chore(deps): update dependency drupal/core-recommended to v10 [security] #101

renovate · 2024-10-03T19:59:57Z

This PR contains the following updates:

Package	Change	Age	Confidence
drupal/core-recommended	`^9.4` → `^10.2.9`

GitHub Vulnerability Alerts

CVE-2024-45440

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.

Release Notes

drupal/core-recommended (drupal/core-recommended)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate · 2024-11-17T19:51:57Z

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: drupal/composer.lock

Command failed: composer update drupal/core-recommended:10.2.9 --with-dependencies --ignore-platform-req=ext-* --ignore-platform-req=lib-* --no-ansi --no-interaction --no-scripts --no-autoloader --no-plugins --minimal-changes
Loading composer repositories with package information
Dependency drupal/core-composer-scaffold is also a root requirement. Package has not been listed as an update argument, so keeping locked at old version. Use --with-all-dependencies (-W) to include root dependencies.
Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Root composer.json requires drupal/core-recommended ^10.2.9, found drupal/core-recommended[10.2.9, ..., 10.6.x-dev] but these were not loaded, because they are affected by security advisories ("PKSA-j4hv-gdkq-8fy8", "PKSA-4txt-syt7-f859", "PKSA-ckr2-ndkc-nts3", "PKSA-vt8m-56zm-d92y", "PKSA-hc46-z535-fjfk", "PKSA-35hc-pd1y-zwpc"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
  Problem 2
    - drupal/admin_audit_trail is locked to version 1.0.0-beta1 and an update of this package was not requested.
    - drupal/admin_audit_trail 1.0.0-beta1 requires drupal/core ^8 || ^9 -> satisfiable by drupal/core[8.0.x-dev, ..., 8.9.x-dev, 9.0.x-dev, ..., 9.5.x-dev].
    - drupal/core 9.3.x-dev requires laminas/laminas-diactoros ^2.1 -> satisfiable by laminas/laminas-diactoros[2.4.x-dev, ..., 2.26.x-dev], longwave/laminas-diactoros[2.14.x-dev].
    - drupal/core[9.4.x-dev, ..., 9.5.x-dev] require longwave/laminas-diactoros ^2.14 -> satisfiable by longwave/laminas-diactoros[2.14.x-dev].
    - laminas/laminas-diactoros[2.7.x-dev, ..., 2.14.x-dev] require php ^7.3 || ~8.0.0 || ~8.1.0 -> your php version (8.5.1) does not satisfy that requirement.
    - laminas/laminas-diactoros[2.15.x-dev, ..., 2.17.x-dev] require php ^7.4 || ~8.0.0 || ~8.1.0 -> your php version (8.5.1) does not satisfy that requirement.
    - laminas/laminas-diactoros[2.18.1, ..., 2.25.x-dev] require php ~8.0.0 || ~8.1.0 || ~8.2.0 -> your php version (8.5.1) does not satisfy that requirement.
    - laminas/laminas-diactoros[2.26.0, ..., 2.26.x-dev] require php ~8.0.0 || ~8.1.0 || ~8.2.0 || ~8.3.0 -> your php version (8.5.1) does not satisfy that requirement.
    - laminas/laminas-diactoros 2.4.x-dev requires php ^7.1 -> your php version (8.5.1) does not satisfy that requirement.
    - laminas/laminas-diactoros[2.5.x-dev, ..., 2.6.x-dev] require php ^7.3 || ~8.0.0 -> your php version (8.5.1) does not satisfy that requirement.
    - longwave/laminas-diactoros 2.14.x-dev requires php ^7.3 || ~8.0.0 || ~8.1.0 || ~8.2.0 || ~8.3.0 -> your php version (8.5.1) does not satisfy that requirement.

Use the option --with-all-dependencies (-W) to allow upgrades, downgrades and removals for packages currently locked to specific versions.

renovate bot force-pushed the renovate/packagist-drupal-core-recommended-vulnerability branch 2 times, most recently from ad2e889 to 1b35148 Compare October 9, 2024 08:10

renovate bot changed the title ~~chore(deps): update dependency drupal/core-recommended to v10 [security]~~ chore(deps): update dependency drupal/core-recommended to ^9.5.11 [security] Oct 9, 2024

renovate bot force-pushed the renovate/packagist-drupal-core-recommended-vulnerability branch from 1b35148 to 1491a79 Compare October 9, 2024 10:32

renovate bot changed the title ~~chore(deps): update dependency drupal/core-recommended to ^9.5.11 [security]~~ chore(deps): update dependency drupal/core-recommended to v10 [security] Oct 9, 2024

renovate bot force-pushed the renovate/packagist-drupal-core-recommended-vulnerability branch from 1491a79 to d00c8ea Compare October 28, 2024 16:21

renovate bot changed the title ~~chore(deps): update dependency drupal/core-recommended to v10 [security]~~ chore(deps): update dependency drupal/core-recommended to ^9.5.11 [security] Oct 28, 2024

renovate bot force-pushed the renovate/packagist-drupal-core-recommended-vulnerability branch from d00c8ea to 6bc63e7 Compare October 28, 2024 18:49

renovate bot changed the title ~~chore(deps): update dependency drupal/core-recommended to ^9.5.11 [security]~~ chore(deps): update dependency drupal/core-recommended to v10 [security] Oct 28, 2024

renovate bot force-pushed the renovate/packagist-drupal-core-recommended-vulnerability branch from 6bc63e7 to a5bdf0f Compare November 17, 2024 16:04

renovate bot changed the title ~~chore(deps): update dependency drupal/core-recommended to v10 [security]~~ chore(deps): update dependency drupal/core-recommended to ^9.5.11 [security] Nov 17, 2024

renovate bot force-pushed the renovate/packagist-drupal-core-recommended-vulnerability branch from a5bdf0f to ef0f985 Compare November 17, 2024 19:51

renovate bot changed the title ~~chore(deps): update dependency drupal/core-recommended to ^9.5.11 [security]~~ chore(deps): update dependency drupal/core-recommended to v10 [security] Nov 17, 2024

renovate bot force-pushed the renovate/packagist-drupal-core-recommended-vulnerability branch from ef0f985 to 1c8dc69 Compare December 2, 2024 11:14

renovate bot changed the title ~~chore(deps): update dependency drupal/core-recommended to v10 [security]~~ chore(deps): update dependency drupal/core-recommended to ^9.5.11 [security] Dec 2, 2024

renovate bot force-pushed the renovate/packagist-drupal-core-recommended-vulnerability branch from 1c8dc69 to 4a8060c Compare December 2, 2024 14:06

renovate bot changed the title ~~chore(deps): update dependency drupal/core-recommended to ^9.5.11 [security]~~ chore(deps): update dependency drupal/core-recommended to v10 [security] Dec 2, 2024

renovate bot force-pushed the renovate/packagist-drupal-core-recommended-vulnerability branch from 4a8060c to e262f5e Compare December 7, 2024 13:54

renovate bot changed the title ~~chore(deps): update dependency drupal/core-recommended to v10 [security]~~ chore(deps): update dependency drupal/core-recommended to ^9.5.11 [security] Dec 7, 2024

renovate bot force-pushed the renovate/packagist-drupal-core-recommended-vulnerability branch from e262f5e to aa108a1 Compare December 7, 2024 15:15

renovate bot changed the title ~~chore(deps): update dependency drupal/core-recommended to ^9.5.11 [security]~~ chore(deps): update dependency drupal/core-recommended to v10 [security] Dec 7, 2024

renovate bot force-pushed the renovate/packagist-drupal-core-recommended-vulnerability branch from aa108a1 to 61008db Compare December 17, 2024 22:36

renovate bot changed the title ~~chore(deps): update dependency drupal/core-recommended to v10 [security]~~ chore(deps): update dependency drupal/core-recommended to ^9.5.11 [security] Dec 17, 2024

renovate bot force-pushed the renovate/packagist-drupal-core-recommended-vulnerability branch from 61008db to 53d9512 Compare December 18, 2024 02:40

renovate bot changed the title ~~chore(deps): update dependency drupal/core-recommended to ^9.5.11 [security]~~ chore(deps): update dependency drupal/core-recommended to v10 [security] Dec 18, 2024

renovate bot force-pushed the renovate/packagist-drupal-core-recommended-vulnerability branch from 53d9512 to 70cb616 Compare December 22, 2024 16:08

renovate bot changed the title ~~chore(deps): update dependency drupal/core-recommended to v10 [security]~~ chore(deps): update dependency drupal/core-recommended to ^9.5.11 [security] Dec 22, 2024

renovate bot force-pushed the renovate/packagist-drupal-core-recommended-vulnerability branch from 70cb616 to 7f3997e Compare December 22, 2024 19:07

renovate bot changed the title ~~chore(deps): update dependency drupal/core-recommended to ^9.5.11 [security]~~ chore(deps): update dependency drupal/core-recommended to v10 [security] Dec 22, 2024

renovate bot changed the title ~~chore(deps): update dependency drupal/core-recommended to ^9.5.11 [security]~~ chore(deps): update dependency drupal/core-recommended to v10 [security] Oct 22, 2025

renovate bot force-pushed the renovate/packagist-drupal-core-recommended-vulnerability branch from c1a8895 to b1bdeb8 Compare November 11, 2025 00:56

renovate bot changed the title ~~chore(deps): update dependency drupal/core-recommended to v10 [security]~~ chore(deps): update dependency drupal/core-recommended to ^9.5.11 [security] Nov 11, 2025

renovate bot force-pushed the renovate/packagist-drupal-core-recommended-vulnerability branch from b1bdeb8 to edc3956 Compare November 11, 2025 08:48

renovate bot changed the title ~~chore(deps): update dependency drupal/core-recommended to ^9.5.11 [security]~~ chore(deps): update dependency drupal/core-recommended to v10 [security] Nov 11, 2025

renovate bot force-pushed the renovate/packagist-drupal-core-recommended-vulnerability branch from edc3956 to 7cd7f52 Compare November 18, 2025 22:38

renovate bot changed the title ~~chore(deps): update dependency drupal/core-recommended to v10 [security]~~ chore(deps): update dependency drupal/core-recommended to ^9.5.11 [security] Nov 18, 2025

renovate bot force-pushed the renovate/packagist-drupal-core-recommended-vulnerability branch from 7cd7f52 to ed4d361 Compare November 19, 2025 02:14

renovate bot changed the title ~~chore(deps): update dependency drupal/core-recommended to ^9.5.11 [security]~~ chore(deps): update dependency drupal/core-recommended to v10 [security] Nov 19, 2025

renovate bot force-pushed the renovate/packagist-drupal-core-recommended-vulnerability branch from ed4d361 to a714018 Compare December 3, 2025 20:00

renovate bot changed the title ~~chore(deps): update dependency drupal/core-recommended to v10 [security]~~ chore(deps): update dependency drupal/core-recommended to ^9.5.11 [security] Dec 3, 2025

renovate bot force-pushed the renovate/packagist-drupal-core-recommended-vulnerability branch from a714018 to fdeac31 Compare December 3, 2025 21:07

renovate bot changed the title ~~chore(deps): update dependency drupal/core-recommended to ^9.5.11 [security]~~ chore(deps): update dependency drupal/core-recommended to v10 [security] Dec 3, 2025

renovate bot force-pushed the renovate/packagist-drupal-core-recommended-vulnerability branch from fdeac31 to 5d2504f Compare December 10, 2025 10:39

renovate bot changed the title ~~chore(deps): update dependency drupal/core-recommended to v10 [security]~~ chore(deps): update dependency drupal/core-recommended to ^9.5.11 [security] Dec 10, 2025

renovate bot force-pushed the renovate/packagist-drupal-core-recommended-vulnerability branch from 5d2504f to 25760f5 Compare December 10, 2025 12:31

renovate bot changed the title ~~chore(deps): update dependency drupal/core-recommended to ^9.5.11 [security]~~ chore(deps): update dependency drupal/core-recommended to v10 [security] Dec 10, 2025

renovate bot force-pushed the renovate/packagist-drupal-core-recommended-vulnerability branch from 25760f5 to 37edd7d Compare December 15, 2025 17:41

renovate bot changed the title ~~chore(deps): update dependency drupal/core-recommended to v10 [security]~~ chore(deps): update dependency drupal/core-recommended to ^9.5.11 [security] Dec 15, 2025

renovate bot force-pushed the renovate/packagist-drupal-core-recommended-vulnerability branch from 37edd7d to 2ffc85d Compare December 15, 2025 20:49

renovate bot changed the title ~~chore(deps): update dependency drupal/core-recommended to ^9.5.11 [security]~~ chore(deps): update dependency drupal/core-recommended to v10 [security] Dec 15, 2025

renovate bot force-pushed the renovate/packagist-drupal-core-recommended-vulnerability branch from 2ffc85d to 2e70681 Compare December 30, 2025 14:14

renovate bot changed the title ~~chore(deps): update dependency drupal/core-recommended to v10 [security]~~ chore(deps): update dependency drupal/core-recommended to ^9.5.11 [security] Dec 30, 2025

renovate bot force-pushed the renovate/packagist-drupal-core-recommended-vulnerability branch from 2e70681 to 6184e86 Compare December 30, 2025 18:44

renovate bot changed the title ~~chore(deps): update dependency drupal/core-recommended to ^9.5.11 [security]~~ chore(deps): update dependency drupal/core-recommended to v10 [security] Dec 30, 2025

renovate bot force-pushed the renovate/packagist-drupal-core-recommended-vulnerability branch from 6184e86 to bac7397 Compare December 31, 2025 16:47

renovate bot changed the title ~~chore(deps): update dependency drupal/core-recommended to v10 [security]~~ chore(deps): update dependency drupal/core-recommended to ^9.5.11 [security] Dec 31, 2025

chore(deps): update dependency drupal/core-recommended to v10 [security]

515ccd5

renovate bot force-pushed the renovate/packagist-drupal-core-recommended-vulnerability branch from bac7397 to 515ccd5 Compare December 31, 2025 21:47

renovate bot changed the title ~~chore(deps): update dependency drupal/core-recommended to ^9.5.11 [security]~~ chore(deps): update dependency drupal/core-recommended to v10 [security] Dec 31, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): update dependency drupal/core-recommended to v10 [security] #101

chore(deps): update dependency drupal/core-recommended to v10 [security] #101

Uh oh!

renovate bot commented Oct 3, 2024 •

edited

Loading

Uh oh!

renovate bot commented Nov 17, 2024 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

chore(deps): update dependency drupal/core-recommended to v10 [security] #101

Are you sure you want to change the base?

chore(deps): update dependency drupal/core-recommended to v10 [security] #101

Uh oh!

Conversation

renovate bot commented Oct 3, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

GitHub Vulnerability Alerts

Release Notes

Configuration

Uh oh!

renovate bot commented Nov 17, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

⚠️ Artifact update problem

File name: drupal/composer.lock

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

renovate bot commented Oct 3, 2024 •

edited

Loading

renovate bot commented Nov 17, 2024 •

edited

Loading