Bump sylius/sylius from 2.2.1 to 2.2.3 by dependabot[bot] · Pull Request #19 · Sylius/SyliusPracticalMasteryCourse2

dependabot · 2026-03-10T10:10:49Z

Bumps sylius/sylius from 2.2.1 to 2.2.3.

Release notes

Sourced from sylius/sylius's releases.

v2.2.3

TL;DR

🔒 This is a security release!

Fixes the following vulnerabilities:

Open Redirect via Referer Header

DQL Injection via API Order Filters

Promotion Usage Limit Bypass via Race Condition

IDOR in Cart and Checkout LiveComponents

Missing Authorization in API v2 Add Item Endpoint

XSS Vulnerability in Checkout Login Form

Authenticated Stored XSS

Details

#18747 Fix panther build (@TheMilek)

#18758 Remove duplicated serialization group field (@TheMilek)

#18785 Try to fix build after ResourceBundle release (@TheMilek)

#18742 [Admin] Fix order history address fields not displaying empty values (@Wojdylak)

#18806 Fix after new release of PayumBundle (@TheMilek)

#18836 Upgrade BuildTestAppAction from v3.0.1 to v4 (@TheMilek)

#18832 [Admin] Fix images not being emitted with Webpack 5.105+ (@GSadee)

#18841 Fix Dutch translation for payment method (@JordiDekker)

#18871 Add conflict to api-platform/serializer 4.2.17 (@TheMilek)

#18888 Remove redundant check with apip4.1.7 in matrix (@TheMilek)

#18887 [BUGFIX] Make GitHub actions green again 2.1 (@rust-le)

#18844 Fix formatting in UPGRADE-2.0.md (@LucaGallinari)

Full Changelog: Sylius/Sylius@v2.2.2...v2.2.3

v2.2.2

Details

#18691 [CS][DX] Refactor

#18690 [CS][DX] Refactor

#18689 [CS][DX] Refactor

#18693 [CI] Standardize job timeouts to 15 minutes (@Rafikooo)

#18703 [Deps] Allow psr/http-message ^2.0 (@Rafikooo)

#18716 Try to fix build with PHP 8.5 and 8.4 (@TheMilek)

#18707 [DX] Update branch aliases to 1.14-dev (@Rafikooo)

#18721 Fix tests application error templates (@loic425)

#16892 [FIXTURES] Fix menu taxon code (@TheMilek)

#18366 Fix ro PayumBundle Translation (@revoltek-daniel)

#18725 Bugfix/merged overrides missing operations (@TheMilek)

#18702 [Composer] Remove outdated twig/twig conflicts from bundles (@Rafikooo)

#18722 [API] Payment Request fix default action when IRI is given (@Prometee)

#18732 Make PostgreSQL telemetry migration extend dedicated abstract (@TheMilek)

#18369 Add form help rendering to forms (@tomkalon)

#18735 [CS][DX] Refactor

... (truncated)

Changelog

Sourced from sylius/sylius's changelog.

v2.2.3 (2026-03-09)

Details

#18747 Fix panther build (@TheMilek)

#18758 Remove duplicated serialization group field (@TheMilek)

#18785 Try to fix build after ResourceBundle release (@TheMilek)

#18742 [Admin] Fix order history address fields not displaying empty values (@Wojdylak)

#18806 Fix after new release of PayumBundle (@TheMilek)

#18836 Upgrade BuildTestAppAction from v3.0.1 to v4 (@TheMilek)

#18832 [Admin] Fix images not being emitted with Webpack 5.105+ (@GSadee)

#18841 Fix Dutch translation for payment method (@JordiDekker)

#18871 Add conflict to api-platform/serializer 4.2.17 (@TheMilek)

#18888 Remove redundant check with apip4.1.7 in matrix (@TheMilek)

#18887 [BUGFIX] Make GitHub actions green again 2.1 (@rust-le)

#18844 Fix formatting in UPGRADE-2.0.md (@LucaGallinari)

v2.2.2 (2026-01-20)

Details

#18691 [CS][DX] Refactor

#18690 [CS][DX] Refactor

#18689 [CS][DX] Refactor

#18693 [CI] Standardize job timeouts to 15 minutes (@Rafikooo)

#18703 [Deps] Allow psr/http-message ^2.0 (@Rafikooo)

#18716 Try to fix build with PHP 8.5 and 8.4 (@TheMilek)

#18707 [DX] Update branch aliases to 1.14-dev (@Rafikooo)

#18721 Fix tests application error templates (@loic425)

#16892 [FIXTURES] Fix menu taxon code (@TheMilek)

#18366 Fix ro PayumBundle Translation (@revoltek-daniel)

#18725 Bugfix/merged overrides missing operations (@TheMilek)

#18702 [Composer] Remove outdated twig/twig conflicts from bundles (@Rafikooo)

#18722 [API] Payment Request fix default action when IRI is given (@Prometee)

#18732 Make PostgreSQL telemetry migration extend dedicated abstract (@TheMilek)

#18369 Add form help rendering to forms (@tomkalon)

#18735 [CS][DX] Refactor

#18726 [Channel] Resolve localhost equivalents when matching channel by hostname (@Rafikooo)

#18708 [DX] Improve AI contribution guidelines (@Rafikooo)

#18711 Fix typo in first_name.html.twig (@LucaGallinari)

#18736 TASK: [2.2] [UiBundle] adjust translations for admin password reset page (@crydotsnake)

#18565 Add ternary operator to fix related with empty key (@michalkaczmarek-bitbag)

#18572 Bugfix/fix autocomplete in admin to be case insensitive (@michalkaczmarek-bitbag)

Commits

111d96b Generate changelog for v2.2.3
b6c367e Change application's version to v2.2.3
2a454ff [UPMERGE] 2.1 -> 2.2 (#18897)
03a5ba1 Resolve conflicts between 2.1 and 2.2
4e12579 Stan and overall build fixes
25b8d77 Fix cart authorization bypass fixes
c63955b Fix too frequent/long requests to GUS
9b57e87 [Promotion] Fix race condition of usage limit
cb53fce Fix open redirect
abd7f00 [Shop] Fix potential XSS in ApiLoginController
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [sylius/sylius](https://github.com/Sylius/Sylius) from 2.2.1 to 2.2.3. - [Release notes](https://github.com/Sylius/Sylius/releases) - [Changelog](https://github.com/Sylius/Sylius/blob/v2.2.3/CHANGELOG-2.2.md) - [Commits](Sylius/Sylius@v2.2.1...v2.2.3) --- updated-dependencies: - dependency-name: sylius/sylius dependency-version: 2.2.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-03-19T10:09:14Z

Superseded by #24.

dependabot bot added dependencies Pull requests that update a dependency file php Pull requests that update php code labels Mar 10, 2026

dependabot bot mentioned this pull request Mar 10, 2026

Bump sylius/sylius from 2.2.1 to 2.2.2 #5

Closed

dependabot bot closed this Mar 19, 2026

dependabot bot deleted the dependabot/composer/sylius/sylius-2.2.3 branch March 19, 2026 10:09

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump sylius/sylius from 2.2.1 to 2.2.3#19

Bump sylius/sylius from 2.2.1 to 2.2.3#19
dependabot[bot] wants to merge 1 commit into2.2from
dependabot/composer/sylius/sylius-2.2.3

dependabot bot commented on behalf of github Mar 10, 2026

Uh oh!

dependabot bot commented on behalf of github Mar 19, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot bot commented on behalf of github Mar 10, 2026

v2.2.3

TL;DR

Details

v2.2.2

Details

v2.2.3 (2026-03-09)

Details

v2.2.2 (2026-01-20)

Details

Uh oh!

dependabot bot commented on behalf of github Mar 19, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants