Skip to content

Update Composer dependencies for security#101

Merged
alecgeatches merged 1 commit into
trunkfrom
chore/update-composer-security
May 29, 2026
Merged

Update Composer dependencies for security#101
alecgeatches merged 1 commit into
trunkfrom
chore/update-composer-security

Conversation

@lancewillett

@lancewillett lancewillett commented May 29, 2026

Copy link
Copy Markdown

Summary

  • updates phpunit/phpunit from 9.6.25 to 9.6.34 to address the high-severity PHPUnit advisory
  • updates symfony/dom-crawler from v6.4.25 to v6.4.40 to address the low-severity DomCrawler advisory
  • updates the committed production vendor files for symfony/dom-crawler

Validation

  • composer validate --strict --no-check-publish
  • composer audit --locked reports no advisories
  • composer phpcs
  • git diff --check

Notes

  • This supersedes Dependabot PR Bump phpunit/phpunit from 9.6.25 to 9.6.33 #98, which only updates phpunit/phpunit and leaves the symfony/dom-crawler alert open.
  • PHPUnit was not run locally because wp-env is not installed in this shell; the PR CI matrix covers PHPUnit on WordPress 6.0/latest and PHP 8.1/8.3.

@lancewillett lancewillett requested a review from a team as a code owner May 29, 2026 15:55
alecgeatches
alecgeatches approved these changes May 29, 2026
View reviewed changes

@alecgeatches alecgeatches left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lancewillett Thank you for the security updates, looks good to me!

@alecgeatches alecgeatches merged commit aa85d73 into trunk May 29, 2026
4 checks passed
@alecgeatches alecgeatches deleted the chore/update-composer-security branch May 29, 2026 18:08
This was referenced May 29, 2026
Closed
Merged
@alecgeatches

alecgeatches commented May 29, 2026

Copy link
Copy Markdown
Contributor

This has been merged into the latest 1.4.8 release: https://github.com/Automattic/vip-block-data-api/releases/tag/1.4.8.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alecgeatches alecgeatches alecgeatches approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lancewillett @alecgeatches