Update league/commonmark from ~2.4.0 to ~2.6.0 ( ~2 )

Created on 4 January 2025, 3 months ago

Problem/Motivation

Facing a "Found 1 security vulnerability advisory affecting 1 package." warning when using the composer.

Found 1 security vulnerability advisory affecting 1 package:
+-------------------+----------------------------------------------------------------------------------+
| Package           | league/commonmark                                                                |
| Severity          | high                                                                             |
| CVE               | NO CVE                                                                           |
| Title             | league/commonmark's quadratic complexity bugs may lead to a denial of service    |
| URL               | https://github.com/advisories/GHSA-c2pc-g5qf-rfrf                                |
| Affected versions | <2.6.0                                                                           |
| Reported at       | 2024-12-09T20:42:07+00:00                                                        |
| Advisory ID       | PKSA-fndg-qryc-dyc9                                                              |
+-------------------+----------------------------------------------------------------------------------+

thephpleague/commonmark 2.6.1 was released on 2024/12/29
https://github.com/thephpleague/commonmark/releases/tag/2.6.1

Proposed resolution

Change league/commonmark to ~2 in the composer.json files.

Remaining tasks

✅ File an issue about this project
❌ Addition/Change/Update/Fix to this project
❌ Testing to ensure no regression
➖ Automated unit/functional testing coverage
➖ Developer Documentation support on feature change/addition
➖ User Guide Documentation support on feature change/addition
➖ UX/UI designer responsibilities
➖ Accessibility and Readability
❌ Code review from 1 Varbase core team member
❌ Full testing and approval
❌ Credit contributors
❌ Review with the product owner
❌ Update Release Notes and Update Helper on new feature change/addition
❌ Release

Varbase update type

✅ No Update
➖ Optional Update
➖ Forced Update
➖ Forced Update if Unchanged

User interface changes

API changes

Data model changes

Release notes snippet

📌 Task

Status

Active

Version

2.0

Component

Code

Created by

🇯🇴Jordan Rajab Natshah Jordan

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @Rajab Natshah
Comment 3 months ago →
System Message

rajab natshah → committed 150b3dce on 2.0.x
Issue #3497352: Update league/commonmark from ~2.4.0 to ~2.6.0 ( ~2 )
Comment 3 months ago →
🇯🇴Jordan Rajab Natshah Jordan
Comment 3 months ago →
🇯🇴Jordan Rajab Natshah Jordan
Comment 3 months ago →
🇯🇴Jordan Rajab Natshah Jordan
✅ Released varbase_components-2.0.9 →
Comment 3 months ago →
🇯🇴Jordan Rajab Natshah Jordan
✅ Released varbase-10.0.3 →
Comment 3 months ago →
🇯🇴Jordan Rajab Natshah Jordan
Comment 2 months ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024