From f1cc8a10f58c886aae0d817775a39f908283591d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 Nov 2021 17:28:40 +0000 Subject: [PATCH 1/4] Bump doctrine/dbal from 3.1.3 to 3.1.4 Bumps [doctrine/dbal](https://github.com/doctrine/dbal) from 3.1.3 to 3.1.4. - [Release notes](https://github.com/doctrine/dbal/releases) - [Commits](https://github.com/doctrine/dbal/compare/3.1.3...3.1.4) --- updated-dependencies: - dependency-name: doctrine/dbal dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- composer.lock | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/composer.lock b/composer.lock index 545b00134a..35b8bc62e8 100644 --- a/composer.lock +++ b/composer.lock @@ -552,16 +552,16 @@ }, { "name": "doctrine/dbal", - "version": "3.1.3", + "version": "3.1.4", "source": { "type": "git", "url": "https://github.com/doctrine/dbal.git", - "reference": "96b0053775a544b4a6ab47654dac0621be8b4cf8" + "reference": "821b4f01a36ce63ed36c090ea74767b72db367e9" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/doctrine/dbal/zipball/96b0053775a544b4a6ab47654dac0621be8b4cf8", - "reference": "96b0053775a544b4a6ab47654dac0621be8b4cf8", + "url": "https://api.github.com/repos/doctrine/dbal/zipball/821b4f01a36ce63ed36c090ea74767b72db367e9", + "reference": "821b4f01a36ce63ed36c090ea74767b72db367e9", "shasum": "" }, "require": { @@ -574,14 +574,14 @@ "require-dev": { "doctrine/coding-standard": "9.0.0", "jetbrains/phpstorm-stubs": "2021.1", - "phpstan/phpstan": "0.12.99", - "phpstan/phpstan-strict-rules": "^0.12.11", + "phpstan/phpstan": "1.1.1", + "phpstan/phpstan-strict-rules": "^1", "phpunit/phpunit": "9.5.10", "psalm/plugin-phpunit": "0.16.1", - "squizlabs/php_codesniffer": "3.6.0", + "squizlabs/php_codesniffer": "3.6.1", "symfony/cache": "^5.2|^6.0", "symfony/console": "^2.0.5|^3.0|^4.0|^5.0|^6.0", - "vimeo/psalm": "4.10.0" + "vimeo/psalm": "4.12.0" }, "suggest": { "symfony/console": "For helpful console commands such as SQL execution and import of files." @@ -641,7 +641,7 @@ ], "support": { "issues": "https://github.com/doctrine/dbal/issues", - "source": "https://github.com/doctrine/dbal/tree/3.1.3" + "source": "https://github.com/doctrine/dbal/tree/3.1.4" }, "funding": [ { @@ -657,7 +657,7 @@ "type": "tidelift" } ], - "time": "2021-10-02T16:15:05+00:00" + "time": "2021-11-15T16:44:33+00:00" }, { "name": "doctrine/deprecations", From c273f309d43684e557f373964455456769cb9970 Mon Sep 17 00:00:00 2001 From: James Cole Date: Mon, 22 Nov 2021 06:34:03 +0100 Subject: [PATCH 2/4] Add mergify --- .github/mergify.yml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 .github/mergify.yml diff --git a/.github/mergify.yml b/.github/mergify.yml new file mode 100644 index 0000000000..f0ecdc6b07 --- /dev/null +++ b/.github/mergify.yml @@ -0,0 +1,7 @@ +pull_request_rules: + - name: Security update by dependabot + conditions: + - author~=^dependabot(|-preview)\[bot\]$ + actions: + merge: + method: merge \ No newline at end of file From 0f9c1b9427b946b5eb580112edfcb3ed6a812970 Mon Sep 17 00:00:00 2001 From: James Cole Date: Mon, 22 Nov 2021 06:40:23 +0100 Subject: [PATCH 3/4] Remove mergify file --- .mergify.yml | 13 ------------- 1 file changed, 13 deletions(-) delete mode 100644 .mergify.yml diff --git a/.mergify.yml b/.mergify.yml deleted file mode 100644 index f0161dfe1d..0000000000 --- a/.mergify.yml +++ /dev/null @@ -1,13 +0,0 @@ -pull_request_rules: - - name: Automatic merge on approval - conditions: - - "#approved-reviews-by>=1" - actions: - merge: - method: merge - - name: Security update by dependabot - conditions: - - "author=dependabot" - actions: - merge: - method: merge \ No newline at end of file From 518b4ba5a7a56760902758ae0a2c6a392c2f4d37 Mon Sep 17 00:00:00 2001 From: James Cole Date: Wed, 24 Nov 2021 19:22:07 +0100 Subject: [PATCH 4/4] Fix CSRF issues --- routes/web.php | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/routes/web.php b/routes/web.php index 6eb7ddb514..1c29386366 100644 --- a/routes/web.php +++ b/routes/web.php @@ -213,7 +213,7 @@ Route::group( ['middleware' => 'user-full-auth', 'namespace' => 'FireflyIII\Http\Controllers', 'prefix' => 'subscriptions', 'as' => 'subscriptions.'], static function () { Route::get('', ['uses' => 'Bill\IndexController@index', 'as' => 'index']); - Route::get('rescan/{bill}', ['uses' => 'Bill\ShowController@rescan', 'as' => 'rescan']); + Route::post('rescan/{bill}', ['uses' => 'Bill\ShowController@rescan', 'as' => 'rescan']); Route::get('create', ['uses' => 'Bill\CreateController@create', 'as' => 'create']); Route::get('edit/{bill}', ['uses' => 'Bill\EditController@edit', 'as' => 'edit']); Route::get('delete/{bill}', ['uses' => 'Bill\DeleteController@delete', 'as' => 'delete']); @@ -649,7 +649,7 @@ Route::group( Route::get('rate/{fromCurrencyCode}/{toCurrencyCode}/{date}', ['uses' => 'Json\ExchangeController@getRate', 'as' => 'rate']); // intro things: - Route::any('intro/finished/{route}/{specificPage?}', ['uses' => 'Json\IntroController@postFinished', 'as' => 'intro.finished']); + Route::post('intro/finished/{route}/{specificPage?}', ['uses' => 'Json\IntroController@postFinished', 'as' => 'intro.finished']); Route::post('intro/enable/{route}/{specificPage?}', ['uses' => 'Json\IntroController@postEnable', 'as' => 'intro.enable']); Route::get('intro/{route}/{specificPage?}', ['uses' => 'Json\IntroController@getIntroSteps', 'as' => 'intro']); } @@ -726,14 +726,15 @@ Route::group( Route::post('enable2FA', ['uses' => 'ProfileController@enable2FA', 'as' => 'enable2FA']); Route::get('2fa/code', ['uses' => 'ProfileController@code', 'as' => 'code']); Route::post('2fa/code', ['uses' => 'ProfileController@postCode', 'as' => 'code.store']); - Route::get('/delete-code', ['uses' => 'ProfileController@deleteCode', 'as' => 'delete-code']); - Route::get('2fa/new-codes', ['uses' => 'ProfileController@newBackupCodes', 'as' => 'new-backup-codes']); + Route::post('/delete-code', ['uses' => 'ProfileController@deleteCode', 'as' => 'delete-code']); + Route::post('2fa/new-codes', ['uses' => 'ProfileController@newBackupCodes', 'as' => 'new-backup-codes']); } ); /** * Recurring Transactions Controller. + * */ Route::group( ['middleware' => 'user-full-auth', 'namespace' => 'FireflyIII\Http\Controllers', 'prefix' => 'recurring', 'as' => 'recurring.'], @@ -1078,7 +1079,7 @@ Route::group( // See reference nr. 6 Route::post('store/{tj}', ['uses' => 'LinkController@store', 'as' => 'store']); Route::get('delete/{journalLink}', ['uses' => 'LinkController@delete', 'as' => 'delete']); - Route::get('switch/{journalLink}', ['uses' => 'LinkController@switchLink', 'as' => 'switch']); + Route::post('switch/{journalLink}', ['uses' => 'LinkController@switchLink', 'as' => 'switch']); Route::post('destroy/{journalLink}', ['uses' => 'LinkController@destroy', 'as' => 'destroy']); }