Skip to content

Bump the composer group across 1 directory with 5 updates#15

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/composer/api/composer-c47e6d3766
Open

Bump the composer group across 1 directory with 5 updates#15
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/composer/api/composer-c47e6d3766

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 5, 2026

Copy link
Copy Markdown
Contributor

Bumps the composer group with 5 updates in the /api directory:

Package From To
webonyx/graphql-php 0.13.9 15.32.3
symfony/cache 5.4.8 5.4.53
symfony/dom-crawler 5.4.6 5.4.52
symfony/polyfill-intl-idn 1.25.0 1.38.1
symfony/routing 5.4.8 5.4.53

Updates webonyx/graphql-php from 0.13.9 to 15.32.3

Release notes

Sourced from webonyx/graphql-php's releases.

v15.32.3

Fixed

  • Denial of Service via stack overflow from deeply nested queries in the parser GHSA-r7cg-qjjm-xhqq

v15.32.2

Fixed

  • Denial of Service via quadratic complexity in OverlappingFieldsCanBeMerged validation through inline fragments GHSA-fc86-6rv6-2jpm

v15.32.1

Fix "Cannot traverse an already closed generator" in Schema::getTypeMap() webonyx/graphql-php#1903

v15.32.0

Added

v15.31.5

Fixed

  • Denial of Service via quadratic complexity in OverlappingFieldsCanBeMerged validation GHSA-68jq-c3rv-pcrr

v15.31.4

Changed

v15.31.3

Fixed

v15.31.2

Changed

Fixed

v15.31.1

Fixed

v15.31.0

Added

... (truncated)

Changelog

Sourced from webonyx/graphql-php's changelog.

v15.32.3

Fixed

  • Denial of Service via stack overflow from deeply nested queries in the parser GHSA-r7cg-qjjm-xhqq

v15.32.2

Fixed

  • Denial of Service via quadratic complexity in OverlappingFieldsCanBeMerged validation through inline fragments GHSA-fc86-6rv6-2jpm

v15.32.1

Fixed

v15.32.0

Added

v15.31.5

Fixed

  • Denial of Service via quadratic complexity in OverlappingFieldsCanBeMerged validation GHSA-68jq-c3rv-pcrr

v15.31.4

Changed

v15.31.3

Fixed

v15.31.2

Changed

Fixed

... (truncated)

Upgrade guide

Sourced from webonyx/graphql-php's upgrade guide.

v14.x.x > v15.x.x

BREAKING: Removed error extension field category

The formatting of errors that implement the ClientAware interface no longer contains the key category. This includes both built-in and user-defined errors.

throw new \GraphQL\Error\Error('msg');

Formatting before the change:

'errors' => [
    [
        'message' => 'msg',
        'extensions' => [
            'category' => 'graphql',
        ],
    ],
]

After the change:

'errors' => [
    [
        'message' => 'msg',
    ],
]

The method ClientAware::getCategory() was removed, you may also remove it from your implementations:

use GraphQL\Error\ClientAware;
class MyException extends \Exception implements ClientAware
{
public function isClientSafe(): bool
{
return true;
}

public function getCategory(): string
{

  return 'my-category';


}
</tr></table>

... (truncated)

Commits
  • 993bf0b Release v15.32.3
  • 6c1d600 Address review findings
  • 7b7f208 Add recursion depth limit to prevent stack overflow
  • 8d0f1c5 Release v15.32.2
  • 996adcf Add comparison budget to OverlappingFieldsCanBeMerged
  • ff116ea Document security scope to reduce low-quality advisory submissions
  • 2711a1e Use v4 tag format for ramsey/composer-install action
  • 3874d60 Update ramsey/composer-install action to v4
  • 2340e43 Update dependency phpstan/phpstan to v2.1.51 (#1904)
  • 8405df9 Update dependency phpstan/phpstan to v2.1.50 (#1899)
  • Additional commits viewable in compare view

Updates symfony/cache from 5.4.8 to 5.4.53

Release notes

Sourced from symfony/cache's releases.

v5.4.53

Changelog (symfony/cache@v5.4.52...v5.4.53)

v5.4.52

Changelog (symfony/cache@v5.4.46...v5.4.52)

v5.4.46

Changelog (symfony/cache@v5.4.45...v5.4.46)

v5.4.45

Changelog (symfony/cache@v5.4.44...v5.4.45)

v5.4.44

Changelog (symfony/cache@v5.4.43...v5.4.44)

v5.4.42

Changelog (symfony/cache@v5.4.41...v5.4.42)

Commits
  • bf58147 [Cache] skip tests for adapters that cannot clear by prefix
  • 4acd37c [Cache] Accept '_' and ':' in prefix passed to AbstractAdapter::clear()
  • 03b191d [Cache] Validate the prefix given to AbstractAdapter::clear()
  • 0fe08ee [Cache] Fix clear() when using Predis
  • 12b03e3 Revert "bug #58661 [Cache] Initialize RedisAdapter cursor to 0 (thomas-hiron)"
  • e135eb8 initialize RedisAdapter cursor to 0
  • c2b90da do not skip tests from data providers
  • 6cf23ad drop existing schema if tests create it explicitly
  • 7050072 do not mix named and positional arguments in data provider definitions
  • 911f2bc do not use TestCase::getName() when possible
  • Additional commits viewable in compare view

Updates symfony/dom-crawler from 5.4.6 to 5.4.52

Release notes

Sourced from symfony/dom-crawler's releases.

v5.4.52

Changelog (symfony/dom-crawler@v5.4.48...v5.4.52)

v5.4.48

Changelog (symfony/dom-crawler@v5.4.47...v5.4.48)

v5.4.45

Changelog (symfony/dom-crawler@v5.4.44...v5.4.45)

v5.4.44

Changelog (symfony/dom-crawler@v5.4.43...v5.4.44)

v5.4.40

Changelog (symfony/dom-crawler@v5.4.39...v5.4.40)

  • no significant changes

v5.4.39

Changelog (symfony/dom-crawler@v5.4.38...v5.4.39)

v5.4.35

Changelog (symfony/dom-crawler@v5.4.34...v5.4.35)

  • no significant changes

v5.4.32

Changelog (symfony/dom-crawler@v5.4.31...v5.4.32)

v5.4.25

Changelog (symfony/dom-crawler@v5.4.24...v5.4.25)

  • no significant changes

v5.4.23

Changelog (symfony/dom-crawler@v5.4.22...v5.4.23)

  • bug #49983 Avoid passing null to substr/strrpos methods (VincentLanglet)

... (truncated)

Commits
  • b4cf17f [DomCrawler] Fix XXE in addXmlContent() by not enabling validateOnParse
  • b57df76 Work around parse_url() bug (bis)
  • 89647a5 Minor fixes around parse_url() checks
  • 7111520 Add PR template and auto-close PR on subtree split repositories
  • 4c76e41 Work around parse_url() bug
  • 2ad469c Revert "minor #54653 Auto-close PRs on subtree-splits (nicolas-grekas)"
  • 1dffb11 Auto-close PRs on subtree-splits
  • 000634e [DomCrawler] Encode html entities only if nessecary
  • e3b4806 Apply php-cs-fixer fix --rules nullable_type_declaration_for_default_null_value
  • 728f1fc [DomCrawler] Revert "bug #52579 UriResolver support path with colons"
  • Additional commits viewable in compare view

Updates symfony/polyfill-intl-idn from 1.25.0 to 1.38.1

Release notes

Sourced from symfony/polyfill-intl-idn's releases.

v1.38.1

Changelog (symfony/polyfill-intl-idn@v1.31.0...v1.38.1)

v1.37.0

Changelog (symfony/polyfill-intl-idn@v1.36.0...v1.37.0)

  • no significant changes

v1.36.0

Changelog (symfony/polyfill-intl-idn@v1.35.0...v1.36.0)

  • no significant changes

v1.35.0

Changelog (symfony/polyfill-intl-idn@v1.34.0...v1.35.0)

  • no significant changes

v1.34.0

Changelog (symfony/polyfill-intl-idn@v1.33.0...v1.34.0)

  • no significant changes
Commits
  • dc21118 [Intl][Idn] Reject xn-- labels whose Punycode payload decodes to ASCII-only
  • 9614ac4 Give testing some love
  • c36586d Bump to PHP 7.2, stick to phpunit 8.5
  • a6e83bd Revert "minor #477 Auto-close PRs on subtree-splits (kbond)"
  • 872bf45 Auto-close PRs on subtree-splits
  • 412b0a6 Conform to IDNA version 15.1.0 revision 31
  • a287ed7 Remove branch-alias from composer.json
  • ecaafce feature #334 [PHP 8.1] Add CURLStringFile polyfill (Ayesh, nicolas-grekas)
  • b5b0079 CS fix
  • 5a42f2d Bump for 1.28
  • Additional commits viewable in compare view

Updates symfony/routing from 5.4.8 to 5.4.53

Release notes

Sourced from symfony/routing's releases.

v5.4.53

Changelog (symfony/routing@v5.4.52...v5.4.53)

  • security #cve-2026-48784 Fix dot-segment encoding for chained "../" and "./" in generated URLs (@​nicolas-grekas)

v5.4.52

Changelog (symfony/routing@v5.4.48...v5.4.52)

v5.4.48

Changelog (symfony/routing@v5.4.47...v5.4.48)

v5.4.45

Changelog (symfony/routing@v5.4.44...v5.4.45)

  • no significant changes

v5.4.43

Changelog (symfony/routing@v5.4.42...v5.4.43)

  • no significant changes

v5.4.42

Changelog (symfony/routing@v5.4.41...v5.4.42)

v5.4.40

Changelog (symfony/routing@v5.4.39...v5.4.40)

  • no significant changes

v5.4.39

Changelog (symfony/routing@v5.4.38...v5.4.39)

  • no significant changes

v5.4.38

Changelog (symfony/routing@v5.4.37...v5.4.38)

  • no significant changes

v5.4.37

Changelog (symfony/routing@v5.4.36...v5.4.37)

... (truncated)

Commits
  • f4ca0c5 [Routing] Fix dot-segment encoding for chained "../" and "./" in generated URLs
  • 275b313 [Routing] Fix regex alternation anchoring in UrlGenerator requirement validation
  • dd08c19 [Routing] Fix: lost priority when defining hosts in configuration
  • 986597b do not use TestCase::getName() when possible
  • 7289d3c Add PR template and auto-close PR on subtree split repositories
  • b6f7178 Fix typos
  • f8dd6f8 use more entropy with uniqid()
  • c99c74b bug #57645 [Routing] Discard in-memory cache of routes when writing the file-...
  • 7bec6df [Router] Discard in-memory cache of routes when writing the file-based cache
  • 6df1dd8 Revert "minor #54653 Auto-close PRs on subtree-splits (nicolas-grekas)"
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the composer group across 1 directory with 5 updates
e8650bd 
Bumps the composer group with 5 updates in the /api directory:

| Package | From | To |
| --- | --- | --- |
| [webonyx/graphql-php](https://github.com/webonyx/graphql-php) | `0.13.9` | `15.32.3` |
| [symfony/cache](https://github.com/symfony/cache) | `5.4.8` | `5.4.53` |
| [symfony/dom-crawler](https://github.com/symfony/dom-crawler) | `5.4.6` | `5.4.52` |
| [symfony/polyfill-intl-idn](https://github.com/symfony/polyfill-intl-idn) | `1.25.0` | `1.38.1` |
| [symfony/routing](https://github.com/symfony/routing) | `5.4.8` | `5.4.53` |



Updates `webonyx/graphql-php` from 0.13.9 to 15.32.3
- [Release notes](https://github.com/webonyx/graphql-php/releases)
- [Changelog](https://github.com/webonyx/graphql-php/blob/master/CHANGELOG.md)
- [Upgrade guide](https://github.com/webonyx/graphql-php/blob/master/UPGRADE.md)
- [Commits](webonyx/graphql-php@v0.13.9...v15.32.3)

Updates `symfony/cache` from 5.4.8 to 5.4.53
- [Release notes](https://github.com/symfony/cache/releases)
- [Changelog](https://github.com/symfony/cache/blob/8.2/CHANGELOG.md)
- [Commits](symfony/cache@v5.4.8...v5.4.53)

Updates `symfony/dom-crawler` from 5.4.6 to 5.4.52
- [Release notes](https://github.com/symfony/dom-crawler/releases)
- [Changelog](https://github.com/symfony/dom-crawler/blob/8.2/CHANGELOG.md)
- [Commits](symfony/dom-crawler@v5.4.6...v5.4.52)

Updates `symfony/polyfill-intl-idn` from 1.25.0 to 1.38.1
- [Release notes](https://github.com/symfony/polyfill-intl-idn/releases)
- [Commits](symfony/polyfill-intl-idn@v1.25.0...v1.38.1)

Updates `symfony/routing` from 5.4.8 to 5.4.53
- [Release notes](https://github.com/symfony/routing/releases)
- [Changelog](https://github.com/symfony/routing/blob/8.2/CHANGELOG.md)
- [Commits](symfony/routing@v5.4.8...v5.4.53)

---
updated-dependencies:
- dependency-name: webonyx/graphql-php
  dependency-version: 15.32.3
  dependency-type: direct:production
  dependency-group: composer
- dependency-name: symfony/cache
  dependency-version: 5.4.53
  dependency-type: indirect
  dependency-group: composer
- dependency-name: symfony/dom-crawler
  dependency-version: 5.4.52
  dependency-type: indirect
  dependency-group: composer
- dependency-name: symfony/polyfill-intl-idn
  dependency-version: 1.38.1
  dependency-type: indirect
  dependency-group: composer
- dependency-name: symfony/routing
  dependency-version: 5.4.53
  dependency-type: indirect
  dependency-group: composer
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file php Pull requests that update php code labels Jun 5, 2026
@dependabot dependabot Bot mentioned this pull request Jun 5, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file php Pull requests that update php code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants