[UPMERGE] 2.0 -> bootstrap-admin-panel #16250
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This PR was merged into the 1.12 branch. Discussion ---------- | Q | A | --------------- | ----- | Branch? | 1.12 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Related tickets | n/a | License | MIT Fixes CVE-2024-29376. Reported here: https://github.com/r2tunes/Reports/blob/main/Sylius.md Commits ------- 0a7fe9e Add js sanitizeInput function 89880cd Add sanitizer function to UIBundle 19cea9a Use function from UIBundle 3d66fb0 [AddressBook] Add scenario for preventing from a potential XSS attack 9255540 [Checkout] Add scenario for preventing from a potential XSS attack 30de6ff [Behat] Minor scenarios improvements after code review
This PR was merged into the 1.12 branch. Discussion ---------- | Q | A |-----------------|----- | Branch? | 1.12 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Related tickets | n/a | License | MIT Fixes potential xss in admin panel (Taxons and Products) Commits ------- d4812f9 Fix potential xss in admin panel 29d18a3 Use function from UIBundle c11c424 Fix product-auto-complete a17de6d Test adding new taxon d25edf3 Test adding new simple product 63c3cf7 Test adding similar products 679e793 Fixes after CR
…ress Book and Admin Panel (GSadee) This PR was merged into the 1.12 branch. Discussion ---------- | Q | A |-----------------|----- | Branch? | 1.12 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Related tickets | | License | MIT This PR aims to solve 2 issues: - Potential Cross Site Scripting (XSS) via the "Province" field in the Checkout and Address Book (https://github.com/r2tunes/Reports/blob/main/Sylius.md) - Potential Cross Site Scripting (XSS) via the "Name" field (Taxons, Products, Options, Variants) in the Admin Panel Commits ------- Fix potential xss in admin panel Use function from UIBundle Fix product-auto-complete Add js sanitizeInput function Add sanitizer function to UIBundle Use function from UIBundle [AddressBook] Add scenario for preventing from a potential XSS attack [Checkout] Add scenario for preventing from a potential XSS attack [Behat] Minor scenarios improvements after code review Test adding new taxon Test adding new simple product Test adding similar products Fixes after CR bug #69 Fix potential xss in AdressBook and Checkout (mpysiak, GSadee) bug #76 Fix potential xss in admin panel (mpysiak) [Behat] Minor scenarios improvements
This PR was merged into the 1.12 branch. Discussion ---------- | Q | A |-----------------|----- | Branch? | 1.12 | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Related tickets | N/A | License | MIT Commits ------- 6ca4a6a [Maintenance] Update docker docs 3fa947e [Maintenance] Remove unnecessary line
This PR was merged into the 1.13 branch. Discussion ---------- | Q | A |-----------------|----- | Branch? | 1.13 | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Related tickets | N/A | License | MIT Hello, I wanted to add a library, but I got stuck with the deprecation-contract, the library I wanted only accept `^3.0` As we can see on the [diff](symfony/deprecation-contracts@2.5...3.4), there is not so much change between the two version. I think we can add that version too without changing anything else. Tell me if I should target `1.12` instead. Thanks Commits ------- ac1d727 Add wider support for deprecation contract
* 1.12: [Behat] Minor scenarios improvements Fixes after CR Test adding similar products Test adding new simple product Test adding new taxon [Behat] Minor scenarios improvements after code review [Checkout] Add scenario for preventing from a potential XSS attack [AddressBook] Add scenario for preventing from a potential XSS attack Use function from UIBundle Add sanitizer function to UIBundle Add js sanitizeInput function Fix product-auto-complete Use function from UIBundle Fix potential xss in admin panel [Maintenance] Remove unnecessary line [Maintenance] Update docker docs
* 1.13: [Behat] Minor scenarios improvements Fixes after CR Test adding similar products Test adding new simple product Test adding new taxon [Behat] Minor scenarios improvements after code review [Checkout] Add scenario for preventing from a potential XSS attack [AddressBook] Add scenario for preventing from a potential XSS attack Use function from UIBundle Add sanitizer function to UIBundle Add js sanitizeInput function Fix product-auto-complete Use function from UIBundle Fix potential xss in admin panel Add wider support for deprecation contract [Maintenance] Remove unnecessary line [Maintenance] Update docker docs
* 1.14: [Behat] Minor scenarios improvements Fixes after CR Test adding similar products Test adding new simple product Test adding new taxon [Behat] Minor scenarios improvements after code review [Checkout] Add scenario for preventing from a potential XSS attack [AddressBook] Add scenario for preventing from a potential XSS attack Use function from UIBundle Add sanitizer function to UIBundle Add js sanitizeInput function Fix product-auto-complete Use function from UIBundle Fix potential xss in admin panel Add wider support for deprecation contract [Maintenance] Remove unnecessary line [Maintenance] Update docker docs
* 1.12: Change application's version to v1.12.17-dev Generate changelog for v1.12.16 Change application's version to v1.12.16
* 1.13: Change application's version to v1.12.17-dev Generate changelog for v1.12.16 Change application's version to v1.12.16
* 1.14: Change application's version to v1.12.17-dev Generate changelog for v1.12.16 Change application's version to v1.12.16
* 1.13: Change application's version to v1.13.2-dev Generate changelog for v1.13.1 Change application's version to v1.13.1
* 1.14: Change application's version to v1.13.2-dev Generate changelog for v1.13.1 Change application's version to v1.13.1
probot-autolabeler
bot
added
Admin
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR has been generated automatically.
For more details see upmerge_pr.yaml.
Remember! The upmerge should always be merged with using
Merge pull requestbutton.In case of conflicts, please resolve them manually with usign the following commands:
If you use other name for the upstream remote, please replace
upstreamwith the name of your remote pointing to theSylius/Syliusrepository.Once the conflicts are resolved, please run
git merge --continueand push the changes to this PR.