Merge pull request #11 from antistatique/feature/update-guzzle-CVE-20…

…22-24775 update library guzzlehttp/psr7 1.6.1 => 1.8.5 (CVE-2022-24775)
antistatique · May 11, 2022 · 46587ac · 46587ac
2 parents 7380588 + 9a9d29a
commit 46587ac
Show file tree

Hide file tree

Showing 5 changed files with 1,419 additions and 572 deletions.
diff --git a/.github/workflows/cs-tests.yml b/.github/workflows/cs-tests.yml
@@ -6,6 +6,13 @@ on:
     - cron: '0 0 * * THU'
 
 jobs:
+    security-checker:
+        name: security-checker
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v2
+            - uses: symfonycorp/security-checker-action@v3
+
     phpcpd:
         name: phpcpd
         runs-on: ubuntu-latest

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,5 +5,13 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
-## Added
- - Under heavy development
+### Added
+- Under heavy development
+
+### Security
+- update library guzzlehttp/psr7 1.6.1 => 1.8.5 (CVE-2022-24775)
+- upgrade symfony/dotenv 4.3 > 5.4
+- upgrade all dev dependencies
+
+### Changed
+- remove sensiolabs/security-checker in favor of Github Actions security-checker
diff --git a/composer.json b/composer.json
@@ -10,11 +10,10 @@
   "require-dev": {
     "phpunit/phpunit": "^9",
     "phpunit/php-code-coverage": "^8",
-    "symfony/dotenv": "^4.3",
+    "symfony/dotenv": "^5.4",
     "friendsofphp/php-cs-fixer": "^3.0",
     "phpmd/phpmd": "^2.6",
     "sebastian/phpcpd": "^6.0",
-    "sensiolabs/security-checker": "^5.0",
     "php-coveralls/php-coveralls": "^2.1",
     "php-mock/php-mock-phpunit": "^2.6",
     "vimeo/psalm": "^4.10"