Skip to content

[SECURITY] Update drupal/core-recommended from 10.2.3 to 10.5.3 #368

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[SECURITY] Update drupal/core-recommended from 10.2.3 to 10.5.3 #368

wants to merge 1 commit into from

Conversation

violinist-bot
Copy link
Contributor

If you have a high test coverage index, and your tests for this pull request are passing, it should be both safe and recommended to merge this update.

Updated packages

Some times an update also needs new or updated dependencies to be installed. Even if this branch is for updating one dependency, it might contain other installs or updates. All of the updates in this branch can be found here:

  • symfony/polyfill-php72 v1.29.0 (package was removed)
  • symfony/polyfill-php80 v1.29.0 (package was removed)
  • asm89/stack-cors: v2.3.0 (updated from v2.2.0)
  • composer/semver: 3.4.4 (updated from 3.4.0)
  • doctrine/annotations: 1.14.4 (updated from 1.14.3)
  • doctrine/deprecations: 1.1.5 (updated from 1.1.3)
  • drupal/core: 10.5.3 (updated from 10.2.3)
  • drupal/core-composer-scaffold: 10.5.3 (updated from 10.2.3)
  • drupal/core-project-message: 10.5.3 (updated from 10.2.3)
  • drupal/core-recommended: 10.5.3 (updated from 10.2.3)
  • egulias/email-validator: 4.0.4 (updated from 4.0.2)
  • guzzlehttp/guzzle: 7.9.3 (updated from 7.8.1)
  • guzzlehttp/promises: 2.2.0 (updated from 2.0.2)
  • guzzlehttp/psr7: 2.7.1 (updated from 2.6.2)
  • masterminds/html5: 2.9.0 (updated from 2.8.1)
  • mck89/peast: v1.17.2 (updated from v1.15.4)
  • pear/archive_tar: 1.5.0 (updated from 1.4.14)
  • pear/pear-core-minimal: v1.10.16 (updated from v1.10.14)
  • psr/http-factory: 1.1.0 (updated from 1.0.2)
  • psr/log: 3.0.2 (updated from 3.0.0)
  • sebastian/diff: 4.0.6 (updated from 4.0.5)
  • symfony/console: v6.4.25 (updated from v6.4.3)
  • symfony/dependency-injection: v6.4.25 (updated from v6.4.3)
  • symfony/deprecation-contracts: v3.5.1 (updated from v3.4.0)
  • symfony/error-handler: v6.4.24 (updated from v6.4.3)
  • symfony/event-dispatcher: v6.4.25 (updated from v6.4.3)
  • symfony/event-dispatcher-contracts: v3.5.1 (updated from v3.4.0)
  • symfony/filesystem: v6.4.24 (updated from v6.4.3)
  • symfony/finder: v6.4.24 (updated from v6.4.0)
  • symfony/http-foundation: v6.4.25 (updated from v6.4.3)
  • symfony/http-kernel: v6.4.25 (updated from v6.4.3)
  • symfony/mailer: v6.4.25 (updated from v6.4.3)
  • symfony/mime: v6.4.24 (updated from v6.4.3)
  • symfony/polyfill-ctype: v1.31.0 (updated from v1.28.0)
  • symfony/polyfill-iconv: v1.31.0 (updated from v1.28.0)
  • symfony/polyfill-intl-grapheme: v1.31.0 (updated from v1.28.0)
  • symfony/polyfill-intl-idn: v1.31.0 (updated from v1.28.0)
  • symfony/polyfill-intl-normalizer: v1.31.0 (updated from v1.28.0)
  • symfony/polyfill-mbstring: v1.31.0 (updated from v1.28.0)
  • symfony/polyfill-php81: v1.33.0 (updated from v1.29.0)
  • symfony/polyfill-php83: v1.31.0 (updated from v1.28.0)
  • symfony/process: v6.4.25 (updated from v6.4.3)
  • symfony/psr-http-message-bridge: v6.4.24 (updated from v6.4.3)
  • symfony/routing: v6.4.24 (updated from v6.4.3)
  • symfony/serializer: v6.4.25 (updated from v6.4.3)
  • symfony/service-contracts: v3.5.1 (updated from v3.4.1)
  • symfony/string: v6.4.25 (updated from v6.4.3)
  • symfony/translation-contracts: v3.5.1 (updated from v3.4.1)
  • symfony/validator: v6.4.25 (updated from v6.4.3)
  • symfony/var-dumper: v6.4.25 (updated from v6.4.3)
  • symfony/var-exporter: v6.4.25 (updated from v6.4.3)
  • symfony/yaml: v6.4.25 (updated from v6.4.3)
  • twig/twig: v3.20.0 (updated from v3.8.0)

Release notes

Here are the release notes for all versions released between your current running version, and the version this PR updates the package to.

List of release notes

Changed files

Here is a list of changed files between the version you use, and the version this pull request updates to:

List of changed files 
  composer.json

Changelog

Here is a list of changes between the version you use, and the version this pull request updates to:

  • f046374 Drupal 10.5.3
  • f42aa30 Back to dev.
  • fde5c3c Drupal 10.5.2
  • f0c7dbc Back to dev.
  • 60b76ba Drupal 10.5.1
  • 74d3345 Back to dev.
  • e64c11c Drupal 10.5.0
  • 9124856 Back to dev.
  • 4479055 Drupal 10.5.0-rc1
  • 79e7774 Back to dev.
  • 3459e4f Drupal 10.5.0-beta1
  • 5ea5299 Issue #3522354 by longwave, quietone: Update Composer dependencies for 10.5.0
  • 0a0651b Issue #3471642 by luke.leber, drupalite1411, greggles: Upgrade asm89/stack-cors to prevent loss of Vary header values
  • 11a8e99 Issue #3503195 by alexpott, longwave, loopy1492: Twig needs updating for CVE-2025-24374
  • 939a4a7 Issue #3490183 by spokje, andypost: Update Composer dependencies for 10.4.0
  • 214f60c Issue #3488365 by andypost, longwave: Upgrade twig/twig to 3.15.0
  • 471a474 Revert "Issue #3488365 by andypost: Upgrade twig/twig to 3.15.0"
  • 792ff81 Issue #3488365 by andypost: Upgrade twig/twig to 3.15.0
  • effda1c Issue #3486545 by spokje, andypost: Update Composer dependencies for 10.4.0-beta1
  • 3a9cf09 Issue #3485956 by mradcliffe, jan kellermann, gillesbailleux, raphaelbertrand, cilefen, larowlan: Recursion limit exceeded with Twig v3.14.1 when editing a node or a block
  • 07a7e8d Drupal 10.5.x-dev
  • cd96db5 Issue #3478331 by andypost, smustgrave: Upgrade composer to 2.8.1 for PHP 8.4
  • fda00bb Issue #3473195 by longwave, catch, jurgenhaas, naveenvalecha, quietone: twig/twig has a possible sandbox bypass <v3.14.0
  • a118fb0 Issue #3467293 by Spokje, longwave: twig/twig 3.11.0 introduces (for Drupal) breaking changes
  • 10b8704 Issue #3454556 by xjm: Require Composer 2.7.7
  • 047fac2 Issue #3447204 by longwave, quietone: Update Composer dependencies for 10.3.0-beta1
  • ce9d855 Drupal 10.4.x-dev
  • 00ee439 Issue #3439521 by pradhumanjain2311, quietone, smustgrave: Update composer dependencies for Drupal 10.3
  • 6c4415d Issue #3441331 by andypost, longwave, alexpott, Spokje, xjm: Update to Twig 3.9
  • bda36ae Issue #3428052 by Spokje, mondrake: Bump phpstan/phpstan and mglaman/phpstan-drupal to latest
  • 90f129c Drupal 10.3.x-dev
  • 0c41ce5 Issue #3405696 by longwave, Spokje, andypost, quietone, smustgrave, mondrake: Update composer dependencies for Drupal 10.2.0
  • b3d5c5e Issue #3405704 by Spokje, longwave: symfony/psr-http-message-bridge major version bump
  • ca6e213 Issue #3404694 by Spokje, longwave, mglaman, andypost: Update dependencies for Drupal 10.2
  • f87dbd1 Issue #3401901 by Spokje, smustgrave, longwave: Update composer dependencies for Drupal 10.2 beta
  • b863e81 Issue #3401200 by quietone: Update composer dependencies for Drupal 10.2 beta
  • 9656162 Issue #3395586 by andy-blum, deviantintegral, longwave, catch: Add Symfony's Filesystem and Finder components to core
  • 64ebac4 Issue #3393151 by Spokje, quietone: Update composer dependencies for Drupal 10.2
  • f4c9ff8 Issue #3392616 by Spokje, longwave: Update to Symfony 6.4
  • c600542 Issue #3165762 followup by longwave, smustgrave, Spokje: Move symfony/mailer dependency from drupal/drupal to drupal/core

Working with this branch

If you find you need to update the codebase to be able to merge this branch (for example update some tests or rebuild some assets), please note that violinist will force push to this branch to keep it up to date. This means you should not work on this branch directly, since you might lose your work. Read more about branches created by violinist.io here.

This is an automated pull request from Violinist: Continuously and automatically monitor and update your composer dependencies. Have ideas on how to improve this message? All violinist messages are open-source, and can be improved here.

@shaal shaal mentioned this pull request Sep 4, 2025
Closed
@coderabbitai coderabbitai
Copy link

coderabbitai bot commented Sep 4, 2025

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)
  • composer.lock is excluded by !**/*.lock

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing Touches
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

  • Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

  • Visit our Status Page to check the current availability of CodeRabbit.
  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@shaal
Copy link
Owner

shaal commented Oct 2, 2025

This will now be closed, since it has been superseded by #372.

@shaal shaal closed this Oct 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@violinist-bot @shaal