Skip to content

chore(deps): bump easycorp/easyadmin-bundle from 4.27.6 to 4.29.10#102

Open
dependabot[bot] wants to merge 110 commits into
masterfrom
dependabot/composer/easycorp/easyadmin-bundle-4.29.10
Open

chore(deps): bump easycorp/easyadmin-bundle from 4.27.6 to 4.29.10#102
dependabot[bot] wants to merge 110 commits into
masterfrom
dependabot/composer/easycorp/easyadmin-bundle-4.29.10

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor

Bumps easycorp/easyadmin-bundle from 4.27.6 to 4.29.10.

Release notes

Sourced from easycorp/easyadmin-bundle's releases.

4.29.10

This is a security release that contains a fix for this issue:

[565064b9f] Path traversal and reflected XSS in Flag and Icon Twig components

Full security advisory information: GHSA-2wwr-9x6f-88gp

4.29.9

Bug fixes

[3f979b6ff] Call embedded controller's createEntity() for CollectionField entries (@​lacatoire) [16f3e86cc] Harden the security of the sort feature (@​javiereguiluz) [6e16ad9ce] Avoid formatting collection items when a custom formatting is used (@​javiereguiluz) [9c964aa50] Fix browser <title> tag is not rendered when overriding content_title in custom templates (@​matixxd1999)

4.29.8

Bug fixes

[2f8b89392] Fix filter labels not translated with correct domain (@​Amoifr) [3f9a759b9] Render HTML attributes on form fieldset wrapper (@​lacatoire) [b41a56061] Skip CollectionField entry-type setup on INDEX/DETAIL pages (@​lacatoire) [fe2f4b2d5] Fix CrudTestSelectors::getActionSelector() not matching grouped actions (@​lacatoire) [ecf31cc1e] Allow defining custom CSS class for index rows with default actions (@​javiereguiluz) [67fa76026] Fix translation issues (@​Seb33300)

4.29.7

Bug fixes

[ba934ab71] Fix TextEditorField layout breaking under strict CSP (@​lacatoire) [f74c13489] Allow buttons to grow and wrap with long or multi-line content (@​lacatoire) [f71eee4cb] Fix filter to use translated labels for enums implementing TranslatableInterface (@​lacatoire) [080ae900f] Fix the disabling of text editor fields (@​javiereguiluz) [29bf7ec2f] Prevent TextEditor modal clicks from triggering row action redirect (@​lacatoire) [5e00ba3c4] Add choice_label support to CrudAutocompleteType (@​Amoifr) [0d158f00b] Apply DefaultColumns to ChoiceField regardless of widget type (@​lacatoire) [4e39c0df7] Fix filter label translation when field is hidden via hideOnIndex (@​Amoifr)

Misc fixes

[538ff879f] Improve the docs about field configurators (@​lacatoire)

4.29.6

This release mostly focuses on fixing security issues identified during an AI-assisted security audit.

Bug fixes

[4c36ff818] Fix RepeatedType fields not inheriting Bootstrap column classes (@​Mozoou) [1a0153c12] Translate header in ItemGroup (@​Ishadijcks) [66fe61831] Fix a deprecation related to Url constraint (@​javiereguiluz) [13aa46219] Use formattedValue consistently in UrlField on index and detail pages (@​lacatoire)

... (truncated)

Commits
  • a483631 Prepare 4.29.10 release
  • 565064b [Security] Fix a security issue
  • 9c9daa4 Bump development version
  • 3c592a5 Prepare 4.29.9 release
  • 9c964aa bug #7619 Fix: Browser <title> tag is not rendered when overriding content_ti...
  • 6e16ad9 bug #7618 Avoid formatting collection items when a custom formatting is used ...
  • 16f3e86 bug #7621 Harden the security of the sort feature (javiereguiluz)
  • 4d37165 Harden the security of the sort feature
  • a6a9a23 Fix: Browser <title> tag is not rendered when overriding content_title in cus...
  • 9b01b13 Avoid formatting collection items when a custom formatting is used
  • Additional commits viewable in compare view

dependabot Bot and others added 30 commits May 17, 2026 17:25
Bumps [uuid](https://github.com/uuidjs/uuid) from 11.1.0 to 11.1.1.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/v11.1.1/CHANGELOG.md)
- [Commits](uuidjs/uuid@v11.1.0...v11.1.1)

---
updated-dependencies:
- dependency-name: uuid
  dependency-version: 11.1.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [mermaid](https://github.com/mermaid-js/mermaid) from 11.12.3 to 11.15.0.
- [Release notes](https://github.com/mermaid-js/mermaid/releases)
- [Commits](https://github.com/mermaid-js/mermaid/compare/mermaid@11.12.3...mermaid@11.15.0)

---
updated-dependencies:
- dependency-name: mermaid
  dependency-version: 11.15.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [twig/markdown-extra](https://github.com/twigphp/markdown-extra) from 3.23.0 to 3.26.0.
- [Release notes](https://github.com/twigphp/markdown-extra/releases)
- [Commits](twigphp/markdown-extra@v3.23.0...v3.26.0)

---
updated-dependencies:
- dependency-name: twig/markdown-extra
  dependency-version: 3.26.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [twig/twig](https://github.com/twigphp/Twig) from 3.22.2 to 3.26.0.
- [Release notes](https://github.com/twigphp/Twig/releases)
- [Changelog](https://github.com/twigphp/Twig/blob/3.x/CHANGELOG)
- [Commits](twigphp/Twig@v3.22.2...v3.26.0)

---
updated-dependencies:
- dependency-name: twig/twig
  dependency-version: 3.26.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [symfony/security-http](https://github.com/symfony/security-http) from 7.4.3 to 7.4.13.
- [Release notes](https://github.com/symfony/security-http/releases)
- [Changelog](https://github.com/symfony/security-http/blob/8.1/CHANGELOG.md)
- [Commits](symfony/security-http@v7.4.3...v7.4.13)

---
updated-dependencies:
- dependency-name: symfony/security-http
  dependency-version: 7.4.13
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [symfony/routing](https://github.com/symfony/routing) from 7.4.3 to 7.4.13.
- [Release notes](https://github.com/symfony/routing/releases)
- [Changelog](https://github.com/symfony/routing/blob/8.1/CHANGELOG.md)
- [Commits](symfony/routing@v7.4.3...v7.4.13)

---
updated-dependencies:
- dependency-name: symfony/routing
  dependency-version: 7.4.13
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [symfony/web-profiler-bundle](https://github.com/symfony/web-profiler-bundle) from 7.4.3 to 7.4.12.
- [Release notes](https://github.com/symfony/web-profiler-bundle/releases)
- [Changelog](https://github.com/symfony/web-profiler-bundle/blob/8.1/CHANGELOG.md)
- [Commits](symfony/web-profiler-bundle@v7.4.3...v7.4.12)

---
updated-dependencies:
- dependency-name: symfony/web-profiler-bundle
  dependency-version: 7.4.12
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [symfony/http-kernel](https://github.com/symfony/http-kernel) from 7.4.3 to 7.4.13.
- [Release notes](https://github.com/symfony/http-kernel/releases)
- [Changelog](https://github.com/symfony/http-kernel/blob/8.1/CHANGELOG.md)
- [Commits](symfony/http-kernel@v7.4.3...v7.4.13)

---
updated-dependencies:
- dependency-name: symfony/http-kernel
  dependency-version: 7.4.13
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [symfony/monolog-bridge](https://github.com/symfony/monolog-bridge) from 7.4.0 to 7.4.12.
- [Release notes](https://github.com/symfony/monolog-bridge/releases)
- [Changelog](https://github.com/symfony/monolog-bridge/blob/8.1/CHANGELOG.md)
- [Commits](symfony/monolog-bridge@v7.4.0...v7.4.12)

---
updated-dependencies:
- dependency-name: symfony/monolog-bridge
  dependency-version: 7.4.12
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [symfony/cache](https://github.com/symfony/cache) from 7.4.3 to 7.4.13.
- [Release notes](https://github.com/symfony/cache/releases)
- [Changelog](https://github.com/symfony/cache/blob/8.1/CHANGELOG.md)
- [Commits](symfony/cache@v7.4.3...v7.4.13)

---
updated-dependencies:
- dependency-name: symfony/cache
  dependency-version: 7.4.13
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [symfony/mime](https://github.com/symfony/mime) from 7.4.0 to 7.4.12.
- [Release notes](https://github.com/symfony/mime/releases)
- [Changelog](https://github.com/symfony/mime/blob/8.1/CHANGELOG.md)
- [Commits](symfony/mime@v7.4.0...v7.4.12)

---
updated-dependencies:
- dependency-name: symfony/mime
  dependency-version: 7.4.12
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [symfony/mailer](https://github.com/symfony/mailer) from 7.4.4 to 7.4.12.
- [Release notes](https://github.com/symfony/mailer/releases)
- [Changelog](https://github.com/symfony/mailer/blob/8.1/CHANGELOG.md)
- [Commits](symfony/mailer@v7.4.4...v7.4.12)

---
updated-dependencies:
- dependency-name: symfony/mailer
  dependency-version: 7.4.12
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [symfony/yaml](https://github.com/symfony/yaml) from 7.4.1 to 7.4.12.
- [Release notes](https://github.com/symfony/yaml/releases)
- [Changelog](https://github.com/symfony/yaml/blob/8.1/CHANGELOG.md)
- [Commits](symfony/yaml@v7.4.1...v7.4.12)

---
updated-dependencies:
- dependency-name: symfony/yaml
  dependency-version: 7.4.12
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [symfony/polyfill-intl-idn](https://github.com/symfony/polyfill-intl-idn) from 1.33.0 to 1.38.1.
- [Release notes](https://github.com/symfony/polyfill-intl-idn/releases)
- [Commits](symfony/polyfill-intl-idn@v1.33.0...v1.38.1)

---
updated-dependencies:
- dependency-name: symfony/polyfill-intl-idn
  dependency-version: 1.38.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Naroh091 and others added 11 commits June 22, 2026 02:27
)

* feat: add bundled request-generation chat prompt for Langfuse

* refactor: source request-generation prompt from Langfuse via PromptStore

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* feat: link request-generation trace to Langfuse prompt ref

Adapt AssistantChatController::request() to consume CompiledPrompt from
RequestPromptComposer::compose(), propagating promptRef/traceName/hasDraft
to AssistantChatTurn — mirroring the existing complaint() method.
Also removes unused $registry variable and its import from the composer test.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* docs: document Langfuse-managed request-generation prompt

Add note in request-workflow.md that the request chat prompt is
managed in Langfuse as `pideinfo-request-generate-request-chat`
with bundled fallback; cross-reference added to architecture.md
prompt list.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* fix: register request-generation chat prompt in PromptCatalog

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* docs: add design spec and implementation plan for request-prompt Langfuse migration

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* feat: implement CRUD for criteria

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file php Pull requests that update php code labels Jul 2, 2026
Naroh091 and others added 13 commits July 2, 2026 08:49
* feat: add draft-only AI solicitud flow (#81)

Add a third option in the "Nueva solicitud" page that lets users draft
a solicitud with AI assistance without any sending capability. Includes:

- Third card ("Quiero redactarla con IA sin enviarla") in start.html.twig,
  switching the grid to 3 columns with green icon accent.
- GET /solicitudes/nueva/redactar → simple organism picker with TomSelect
  autocomplete (create: true so users can type a new name).
- POST /solicitudes/nueva/redactar → looks up the organism case-insensitively
  or creates a minimal PublicBody, then creates a STATUS_PENDING AccessRequest
  (draft_only=true in metadata) and redirects to the existing AI drafting page.
- Dedicated draft_only_picker Stimulus controller wiring the TomSelect
  instance and enabling the submit button only when a value is selected.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>

* feat: add third option "just generate with AI"

---------

Co-authored-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
The agentPresent progress modal polls task status with the session
cookie, but statusUrl pointed at `api_agent_tasks_get`
(/api/agent/tasks/{id}). That firewall is stateless + JWT, so it
ignores the cookie and answers 401 "JWT Token not found" — the modal
never advanced past "pending".

Add AgentTaskStatusController (GET /panel/agent/tasks/{id}/estado,
`app_agent_task_status`) served by the main firewall (cookie auth,
ROLE_USER + ownership check) and repoint the three statusUrl
generators to it. The JWT /api/agent/tasks API stays untouched for the
desktop agent.

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…104)

* fix: serve agent task status to browser via cookie-auth endpoint

The agentPresent progress modal polls task status with the session
cookie, but statusUrl pointed at `api_agent_tasks_get`
(/api/agent/tasks/{id}). That firewall is stateless + JWT, so it
ignores the cookie and answers 401 "JWT Token not found" — the modal
never advanced past "pending".

Add AgentTaskStatusController (GET /panel/agent/tasks/{id}/estado,
`app_agent_task_status`) served by the main firewall (cookie auth,
ROLE_USER + ownership check) and repoint the three statusUrl
generators to it. The JWT /api/agent/tasks API stays untouched for the
desktop agent.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* feat: MCP generate_access_request + semantic search_reg_destinations

Add two MCP tools to prepare a sendable access request (distinct from
create_access_request, which records an already-sent one):

- search_reg_destinations (mcp:read): semantic search over REG/DIR3
  destinations. New pgvector store ai_reg_destinations (halfvec(3072)+HNSW),
  RegDestinationTextBuilder + RegDestinationIndexer + RegDestinationRetriever,
  and app:reg:embed-destinations (incremental / --force). Opt-in --embed hook
  in app:reg:import-destinations keeps the store in sync.
- generate_access_request (mcp:write): server-side AI single-shot draft into a
  PENDING AccessRequest with the RegDestination attached, tagged
  metadata.generated_via = mcp/{client_id}.

Extract RequestDraftGenerator from AssistantChatController (shared applyDraft
normalisation) and fix the latent App\Service\AI\Vector class-not-found that
silently forced the resolution retrieval onto the text fallback.

Docs (mcp.md/architecture.md/request-workflow.md) and unit tests included.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* feat: MCP generate_access_request + semantic search_reg_destinations

Add two MCP tools to prepare a sendable access request (distinct from
create_access_request, which records an already-sent one):

- search_reg_destinations (mcp:read): semantic search over REG/DIR3
  destinations. New pgvector store ai_reg_destinations (halfvec(3072)+HNSW),
  RegDestinationTextBuilder + RegDestinationIndexer + RegDestinationRetriever,
  and app:reg:embed-destinations (incremental / --force). Opt-in --embed hook
  in app:reg:import-destinations keeps the store in sync.
- generate_access_request (mcp:write): server-side AI single-shot draft into a
  PENDING AccessRequest with the RegDestination attached, tagged
  metadata.generated_via = mcp/{client_id}.

Extract RequestDraftGenerator from AssistantChatController (shared applyDraft
normalisation) and fix the latent App\Service\AI\Vector class-not-found that
silently forced the resolution retrieval onto the text fallback.

Docs (mcp.md/architecture.md/request-workflow.md) and unit tests included.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* feat: create RegDestination picker

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
ai-store v0.10.0 VectorDocument::__construct requires int|string $id and
rejects UuidV7 objects under strict_types, crashing app:reg:embed-destinations.
Pass Uuid::v7()->toRfc4122() instead.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Bumps [easycorp/easyadmin-bundle](https://github.com/EasyCorp/EasyAdminBundle) from 4.27.6 to 4.29.10.
- [Release notes](https://github.com/EasyCorp/EasyAdminBundle/releases)
- [Commits](EasyCorp/EasyAdminBundle@v4.27.6...v4.29.10)

---
updated-dependencies:
- dependency-name: easycorp/easyadmin-bundle
  dependency-version: 4.29.10
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/composer/easycorp/easyadmin-bundle-4.29.10 branch from 16b574d to 4202c97 Compare July 9, 2026 21:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file php Pull requests that update php code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant