Bump phpmailer/phpmailer from 6.12.0 to 7.0.2#7
Bump phpmailer/phpmailer from 6.12.0 to 7.0.2#7dependabot[bot] wants to merge 1 commit intomasterfrom
Conversation
dependabot
bot
added
dependencies
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 72111ea6e7
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
composer.json
Outdated
| "type": "project", | ||
| "require": { | ||
| "phpmailer/phpmailer": "^6.8", | ||
| "phpmailer/phpmailer": "^7.0", |
There was a problem hiding this comment.
This bump only changes composer.json/composer.lock, but the runtime image uses the committed src/vendor tree (Dockerfile copies only /src at line 35 and never runs Composer, and entrypoint.sh also has no install step), so production will still ship PHPMailer v6.12.0 from src/vendor/composer/installed.json instead of v7.0.2. In this repository layout, that means the intended dependency/security upgrade is not actually applied and the manifests now misrepresent what code is deployed.
Useful? React with 👍 / 👎.
dependabot
bot
force-pushed
the
dependabot/composer/phpmailer/phpmailer-7.0.2
branch
2 times, most recently
from
168041f to
3765138
Compare
Bumps [phpmailer/phpmailer](https://github.com/PHPMailer/PHPMailer) from 6.12.0 to 7.0.2. - [Release notes](https://github.com/PHPMailer/PHPMailer/releases) - [Changelog](https://github.com/PHPMailer/PHPMailer/blob/master/changelog.md) - [Commits](PHPMailer/PHPMailer@v6.12.0...v7.0.2) --- updated-dependencies: - dependency-name: phpmailer/phpmailer dependency-version: 7.0.2 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/composer/phpmailer/phpmailer-7.0.2
branch
from
3765138 to
ffa1833
Compare
Bumps phpmailer/phpmailer from 6.12.0 to 7.0.2.
Release notes
Sourced from phpmailer/phpmailer's releases.
... (truncated)
Changelog
Sourced from phpmailer/phpmailer's changelog.
Commits
ebf16557.0.2b938991Merge pull request #3283 from SirLouen/patch/32827e3f243Merge pull request #3288 from RobinvanderVliet/patch-11a0004bImprove memory usage when sending large attachmentsa969e57Merge pull request #3287 from PHPMailer/dependabot/github_actions/actions/upl...28caa24Merge pull request #3286 from PHPMailer/dependabot/github_actions/action-runn...5f71068GH Actions: Bump actions/upload-artifact from 5.0.0 to 6.0.0827e170GH Actions: Bump the action-runners group with 3 updates0d4c5eefix: Correct sendmail_path validation to ensure proper formatting for sender ...14e1efedocs: Fixing array multiline syntax for sendmailPathProviderDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)