Skip to content

chore: update dev dependencies to fix 14 security vulnerabilities#173

Open
petersowah wants to merge 1 commit into
cloudinary-community:masterfrom
mizormor:master
Open

chore: update dev dependencies to fix 14 security vulnerabilities#173
petersowah wants to merge 1 commit into
cloudinary-community:masterfrom
mizormor:master

Conversation

@petersowah

Copy link
Copy Markdown

Summary

Updates composer.lock dev dependencies to resolve 14 Dependabot security advisories.

High severity:

  • symfony/http-foundationv7.4.13 — path-info parsing authorization bypass
  • phpunit/phpunit11.5.50 — unsafe deserialization in PHPT code coverage
  • symfony/mimev7.4.13 — CRLF injection / SMTP command injection

Medium severity:

  • symfony/mime → email header injection via non-token characters
  • symfony/mailer → argument injection via dash-prefixed recipient address
  • symfony/routing → URL injection via unanchored regex alternation
  • league/commonmark → XSS in attributes extension, raw HTML bypass, embed domain bypass
  • psy/psysh → local privilege escalation via CWD .psysh.php auto-load

Low severity:

  • symfony/yaml → ReDoS via catastrophic backtracking and billion-laughs memory allocation
  • symfony/polyfill-intl-idn → Punycode payload equivalence bypass

All packages upgraded to their patched versions via composer update.

@vercel

vercel Bot commented Jun 10, 2026

Copy link
Copy Markdown

@petersowah is attempting to deploy a commit to the Cloudinary DevX Team on Vercel.

A member of the Team first needs to authorize it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant