thibaud-lclr/ltbxd-actorle
1
0
Fork 0
Code Issues 18 Pull requests Projects Releases Packages Wiki Activity Actions

Mettre a jour les dependances PHP vulnerables signalees par composer audit #17

New issue
Open
opened 2026-04-12 18:10:03 +00:00 by thibaud-lclr · 0 comments
thibaud-lclr commented 2026-04-12 18:10:03 +00:00 (Migrated from gitea.lclr.dev)
Copy link

1. Le souci

composer audit remonte des advisories sur des dependances PHP, notamment phpunit/phpunit et symfony/process.

2. Proposition de solution

Mettre a jour les versions affectees, verifier les impacts de compatibilite et figer un niveau de securite propre en dev comme en runtime.

3. Proposition d'implementation

  • relever les contraintes Composer vers des versions corrigees ;
  • relancer composer update cible et les tests ;
  • verifier si symfony/process est reellement utilise dans un contexte sensible ;
  • ajouter composer audit a la routine CI/verification.
## 1. Le souci `composer audit` remonte des advisories sur des dependances PHP, notamment `phpunit/phpunit` et `symfony/process`. ## 2. Proposition de solution Mettre a jour les versions affectees, verifier les impacts de compatibilite et figer un niveau de securite propre en dev comme en runtime. ## 3. Proposition d'implementation - relever les contraintes Composer vers des versions corrigees ; - relancer `composer update` cible et les tests ; - verifier si `symfony/process` est reellement utilise dans un contexte sensible ; - ajouter `composer audit` a la routine CI/verification.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
No results found.
Labels
Clear labels   
area: auth

Authentification, session, CSRF et comptes.

  
area: deps

Dependances PHP/JS, upgrades et compatibilite.

  
area: frontend

Templates, React, Stimulus et rendu navigateur.

  
area: gameplay

Generation de grille, logique de jeu, UX gameplay.

  
area: import

Import Letterboxd/TMDB/Wikidata et qualite de donnees.

  
area: infra

Infra, Docker, runtime, worker, healthchecks.

  
area: product

Fonctionnalites produit et experience joueur.

  
area: tests

Tests, fixtures et stabilite CI.

  
priority: P0

Critique : securite/fiabilite forte ou blocage production.

  
priority: P1

Important : a traiter rapidement.

  
priority: P2

Souhaitable : amelioration structurante non urgente.

  
priority: P3

Confort ou evolution long terme.

  
type: bug

Defaut de comportement, regression ou resultat incorrect.

  
type: chore

Dette technique, maintenance ou refactor sans changement produit direct.

  
type: feature

Evolution produit visible ou nouvelle capacite.

  
type: infrastructure

Sujet runtime, Docker, deploiement ou observabilite.

  
type: performance

Optimisation de temps de reponse, charge ou scalabilite.

  
type: security

Risque de securite, durcissement ou controle d acces.

No labels
area: auth
area: deps
area: frontend
area: gameplay
area: import
area: infra
area: product
area: tests
priority: P0
priority: P1
priority: P2
priority: P3
type: bug
type: chore
type: feature
type: infrastructure
type: performance
type: security
Milestone
Clear milestone
No items
No milestone
Security & Hardening
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: thibaud-lclr/ltbxd-actorle#17
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?