Skip to content

Bump yiisoft/yii2 from 2.0.28 to 2.0.38

Laion requested to merge dependabot/composer/yiisoft/yii2-2.0.38 into master

Created by: dependabot[bot]

Bumps yiisoft/yii2 from 2.0.28 to 2.0.38.

Changelog

Sourced from yiisoft/yii2's changelog.

2.0.38 September 14, 2020

  • Bug #13973: Correct alterColumn for MSSQL & drop constraints before dropping a column (darkdef)
  • Bug #15265: PostgreSQL > 10.0 is not pass tests with default value of timestamp CURRENT_TIMESTAMP (terabytesoftw)
  • Bug #16892: Validation error class was not applied to checkbox and radio when validationStateOn = self::VALIDATION_STATE_ON_INPUT (dan-szabo, samdark)
  • Bug #18040: Display width specification for integer data types was deprecated in MySQL 8.0.19 (terabytesoftw)
  • Bug #18066: Fix yii\db\Query::create() wasn't using all info from withQuery() (maximkou)
  • Bug #18229: Add a flag to specify SyBase database when used with pdo_dblib (darkdef)
  • Bug #18232: Fail tests pgsql v-10.14, v-11.9, v-12-latest (terabytesoftw)
  • Bug #18233: Add PHP 8 support (samdark)
  • Bug #18239: Fix support of no-extension files for FileValidator::validateExtension() (darkdef)
  • Bug #18245: Make resolving DI references inside of arrays in dependencies optional (SamMousa, samdark, hiqsol)
  • Bug #18248: Render only one stack trace on a console for chained exceptions (mikehaertl)
  • Bug #18269: Fix integer safe attribute to work properly in yii\base\Model (Ladone)
  • Bug: (CVE-2020-15148): Disable unserialization of yii\db\BatchQueryResult to prevent remote code execution in case application calls unserialize() on user input containing specially crafted string (samdark, russtone)
  • Enh #18196: yii\rbac\DbManager::$checkAccessAssignments is now protected (alex-code)
  • Enh #18213: Do not load fixtures with circular dependencies twice instead of throwing an exception (JesseHines0)
  • Enh #18236: Allow yii\filters\RateLimiter to accept a closure function for the $user property in order to assign values on runtime (nadar)

2.0.37 August 07, 2020

  • Bug #17147: Fix form attribute validations for empty select inputs (kartik-v)
  • Bug #18156: Fix yii\db\Schema::quoteSimpleTableName() was checking incorrect quote character (M4tho, samdark)
  • Bug #18170: Fix 2.0.36 regression in passing extra console command arguments to the action (darkdef)
  • Bug #18171: Change case of column names in SQL query for findConstraints to fix MySQL 8 compatibility (darkdef)
  • Bug #18182: yii\db\Expression was not supported as condition in ActiveRecord::findOne() and ActiveRecord::findAll() (rhertogh)
  • Bug #18189: Fix "Invalid parameter number" in yii\rbac\DbManager::removeItem() (samdark)
  • Bug #18198: Fix saving tables with trigger by outputting inserted data from insert query with usage of temporary table (darkdef)
  • Bug #18203: PDO exception code was not properly passed to yii\db\Exception (samdark)
  • Bug #18204: Fix 2.0.36 regression in inline validator and JS validation (samdark)
  • Enh #18205: Add .phpstorm.meta.php file for better auto-completion in PhpStorm (vjik)
  • Enh #18210: Allow strict comparison for multi-select inputs (alex-code)
  • Enh #18217: Make yii\console\ErrorHandler render chained exceptions in debug mode (mikehaertl)

2.0.36 July 07, 2020

  • Bug #13828: Fix retrieving inserted data for a primary key of type uniqueidentifier for SQL Server 2005 or later (darkdef)
  • Bug #17474: Fix retrieving inserted data for a primary key of type trigger for SQL Server 2005 or later (darkdef)
  • Bug #17985: Convert migrationNamespaces to array if needed (darkdef)
  • Bug #18001: Fix getting table metadata for tables ( in their name (floor12)
  • Bug #18026: Fix ArrayHelper::getValue() did not work with ArrayAccess objects (mikk150)
  • Bug #18028: Fix division by zero exception in console Table::calculateRowHeight() (fourhundredfour)
  • Bug #18031: HttpBasicAuth with auth callback now triggers login events same was as other authentication methods (samdark)
  • Bug #18041: Fix RBAC migration for MSSQL (darkdef)
  • Bug #18047: Fix colorization markers output in console Table (cheeseq)
Commits
  • fd01e74 release version 2.0.38
  • 2f7fb32 Merge pull request from GHSA-699q-wcff-g9mj
  • 55dc14e Adjust changelog messages
  • 4e3cf83 Bug #18245: Make resolving DI references inside of arrays in dependencies opt...
  • acbefe6 Fix #16892: Validation error class was not applied to checkbox and radio when...
  • ce35719 Fix #18040, fix #15265, fix #18232 database issues (#18225)
  • 5b1b475 Fix typos in Hindi language (#18276)
  • f848d88 Bug #13973: Correct alterColumn for MSSQL & drop constraints before drop column
  • 9141cc5 Fix #18196: yii\rbac\DbManager::$checkAccessAssignments is now protected
  • 6342ad8 Fix #18213: Do not load fixtures with circular dependencies twice instead of ...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Merge request reports