Files
InvoiceShelf/composer.lock
Darko Gjorgjijoski 1aba43aca1 fix(deps): bump vulnerable composer dependencies to patched versions (#679)
3.x is now the default branch, so Dependabot re-surfaced the symfony/guzzle
advisories (composer.lock was never bumped on v3). Same fix as v2's #674:
- laravel/framework -> 13.15.0 (CVE-2026-48019, CRLF in the email rule)
- symfony/{mime,http-kernel,mailer,routing,yaml,polyfill-intl-idn} -> patched
- guzzlehttp/psr7 -> 2.11.0 (host-confusion + CRLF advisories)
composer audit clean.
2026-06-12 14:04:30 +02:00

481 KiB