chore(deps): update dependency drupal/core-recommended to v10 [security] #73

renovate · 2024-10-03T19:20:24Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
drupal/core-recommended	`9.4.9` -> `10.2.9`

GitHub Vulnerability Alerts

CVE-2024-45440

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.

Release Notes

drupal/core-recommended (drupal/core-recommended)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate · 2024-10-03T19:20:25Z

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: drupal/composer.lock

Command failed: composer update drupal/core-recommended:10.2.9 --with-dependencies --ignore-platform-req='ext-*' --ignore-platform-req='lib-*' --no-ansi --no-interaction --no-scripts --no-autoloader --no-plugins
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Root composer.json requires drupal/core-recommended 10.2.9 -> satisfiable by drupal/core-recommended[10.2.9].
    - drupal/core-recommended 10.2.9 requires drupal/core 10.2.9 -> found drupal/core[10.2.9] but these were not loaded, likely because it conflicts with another require.
  Problem 2
    - drupal/upgrade_status is locked to version 3.18.0 and an update of this package was not requested.
    - drupal/upgrade_status 3.18.0 requires mathieuviossat/arraytotexttable ~1.0.0 -> satisfiable by mathieuviossat/arraytotexttable[v1.0.9].
    - laminas/laminas-text 2.10.0 requires php ~8.0.0 || ~8.1.0 || ~8.2.0 -> your php version (8.3.12) does not satisfy that requirement.
    - mathieuviossat/arraytotexttable v1.0.9 requires laminas/laminas-text ^2.9 -> satisfiable by laminas/laminas-text[2.10.0].

Use the option --with-all-dependencies (-W) to allow upgrades, downgrades and removals for packages currently locked to specific versions.

chore(deps): update dependency drupal/core-recommended to v10 [security]

3aa37ae

renovate bot force-pushed the renovate/packagist-drupal-core-recommended-vulnerability branch from 986b14b to 3aa37ae Compare October 8, 2024 16:09

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update dependency drupal/core-recommended to v10 [security] #73

chore(deps): update dependency drupal/core-recommended to v10 [security] #73

renovate bot commented Oct 3, 2024 •

edited

Loading

renovate bot commented Oct 3, 2024 •

edited

Loading

chore(deps): update dependency drupal/core-recommended to v10 [security] #73

Are you sure you want to change the base?

chore(deps): update dependency drupal/core-recommended to v10 [security] #73

Conversation

renovate bot commented Oct 3, 2024 • edited Loading

GitHub Vulnerability Alerts

Release Notes

Configuration

renovate bot commented Oct 3, 2024 • edited Loading

⚠️ Artifact update problem

File name: drupal/composer.lock

renovate bot commented Oct 3, 2024 •

edited

Loading

renovate bot commented Oct 3, 2024 •

edited

Loading