.\u003c/p\u003e\n\u003cp\u003eConfigure with \u003ccode\u003eclipboardCommand\u003c/code\u003e or \u003ccode\u003euseOsc52Clipboard\u003c/code\u003e in your config.\u003c/p\u003e\n\u003ch2\u003eSemicolon-based return suppression\u003c/h2\u003e\n\u003cp\u003eOptionally suppress return values by ending a statement with \u003ccode\u003e;\u003c/code\u003e, similar to MATLAB/Octave behavior. Supports a \u003ccode\u003e'double'\u003c/code\u003e mode requiring \u003ccode\u003e;;\u003c/code\u003e for suppression (if \u003ccode\u003erequireSemicolons\u003c/code\u003e is also enabled, both \u003ccode\u003etrue\u003c/code\u003e and \u003ccode\u003e'double'\u003c/code\u003e require \u003ccode\u003e;;\u003c/code\u003e).\u003c/p\u003e\n\u003cpre lang=\"php\"\u003e\u003ccode\u003e'semicolonsSuppressReturn' =\u0026gt; true,\r\n'semicolonsSuppressReturn' =\u0026gt; 'double', // Always require ;; to suppress\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eOutput and exception display improvements\u003c/h2\u003e\n\u003cp\u003eStrings are now valid PHP!\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePsySH now preserves backslashes and other characters it previously mangled in a few cases. Fixes \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/351\"\u003e#351\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/568\"\u003e#568\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMultiline strings are rendered using heredoc-style output rather than triple-quoted strings \u003ccode\u003e\u0026quot;\u0026quot;\u0026quot;\u003c/code\u003e. The old format is available via \u003ccode\u003euseDeprecatedMultilineStrings\u003c/code\u003e until the next major release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProviding an \u003ccode\u003eexceptionDetails\u003c/code\u003e callback via config renders additional context about exceptions (e.g. validation errors) alongside the error message. Fixes \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/648\"\u003e#648\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eA few other improvements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMore consistent compact (and non-compact) output spacing.\u003c/li\u003e\n\u003cli\u003eResponsive \u003ccode\u003ehelp\u003c/code\u003e layout adapts to terminal width.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBetter completion for everyone\u003c/h2\u003e\n\u003cp\u003eLegacy readline now shares PsySH’s newer completion engine, which brings much better parity between ext-readline/libedit and experimental interactive readline. Command argument completion, better multiline buffering, and a handful of command-dispatch edge cases now work much more consistently outside experimental readline too.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/4dcc0f08047d52bbde475eda481146fd8e27e1a4\"\u003e\u003ccode\u003e4dcc0f0\u003c/code\u003e\u003c/a\u003e Merge branch 'release/v0.12.23'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/e70ea1a49f035d71428c4366c8a148bc1deb372f\"\u003e\u003ccode\u003ee70ea1a\u003c/code\u003e\u003c/a\u003e Bump to v0.12.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/961a5542422b60137ea47be409e69b761735d242\"\u003e\u003ccode\u003e961a554\u003c/code\u003e\u003c/a\u003e Bump composer/class-map-generator from 1.7.2 to 1.7.3 in /build\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/901a8225f6591e939dd322e06e393c06c1badc05\"\u003e\u003ccode\u003e901a822\u003c/code\u003e\u003c/a\u003e Bump codecov/codecov-action from 6.0.0 to 6.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/f1dea55169d8b02902437595a51651f5b044c59d\"\u003e\u003ccode\u003ef1dea55\u003c/code\u003e\u003c/a\u003e Bump shivammathur/setup-php from 2.37.0 to 2.37.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/77c2c06fbd40531d3e0a4080fa6d436411125eef\"\u003e\u003ccode\u003e77c2c06\u003c/code\u003e\u003c/a\u003e Fix drush downstream tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/a6a4cddcbef208c44fffbd27b5893f34a50d15ea\"\u003e\u003ccode\u003ea6a4cdd\u003c/code\u003e\u003c/a\u003e Track ShellOutput writes without listener\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/316df3b9ee2ff9baeb1e3e36968e4c86d9db3133\"\u003e\u003ccode\u003e316df3b\u003c/code\u003e\u003c/a\u003e Bump symfony/polyfill-mbstring from 1.33.0 to 1.37.0 in /build\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/d828ff92e07a743e0a355799cea0722db19b2cd6\"\u003e\u003ccode\u003ed828ff9\u003c/code\u003e\u003c/a\u003e Bump symfony/polyfill-iconv from 1.36.0 to 1.37.0 in /build\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/ced60861f07b42d7670da8f6bd244f003df73ef6\"\u003e\u003ccode\u003eced6086\u003c/code\u003e\u003c/a\u003e Fix interactive readline bracket matching in interpolated strings\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/bobthecow/psysh/compare/v0.12.8...v0.12.23\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `symfony/http-foundation` from 7.2.5 to 7.4.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/http-foundation/releases\"\u003esymfony/http-foundation's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.4.13\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.7...v7.4.13\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.7...v7.4.13\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity #cve-2026-48736  Block IPv6 transition forms in IpUtils::PRIVATE_SUBNETS (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.7...v7.4.8\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.7...v7.4.8\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.6...v7.4.7\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.6...v7.4.7\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63603\"\u003e#63603\u003c/a\u003e  Fix session cookie_lifetime not applied in mock session storage (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.5...v7.4.6\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.5...v7.4.6\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63448\"\u003e#63448\u003c/a\u003e  Handle empty session data in updateTimestamp() to fix compat with PHP 8.6 (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63319\"\u003e#63319\u003c/a\u003e  BinaryFileResponse: always return 206 if Range is valid (\u003ca href=\"https://github.com/Jimbolino\"\u003e\u003ccode\u003e@​Jimbolino\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63262\"\u003e#63262\u003c/a\u003e  Reject invalid paths (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/54304\"\u003e#54304\u003c/a\u003e  When calling UploadedFile::getErrorMessage() to a file which has no error and is uploaded successfully, it should not return an error (\u003ca href=\"https://github.com/ArmCyber\"\u003e\u003ccode\u003e@​ArmCyber\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63230\"\u003e#63230\u003c/a\u003e  fix engine declaration on mysql pdo table creations (\u003ca href=\"https://github.com/tandev\"\u003e\u003ccode\u003e@​tandev\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.5\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.4...v7.4.5\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.4...v7.4.5\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63137\"\u003e#63137\u003c/a\u003e  Fix PdoSessionHandler charset-collation mismatch with the Doctrine DBAL (\u003ca href=\"https://github.com/samy-mahmoudi\"\u003e\u003ccode\u003e@​samy-mahmoudi\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.3...v7.4.4\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.3...v7.4.4\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63012\"\u003e#63012\u003c/a\u003e  Fix double-prefixing of session keys when using redis/memcached (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.2...v7.4.3\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.2...v7.4.3\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62799\"\u003esymfony/symfony#62799\u003c/a\u003e [Cache][HttpFoundation] Fix VARBINARY columns on sqlsrv (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.0...v7.4.1\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.0...v7.4.1\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62663\"\u003esymfony/symfony#62663\u003c/a\u003e [HttpFoundation] Improve logic in Request::createFromGlobals() (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.0-RC3...v7.4.0\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.0-RC3...v7.4.0\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0-RC1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/http-foundation/blob/8.1/CHANGELOG.md\"\u003esymfony/http-foundation's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCHANGELOG\u003c/h1\u003e\n\u003ch2\u003e8.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eBinaryFileResponse::shouldDeleteFileAfterSend()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDeprecate setting public properties of \u003ccode\u003eRequest\u003c/code\u003e and \u003ccode\u003eResponse\u003c/code\u003e objects directly; use setters or constructor arguments instead\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eSessionHasFlashMessage\u003c/code\u003e test constraint\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eResponse::__construct()\u003c/code\u003e now accepts a \u003ccode\u003eResponseHeaderBag\u003c/code\u003e as its third argument\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eParameterBag::getInt()\u003c/code\u003e and \u003ccode\u003eParameterBag::getBoolean()\u003c/code\u003e now throw \u003ccode\u003eUnexpectedValueException\u003c/code\u003e instead of silently returning \u003ccode\u003e0\u003c/code\u003e/\u003ccode\u003efalse\u003c/code\u003e when the value cannot be converted\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop HTTP method override support for methods GET, HEAD, CONNECT and TRACE\u003c/li\u003e\n\u003cli\u003eAdd argument \u003ccode\u003e$subtypeFallback\u003c/code\u003e to \u003ccode\u003eRequest::getFormat()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRemove the following deprecated session options from \u003ccode\u003eNativeSessionStorage\u003c/code\u003e: \u003ccode\u003ereferer_check\u003c/code\u003e, \u003ccode\u003euse_only_cookies\u003c/code\u003e, \u003ccode\u003euse_trans_sid\u003c/code\u003e, \u003ccode\u003esid_length\u003c/code\u003e, \u003ccode\u003esid_bits_per_character\u003c/code\u003e, \u003ccode\u003etrans_sid_hosts\u003c/code\u003e, \u003ccode\u003etrans_sid_tags\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eTrigger PHP warning when using \u003ccode\u003eRequest::sendHeaders()\u003c/code\u003e after headers have already been sent; use a \u003ccode\u003eStreamedResponse\u003c/code\u003e instead\u003c/li\u003e\n\u003cli\u003eAdd arguments \u003ccode\u003e$v4Bytes\u003c/code\u003e and \u003ccode\u003e$v6Bytes\u003c/code\u003e to \u003ccode\u003eIpUtils::anonymize()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd argument \u003ccode\u003e$partitioned\u003c/code\u003e to \u003ccode\u003eResponseHeaderBag::clearCookie()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd argument \u003ccode\u003e$expiration\u003c/code\u003e to \u003ccode\u003eUriSigner::sign()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003eRequest::get()\u003c/code\u003e, use properties \u003ccode\u003e-\u0026gt;attributes\u003c/code\u003e, \u003ccode\u003equery\u003c/code\u003e or \u003ccode\u003erequest\u003c/code\u003e directly instead\u003c/li\u003e\n\u003cli\u003eRemove accepting null \u003ccode\u003e$format\u003c/code\u003e argument to \u003ccode\u003eRequest::setFormat()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e#[WithHttpStatus]\u003c/code\u003e to define status codes: 404 for \u003ccode\u003eSignedUriException\u003c/code\u003e and 403 for \u003ccode\u003eExpiredSignedUriException\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the \u003ccode\u003eQUERY\u003c/code\u003e HTTP method\u003c/li\u003e\n\u003cli\u003eAdd support for structured MIME suffix\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eRequest::set/getAllowedHttpMethodOverride()\u003c/code\u003e to list which HTTP methods can be overridden\u003c/li\u003e\n\u003cli\u003eDeprecate using \u003ccode\u003eRequest::sendHeaders()\u003c/code\u003e after headers have already been sent; use a \u003ccode\u003eStreamedResponse\u003c/code\u003e instead\u003c/li\u003e\n\u003cli\u003eDeprecate method \u003ccode\u003eRequest::get()\u003c/code\u003e, use properties \u003ccode\u003e-\u0026gt;attributes\u003c/code\u003e, \u003ccode\u003equery\u003c/code\u003e or \u003ccode\u003erequest\u003c/code\u003e directly instead\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eRequest::createFromGlobals()\u003c/code\u003e parse the body of PUT, DELETE, PATCH and QUERY requests\u003c/li\u003e\n\u003cli\u003eDeprecate HTTP method override for methods GET, HEAD, CONNECT and TRACE; it will be ignored in Symfony 8.0\u003c/li\u003e\n\u003cli\u003eDeprecate accepting null \u003ccode\u003e$format\u003c/code\u003e argument to \u003ccode\u003eRequest::setFormat()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for iterable of string in \u003ccode\u003eStreamedResponse\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eEventStreamResponse\u003c/code\u003e and \u003ccode\u003eServerEvent\u003c/code\u003e classes to streamline server event streaming\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003evalkey:\u003c/code\u003e / \u003ccode\u003evalkeys:\u003c/code\u003e schemes for sessions\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest::getPreferredLanguage()\u003c/code\u003e now favors a more preferred language above exactly matching a locale\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eUriSigner\u003c/code\u003e to use a \u003ccode\u003eClockInterface\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUriSigner::verify()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/bc354f47c62301e990b7874fa662326368508e2c\"\u003e\u003ccode\u003ebc354f4\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/48d76c29a67a301e0f7779a512bf76417395ffef\"\u003e\u003ccode\u003e48d76c2\u003c/code\u003e\u003c/a\u003e security #cve-2026-48736 [HttpFoundation] Block IPv6 transition forms in IpUt...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/fda5ebe3a23cd930790cb70aeac9c58d5a262b09\"\u003e\u003ccode\u003efda5ebe\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/5979ae84168d6f551009278ee576676dfb87f90a\"\u003e\u003ccode\u003e5979ae8\u003c/code\u003e\u003c/a\u003e Ignore Doctrine DBAL deprecations that can't be worked around\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/10d5daa7a22d64037a4bd5195d387ecc0d2c5b3c\"\u003e\u003ccode\u003e10d5daa\u003c/code\u003e\u003c/a\u003e [HttpFoundation] Fix tests for PHP 8.6: session.cookie_samesite=Lax\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/3ebc78a9507545259ec5c71afdc49d4c452e3eda\"\u003e\u003ccode\u003e3ebc78a\u003c/code\u003e\u003c/a\u003e [HttpFoundation] Block IPv6 transition forms in IpUtils::PRIVATE_SUBNETS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/051a9622b64ac1f639665c593afbff1128cddb16\"\u003e\u003ccode\u003e051a962\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/5402ad19bef111ffdd076d33d87bd400c0c38243\"\u003e\u003ccode\u003e5402ad1\u003c/code\u003e\u003c/a\u003e Remove wrong documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/c38f205c479a5f74d34034f29e59240e1ec4b795\"\u003e\u003ccode\u003ec38f205\u003c/code\u003e\u003c/a\u003e [7.4] Remove usages of named arguments in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/a762b60b37023abc3fb0d870adbdaa523606a7af\"\u003e\u003ccode\u003ea762b60\u003c/code\u003e\u003c/a\u003e Update XSD references in phpunit.xml.dist files\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.2.5...v7.4.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `symfony/mailer` from 7.2.3 to 7.4.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/mailer/releases\"\u003esymfony/mailer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.4.12\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v7.4.3...v7.4.12\"\u003ehttps://github.com/symfony/mailer/compare/v7.4.3...v7.4.12\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity #cve-2026-45068  Add end-of-options separator before recipients in SendmailTransport; reject addresses starting with a dash (\u003ca href=\"https://github.com/alexandre-daubois\"\u003e\u003ccode\u003e@​alexandre-daubois\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v7.4.7...v7.4.8\"\u003ehttps://github.com/symfony/mailer/compare/v7.4.7...v7.4.8\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v7.4.5...v7.4.6\"\u003ehttps://github.com/symfony/mailer/compare/v7.4.5...v7.4.6\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/mailer/issues/63468\"\u003e#63468\u003c/a\u003e  Fix webhook rejection by switching to form-encoded request parsing (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/mailer/issues/63435\"\u003e#63435\u003c/a\u003e  Fix handling postal transport apikey (\u003ca href=\"https://github.com/MarcHagen\"\u003e\u003ccode\u003e@​MarcHagen\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/mailer/issues/63354\"\u003e#63354\u003c/a\u003e  Fix invalid encoding of custom headers in SES API (\u003ca href=\"https://github.com/lacatoire\"\u003e\u003ccode\u003e@​lacatoire\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/mailer/issues/63264\"\u003e#63264\u003c/a\u003e  Also bypass Sender header within MicrosoftGraphApiTransport (\u003ca href=\"https://github.com/deeky666\"\u003e\u003ccode\u003e@​deeky666\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/mailer/issues/63278\"\u003e#63278\u003c/a\u003e  Fix Mailjet SMTP relay X-MJ-TemplateErrorReporting header format to MailjetApiTransport (\u003ca href=\"https://github.com/mwijngaard\"\u003e\u003ccode\u003e@​mwijngaard\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v7.4.3...v7.4.4\"\u003ehttps://github.com/symfony/mailer/compare/v7.4.3...v7.4.4\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/mailer/issues/62984\"\u003e#62984\u003c/a\u003e  Also bypass \u003ccode\u003eReturn-Path\u003c/code\u003e header within \u003ccode\u003eMicrosoftGraphApiTransport\u003c/code\u003e (\u003ca href=\"https://github.com/zoglo\"\u003e\u003ccode\u003e@​zoglo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v7.4.2...v7.4.3\"\u003ehttps://github.com/symfony/mailer/compare/v7.4.2...v7.4.3\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62756\"\u003esymfony/symfony#62756\u003c/a\u003e [Mailer] do not use PHPUnit mock objects without configured expectations (\u003ca href=\"https://github.com/xabbuh\"\u003e\u003ccode\u003e@​xabbuh\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v7.4.0-RC3...v7.4.0\"\u003ehttps://github.com/symfony/mailer/compare/v7.4.0-RC3...v7.4.0\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efeature \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62469\"\u003esymfony/symfony#62469\u003c/a\u003e [Security] Keep SymfonyCasts as backers of the Security components v7.4 🤗 (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0-RC1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v7.4.0-BETA2...v7.4.0-RC1\"\u003ehttps://github.com/symfony/mailer/compare/v7.4.0-BETA2...v7.4.0-RC1\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62333\"\u003esymfony/symfony#62333\u003c/a\u003e  Postal mailer transport message ID retrieval (\u003ca href=\"https://github.com/lalcebo\"\u003e\u003ccode\u003e@​lalcebo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0-BETA1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/mailer/compare/v7.3.4...v7.4.0-BETA1\"\u003ehttps://github.com/symfony/mailer/compare/v7.3.4...v7.4.0-BETA1\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efeature \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61775\"\u003esymfony/symfony#61775\u003c/a\u003e [Mailer][Mandrill] Add \u003ccode\u003esubaccount\u003c/code\u003e to the payload (\u003ca href=\"https://github.com/andrehoong-pixieset\"\u003e\u003ccode\u003e@​andrehoong-pixieset\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeature \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61758\"\u003esymfony/symfony#61758\u003c/a\u003e [Mailer][Sendgrid] Add support for \u003ccode\u003eglobal\u003c/code\u003e region (\u003ca href=\"https://github.com/sonnymilton\"\u003e\u003ccode\u003e@​sonnymilton\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeature \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61555\"\u003esymfony/symfony#61555\u003c/a\u003e [Mailer][Sweego] Add support for new webhook events (\u003ca href=\"https://github.com/welcoMattic\"\u003e\u003ccode\u003e@​welcoMattic\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeature \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61455\"\u003esymfony/symfony#61455\u003c/a\u003e [Mailer][Sendgrid] Add suppression groups support (\u003ca href=\"https://github.com/KiloSierraCharlie\"\u003e\u003ccode\u003e@​KiloSierraCharlie\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeature \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61315\"\u003esymfony/symfony#61315\u003c/a\u003e [Mailer] Add compatibility for Mailtrap's sandbox (\u003ca href=\"https://github.com/KiloSierraCharlie\"\u003e\u003ccode\u003e@​KiloSierraCharlie\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeature \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/61290\"\u003esymfony/symfony#61290\u003c/a\u003e [Mailer] Add MicrosoftGraph API Transport (\u003ca href=\"https://github.com/bobvandevijver\"\u003e\u003ccode\u003e@​bobvandevijver\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeature \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/60110\"\u003esymfony/symfony#60110\u003c/a\u003e [Mailer] [Transport] Allow exception logging for \u003ccode\u003eRoundRobinTransport\u003c/code\u003e mailer (\u003ca href=\"https://github.com/jnoordsij\"\u003e\u003ccode\u003e@​jnoordsij\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/mailer/blob/8.1/CHANGELOG.md\"\u003esymfony/mailer's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCHANGELOG\u003c/h1\u003e\n\u003ch2\u003e8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove \u003ccode\u003eTransportFactoryTestCase\u003c/code\u003e, extend \u003ccode\u003eAbstractTransportFactoryTestCase\u003c/code\u003e instead\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003elogger\u003c/code\u003e (constructor) property to \u003ccode\u003eRoundRobinTransport\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd DSN param \u003ccode\u003eretry_period\u003c/code\u003e to override default email transport retry period\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eDsn::getBooleanOption()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd DSN param \u003ccode\u003esource_ip\u003c/code\u003e to allow binding to a (specific) IPv4 or IPv6 address.\u003c/li\u003e\n\u003cli\u003eAdd DSN param \u003ccode\u003erequire_tls\u003c/code\u003e to enforce use of TLS/STARTTLS\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eDkimSignedMessageListener\u003c/code\u003e, \u003ccode\u003eSmimeEncryptedMessageListener\u003c/code\u003e, and \u003ccode\u003eSmimeSignedMessageListener\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eDeprecate \u003ccode\u003eTransportFactoryTestCase\u003c/code\u003e, extend \u003ccode\u003eAbstractTransportFactoryTestCase\u003c/code\u003e instead\u003c/p\u003e\n\u003cp\u003eThe \u003ccode\u003etestIncompleteDsnException()\u003c/code\u003e test is no longer provided by default. If you make use of it by implementing the \u003ccode\u003eincompleteDsnProvider()\u003c/code\u003e data providers,\nyou now need to use the \u003ccode\u003eIncompleteDsnTestTrait\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eMake \u003ccode\u003eTransportFactoryTestCase\u003c/code\u003e compatible with PHPUnit 10+\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport unicode email addresses such as \u0026quot;dømi@dømi.example\u0026quot;\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDispatch Postmark's \u0026quot;406 - Inactive recipient\u0026quot; API error code as a \u003ccode\u003ePostmarkDeliveryEvent\u003c/code\u003e instead of throwing an exception\u003c/li\u003e\n\u003cli\u003eAdd DSN param \u003ccode\u003eauto_tls\u003c/code\u003e to disable automatic STARTTLS\u003c/li\u003e\n\u003cli\u003eAdd support for allowing some users even if \u003ccode\u003erecipients\u003c/code\u003e is defined in \u003ccode\u003eEnvelopeListener\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove the OhMySmtp bridge in favor of the MailPace bridge\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd DSN parameter \u003ccode\u003epeer_fingerprint\u003c/code\u003e to verify TLS certificate fingerprint\u003c/li\u003e\n\u003cli\u003eChange the default port for the \u003ccode\u003emailjet+smtp\u003c/code\u003e transport from 465 to 587\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/5cefb712a25f320579615ba9e1942abaeade7dff\"\u003e\u003ccode\u003e5cefb71\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/94fd44f3052e02340b0dd4447a7d7a5856e32da2\"\u003e\u003ccode\u003e94fd44f\u003c/code\u003e\u003c/a\u003e Merge branch '5.4' into 6.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/5b5385bc21c3549a80abc1353ccf8eb0b6861c61\"\u003e\u003ccode\u003e5b5385b\u003c/code\u003e\u003c/a\u003e [Mailer] Add end-of-options separator before recipients in SendmailTransport;...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/0a4f0730345a76eb1ba1b081a82dcdb952d2362e\"\u003e\u003ccode\u003e0a4f073\u003c/code\u003e\u003c/a\u003e [7.4] Remove usages of named arguments in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/e8faa3338410d1ed1892a24b7ed91b5a75c83143\"\u003e\u003ccode\u003ee8faa33\u003c/code\u003e\u003c/a\u003e Update XSD references in phpunit.xml.dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/2c39419b2aa2f463ef5801d6e66fa06dcca0fefe\"\u003e\u003ccode\u003e2c39419\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/602519c3466621897c556125dbf644ec8dde2b38\"\u003e\u003ccode\u003e602519c\u003c/code\u003e\u003c/a\u003e PHP CS Fixer: backports changes toward 6.4 branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/9902e35b1b77db550b289eb6ec7d945149b0dbde\"\u003e\u003ccode\u003e9902e35\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/a2918c6f34e601472ee891b517ab223e216ca5a3\"\u003e\u003ccode\u003ea2918c6\u003c/code\u003e\u003c/a\u003e CS fixes - native_function_invocation \u0026amp; static_lambda\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/mailer/commit/d56a83b4ba1de6375d0745de9299daf078426fd1\"\u003e\u003ccode\u003ed56a83b\u003c/code\u003e\u003c/a\u003e [CS] Back config from 8.1 and apply heredoc_indentation rule\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/symfony/mailer/compare/v7.2.3...v7.4.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `symfony/routing` from 7.2.3 to 7.4.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/routing/releases\"\u003esymfony/routing's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.4.13\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v7.4.12...v7.4.13\"\u003ehttps://github.com/symfony/routing/compare/v7.4.12...v7.4.13\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity #cve-2026-48784  Fix dot-segment encoding for chained \u0026quot;../\u0026quot; and \u0026quot;./\u0026quot; in generated URLs (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/routing/issues/64343\"\u003e#64343\u003c/a\u003e  Harden __unserialize against __toString trampolines (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.12\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v7.4.9...v7.4.12\"\u003ehttps://github.com/symfony/routing/compare/v7.4.9...v7.4.12\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity #cve-2026-45065  Fix regex alternation anchoring in \u003ccode\u003eUrlGenerator\u003c/code\u003e requirement validation (\u003ca href=\"https://github.com/alexandre-daubois\"\u003e\u003ccode\u003e@​alexandre-daubois\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.9\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v7.4.6...v7.4.9\"\u003ehttps://github.com/symfony/routing/compare/v7.4.6...v7.4.9\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/routing/issues/63981\"\u003e#63981\u003c/a\u003e  Honor the Request's method in UrlMatcher::matchRequest() (\u003ca href=\"https://github.com/ousamabenyounes\"\u003e\u003ccode\u003e@​ousamabenyounes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v7.4.7...v7.4.8\"\u003ehttps://github.com/symfony/routing/compare/v7.4.7...v7.4.8\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v7.4.5...v7.4.6\"\u003ehttps://github.com/symfony/routing/compare/v7.4.5...v7.4.6\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/routing/issues/54236\"\u003e#54236\u003c/a\u003e  Fix exclude option being ignored for non-glob and PSR-4 resources (\u003ca href=\"https://github.com/NeilPeyssard\"\u003e\u003ccode\u003e@​NeilPeyssard\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/routing/issues/60662\"\u003e#60662\u003c/a\u003e  assign attribute aliases to localized route if applicable (\u003ca href=\"https://github.com/alcohol\"\u003e\u003ccode\u003e@​alcohol\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v7.4.3...v7.4.4\"\u003ehttps://github.com/symfony/routing/compare/v7.4.3...v7.4.4\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v7.4.2...v7.4.3\"\u003ehttps://github.com/symfony/routing/compare/v7.4.2...v7.4.3\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62791\"\u003esymfony/symfony#62791\u003c/a\u003e [Routing] Fix simple parameter mappings in routes (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62747\"\u003esymfony/symfony#62747\u003c/a\u003e [Routing] Do not renumber query parameters with numeric key (\u003ca href=\"https://github.com/tillhoerner\"\u003e\u003ccode\u003e@​tillhoerner\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v7.4.0-RC3...v7.4.0\"\u003ehttps://github.com/symfony/routing/compare/v7.4.0-RC3...v7.4.0\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efeature \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62469\"\u003esymfony/symfony#62469\u003c/a\u003e [Security] Keep SymfonyCasts as backers of the Security components v7.4 🤗 (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0-RC3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/routing/compare/v7.4.0-RC2...v7.4.0-RC3\"\u003ehttps://github.com/symfony/routing/compare/v7.4.0-RC2...v7.4.0-RC3\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62459\"\u003esymfony/symfony#62459\u003c/a\u003e [Routing] Fix case sensitivity for static host matching in compiled routes (\u003ca href=\"https://github.com/yoeunes\"\u003e\u003ccode\u003e@​yoeunes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62461\"\u003esymfony/symfony#62461\u003c/a\u003e [Routing] Fix localized prefix updates breaking aliases (\u003ca href=\"https://github.com/yoeunes\"\u003e\u003ccode\u003e@​yoeunes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62460\"\u003esymfony/symfony#62460\u003c/a\u003e [Routing] Fix addNamePrefix breaking aliases to external routes (\u003ca href=\"https://github.com/yoeunes\"\u003e\u003ccode\u003e@​yoeunes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/routing/blob/8.1/CHANGELOG.md\"\u003esymfony/routing's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCHANGELOG\u003c/h1\u003e\n\u003ch2\u003e8.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a \u003ccode\u003e$trailingSlashOnRoot\u003c/code\u003e argument to \u003ccode\u003eCollectionConfigurator::prefix()\u003c/code\u003e to allow disabling the trailing slash on root routes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove support for accessing the internal scope of the loader in PHP config files, use only its public API instead\u003c/li\u003e\n\u003cli\u003eProviding a non-array \u003ccode\u003e_query\u003c/code\u003e parameter to \u003ccode\u003eUrlGenerator\u003c/code\u003e causes an \u003ccode\u003eInvalidParameterException\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRemove the protected \u003ccode\u003eAttributeClassLoader::$routeAnnotationClass\u003c/code\u003e property and the \u003ccode\u003esetRouteAnnotationClass()\u003c/code\u003e method, use \u003ccode\u003eAttributeClassLoader::setRouteAttributeClass()\u003c/code\u003e instead\u003c/li\u003e\n\u003cli\u003eRemove class aliases in the \u003ccode\u003eAnnotation\u003c/code\u003e namespace, use attributes instead\u003c/li\u003e\n\u003cli\u003eRemove getters and setters in attribute classes in favor of public properties\u003c/li\u003e\n\u003cli\u003eRemove support for the XML configuration format\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eAttributeServicesLoader\u003c/code\u003e and \u003ccode\u003eRoutingControllerPass\u003c/code\u003e to auto-register routes from attributes on services\u003c/li\u003e\n\u003cli\u003eAllow query-specific parameters in \u003ccode\u003eUrlGenerator\u003c/code\u003e using \u003ccode\u003e_query\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support of multiple env names in the  \u003ccode\u003eSymfony\\Component\\Routing\\Attribute\\Route\u003c/code\u003e attribute\u003c/li\u003e\n\u003cli\u003eAdd argument \u003ccode\u003e$parameters\u003c/code\u003e to \u003ccode\u003eRequestContext\u003c/code\u003e's constructor\u003c/li\u003e\n\u003cli\u003eHandle declaring routes using PHP arrays that follow the same shape as corresponding yaml files\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eRoutesReference\u003c/code\u003e to help writing PHP configs using yaml-like array-shapes\u003c/li\u003e\n\u003cli\u003eDeprecate class aliases in the \u003ccode\u003eAnnotation\u003c/code\u003e namespace, use attributes instead\u003c/li\u003e\n\u003cli\u003eDeprecate getters and setters in attribute classes in favor of public properties\u003c/li\u003e\n\u003cli\u003eDeprecate accessing the internal scope of the loader in PHP config files, use only its public API instead\u003c/li\u003e\n\u003cli\u003eDeprecate XML configuration format, use YAML, PHP or attributes instead\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAllow aliases and deprecations in \u003ccode\u003e#[Route]\u003c/code\u003e attribute\u003c/li\u003e\n\u003cli\u003eAdd the \u003ccode\u003eRequirement::MONGODB_ID\u003c/code\u003e constant to validate MongoDB ObjectIDs in hexadecimal format\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd the \u003ccode\u003eRequirement::UID_RFC9562\u003c/code\u003e constant to validate UUIDs in the RFC 9562 format\u003c/li\u003e\n\u003cli\u003eDeprecate the \u003ccode\u003eAttributeClassLoader::$routeAnnotationClass\u003c/code\u003e property\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e{foo:bar}\u003c/code\u003e syntax to define a mapping between a route parameter and its corresponding request attribute\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e7.0\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/3a162171bb008e5e0f15dce6581373a4c0e8390d\"\u003e\u003ccode\u003e3a16217\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/af04c79671fd8df0805a44c83fa2b0ba56c8329e\"\u003e\u003ccode\u003eaf04c79\u003c/code\u003e\u003c/a\u003e Merge branch '5.4' into 6.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/e6f3f03a59fa732bc41ca9e75b65554802afa0f4\"\u003e\u003ccode\u003ee6f3f03\u003c/code\u003e\u003c/a\u003e Fix tests and merge resolution after merging 6.4 into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/5156fe8035e9c0a9de486d685a04e54c58c2f419\"\u003e\u003ccode\u003e5156fe8\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/be4ce34035aa79b8bc3ba1a7d1694435a216f68b\"\u003e\u003ccode\u003ebe4ce34\u003c/code\u003e\u003c/a\u003e [Routing][RateLimiter][Mime][Security] Harden __unserialize against __toStrin...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/f4ca0c533854c26e3b27e981da760807f89e1a42\"\u003e\u003ccode\u003ef4ca0c5\u003c/code\u003e\u003c/a\u003e [Routing] Fix dot-segment encoding for chained \u0026quot;../\u0026quot; and \u0026quot;./\u0026quot; in generated URLs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/3b04a5ec4887a8135a12ebf0f4cbc5b8fc8ee204\"\u003e\u003ccode\u003e3b04a5e\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/0cd0d2fb05382c95dff6b33c51a7c96cbdbc136d\"\u003e\u003ccode\u003e0cd0d2f\u003c/code\u003e\u003c/a\u003e Merge branch '5.4' into 6.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/287771d8bc86eacb30678dd10eda6c64a859951f\"\u003e\u003ccode\u003e287771d\u003c/code\u003e\u003c/a\u003e [7.4] Remove usages of named arguments in tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/routing/commit/453501c5a24f08739f3da39d693ab1006947c119\"\u003e\u003ccode\u003e453501c\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/symfony/routing/compare/v7.2.3...v7.4.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `symfony/yaml` from 7.2.5 to 7.4.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/yaml/releases\"\u003esymfony/yaml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.4.13\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/yaml/compare/v7.4.12...v7.4.13\"\u003ehttps://github.com/symfony/yaml/compare/v7.4.12...v7.4.13\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/yaml/issues/64316\"\u003e#64316\u003c/a\u003e  Allow trailing newlines after the end-of-document marker (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.12\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/yaml/compare/v7.4.11...v7.4.12\"\u003ehttps://github.com/symfony/yaml/compare/v7.4.11...v7.4.12\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity #cve-2026-45305  Harden the Parser::cleanup() regexes against catastrophic backtracking (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esecurity #cve-2026-45304  Bound collection-alias resolution in the parser (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esecurity #cve-2026-45133  Bound recursion depth in the parser (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/yaml/compare/v7.4.10...v7.4.11\"\u003ehttps://github.com/symfony/yaml/compare/v7.4.10...v7.4.11\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/yaml/issues/64196\"\u003e#64196\u003c/a\u003e  Reject non-stringables when using \u0026quot;!!binary\u0026quot; (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/yaml/compare/v7.4.6...v7.4.10\"\u003ehttps://github.com/symfony/yaml/compare/v7.4.6...v7.4.10\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/yaml/issues/64119\"\u003e#64119\u003c/a\u003e  fix flow collection drops \u003ccode\u003e\u0026amp;anchor\u003c/code\u003e and \u003ccode\u003e!!str \u0026amp;anchor\u003c/code\u003e items (\u003ca href=\"https://github.com/ousamabenyounes\"\u003e\u003ccode\u003e@​ousamabenyounes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/yaml/compare/v7.4.7...v7.4.8\"\u003ehttps://github.com/symfony/yaml/compare/v7.4.7...v7.4.8\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/yaml/compare/v7.4.5...v7.4.6\"\u003ehttps://github.com/symfony/yaml/compare/v7.4.5...v7.4.6\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/yaml/issues/57292\"\u003e#57292\u003c/a\u003e  Fix parsing nested mappings in sequences (\u003ca href=\"https://github.com/HypeMC\"\u003e\u003ccode\u003e@​HypeMC\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/yaml/compare/v7.4.0...v7.4.1\"\u003ehttps://github.com/symfony/yaml/compare/v7.4.0...v7.4.1\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62612\"\u003esymfony/symfony#62612\u003c/a\u003e [Yaml] Fix regression handling blank lines in unquoted scalars (\u003ca href=\"https://github.com/yoeunes\"\u003e\u003ccode\u003e@​yoeunes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/yaml/compare/v7.4.0-RC3...v7.4.0\"\u003ehttps://github.com/symfony/yaml/compare/v7.4.0-RC3...v7.4.0\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0-RC2\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/yaml/compare/v7.4.0-RC1...v7.4.0-RC2\"\u003ehttps://github.com/symfony/yaml/compare/v7.4.0-RC1...v7.4.0-RC2\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62409\"\u003esymfony/symfony#62409\u003c/a\u003e [Yaml] Align unquoted multiline scalar parsing with spec for comments (\u003ca href=\"https://github.com/yoeunes\"\u003e\u003ccode\u003e@​yoeunes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0-RC1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/yaml/compare/v7.4.0-BETA2...v7.4.0-RC1\"\u003ehttps://github.com/symfony/yaml/compare/v7.4.0-BETA2...v7.4.0-RC1\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/yaml/blob/8.1/CHANGELOG.md\"\u003esymfony/yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCHANGELOG\u003c/h1\u003e\n\u003ch2\u003e8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove support for parsing duplicate mapping keys whose value is \u003ccode\u003enull\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd compact nested mapping support by using the \u003ccode\u003eYaml::DUMP_COMPACT_NESTED_MAPPING\u003c/code\u003e flag\u003c/li\u003e\n\u003cli\u003eAdd the \u003ccode\u003eYaml::DUMP_FORCE_DOUBLE_QUOTES_ON_VALUES\u003c/code\u003e flag to enforce double quotes around string values\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeprecate parsing duplicate mapping keys whose value is \u003ccode\u003enull\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for dumping \u003ccode\u003enull\u003c/code\u003e as an empty value by using the \u003ccode\u003eYaml::DUMP_NULL_AS_EMPTY\u003c/code\u003e flag\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for getting all the enum cases with \u003ccode\u003e!php/enum Foo\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove the \u003ccode\u003e!php/const:\u003c/code\u003e tag, use \u003ccode\u003e!php/const\u003c/code\u003e instead (without the colon)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support to dump int keys as strings by using the \u003ccode\u003eYaml::DUMP_NUMERIC_KEY_AS_STRING\u003c/code\u003e flag\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for \u003ccode\u003e!php/enum\u003c/code\u003e and \u003ccode\u003e!php/enum *-\u0026gt;value\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDeprecate the \u003ccode\u003e!php/const:\u003c/code\u003e tag in key which will be replaced by the \u003ccode\u003e!php/const\u003c/code\u003e tag (without the colon) since 3.4\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIn cases where it will likely improve readability, strings containing single quotes will be double-quoted\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd a \u003ccode\u003e$maxNestingLevel\u003c/code\u003e argument to \u003ccode\u003eParser::__construct()\u003c/code\u003e, \u003ccode\u003eYaml::parse()\u003c/code\u003e and \u003ccode\u003eYaml::parseFile()\u003c/code\u003e to bound recursion depth (default 128)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/yaml/commit/a7ec3b1156faf8815db7683ec7c1e7338e6f977c\"\u003e\u003ccode\u003ea7ec3b1\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/yaml/commit/e8fdf3408c85806198d5826e604ffc6830d33152\"\u003e\u003ccode\u003ee8fdf34\u003c/code\u003e\u003c/a\u003e CS fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/yaml/commit/4b5658cbd0d9addde73c09299d179e2724b011b1\"\u003e\u003ccode\u003e4b5658c\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/yaml/commit/69b7344651917c541eb1ad85de52ef3649909f3c\"\u003e\u003ccode\u003e69b7344\u003c/code\u003e\u003c/a\u003e Merge branch '5.4' into 6.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/yaml/commit/ae0bbb46f77ff56591d0a0259c7f458f4b3e1f77\"\u003e\u003ccode\u003eae0bbb4\u003c/code\u003e\u003c/a\u003e [Yaml] Allow trailing newlines after the end-of-document marker\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/yaml/commit/8b6952b56ca6417f25f7a65758cadd0ce02edc51\"\u003e\u003ccode\u003e8b6952b\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/yaml/commit/68dcd1f1602dac9d9221e25729683e0ce8733f3b\"\u003e\u003ccode\u003e68dcd1f\u003c/code\u003e\u003c/a\u003e Merge branch '5.4' into 6.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/yaml/commit/b0b27055f055f0d314c5c68ed0c10f0bbd90aee0\"\u003e\u003ccode\u003eb0b2705\u003c/code\u003e\u003c/a\u003e [Yaml] Harden the Parser::cleanup() regexes against catastrophic backtracking\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/yaml/commit/5a351ff7a15e631cd7abaa44f2a5e5fc3f0c43f6\"\u003e\u003ccode\u003e5a351ff\u003c/code\u003e\u003c/a\u003e [Yaml] Bound collection-alias resolution in the parser\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/yaml/commit/e2eb64a57763815ccae07ac1c7653d6cc1c326fd\"\u003e\u003ccode\u003ee2eb64a\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/symfony/yaml/compare/v7.2.5...v7.4.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/drago1520/coolify-examples/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/drago1520/coolify-examples/pull/40","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/drago1520%2Fcoolify-examples/issues/40","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/40/packages"}},{"old_version":"2.7.0","new_version":"2.8.2","update_type":"minor","path":null,"pr_created_at":"2026-04-28T22:53:44.000Z","version_change":"2.7.0 → 2.8.2","issue":{"uuid":"4346744692","node_id":"PR_kwDORNs4gM7WhFvD","number":27,"state":"open","title":"Bump the composer group across 1 directory with 6 updates","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-28T22:53:44.000Z","updated_at":"2026-04-28T22:53:55.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"composer","update_count":6,"packages":[{"name":"phpoffice/phpspreadsheet","old_version":"5.0.0","new_version":"5.7.0","repository_url":"https://github.com/PHPOffice/PhpSpreadsheet"},{"name":"google/protobuf","old_version":"4.31.1","new_version":"4.33.6","repository_url":"https://github.com/protocolbuffers/protobuf-php"},{"name":"league/commonmark","old_version":"2.7.0","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"},{"name":"psy/psysh","old_version":"0.12.8","new_version":"0.12.22","repository_url":"https://github.com/bobthecow/psysh"},{"name":"symfony/http-foundation","old_version":"7.3.0","new_version":"7.4.8","repository_url":"https://github.com/symfony/http-foundation"},{"name":"symfony/process","old_version":"7.3.0","new_version":"7.4.8","repository_url":"https://github.com/symfony/process"}],"path":null,"ecosystem":"packagist"},"body":"Bumps the composer group with 6 updates in the /Wber directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [phpoffice/phpspreadsheet](https://github.com/PHPOffice/PhpSpreadsheet) | `5.0.0` | `5.7.0` |\n| [google/protobuf](https://github.com/protocolbuffers/protobuf-php) | `4.31.1` | `4.33.6` |\n| [league/commonmark](https://github.com/thephpleague/commonmark) | `2.7.0` | `2.8.2` |\n| [psy/psysh](https://github.com/bobthecow/psysh) | `0.12.8` | `0.12.22` |\n| [symfony/http-foundation](https://github.com/symfony/http-foundation) | `7.3.0` | `7.4.8` |\n| [symfony/process](https://github.com/symfony/process) | `7.3.0` | `7.4.8` |\n\n\nUpdates `phpoffice/phpspreadsheet` from 5.0.0 to 5.7.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/PHPOffice/PhpSpreadsheet/releases\"\u003ephpoffice/phpspreadsheet's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.7.0\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity patches.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.6.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMake Reader/Csv Extendable, add new preferred Reader/CsvNoEscape class. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4836\"\u003e#4836\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4836\"\u003ePHPOffice/PhpSpreadsheet#4836\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4837\"\u003e#4837\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4837\"\u003ePHPOffice/PhpSpreadsheet#4837\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4845\"\u003e#4845\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4845\"\u003ePHPOffice/PhpSpreadsheet#4845\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eXLOOKUP function. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/1453\"\u003e#1453\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/1453\"\u003ePHPOffice/PhpSpreadsheet#1453\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4844\"\u003e#4844\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4844\"\u003ePHPOffice/PhpSpreadsheet#4844\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIntroduction of a benchmark test suite, independent of the default unit test suite. Users can use it as a template for experimenting and making decisions concerning performance. [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4824\"\u003e#4824\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4824\"\u003ePHPOffice/PhpSpreadsheet#4824\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCollection/Cells::MAX_COLUMN_ID - use Cell/AddressRange::MAX_COLUMN_INT.\u003c/li\u003e\n\u003cli\u003eWriter/Xls/Worksheet constants MAX_XLS_COLUMN, MAX_XLS_COLUMN_STRING, MAX_XLS_ROW - use Cell/AddressRange MAX_COLUMN_INT_XLS, MAX_COLUMN_XLS, MAX_ROW_XLS\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsistent handling of row and column limits. [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4820\"\u003e#4820\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4820\"\u003ePHPOffice/PhpSpreadsheet#4820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProblems with Html Conditional Formatting Colorscale. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4838\"\u003e#4838\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4838\"\u003ePHPOffice/PhpSpreadsheet#4838\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4839\"\u003e#4839\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4839\"\u003ePHPOffice/PhpSpreadsheet#4839\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed an issue where Date detection could misclassify invalid numeric values as dates. [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4841\"\u003e#4841\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4841\"\u003ePHPOffice/PhpSpreadsheet#4841\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOds Reader/Writer Integer Styles with Leading Zeros. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/1606\"\u003e#1606\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/1606\"\u003ePHPOffice/PhpSpreadsheet#1606\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4822\"\u003e#4822\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4822\"\u003ePHPOffice/PhpSpreadsheet#4822\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eXlsx Writer Data URI for Images. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4823\"\u003e#4823\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4823\"\u003ePHPOffice/PhpSpreadsheet#4823\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4831\"\u003e#4831\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4831\"\u003ePHPOffice/PhpSpreadsheet#4831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eConfusion Checking for Union Arguments. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4832\"\u003e#4832\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4832\"\u003ePHPOffice/PhpSpreadsheet#4832\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4835\"\u003e#4835\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4835\"\u003ePHPOffice/PhpSpreadsheet#4835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReader Xlsx Hyperlink with Anchor. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4842\"\u003e#4842\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4842\"\u003ePHPOffice/PhpSpreadsheet#4842\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4843\"\u003e#4843\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4843\"\u003ePHPOffice/PhpSpreadsheet#4843\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.5.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMuch improved handling of Styles by Ods Reader. The relevant changes are listed at the end of the \u0026quot;Fixed\u0026quot; section below.\u003c/li\u003e\n\u003cli\u003eOption to use OldCalculatedValue in ToArray and Relatives. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/1810\"\u003e#1810\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/1810\"\u003ePHPOffice/PhpSpreadsheet#1810\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4787\"\u003e#4787\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4787\"\u003ePHPOffice/PhpSpreadsheet#4787\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd checkbox style (Xlsx and Html). [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4781\"\u003e#4781\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4781\"\u003ePHPOffice/PhpSpreadsheet#4781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOption to whitelist external images. [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4793\"\u003e#4793\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4793\"\u003ePHPOffice/PhpSpreadsheet#4793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWriter/Html add ability to set line ending. [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4779\"\u003e#4779\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4779\"\u003ePHPOffice/PhpSpreadsheet#4779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWriter/Html optionally save formulas as data attributes. [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4783\"\u003e#4783\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4783\"\u003ePHPOffice/PhpSpreadsheet#4783\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUser-supplied headers and footers in PDF. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/3159\"\u003e#3159\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/3159\"\u003ePHPOffice/PhpSpreadsheet#3159\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4789\"\u003e#4789\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4789\"\u003ePHPOffice/PhpSpreadsheet#4789\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eWriter/Html constant BODY_LINE no longer makes sense with a configurable line ending. No replacement.\u003c/li\u003e\n\u003cli\u003eCalculation classes FormulaParser and FormulaToken are unused. No replacement.\u003c/li\u003e\n\u003cli\u003eWriter/Xls/Worksheet methods insertBitMap, positionImage, writeObjPicture, processBitmapGd, and processBitmap are unused. No replacement.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eImprove performance in value binders. [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4780\"\u003e#4780\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4780\"\u003ePHPOffice/PhpSpreadsheet#4780\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHandle Unions as Function Arguments. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4656\"\u003e#4656\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4656\"\u003ePHPOffice/PhpSpreadsheet#4656\u003c/a\u003e) [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/316\"\u003e#316\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/316\"\u003ePHPOffice/PhpSpreadsheet#316\u003c/a\u003e) [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/503\"\u003e#503\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/503\"\u003ePHPOffice/PhpSpreadsheet#503\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4657\"\u003e#4657\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4657\"\u003ePHPOffice/PhpSpreadsheet#4657\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUnexpected Behavior of CONCATENATE. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4061\"\u003e#4061\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4061\"\u003ePHPOffice/PhpSpreadsheet#4061\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4797\"\u003e#4797\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4797\"\u003ePHPOffice/PhpSpreadsheet#4797\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImage Css size in millimeters. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4800\"\u003e#4800\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4800\"\u003ePHPOffice/PhpSpreadsheet#4800\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4801\"\u003e#4801\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4801\"\u003ePHPOffice/PhpSpreadsheet#4801\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/PHPOffice/PhpSpreadsheet/blob/master/CHANGELOG.md\"\u003ephpoffice/phpspreadsheet's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2026-04-19 - 5.7.0\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity patches.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2026-04-09 - 5.6.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMake Reader/Csv Extendable, add new preferred Reader/CsvNoEscape class. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4836\"\u003e#4836\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4836\"\u003ePHPOffice/PhpSpreadsheet#4836\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4837\"\u003e#4837\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4837\"\u003ePHPOffice/PhpSpreadsheet#4837\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4845\"\u003e#4845\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4845\"\u003ePHPOffice/PhpSpreadsheet#4845\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eXLOOKUP function. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/1453\"\u003e#1453\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/1453\"\u003ePHPOffice/PhpSpreadsheet#1453\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4844\"\u003e#4844\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4844\"\u003ePHPOffice/PhpSpreadsheet#4844\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIntroduction of a benchmark test suite, independent of the default unit test suite. Users can use it as a template for experimenting and making decisions concerning performance. [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4824\"\u003e#4824\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4824\"\u003ePHPOffice/PhpSpreadsheet#4824\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eRemoved\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eNothing yet.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eNothing yet.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMoved\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eNothing yet.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDeprecated\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCollection/Cells::MAX_COLUMN_ID - use Cell/AddressRange::MAX_COLUMN_INT.\u003c/li\u003e\n\u003cli\u003eWriter/Xls/Worksheet constants MAX_XLS_COLUMN, MAX_XLS_COLUMN_STRING, MAX_XLS_ROW - use Cell/AddressRange MAX_COLUMN_INT_XLS, MAX_COLUMN_XLS, MAX_ROW_XLS\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eConsistent handling of row and column limits. [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4820\"\u003e#4820\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4820\"\u003ePHPOffice/PhpSpreadsheet#4820\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eProblems with Html Conditional Formatting Colorscale. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4838\"\u003e#4838\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4838\"\u003ePHPOffice/PhpSpreadsheet#4838\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4839\"\u003e#4839\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4839\"\u003ePHPOffice/PhpSpreadsheet#4839\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed an issue where Date detection could misclassify invalid numeric values as dates. [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4841\"\u003e#4841\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4841\"\u003ePHPOffice/PhpSpreadsheet#4841\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOds Reader/Writer Integer Styles with Leading Zeros. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/1606\"\u003e#1606\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/1606\"\u003ePHPOffice/PhpSpreadsheet#1606\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4822\"\u003e#4822\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4822\"\u003ePHPOffice/PhpSpreadsheet#4822\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eXlsx Writer Data URI for Images. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4823\"\u003e#4823\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4823\"\u003ePHPOffice/PhpSpreadsheet#4823\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4831\"\u003e#4831\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4831\"\u003ePHPOffice/PhpSpreadsheet#4831\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eConfusion Checking for Union Arguments. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4832\"\u003e#4832\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4832\"\u003ePHPOffice/PhpSpreadsheet#4832\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4835\"\u003e#4835\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4835\"\u003ePHPOffice/PhpSpreadsheet#4835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eReader Xlsx Hyperlink with Anchor. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4842\"\u003e#4842\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4842\"\u003ePHPOffice/PhpSpreadsheet#4842\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4843\"\u003e#4843\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4843\"\u003ePHPOffice/PhpSpreadsheet#4843\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2026-02-28 - 5.5.0\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMuch improved handling of Styles by Ods Reader. The relevant changes are listed at the end of the \u0026quot;Fixed\u0026quot; section below.\u003c/li\u003e\n\u003cli\u003eOption to use OldCalculatedValue in ToArray and Relatives. [Issue \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/1810\"\u003e#1810\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/1810\"\u003ePHPOffice/PhpSpreadsheet#1810\u003c/a\u003e) [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4787\"\u003e#4787\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4787\"\u003ePHPOffice/PhpSpreadsheet#4787\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd checkbox style (Xlsx and Html). [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4781\"\u003e#4781\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4781\"\u003ePHPOffice/PhpSpreadsheet#4781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eOption to whitelist external images. [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4793\"\u003e#4793\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4793\"\u003ePHPOffice/PhpSpreadsheet#4793\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eWriter/Html add ability to set line ending. [PR \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4779\"\u003e#4779\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/pull/4779\"\u003ePHPOffice/PhpSpreadsheet#4779\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PHPOffice/PhpSpreadsheet/commit/9f55d3b9b7bcb1084fda8340e4b7ce4ed10cd0c8\"\u003e\u003ccode\u003e9f55d3b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4859\"\u003e#4859\u003c/a\u003e from oleibman/updchangelog20260419\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PHPOffice/PhpSpreadsheet/commit/2e35213f2a5c8430f8f46294e7d472c30cf123be\"\u003e\u003ccode\u003e2e35213\u003c/code\u003e\u003c/a\u003e Update Changelog for New Release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PHPOffice/PhpSpreadsheet/commit/9019a9c9da1daee02d55c40f45f23a3c7eba5b62\"\u003e\u003ccode\u003e9019a9c\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PHPOffice/PhpSpreadsheet/commit/f1eb4e6980d537ec85fc20be5950f9ad65d47ffd\"\u003e\u003ccode\u003ef1eb4e6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PHPOffice/PhpSpreadsheet/commit/9b90dee03deb0d28761479c4a3a06fba5f7e012e\"\u003e\u003ccode\u003e9b90dee\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4857\"\u003e#4857\u003c/a\u003e from oleibman/changelog20260406\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PHPOffice/PhpSpreadsheet/commit/f302b3265a3c471438192eea5a8cca26c1d52e88\"\u003e\u003ccode\u003ef302b32\u003c/code\u003e\u003c/a\u003e Prepare Changelog For New Release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PHPOffice/PhpSpreadsheet/commit/4a476071b3e0d633906251d95e73ad7464a32337\"\u003e\u003ccode\u003e4a47607\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4850\"\u003e#4850\u003c/a\u003e from oleibman/updatestan\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PHPOffice/PhpSpreadsheet/commit/8a9e9b561043ad5c9ed869a9c9b6658a7b1c50c3\"\u003e\u003ccode\u003e8a9e9b5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4845\"\u003e#4845\u003c/a\u003e from oleibman/csvnonutf8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PHPOffice/PhpSpreadsheet/commit/5d6d7d537f941ecfff5990f33558bad74d075be5\"\u003e\u003ccode\u003e5d6d7d5\u003c/code\u003e\u003c/a\u003e Merge branch 'master' into csvnonutf8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/PHPOffice/PhpSpreadsheet/commit/6f23fe3d8c3b2604360bbc4d1778a1f41d6c1d52\"\u003e\u003ccode\u003e6f23fe3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/PHPOffice/PhpSpreadsheet/issues/4844\"\u003e#4844\u003c/a\u003e from oleibman/xlookup\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/PHPOffice/PhpSpreadsheet/compare/5.0.0...5.7.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `google/protobuf` from 4.31.1 to 4.33.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf-php/commit/84b008c23915ed94536737eae46f41ba3bccfe67\"\u003e\u003ccode\u003e84b008c\u003c/code\u003e\u003c/a\u003e 4.33.6 sync\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf-php/commit/1debe453db83159b98a38df5a3737feb1e8ef016\"\u003e\u003ccode\u003e1debe45\u003c/code\u003e\u003c/a\u003e 5.34.0 sync\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf-php/commit/3f6644d863943ebedafacfbfff2cb1c967a766b2\"\u003e\u003ccode\u003e3f6644d\u003c/code\u003e\u003c/a\u003e 5.34.0RC2 sync\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf-php/commit/6fd2d13a7591515c8d09e6278f1a42a78e1adeac\"\u003e\u003ccode\u003e6fd2d13\u003c/code\u003e\u003c/a\u003e 4.29.6 sync\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf-php/commit/ebe8010a61b2ae0cff0d246fe1c4d44e9f7dfa6d\"\u003e\u003ccode\u003eebe8010\u003c/code\u003e\u003c/a\u003e 4.33.5 sync\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf-php/commit/a217acb35241a96fd6d6280e2b2540c30bd028f7\"\u003e\u003ccode\u003ea217acb\u003c/code\u003e\u003c/a\u003e 5.34.0RC1 sync\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf-php/commit/22d28025cda0d223a2e48c2e16c5284ecc9f5402\"\u003e\u003ccode\u003e22d2802\u003c/code\u003e\u003c/a\u003e 4.33.4 sync\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf-php/commit/281537d44d6c270606354e65bfa75a0969dbd629\"\u003e\u003ccode\u003e281537d\u003c/code\u003e\u003c/a\u003e 4.33.3 sync\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf-php/commit/fbd96b7bf1343f4b0d8fb358526c7ba4d72f1318\"\u003e\u003ccode\u003efbd96b7\u003c/code\u003e\u003c/a\u003e 4.33.2 sync\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protocolbuffers/protobuf-php/commit/0cd73ccf0cd26c3e72299cce1ea6144091a57e12\"\u003e\u003ccode\u003e0cd73cc\u003c/code\u003e\u003c/a\u003e 4.33.1 sync\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protocolbuffers/protobuf-php/compare/v4.31.1...v4.33.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `league/commonmark` from 2.7.0 to 2.8.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.8.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (\u003ca href=\"https://github.com/thephpleague/commonmark/security/advisories/GHSA-4v6x-c7xx-hw9f\"\u003eGHSA-4v6x-c7xx-hw9f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kocal\"\u003e\u003ccode\u003e@​Kocal\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1106\"\u003ethephpleague/commonmark#1106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/freost\"\u003e\u003ccode\u003e@​freost\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1107\"\u003ethephpleague/commonmark#1107\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.8.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded a new \u003ccode\u003eHighlightExtension\u003c/code\u003e for marking important text using \u003ccode\u003e==\u003c/code\u003e syntax (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1100\"\u003e#1100\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eAutolinkExtension\u003c/code\u003e incorrectly matching URLs after invalid \u003ccode\u003ewww.\u003c/code\u003e prefix (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1095\"\u003e#1095\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1103\"\u003e#1103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samwilson\"\u003e\u003ccode\u003e@​samwilson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1090\"\u003ethephpleague/commonmark#1090\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ossobuffo\"\u003e\u003ccode\u003e@​ossobuffo\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1100\"\u003ethephpleague/commonmark#1100\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.7.1...2.8.0\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.7.1...2.8.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.7.1\u003c/h2\u003e\n\u003ch2\u003eNotable Changes\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOptimized several regular expressions in \u003ccode\u003eRegexHelper\u003c/code\u003e to improve performance (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/674\"\u003e#674\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1086\"\u003e#1086\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eEmbedProcessor\u003c/code\u003e no longer calls \u003ccode\u003eupdateEmbeds()\u003c/code\u003e when there are no embeds to update (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed missing \u003ccode\u003ebenchmark.php\u003c/code\u003e CSV path validation for non-existent files (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1068\"\u003e#1068\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.8.1] - 2026-03-05\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (GHSA-4v6x-c7xx-hw9f)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.8.0] - 2025-11-26\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded a new \u003ccode\u003eHighlightExtension\u003c/code\u003e for marking important text using \u003ccode\u003e==\u003c/code\u003e syntax (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1100\"\u003e#1100\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eAutolinkExtension\u003c/code\u003e incorrectly matching URLs after invalid \u003ccode\u003ewww.\u003c/code\u003e prefix (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1095\"\u003e#1095\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1103\"\u003e#1103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.7.1] - 2025-07-20\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOptimized several regular expressions in \u003ccode\u003eRegexHelper\u003c/code\u003e to improve performance (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/674\"\u003e#674\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1086\"\u003e#1086\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eEmbedProcessor\u003c/code\u003e no longer calls \u003ccode\u003eupdateEmbeds()\u003c/code\u003e when there are no embeds to update (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed missing \u003ccode\u003ebenchmark.php\u003c/code\u003e CSV path validation for non-existent files (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1068\"\u003e#1068\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/84b1ca48347efdbe775426f108622a42735a6579\"\u003e\u003ccode\u003e84b1ca4\u003c/code\u003e\u003c/a\u003e Almost forgot this entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/bcf54f5a38cf8e42cca45248b04caba13317459f\"\u003e\u003ccode\u003ebcf54f5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/7a68ed1c6765bd2650fed6d9857985bdfe655c71\"\u003e\u003ccode\u003e7a68ed1\u003c/code\u003e\u003c/a\u003e Prepare to release 2.8.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/5c0c4c8fe5a31e8260be99e0afad7136a27c79e6\"\u003e\u003ccode\u003e5c0c4c8\u003c/code\u003e\u003c/a\u003e Fix DisallowedRawHtml bypass via newline/tab in tag names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/f6e74434dd1a91f195f80cb0184b746a4187272a\"\u003e\u003ccode\u003ef6e7443\u003c/code\u003e\u003c/a\u003e Add regression test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/0719b6744cc68bc8b037fb30db86b62ec370c557\"\u003e\u003ccode\u003e0719b67\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e from freost/fix-php85-deprecation-error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/63ff2e0b12742f379803b5f21aa6f5b50abcd412\"\u003e\u003ccode\u003e63ff2e0\u003c/code\u003e\u003c/a\u003e Fix PHP 8.5 deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/8608e9c006d9f44acf8d983b126a813bd8def780\"\u003e\u003ccode\u003e8608e9c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1106\"\u003e#1106\u003c/a\u003e from Kocal/patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.7.0...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `psy/psysh` from 0.12.8 to 0.12.22\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/bobthecow/psysh/releases\"\u003epsy/psysh's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ePsySH v0.12.22\u003c/h2\u003e\n\u003ch2\u003eRuntime config and clipboard support\u003c/h2\u003e\n\u003cp\u003ePsySH has a new \u003ccode\u003econfig\u003c/code\u003e command for inspecting and updating runtime-configurable settings during the current session. You can tweak things like \u003ccode\u003epager\u003c/code\u003e, \u003ccode\u003etheme\u003c/code\u003e, \u003ccode\u003everbosity\u003c/code\u003e, \u003ccode\u003euseSuggestions\u003c/code\u003e, \u003ccode\u003euseSyntaxHighlighting\u003c/code\u003e, \u003ccode\u003eclipboardCommand\u003c/code\u003e, and \u003ccode\u003esemicolonsSuppressReturn\u003c/code\u003e without restarting the shell. Fixes \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/361\"\u003e#361\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThere’s also a new \u003ccode\u003ecopy\u003c/code\u003e command for copying the last result (\u003ccode\u003e$_\u003c/code\u003e) or any expression to your clipboard. Works with system clipboard commands, or via OSC 52 for SSH and remote terminals.\u003c/p\u003e\n\u003cp\u003eConfigure with \u003ccode\u003eclipboardCommand\u003c/code\u003e or \u003ccode\u003euseOsc52Clipboard\u003c/code\u003e in your config.\u003c/p\u003e\n\u003ch2\u003eSemicolon-based return suppression\u003c/h2\u003e\n\u003cp\u003eOptionally suppress return values by ending a statement with \u003ccode\u003e;\u003c/code\u003e, similar to MATLAB/Octave behavior. Supports a \u003ccode\u003e'double'\u003c/code\u003e mode requiring \u003ccode\u003e;;\u003c/code\u003e for suppression (if \u003ccode\u003erequireSemicolons\u003c/code\u003e is also enabled, both \u003ccode\u003etrue\u003c/code\u003e and \u003ccode\u003e'double'\u003c/code\u003e require \u003ccode\u003e;;\u003c/code\u003e).\u003c/p\u003e\n\u003cpre lang=\"php\"\u003e\u003ccode\u003e'semicolonsSuppressReturn' =\u0026gt; true,\r\n'semicolonsSuppressReturn' =\u0026gt; 'double', // Always require ;; to suppress\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003ch2\u003eOutput and exception display improvements\u003c/h2\u003e\n\u003cp\u003eStrings are now valid PHP!\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePsySH now preserves backslashes and other characters it previously mangled in a few cases. Fixes \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/351\"\u003e#351\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/568\"\u003e#568\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMultiline strings are rendered using heredoc-style output rather than triple-quoted strings \u003ccode\u003e\u0026quot;\u0026quot;\u0026quot;\u003c/code\u003e. The old format is available via \u003ccode\u003euseDeprecatedMultilineStrings\u003c/code\u003e until the next major release.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProviding an \u003ccode\u003eexceptionDetails\u003c/code\u003e callback via config renders additional context about exceptions (e.g. validation errors) alongside the error message. Fixes \u003ca href=\"https://redirect.github.com/bobthecow/psysh/issues/648\"\u003e#648\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eA few other improvements:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eMore consistent compact (and non-compact) output spacing.\u003c/li\u003e\n\u003cli\u003eResponsive \u003ccode\u003ehelp\u003c/code\u003e layout adapts to terminal width.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eBetter completion for everyone\u003c/h2\u003e\n\u003cp\u003eLegacy readline now shares PsySH’s newer completion engine, which brings much better parity between ext-readline/libedit and experimental interactive readline. Command argument completion, better multiline buffering, and a handful of command-dispatch edge cases now work much more consistently outside experimental readline too.\u003c/p\u003e\n\u003cp\u003eCommands can now define their own argument completions via \u003ccode\u003eCommandArgumentCompletionAware\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eInteractive readline polish\u003c/h2\u003e\n\u003cp\u003eNew in the experimental interactive readline:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eLive syntax highlighting\u003c/strong\u003e — code is highlighted as you type. Can be disabled via \u003ccode\u003euseSyntaxHighlighting\u003c/code\u003e if you don't like colors, I guess.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAllman-style indenting\u003c/strong\u003e — opening brackets on a new line get proper indentation.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eImproved auto-dedent\u003c/strong\u003e — closing brackets automatically reduce indentation.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ccode\u003epsy\\info()\u003c/code\u003e and \u003ccode\u003e--info\u003c/code\u003e also report more detail about readline and autocomplete state.\u003c/p\u003e\n\u003cp\u003eRun psysh with \u003ccode\u003e--experimental-readline\u003c/code\u003e and try it out. It's getting kind of awesome!\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/3be75d5b9244936dd4ac62ade2bfb004d13acf0f\"\u003e\u003ccode\u003e3be75d5\u003c/code\u003e\u003c/a\u003e Merge branch 'release/v0.12.22'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/8042a8fec59c72b9a9b5586f9bfe79e26c069aeb\"\u003e\u003ccode\u003e8042a8f\u003c/code\u003e\u003c/a\u003e Bump to v0.12.22\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/fd4cb699ef9df41ecd48f175edde3feaf4d8d794\"\u003e\u003ccode\u003efd4cb69\u003c/code\u003e\u003c/a\u003e Fix phan warning\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/2b350a413b82010f6e88fbb794aa7364d5ca9ecf\"\u003e\u003ccode\u003e2b350a4\u003c/code\u003e\u003c/a\u003e Fix throw special casing in really old php-parser versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/193e14994706fbe344291741bed2215622b1a659\"\u003e\u003ccode\u003e193e149\u003c/code\u003e\u003c/a\u003e Fix a code cleaner bug with \u003ccode\u003ethrow new Exception\u003c/code\u003e in PHP 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/f583f74b314459c5f838095ce7a341fdd81690b2\"\u003e\u003ccode\u003ef583f74\u003c/code\u003e\u003c/a\u003e Restore VarDumper hard-ref handling, suppress link-only markers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/1e6a0d6e8800e0d82c86b85b7de9e37ac65a74fd\"\u003e\u003ccode\u003e1e6a0d6\u003c/code\u003e\u003c/a\u003e Prefer use statements over FQNs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/484e600e2ac5f0e403796863865de6d8a6a66ebd\"\u003e\u003ccode\u003e484e600\u003c/code\u003e\u003c/a\u003e Simplify theme identity, no-op updates when unchanged\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/f01e492b18146675b218061c0c31b13fe58e3a9a\"\u003e\u003ccode\u003ef01e492\u003c/code\u003e\u003c/a\u003e Standardize test temp dir creation and cleanup\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/bobthecow/psysh/commit/6f33aea84464ed64b0c684c78fedf1f6620483d8\"\u003e\u003ccode\u003e6f33aea\u003c/code\u003e\u003c/a\u003e Add token-based fallback for incomplete member completion\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/bobthecow/psysh/compare/v0.12.8...v0.12.22\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `symfony/http-foundation` from 7.3.0 to 7.4.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/http-foundation/releases\"\u003esymfony/http-foundation's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.4.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.7...v7.4.8\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.7...v7.4.8\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.6...v7.4.7\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.6...v7.4.7\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63603\"\u003e#63603\u003c/a\u003e  Fix session cookie_lifetime not applied in mock session storage (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.6\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.5...v7.4.6\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.5...v7.4.6\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63448\"\u003e#63448\u003c/a\u003e  Handle empty session data in updateTimestamp() to fix compat with PHP 8.6 (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63319\"\u003e#63319\u003c/a\u003e  BinaryFileResponse: always return 206 if Range is valid (\u003ca href=\"https://github.com/Jimbolino\"\u003e\u003ccode\u003e@​Jimbolino\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63262\"\u003e#63262\u003c/a\u003e  Reject invalid paths (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/54304\"\u003e#54304\u003c/a\u003e  When calling UploadedFile::getErrorMessage() to a file which has no error and is uploaded successfully, it should not return an error (\u003ca href=\"https://github.com/ArmCyber\"\u003e\u003ccode\u003e@​ArmCyber\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63230\"\u003e#63230\u003c/a\u003e  fix engine declaration on mysql pdo table creations (\u003ca href=\"https://github.com/tandev\"\u003e\u003ccode\u003e@​tandev\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.5\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.4...v7.4.5\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.4...v7.4.5\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63137\"\u003e#63137\u003c/a\u003e  Fix PdoSessionHandler charset-collation mismatch with the Doctrine DBAL (\u003ca href=\"https://github.com/samy-mahmoudi\"\u003e\u003ccode\u003e@​samy-mahmoudi\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.3...v7.4.4\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.3...v7.4.4\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/http-foundation/issues/63012\"\u003e#63012\u003c/a\u003e  Fix double-prefixing of session keys when using redis/memcached (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.2...v7.4.3\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.2...v7.4.3\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62799\"\u003esymfony/symfony#62799\u003c/a\u003e [Cache][HttpFoundation] Fix VARBINARY columns on sqlsrv (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.0...v7.4.1\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.0...v7.4.1\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62663\"\u003esymfony/symfony#62663\u003c/a\u003e [HttpFoundation] Improve logic in Request::createFromGlobals() (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.0-RC3...v7.4.0\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.0-RC3...v7.4.0\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0-RC1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.4.0-BETA2...v7.4.0-RC1\"\u003ehttps://github.com/symfony/http-foundation/compare/v7.4.0-BETA2...v7.4.0-RC1\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62287\"\u003esymfony/symfony#62287\u003c/a\u003e [HttpFoundation] Fix AcceptHeader overwrites items with different parameters (\u003ca href=\"https://github.com/yoeunes\"\u003e\u003ccode\u003e@​yoeunes\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62324\"\u003esymfony/symfony#62324\u003c/a\u003e [HttpFoundation] Fix parsing hosts and schemes in URLs (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/http-foundation/blob/8.1/CHANGELOG.md\"\u003esymfony/http-foundation's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCHANGELOG\u003c/h1\u003e\n\u003ch2\u003e8.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eBinaryFileResponse::shouldDeleteFileAfterSend()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDeprecate setting public properties of \u003ccode\u003eRequest\u003c/code\u003e and \u003ccode\u003eResponse\u003c/code\u003e objects directly; use setters or constructor arguments instead\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDrop HTTP method override support for methods GET, HEAD, CONNECT and TRACE\u003c/li\u003e\n\u003cli\u003eAdd argument \u003ccode\u003e$subtypeFallback\u003c/code\u003e to \u003ccode\u003eRequest::getFormat()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRemove the following deprecated session options from \u003ccode\u003eNativeSessionStorage\u003c/code\u003e: \u003ccode\u003ereferer_check\u003c/code\u003e, \u003ccode\u003euse_only_cookies\u003c/code\u003e, \u003ccode\u003euse_trans_sid\u003c/code\u003e, \u003ccode\u003esid_length\u003c/code\u003e, \u003ccode\u003esid_bits_per_character\u003c/code\u003e, \u003ccode\u003etrans_sid_hosts\u003c/code\u003e, \u003ccode\u003etrans_sid_tags\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eTrigger PHP warning when using \u003ccode\u003eRequest::sendHeaders()\u003c/code\u003e after headers have already been sent; use a \u003ccode\u003eStreamedResponse\u003c/code\u003e instead\u003c/li\u003e\n\u003cli\u003eAdd arguments \u003ccode\u003e$v4Bytes\u003c/code\u003e and \u003ccode\u003e$v6Bytes\u003c/code\u003e to \u003ccode\u003eIpUtils::anonymize()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd argument \u003ccode\u003e$partitioned\u003c/code\u003e to \u003ccode\u003eResponseHeaderBag::clearCookie()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd argument \u003ccode\u003e$expiration\u003c/code\u003e to \u003ccode\u003eUriSigner::sign()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eRemove \u003ccode\u003eRequest::get()\u003c/code\u003e, use properties \u003ccode\u003e-\u0026gt;attributes\u003c/code\u003e, \u003ccode\u003equery\u003c/code\u003e or \u003ccode\u003erequest\u003c/code\u003e directly instead\u003c/li\u003e\n\u003cli\u003eRemove accepting null \u003ccode\u003e$format\u003c/code\u003e argument to \u003ccode\u003eRequest::setFormat()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003e#[WithHttpStatus]\u003c/code\u003e to define status codes: 404 for \u003ccode\u003eSignedUriException\u003c/code\u003e and 403 for \u003ccode\u003eExpiredSignedUriException\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for the \u003ccode\u003eQUERY\u003c/code\u003e HTTP method\u003c/li\u003e\n\u003cli\u003eAdd support for structured MIME suffix\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eRequest::set/getAllowedHttpMethodOverride()\u003c/code\u003e to list which HTTP methods can be overridden\u003c/li\u003e\n\u003cli\u003eDeprecate using \u003ccode\u003eRequest::sendHeaders()\u003c/code\u003e after headers have already been sent; use a \u003ccode\u003eStreamedResponse\u003c/code\u003e instead\u003c/li\u003e\n\u003cli\u003eDeprecate method \u003ccode\u003eRequest::get()\u003c/code\u003e, use properties \u003ccode\u003e-\u0026gt;attributes\u003c/code\u003e, \u003ccode\u003equery\u003c/code\u003e or \u003ccode\u003erequest\u003c/code\u003e directly instead\u003c/li\u003e\n\u003cli\u003eMake \u003ccode\u003eRequest::createFromGlobals()\u003c/code\u003e parse the body of PUT, DELETE, PATCH and QUERY requests\u003c/li\u003e\n\u003cli\u003eDeprecate HTTP method override for methods GET, HEAD, CONNECT and TRACE; it will be ignored in Symfony 8.0\u003c/li\u003e\n\u003cli\u003eDeprecate accepting null \u003ccode\u003e$format\u003c/code\u003e argument to \u003ccode\u003eRequest::setFormat()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for iterable of string in \u003ccode\u003eStreamedResponse\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eEventStreamResponse\u003c/code\u003e and \u003ccode\u003eServerEvent\u003c/code\u003e classes to streamline server event streaming\u003c/li\u003e\n\u003cli\u003eAdd support for \u003ccode\u003evalkey:\u003c/code\u003e / \u003ccode\u003evalkeys:\u003c/code\u003e schemes for sessions\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRequest::getPreferredLanguage()\u003c/code\u003e now favors a more preferred language above exactly matching a locale\u003c/li\u003e\n\u003cli\u003eAllow \u003ccode\u003eUriSigner\u003c/code\u003e to use a \u003ccode\u003eClockInterface\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eUriSigner::verify()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd optional \u003ccode\u003e$requests\u003c/code\u003e parameter to \u003ccode\u003eRequestStack::__construct()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdd optional \u003ccode\u003e$v4Bytes\u003c/code\u003e and \u003ccode\u003e$v6Bytes\u003c/code\u003e parameters to \u003ccode\u003eIpUtils::anonymize()\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/9381209597ec66c25be154cbf2289076e64d1eab\"\u003e\u003ccode\u003e9381209\u003c/code\u003e\u003c/a\u003e Configure deprecation triggers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/f94b3e7b7dafd40e666f0c9ff2084133bae41e81\"\u003e\u003ccode\u003ef94b3e7\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/cffffd0a2c037117b742b4f8b379a22a2a33f6d2\"\u003e\u003ccode\u003ecffffd0\u003c/code\u003e\u003c/a\u003e [HttpFoundation] Fix session cookie_lifetime not applied in mock session storage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/fd97d5e926e988a363cef56fbbf88c5c528e9065\"\u003e\u003ccode\u003efd97d5e\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/5bb346d1b4b2a616e5c3d99b3ee4d5810735c535\"\u003e\u003ccode\u003e5bb346d\u003c/code\u003e\u003c/a\u003e [HttpFoundation] Handle empty session data in updateTimestamp() to fix compat...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/17de1a39c0ed8dc062df993d65c7269502a2ec78\"\u003e\u003ccode\u003e17de1a3\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/31b030e12f6662a7016add28fe29b70327dacf86\"\u003e\u003ccode\u003e31b030e\u003c/code\u003e\u003c/a\u003e stop using with*() without expects()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/36ba5c7a025c05a92cd4a753abbe1781442c8414\"\u003e\u003ccode\u003e36ba5c7\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/31e2a27d480546f031bd4fc6f1ec8a7abdd62bb1\"\u003e\u003ccode\u003e31e2a27\u003c/code\u003e\u003c/a\u003e BinaryFileResponse: always return 206 if Range is valid\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/http-foundation/commit/669ac23030db4cc4314e7a9ada4e258752266ec1\"\u003e\u003ccode\u003e669ac23\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.4\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/symfony/http-foundation/compare/v7.3.0...v7.4.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `symfony/process` from 7.3.0 to 7.4.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/symfony/process/releases\"\u003esymfony/process's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.4.8\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v7.4.7...v7.4.8\"\u003ehttps://github.com/symfony/process/compare/v7.4.7...v7.4.8\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/process/issues/63611\"\u003e#63611\u003c/a\u003e  Throw InvalidArgumentException when env block exceeds Windows limit (Nadim AL ABDOU)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.5\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v7.4.4...v7.4.5\"\u003ehttps://github.com/symfony/process/compare/v7.4.4...v7.4.5\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity #cve-2026-24739  Fix escaping for MSYS on Windows (nicolas-grekas)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/process/issues/63164\"\u003e#63164\u003c/a\u003e  Fix escaping for MSYS on Windows (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.4\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v7.4.3...v7.4.4\"\u003ehttps://github.com/symfony/process/compare/v7.4.3...v7.4.4\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/process/issues/63004\"\u003e#63004\u003c/a\u003e  Ignore invalid env var names (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.3\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v7.4.2...v7.4.3\"\u003ehttps://github.com/symfony/process/compare/v7.4.2...v7.4.3\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/symfony/issues/62775\"\u003esymfony/symfony#62775\u003c/a\u003e [Process] Fix dealing with broken stdin pipes (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v7.4.0-RC3...v7.4.0\"\u003ehttps://github.com/symfony/process/compare/v7.4.0-RC3...v7.4.0\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0-RC1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v7.4.0-BETA2...v7.4.0-RC1\"\u003ehttps://github.com/symfony/process/compare/v7.4.0-BETA2...v7.4.0-RC1\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.4.0-BETA1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v7.3.4...v7.4.0-BETA1\"\u003ehttps://github.com/symfony/process/compare/v7.3.4...v7.4.0-BETA1\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eno significant changes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.3.11\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v7.3.10...v7.3.11\"\u003ehttps://github.com/symfony/process/compare/v7.3.10...v7.3.11\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003esecurity #cve-2026-24739  Fix escaping for MSYS on Windows (nicolas-grekas)\u003c/li\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/process/issues/63164\"\u003e#63164\u003c/a\u003e  Fix escaping for MSYS on Windows (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.3.10\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v7.3.9...v7.3.10\"\u003ehttps://github.com/symfony/process/compare/v7.3.9...v7.3.10\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ebug \u003ca href=\"https://redirect.github.com/symfony/process/issues/63004\"\u003e#63004\u003c/a\u003e  Ignore invalid env var names (\u003ca href=\"https://github.com/nicolas-grekas\"\u003e\u003ccode\u003e@​nicolas-grekas\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.3.9\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eChangelog\u003c/strong\u003e (\u003ca href=\"https://github.com/symfony/process/compare/v7.3.8...v7.3.9\"\u003ehttps://github.com/symfony/process/compare/v7.3.8...v7.3.9\u003c/a\u003e)\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/60f19cd3badc8de688421e21e4305eba50f8089a\"\u003e\u003ccode\u003e60f19cd\u003c/code\u003e\u003c/a\u003e Configure deprecation triggers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/95b070ee7180a0d49d48786fccf3b935c01d6f3b\"\u003e\u003ccode\u003e95b070e\u003c/code\u003e\u003c/a\u003e [Process] Throw InvalidArgumentException when env block exceeds Windows limit\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/608476f4604102976d687c483ac63a79ba18cc97\"\u003e\u003ccode\u003e608476f\u003c/code\u003e\u003c/a\u003e Merge branch '7.3' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/81fe4ea2c3b8677fa2adfd8e48ba42374ede0e3b\"\u003e\u003ccode\u003e81fe4ea\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/c46e854e79b52d07666e43924a20cb6dc546644e\"\u003e\u003ccode\u003ec46e854\u003c/code\u003e\u003c/a\u003e [Process] Fix escaping for MSYS on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/626f07a53f4b4e2f00e11824cc29f928d797783b\"\u003e\u003ccode\u003e626f07a\u003c/code\u003e\u003c/a\u003e Merge branch '7.3' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/4424bc14e7dedec472440cc991f961f22343caaa\"\u003e\u003ccode\u003e4424bc1\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/c593135be689b21e6164b1e8f6f5dbf1506b065c\"\u003e\u003ccode\u003ec593135\u003c/code\u003e\u003c/a\u003e [Process] Adjust Process mustRun method phpdoc\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/f532042054c29ec9181b94ec5d5a42736c052eb1\"\u003e\u003ccode\u003ef532042\u003c/code\u003e\u003c/a\u003e Merge branch '7.3' into 7.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/symfony/process/commit/6d13a9300772cf6f22f490574b80d9bf3481d07a\"\u003e\u003ccode\u003e6d13a93\u003c/code\u003e\u003c/a\u003e Merge branch '6.4' into 7.3\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/symfony/process/compare/v7.3.0...v7.4.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mahmoud2001858833/order/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/mahmoud2001858833/order/pull/27","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mahmoud2001858833%2Forder/issues/27","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/27/packages"}},{"old_version":"2.8.1","new_version":"2.8.2","update_type":"patch","path":null,"pr_created_at":"2026-04-26T09:13:26.000Z","version_change":"2.8.1 → 2.8.2","issue":{"uuid":"4330496784","node_id":"PR_kwDOBKAl187Vs-cH","number":50,"state":"closed","title":"Bump league/commonmark from 2.8.1 to 2.8.2","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-26T09:14:11.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-26T09:13:26.000Z","updated_at":"2026-04-26T09:14:13.000Z","time_to_close":45,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"league/commonmark","old_version":"2.8.1","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":null,"ecosystem":"packagist"},"body":"Bumps [league/commonmark](https://github.com/thephpleague/commonmark) from 2.8.1 to 2.8.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.8.1\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/scify/Memor-i-Studio/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/scify/Memor-i-Studio/pull/50","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/scify%2FMemor-i-Studio/issues/50","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/50/packages"}},{"old_version":"2.8.0","new_version":"2.8.2","update_type":"patch","path":null,"pr_created_at":"2026-04-18T04:41:26.000Z","version_change":"2.8.0 → 2.8.2","issue":{"uuid":"4286721820","node_id":"PR_kwDOSFx3Rc7ThTp3","number":15,"state":"open","title":"chore(deps): bump league/commonmark from 2.8.0 to 2.8.2","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-18T04:41:26.000Z","updated_at":"2026-04-18T06:02:30.237Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"league/commonmark","old_version":"2.8.0","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":null,"ecosystem":"packagist"},"body":"Bumps [league/commonmark](https://github.com/thephpleague/commonmark) from 2.8.0 to 2.8.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.8.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (\u003ca href=\"https://github.com/thephpleague/commonmark/security/advisories/GHSA-4v6x-c7xx-hw9f\"\u003eGHSA-4v6x-c7xx-hw9f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kocal\"\u003e\u003ccode\u003e@​Kocal\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1106\"\u003ethephpleague/commonmark#1106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/freost\"\u003e\u003ccode\u003e@​freost\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1107\"\u003ethephpleague/commonmark#1107\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.8.1] - 2026-03-05\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (GHSA-4v6x-c7xx-hw9f)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/84b1ca48347efdbe775426f108622a42735a6579\"\u003e\u003ccode\u003e84b1ca4\u003c/code\u003e\u003c/a\u003e Almost forgot this entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/bcf54f5a38cf8e42cca45248b04caba13317459f\"\u003e\u003ccode\u003ebcf54f5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/7a68ed1c6765bd2650fed6d9857985bdfe655c71\"\u003e\u003ccode\u003e7a68ed1\u003c/code\u003e\u003c/a\u003e Prepare to release 2.8.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/5c0c4c8fe5a31e8260be99e0afad7136a27c79e6\"\u003e\u003ccode\u003e5c0c4c8\u003c/code\u003e\u003c/a\u003e Fix DisallowedRawHtml bypass via newline/tab in tag names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/f6e74434dd1a91f195f80cb0184b746a4187272a\"\u003e\u003ccode\u003ef6e7443\u003c/code\u003e\u003c/a\u003e Add regression test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/0719b6744cc68bc8b037fb30db86b62ec370c557\"\u003e\u003ccode\u003e0719b67\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e from freost/fix-php85-deprecation-error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/63ff2e0b12742f379803b5f21aa6f5b50abcd412\"\u003e\u003ccode\u003e63ff2e0\u003c/code\u003e\u003c/a\u003e Fix PHP 8.5 deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/8608e9c006d9f44acf8d983b126a813bd8def780\"\u003e\u003ccode\u003e8608e9c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1106\"\u003e#1106\u003c/a\u003e from Kocal/patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.0...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.8.0\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ltac0203-pixel/fleximo-oss/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/ltac0203-pixel/fleximo-oss/pull/15","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ltac0203-pixel%2Ffleximo-oss/issues/15","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/15/packages"}},{"old_version":"2.8.0","new_version":"2.8.2","update_type":"patch","path":null,"pr_created_at":"2026-04-14T20:14:57.000Z","version_change":"2.8.0 → 2.8.2","issue":{"uuid":"4264493431","node_id":"PR_kwDON4ub4c7SbTgX","number":12,"state":"closed","title":"Bump the composer group across 1 directory with 2 updates","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-17T23:16:36.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-14T20:14:57.000Z","updated_at":"2026-04-17T23:16:38.000Z","time_to_close":270099,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"composer","update_count":2,"packages":[{"name":"composer/composer","old_version":"2.9.3","new_version":"2.9.6","repository_url":"https://github.com/composer/composer"},{"name":"league/commonmark","old_version":"2.8.0","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":null,"ecosystem":"packagist"},"body":"Bumps the composer group with 2 updates in the /workbench directory: [composer/composer](https://github.com/composer/composer) and [league/commonmark](https://github.com/thephpleague/commonmark).\n\nUpdates `composer/composer` from 2.9.3 to 2.9.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/composer/composer/releases\"\u003ecomposer/composer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.9.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: Fixed command injection via malicious Perforce reference (GHSA-gqw4-4w2p-838q / CVE-2026-40261)\u003c/li\u003e\n\u003cli\u003eSecurity: Fixed command injection via malicious Perforce repository definition (GHSA-wg36-wvj6-r67p / CVE-2026-40176)\u003c/li\u003e\n\u003cli\u003eSecurity: Fixed git credentials remaining in git mirror .git/config after clone or update failed (2bcbfc3d)\u003c/li\u003e\n\u003cli\u003eSecurity: Fixed usage of insecure 3DES ciphers when ext-curl is missing (5e71d77e)\u003c/li\u003e\n\u003cli\u003eSecurity: Fixed Perforce unescaped user input in queryP4User shell command (ef3fc088)\u003c/li\u003e\n\u003cli\u003eSecurity: Hardened git/hg/perforce/fossil identifier validation to ensure branch names starting with \u003ccode\u003e-\u003c/code\u003e do not cause issues (6621d45, d836b90, 5e08c764)\u003c/li\u003e\n\u003cli\u003eFixed inconsistent treatment of SingleCommandApplication script commands wrt autoloading (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12758\"\u003e#12758\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed GitHub API authentication errors not being visible to the user (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12737\"\u003e#12737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed some platform package parsing failing when Composer runs in web SAPIs (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12735\"\u003e#12735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed error reporting for clarity when a constraint cannot be parsed (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12743\"\u003e#12743\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/composer/composer/compare/2.9.5...2.9.6\"\u003ehttps://github.com/composer/composer/compare/2.9.5...2.9.6\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.9.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for new \u003ccode\u003epie\u003c/code\u003e \u003ccode\u003edownload-url-methods\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12727\"\u003e#12727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed detection of 7z when installed as 7za on some linux systems (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12731\"\u003e#12731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed warning because of the symfony/process CVE, 2.9.4 had a workaround already\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/composer/composer/compare/2.9.4...2.9.5\"\u003ehttps://github.com/composer/composer/compare/2.9.4...2.9.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.9.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded active plugins to the diagnose command output (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12706\"\u003e#12706\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTP/3\u003c/code\u003e causing issues with proxies (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12699\"\u003e#12699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eshow\u003c/code\u003e command regression with long descriptions containing unicode characters (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12704\"\u003e#12704\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed regression handling invalid unicode sequences in output (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12707\"\u003e#12707\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003egit rev-list\u003c/code\u003e usages to support older pre-2.33 git versions (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12705\"\u003e#12705\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed issue handling paths with \u003ccode\u003e=\u003c/code\u003e in them on Windows (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12726\"\u003e#12726\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/composer/composer/compare/2.9.3...2.9.4\"\u003ehttps://github.com/composer/composer/compare/2.9.3...2.9.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/composer/composer/blob/main/CHANGELOG.md\"\u003ecomposer/composer's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e[2.9.6] 2026-04-14\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: Fixed command injection via malicious Perforce reference (GHSA-gqw4-4w2p-838q / CVE-2026-40261)\u003c/li\u003e\n\u003cli\u003eSecurity: Fixed command injection via malicious Perforce repository definition (GHSA-wg36-wvj6-r67p / CVE-2026-40176)\u003c/li\u003e\n\u003cli\u003eSecurity: Fixed git credentials remaining in git mirror .git/config after clone or update failed (2bcbfc3d)\u003c/li\u003e\n\u003cli\u003eSecurity: Fixed usage of insecure 3DES ciphers when ext-curl is missing (5e71d77e)\u003c/li\u003e\n\u003cli\u003eSecurity: Fixed Perforce unescaped user input in queryP4User shell command (ef3fc088)\u003c/li\u003e\n\u003cli\u003eSecurity: Hardened git/hg/perforce/fossil identifier validation to ensure branch names starting with \u003ccode\u003e-\u003c/code\u003e do not cause issues (6621d45, d836b90, 5e08c764)\u003c/li\u003e\n\u003cli\u003eFixed inconsistent treatment of SingleCommandApplication script commands wrt autoloading (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12758\"\u003e#12758\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed GitHub API authentication errors not being visible to the user (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12737\"\u003e#12737\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed some platform package parsing failing when Composer runs in web SAPIs (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12735\"\u003e#12735\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed error reporting for clarity when a constraint cannot be parsed (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12743\"\u003e#12743\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e[2.9.5] 2026-01-29\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded support for new \u003ccode\u003epie\u003c/code\u003e \u003ccode\u003edownload-url-methods\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12727\"\u003e#12727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed detection of 7z when installed as 7za on some linux systems (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12731\"\u003e#12731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed warning because of the symfony/process CVE, 2.9.4 had a workaround already\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e[2.9.4] 2026-01-22\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded active plugins to the diagnose command output (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12706\"\u003e#12706\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eHTTP/3\u003c/code\u003e causing issues with proxies (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12699\"\u003e#12699\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003eshow\u003c/code\u003e command regression with long descriptions containing unicode characters (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12704\"\u003e#12704\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed regression handling invalid unicode sequences in output (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12707\"\u003e#12707\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed \u003ccode\u003egit rev-list\u003c/code\u003e usages to support older pre-2.33 git versions (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12705\"\u003e#12705\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed issue handling paths with \u003ccode\u003e=\u003c/code\u003e in them on Windows (\u003ca href=\"https://redirect.github.com/composer/composer/issues/12726\"\u003e#12726\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/composer/composer/commit/9afc32c056d65f9bc4af64ca2aa264a0a38568e5\"\u003e\u003ccode\u003e9afc32c\u003c/code\u003e\u003c/a\u003e Release 2.9.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/composer/composer/commit/e00073c3d424708644e45480d929933de922c4d9\"\u003e\u003ccode\u003ee00073c\u003c/code\u003e\u003c/a\u003e Fix some perforce type issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/composer/composer/commit/4fcc13d428f28479b01f757341aadd625412b454\"\u003e\u003ccode\u003e4fcc13d\u003c/code\u003e\u003c/a\u003e Convert perforce util to use array process args to avoid injections\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/composer/composer/commit/fd82721e1bdbded81dbc2b5acaa2f54d7513964f\"\u003e\u003ccode\u003efd82721\u003c/code\u003e\u003c/a\u003e Update changelog\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/composer/composer/commit/15f2541d942f3958930bbe86d11cd9c7bd4d2830\"\u003e\u003ccode\u003e15f2541\u003c/code\u003e\u003c/a\u003e Fix --no-plugins handling regression in \u003ca href=\"https://redirect.github.com/composer/composer/issues/12758\"\u003e#12758\u003c/a\u003e, fixes \u003ca href=\"https://redirect.github.com/composer/composer/issues/12789\"\u003e#12789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/composer/composer/commit/4f02616e6fba3b1baf8d45725f847841b44fc15c\"\u003e\u003ccode\u003e4f02616\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/composer/composer/commit/91f077050c13e49e22554b991c81378ce8b5ee16\"\u003e\u003ccode\u003e91f0770\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/composer/composer/commit/d836b901648dfb0f8c94c02bbd91bb68a25e16d8\"\u003e\u003ccode\u003ed836b90\u003c/code\u003e\u003c/a\u003e Fix fossil driver identifier validation for getFileContent\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/composer/composer/commit/028a251c3fec3d561f8728506411581c9093dd70\"\u003e\u003ccode\u003e028a251\u003c/code\u003e\u003c/a\u003e Fix tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/composer/composer/commit/5e08c764257b5ab0948af93010a39bd5644b153d\"\u003e\u003ccode\u003e5e08c76\u003c/code\u003e\u003c/a\u003e Fix fossil update call when calling it with valid branch names like --dry-run...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/composer/composer/compare/2.9.3...2.9.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `league/commonmark` from 2.8.0 to 2.8.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.8.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (\u003ca href=\"https://github.com/thephpleague/commonmark/security/advisories/GHSA-4v6x-c7xx-hw9f\"\u003eGHSA-4v6x-c7xx-hw9f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kocal\"\u003e\u003ccode\u003e@​Kocal\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1106\"\u003ethephpleague/commonmark#1106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/freost\"\u003e\u003ccode\u003e@​freost\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1107\"\u003ethephpleague/commonmark#1107\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.8.1] - 2026-03-05\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (GHSA-4v6x-c7xx-hw9f)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/84b1ca48347efdbe775426f108622a42735a6579\"\u003e\u003ccode\u003e84b1ca4\u003c/code\u003e\u003c/a\u003e Almost forgot this entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/bcf54f5a38cf8e42cca45248b04caba13317459f\"\u003e\u003ccode\u003ebcf54f5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/7a68ed1c6765bd2650fed6d9857985bdfe655c71\"\u003e\u003ccode\u003e7a68ed1\u003c/code\u003e\u003c/a\u003e Prepare to release 2.8.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/5c0c4c8fe5a31e8260be99e0afad7136a27c79e6\"\u003e\u003ccode\u003e5c0c4c8\u003c/code\u003e\u003c/a\u003e Fix DisallowedRawHtml bypass via newline/tab in tag names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/f6e74434dd1a91f195f80cb0184b746a4187272a\"\u003e\u003ccode\u003ef6e7443\u003c/code\u003e\u003c/a\u003e Add regression test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/0719b6744cc68bc8b037fb30db86b62ec370c557\"\u003e\u003ccode\u003e0719b67\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e from freost/fix-php85-deprecation-error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/63ff2e0b12742f379803b5f21aa6f5b50abcd412\"\u003e\u003ccode\u003e63ff2e0\u003c/code\u003e\u003c/a\u003e Fix PHP 8.5 deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/8608e9c006d9f44acf8d983b126a813bd8def780\"\u003e\u003ccode\u003e8608e9c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1106\"\u003e#1106\u003c/a\u003e from Kocal/patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.0...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/pixelated-au/streamline/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/pixelated-au/streamline/pull/12","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/pixelated-au%2Fstreamline/issues/12","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/12/packages"}},{"old_version":"2.8.1","new_version":"2.8.2","update_type":"patch","path":"/laravel_project","pr_created_at":"2026-03-23T11:07:25.000Z","version_change":"2.8.1 → 2.8.2","issue":{"uuid":"4120046985","node_id":"PR_kwDOLMfA7c7MpgrA","number":195,"state":"closed","title":"chore(deps): bump league/commonmark from 2.8.1 to 2.8.2 in /laravel_project","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-03-24T09:52:23.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-23T11:07:25.000Z","updated_at":"2026-03-24T09:52:25.000Z","time_to_close":81898,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"league/commonmark","old_version":"2.8.1","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":"/laravel_project","ecosystem":"packagist"},"body":"Bumps [league/commonmark](https://github.com/thephpleague/commonmark) from 2.8.1 to 2.8.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.8.1\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/shumasod/laravel_project/pull/195","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/shumasod%2Flaravel_project/issues/195","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/195/packages"}},{"old_version":"2.5.3","new_version":"2.8.2","update_type":"minor","path":null,"pr_created_at":"2026-03-23T10:51:35.000Z","version_change":"2.5.3 → 2.8.2","issue":{"uuid":"4119965793","node_id":"PR_kwDOMpW6Tc7MpQR-","number":246,"state":"open","title":"Bump league/commonmark from 2.5.3 to 2.8.2","user":"dependabot[bot]","labels":["Stale","dependencies","php"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-23T10:51:35.000Z","updated_at":"2026-04-07T05:43:53.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"league/commonmark","old_version":"2.5.3","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":null,"ecosystem":"packagist"},"body":"Bumps [league/commonmark](https://github.com/thephpleague/commonmark) from 2.5.3 to 2.8.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.8.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (\u003ca href=\"https://github.com/thephpleague/commonmark/security/advisories/GHSA-4v6x-c7xx-hw9f\"\u003eGHSA-4v6x-c7xx-hw9f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kocal\"\u003e\u003ccode\u003e@​Kocal\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1106\"\u003ethephpleague/commonmark#1106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/freost\"\u003e\u003ccode\u003e@​freost\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1107\"\u003ethephpleague/commonmark#1107\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.8.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded a new \u003ccode\u003eHighlightExtension\u003c/code\u003e for marking important text using \u003ccode\u003e==\u003c/code\u003e syntax (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1100\"\u003e#1100\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eAutolinkExtension\u003c/code\u003e incorrectly matching URLs after invalid \u003ccode\u003ewww.\u003c/code\u003e prefix (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1095\"\u003e#1095\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1103\"\u003e#1103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/samwilson\"\u003e\u003ccode\u003e@​samwilson\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1090\"\u003ethephpleague/commonmark#1090\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ossobuffo\"\u003e\u003ccode\u003e@​ossobuffo\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1100\"\u003ethephpleague/commonmark#1100\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.7.1...2.8.0\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.7.1...2.8.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.7.1\u003c/h2\u003e\n\u003ch2\u003eNotable Changes\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOptimized several regular expressions in \u003ccode\u003eRegexHelper\u003c/code\u003e to improve performance (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/674\"\u003e#674\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1086\"\u003e#1086\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eEmbedProcessor\u003c/code\u003e no longer calls \u003ccode\u003eupdateEmbeds()\u003c/code\u003e when there are no embeds to update (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed missing \u003ccode\u003ebenchmark.php\u003c/code\u003e CSV path validation for non-existent files (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1068\"\u003e#1068\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.8.1] - 2026-03-05\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (GHSA-4v6x-c7xx-hw9f)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.8.0] - 2025-11-26\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded a new \u003ccode\u003eHighlightExtension\u003c/code\u003e for marking important text using \u003ccode\u003e==\u003c/code\u003e syntax (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1100\"\u003e#1100\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eAutolinkExtension\u003c/code\u003e incorrectly matching URLs after invalid \u003ccode\u003ewww.\u003c/code\u003e prefix (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1095\"\u003e#1095\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1103\"\u003e#1103\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.7.1] - 2025-07-20\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eOptimized several regular expressions in \u003ccode\u003eRegexHelper\u003c/code\u003e to improve performance (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/674\"\u003e#674\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1086\"\u003e#1086\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eEmbedProcessor\u003c/code\u003e no longer calls \u003ccode\u003eupdateEmbeds()\u003c/code\u003e when there are no embeds to update (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1081\"\u003e#1081\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed missing \u003ccode\u003ebenchmark.php\u003c/code\u003e CSV path validation for non-existent files (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1068\"\u003e#1068\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1085\"\u003e#1085\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.7.0] - 2025-05-05\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address a potential cross-site scripting (XSS) vulnerability when using the \u003ccode\u003eAttributesExtension\u003c/code\u003e with untrusted user input.\u003c/p\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eattributes/allow\u003c/code\u003e config option to specify which attributes users are allowed to set on elements (default allows virtually all attributes)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThe \u003ccode\u003eAttributesExtension\u003c/code\u003e blocks all attributes starting with \u003ccode\u003eon\u003c/code\u003e unless explicitly allowed via the \u003ccode\u003eattributes/allow\u003c/code\u003e config option\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eallow_unsafe_links\u003c/code\u003e option is now respected by the \u003ccode\u003eAttributesExtension\u003c/code\u003e when users specify \u003ccode\u003ehref\u003c/code\u003e and \u003ccode\u003esrc\u003c/code\u003e attributes\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.6.2] - 2025-04-18\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Attributes extension parsing regression (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1071\"\u003e#1071\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.6.1] - 2024-12-29\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/84b1ca48347efdbe775426f108622a42735a6579\"\u003e\u003ccode\u003e84b1ca4\u003c/code\u003e\u003c/a\u003e Almost forgot this entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/bcf54f5a38cf8e42cca45248b04caba13317459f\"\u003e\u003ccode\u003ebcf54f5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/7a68ed1c6765bd2650fed6d9857985bdfe655c71\"\u003e\u003ccode\u003e7a68ed1\u003c/code\u003e\u003c/a\u003e Prepare to release 2.8.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/5c0c4c8fe5a31e8260be99e0afad7136a27c79e6\"\u003e\u003ccode\u003e5c0c4c8\u003c/code\u003e\u003c/a\u003e Fix DisallowedRawHtml bypass via newline/tab in tag names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/f6e74434dd1a91f195f80cb0184b746a4187272a\"\u003e\u003ccode\u003ef6e7443\u003c/code\u003e\u003c/a\u003e Add regression test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/0719b6744cc68bc8b037fb30db86b62ec370c557\"\u003e\u003ccode\u003e0719b67\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e from freost/fix-php85-deprecation-error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/63ff2e0b12742f379803b5f21aa6f5b50abcd412\"\u003e\u003ccode\u003e63ff2e0\u003c/code\u003e\u003c/a\u003e Fix PHP 8.5 deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/8608e9c006d9f44acf8d983b126a813bd8def780\"\u003e\u003ccode\u003e8608e9c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1106\"\u003e#1106\u003c/a\u003e from Kocal/patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.5.3...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.5.3\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Gaurav-vats-12/finance_manager/pull/246","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Gaurav-vats-12%2Ffinance_manager/issues/246","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/246/packages"}},{"old_version":"2.8.0","new_version":"2.8.2","update_type":"patch","path":null,"pr_created_at":"2026-03-23T00:17:37.000Z","version_change":"2.8.0 → 2.8.2","issue":{"uuid":"4117469273","node_id":"PR_kwDOGL3rTc7Mic4k","number":59,"state":"open","title":"Bump league/commonmark from 2.8.0 to 2.8.2","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-23T00:17:37.000Z","updated_at":"2026-03-23T00:17:49.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"league/commonmark","old_version":"2.8.0","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":null,"ecosystem":"packagist"},"body":"Bumps [league/commonmark](https://github.com/thephpleague/commonmark) from 2.8.0 to 2.8.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.8.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (\u003ca href=\"https://github.com/thephpleague/commonmark/security/advisories/GHSA-4v6x-c7xx-hw9f\"\u003eGHSA-4v6x-c7xx-hw9f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kocal\"\u003e\u003ccode\u003e@​Kocal\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1106\"\u003ethephpleague/commonmark#1106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/freost\"\u003e\u003ccode\u003e@​freost\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1107\"\u003ethephpleague/commonmark#1107\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.8.1] - 2026-03-05\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (GHSA-4v6x-c7xx-hw9f)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/84b1ca48347efdbe775426f108622a42735a6579\"\u003e\u003ccode\u003e84b1ca4\u003c/code\u003e\u003c/a\u003e Almost forgot this entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/bcf54f5a38cf8e42cca45248b04caba13317459f\"\u003e\u003ccode\u003ebcf54f5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/7a68ed1c6765bd2650fed6d9857985bdfe655c71\"\u003e\u003ccode\u003e7a68ed1\u003c/code\u003e\u003c/a\u003e Prepare to release 2.8.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/5c0c4c8fe5a31e8260be99e0afad7136a27c79e6\"\u003e\u003ccode\u003e5c0c4c8\u003c/code\u003e\u003c/a\u003e Fix DisallowedRawHtml bypass via newline/tab in tag names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/f6e74434dd1a91f195f80cb0184b746a4187272a\"\u003e\u003ccode\u003ef6e7443\u003c/code\u003e\u003c/a\u003e Add regression test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/0719b6744cc68bc8b037fb30db86b62ec370c557\"\u003e\u003ccode\u003e0719b67\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e from freost/fix-php85-deprecation-error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/63ff2e0b12742f379803b5f21aa6f5b50abcd412\"\u003e\u003ccode\u003e63ff2e0\u003c/code\u003e\u003c/a\u003e Fix PHP 8.5 deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/8608e9c006d9f44acf8d983b126a813bd8def780\"\u003e\u003ccode\u003e8608e9c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1106\"\u003e#1106\u003c/a\u003e from Kocal/patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.0...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.8.0\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/alleyinteractive/wp-component-library/pull/59","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/alleyinteractive%2Fwp-component-library/issues/59","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/59/packages"}},{"old_version":"2.8.1","new_version":"2.8.2","update_type":"patch","path":"/laravel in the composer group across 1 directory","pr_created_at":"2026-03-19T22:53:25.000Z","version_change":"2.8.1 → 2.8.2","issue":{"uuid":"4104658057","node_id":"PR_kwDOFRr9wM7L_aKE","number":1371,"state":"open","title":"build(deps): bump league/commonmark from 2.8.1 to 2.8.2 in /laravel in the composer group across 1 directory","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-19T22:53:25.000Z","updated_at":"2026-03-19T22:53:33.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps)","packages":[{"name":"league/commonmark","old_version":"2.8.1","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":"/laravel in the composer group across 1 directory","ecosystem":"packagist"},"body":"Bumps the composer group with 1 update in the /laravel directory: [league/commonmark](https://github.com/thephpleague/commonmark).\n\nUpdates `league/commonmark` from 2.8.1 to 2.8.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.8.1\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/sentry-demos/empower/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/sentry-demos/empower/pull/1371","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sentry-demos%2Fempower/issues/1371","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1371/packages"}},{"old_version":"2.8.1","new_version":"2.8.2","update_type":"patch","path":"the composer group across 1 directory","pr_created_at":"2026-03-19T22:52:22.000Z","version_change":"2.8.1 → 2.8.2","issue":{"uuid":"4104653499","node_id":"PR_kwDOQI3tls7L_ZQL","number":90,"state":"closed","title":"chore(deps): bump league/commonmark from 2.8.1 to 2.8.2 in the composer group across 1 directory","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-21T02:16:06.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-19T22:52:22.000Z","updated_at":"2026-03-21T02:16:08.000Z","time_to_close":98624,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"league/commonmark","old_version":"2.8.1","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":"the composer group across 1 directory","ecosystem":"packagist"},"body":"Bumps the composer group with 1 update in the / directory: [league/commonmark](https://github.com/thephpleague/commonmark).\n\nUpdates `league/commonmark` from 2.8.1 to 2.8.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.8.1\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/bherila/2025-website/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/bherila/2025-website/pull/90","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bherila%2F2025-website/issues/90","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/90/packages"}},{"old_version":"2.8.1","new_version":"2.8.2","update_type":"patch","path":null,"pr_created_at":"2026-03-19T22:52:16.000Z","version_change":"2.8.1 → 2.8.2","issue":{"uuid":"4104653180","node_id":"PR_kwDOFU3g4s7L_ZMK","number":1375,"state":"open","title":"chore(deps): bump league/commonmark from 2.8.1 to 2.8.2","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-19T22:52:16.000Z","updated_at":"2026-03-19T23:33:12.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"league/commonmark","old_version":"2.8.1","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":null,"ecosystem":"packagist"},"body":"Bumps [league/commonmark](https://github.com/thephpleague/commonmark) from 2.8.1 to 2.8.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.8.1\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/UN-OCHA/rwint9-site/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/UN-OCHA/rwint9-site/pull/1375","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/UN-OCHA%2Frwint9-site/issues/1375","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1375/packages"}},{"old_version":"2.8.1","new_version":"2.8.2","update_type":"patch","path":null,"pr_created_at":"2026-03-19T22:52:08.000Z","version_change":"2.8.1 → 2.8.2","issue":{"uuid":"4104652632","node_id":"PR_kwDOLbsHGs7L_ZE9","number":212,"state":"closed","title":"Bump league/commonmark from 2.8.1 to 2.8.2","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-28T00:43:06.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-19T22:52:08.000Z","updated_at":"2026-03-28T00:43:14.000Z","time_to_close":697858,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"league/commonmark","old_version":"2.8.1","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":null,"ecosystem":"packagist"},"body":"Bumps [league/commonmark](https://github.com/thephpleague/commonmark) from 2.8.1 to 2.8.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.8.1\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/AkibaAT/fvn.li/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/AkibaAT/fvn.li/pull/212","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AkibaAT%2Ffvn.li/issues/212","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/212/packages"}},{"old_version":"2.8.1","new_version":"2.8.2","update_type":"patch","path":"/drupal","pr_created_at":"2026-03-19T22:52:06.000Z","version_change":"2.8.1 → 2.8.2","issue":{"uuid":"4104652344","node_id":"PR_kwDOANKTxs7L_ZAx","number":3132,"state":"open","title":"Bump league/commonmark from 2.8.1 to 2.8.2 in /drupal","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-19T22:52:06.000Z","updated_at":"2026-03-19T22:58:52.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"league/commonmark","old_version":"2.8.1","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":"/drupal","ecosystem":"packagist"},"body":"Bumps [league/commonmark](https://github.com/thephpleague/commonmark) from 2.8.1 to 2.8.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.8.1\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/vrk-kpa/opendata/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/vrk-kpa/opendata/pull/3132","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/vrk-kpa%2Fopendata/issues/3132","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3132/packages"}},{"old_version":"2.8.1","new_version":"2.8.2","update_type":"patch","path":"the composer group across 1 directory","pr_created_at":"2026-03-19T22:51:39.000Z","version_change":"2.8.1 → 2.8.2","issue":{"uuid":"4104650572","node_id":"PR_kwDOLtht9M7L_Yoe","number":411,"state":"open","title":"Bump league/commonmark from 2.8.1 to 2.8.2 in the composer group across 1 directory","user":"dependabot[bot]","labels":["size/S","☑️ auto-merge","🤖 bot"],"assignees":["guibranco"],"locked":false,"comments_count":7,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-19T22:51:39.000Z","updated_at":"2026-03-19T22:52:31.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"league/commonmark","old_version":"2.8.1","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":"the composer group across 1 directory","ecosystem":"packagist"},"body":"Bumps the composer group with 1 update in the / directory: [league/commonmark](https://github.com/thephpleague/commonmark).\n\nUpdates `league/commonmark` from 2.8.1 to 2.8.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.8.1\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/GuilhermeStracini/POC-GHActions-CI-PHPLaravel/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/GuilhermeStracini/POC-GHActions-CI-PHPLaravel/pull/411","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GuilhermeStracini%2FPOC-GHActions-CI-PHPLaravel/issues/411","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/411/packages"}},{"old_version":"2.8.1","new_version":"2.8.2","update_type":"patch","path":null,"pr_created_at":"2026-03-19T22:51:36.000Z","version_change":"2.8.1 → 2.8.2","issue":{"uuid":"4104650433","node_id":"PR_kwDOOSCRDc7L_Ymq","number":14,"state":"closed","title":"(chore): Bump league/commonmark from 2.8.1 to 2.8.2","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-03-19T22:51:50.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-19T22:51:36.000Z","updated_at":"2026-03-19T22:52:13.000Z","time_to_close":14,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"(chore): Bump","packages":[{"name":"league/commonmark","old_version":"2.8.1","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":null,"ecosystem":"packagist"},"body":"Bumps [league/commonmark](https://github.com/thephpleague/commonmark) from 2.8.1 to 2.8.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.8.1\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/yardinternet/wp-live-content/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/yardinternet/wp-live-content/pull/14","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/yardinternet%2Fwp-live-content/issues/14","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/14/packages"}},{"old_version":"2.8.1","new_version":"2.8.2","update_type":"patch","path":null,"pr_created_at":"2026-03-19T22:51:10.000Z","version_change":"2.8.1 → 2.8.2","issue":{"uuid":"4104648759","node_id":"PR_kwDOQV6fE87L_YP3","number":180,"state":"open","title":"chore(deps): bump league/commonmark from 2.8.1 to 2.8.2","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-19T22:51:10.000Z","updated_at":"2026-03-23T10:35:38.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"league/commonmark","old_version":"2.8.1","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":null,"ecosystem":"packagist"},"body":"Bumps [league/commonmark](https://github.com/thephpleague/commonmark) from 2.8.1 to 2.8.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.8.1\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/David-Crty/databasement/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/David-Crty/databasement/pull/180","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/David-Crty%2Fdatabasement/issues/180","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/180/packages"}},{"old_version":"2.8.0","new_version":"2.8.2","update_type":"patch","path":"/minimal-templates/laravel","pr_created_at":"2026-03-19T22:50:56.000Z","version_change":"2.8.0 → 2.8.2","issue":{"uuid":"4104647643","node_id":"PR_kwDORTC5Dc7L_YAP","number":47,"state":"closed","title":"chore(deps): bump league/commonmark from 2.8.0 to 2.8.2 in /minimal-templates/laravel","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-20T04:40:14.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-19T22:50:56.000Z","updated_at":"2026-03-20T04:40:16.000Z","time_to_close":20958,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"league/commonmark","old_version":"2.8.0","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":"/minimal-templates/laravel","ecosystem":"packagist"},"body":"Bumps [league/commonmark](https://github.com/thephpleague/commonmark) from 2.8.0 to 2.8.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e2.8.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (\u003ca href=\"https://github.com/thephpleague/commonmark/security/advisories/GHSA-4v6x-c7xx-hw9f\"\u003eGHSA-4v6x-c7xx-hw9f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kocal\"\u003e\u003ccode\u003e@​Kocal\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1106\"\u003ethephpleague/commonmark#1106\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/freost\"\u003e\u003ccode\u003e@​freost\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/pull/1107\"\u003ethephpleague/commonmark#1107\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.0...2.8.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[2.8.1] - 2026-03-05\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where \u003ccode\u003eDisallowedRawHtml\u003c/code\u003e can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDisallowedRawHtmlRenderer\u003c/code\u003e not blocking raw HTML tags with trailing ASCII whitespace (GHSA-4v6x-c7xx-hw9f)\u003c/li\u003e\n\u003cli\u003eFixed PHP 8.5 deprecation (\u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/84b1ca48347efdbe775426f108622a42735a6579\"\u003e\u003ccode\u003e84b1ca4\u003c/code\u003e\u003c/a\u003e Almost forgot this entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/bcf54f5a38cf8e42cca45248b04caba13317459f\"\u003e\u003ccode\u003ebcf54f5\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/7a68ed1c6765bd2650fed6d9857985bdfe655c71\"\u003e\u003ccode\u003e7a68ed1\u003c/code\u003e\u003c/a\u003e Prepare to release 2.8.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/5c0c4c8fe5a31e8260be99e0afad7136a27c79e6\"\u003e\u003ccode\u003e5c0c4c8\u003c/code\u003e\u003c/a\u003e Fix DisallowedRawHtml bypass via newline/tab in tag names\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/f6e74434dd1a91f195f80cb0184b746a4187272a\"\u003e\u003ccode\u003ef6e7443\u003c/code\u003e\u003c/a\u003e Add regression test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/0719b6744cc68bc8b037fb30db86b62ec370c557\"\u003e\u003ccode\u003e0719b67\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1107\"\u003e#1107\u003c/a\u003e from freost/fix-php85-deprecation-error\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/63ff2e0b12742f379803b5f21aa6f5b50abcd412\"\u003e\u003ccode\u003e63ff2e0\u003c/code\u003e\u003c/a\u003e Fix PHP 8.5 deprecation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/8608e9c006d9f44acf8d983b126a813bd8def780\"\u003e\u003ccode\u003e8608e9c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/thephpleague/commonmark/issues/1106\"\u003e#1106\u003c/a\u003e from Kocal/patch-1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.0...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.8.0\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/yuuu-takahashi/starter-templates/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/yuuu-takahashi/starter-templates/pull/47","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/yuuu-takahashi%2Fstarter-templates/issues/47","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/47/packages"}},{"old_version":"2.8.1","new_version":"2.8.2","update_type":"patch","path":null,"pr_created_at":"2026-03-19T22:50:20.000Z","version_change":"2.8.1 → 2.8.2","issue":{"uuid":"4104645271","node_id":"PR_kwDOOy2BcM7L_XfL","number":231,"state":"open","title":"chore(deps): bump league/commonmark from 2.8.1 to 2.8.2","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-19T22:50:20.000Z","updated_at":"2026-03-19T22:52:22.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"league/commonmark","old_version":"2.8.1","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":null,"ecosystem":"packagist"},"body":"Bumps [league/commonmark](https://github.com/thephpleague/commonmark) from 2.8.1 to 2.8.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.8.1\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/marcelorodrigo/freshguard/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/marcelorodrigo/freshguard/pull/231","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/marcelorodrigo%2Ffreshguard/issues/231","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/231/packages"}},{"old_version":"2.8.1","new_version":"2.8.2","update_type":"patch","path":null,"pr_created_at":"2026-03-19T22:50:04.000Z","version_change":"2.8.1 → 2.8.2","issue":{"uuid":"4104644039","node_id":"PR_kwDOAOCN0M7L_XNk","number":11805,"state":"closed","title":"Bump league/commonmark from 2.8.1 to 2.8.2","user":"dependabot[bot]","labels":["dependencies","php"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-03-22T21:56:30.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-19T22:50:04.000Z","updated_at":"2026-03-22T21:56:40.000Z","time_to_close":255986,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"league/commonmark","old_version":"2.8.1","new_version":"2.8.2","repository_url":"https://github.com/thephpleague/commonmark"}],"path":null,"ecosystem":"packagist"},"body":"Bumps [league/commonmark](https://github.com/thephpleague/commonmark) from 2.8.1 to 2.8.2.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/releases\"\u003eleague/commonmark's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.8.2\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ehttps://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/thephpleague/commonmark/blob/2.8/CHANGELOG.md\"\u003eleague/commonmark's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[2.8.2] - 2026-03-19\u003c/h2\u003e\n\u003cp\u003eThis is a \u003cstrong\u003esecurity release\u003c/strong\u003e to address an issue where the \u003ccode\u003eallowed_domains\u003c/code\u003e setting for the \u003ccode\u003eEmbed\u003c/code\u003e extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eDomainFilteringAdapter\u003c/code\u003e hostname boundary bypass where domains like \u003ccode\u003eyoutube.com.evil\u003c/code\u003e could match an allowlist entry for \u003ccode\u003eyoutube.com\u003c/code\u003e (GHSA-hh8v-hgvp-g3f5)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b\"\u003e\u003ccode\u003e59fb075\u003c/code\u003e\u003c/a\u003e Fix DomainFilteringAdapter hostname boundary bypass\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/thephpleague/commonmark/commit/74b4487b524eaacd34b4e87313f6028671e15562\"\u003e\u003ccode\u003e74b4487\u003c/code\u003e\u003c/a\u003e Document dangers of enabling an unsafe php.ini setting\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/thephpleague/commonmark/compare/2.8.1...2.8.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=league/commonmark\u0026package-manager=composer\u0026previous-version=2.8.1\u0026new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/invoiceninja/invoiceninja/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/invoiceninja/invoiceninja/pull/11805","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/invoiceninja%2Finvoiceninja/issues/11805","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/11805/packages"}}]}