Bump sylius/sylius from 2.2.1 to 2.2.4

[dependabot]

Bumps sylius/sylius from 2.2.1 to 2.2.4.

Release notes

Sourced from sylius/sylius's releases.

v2.2.4

What's Changed

• [BUGFIX] remove redundant object from PHPDoc union types by @​rust-le in Sylius/Sylius#18904
• [CS][DX] Refactor by @​github-actions[bot] in Sylius/Sylius#18899
• [CS][DX] Refactor by @​github-actions[bot] in Sylius/Sylius#18898
• [Admin] Fix product taxon grid enabled field always showing true by @​serhiilabs in Sylius/Sylius#18895
• [BUGFIX] fix build errors by @​rust-le in Sylius/Sylius#18911
• [UPMERGE] 2.1 -> 2.2 by @​SyliusBot in Sylius/Sylius#18902
• Telemetry improvements 2.1 by @​TheMilek in Sylius/Sylius#18920
• [UPMERGE] 2.1 -> 2.2 by @​SyliusBot in Sylius/Sylius#18923

New Contributors

• @​serhiilabs made their first contribution in Sylius/Sylius#18895

Full Changelog: Sylius/Sylius@v2.2.3...v2.2.4

v2.2.3

TL;DR

🔒 This is a security release!

Fixes the following vulnerabilities:

• Open Redirect via Referer Header
• DQL Injection via API Order Filters
• Promotion Usage Limit Bypass via Race Condition
• IDOR in Cart and Checkout LiveComponents
• Missing Authorization in API v2 Add Item Endpoint
• XSS Vulnerability in Checkout Login Form
• Authenticated Stored XSS

Details

• #18747 Fix panther build (@​TheMilek)
• #18758 Remove duplicated serialization group field (@​TheMilek)
• #18785 Try to fix build after ResourceBundle release (@​TheMilek)
• #18742 [Admin] Fix order history address fields not displaying empty values (@​Wojdylak)
• #18806 Fix after new release of PayumBundle (@​TheMilek)
• #18836 Upgrade BuildTestAppAction from v3.0.1 to v4 (@​TheMilek)
• #18832 [Admin] Fix images not being emitted with Webpack 5.105+ (@​GSadee)
• #18841 Fix Dutch translation for payment method (@​JordiDekker)
• #18871 Add conflict to api-platform/serializer 4.2.17 (@​TheMilek)
• #18888 Remove redundant check with apip4.1.7 in matrix (@​TheMilek)
• #18887 [BUGFIX] Make GitHub actions green again 2.1 (@​rust-le)
• #18844 Fix formatting in UPGRADE-2.0.md (@​LucaGallinari)

Full Changelog: Sylius/Sylius@v2.2.2...v2.2.3

v2.2.2

Details

... (truncated)

Changelog

Sourced from sylius/sylius's changelog.

v2.2.4 (2026-03-18)

Details

• #18904 [BUGFIX] remove redundant object from PHPDoc union types
• #18899 [CS][DX] Refactor
• #18898 [CS][DX] Refactor
• #18895 [Admin] Fix product taxon grid enabled field always showing true
• #18911 [BUGFIX] fix build errors
• #18920 Telemetry improvements 2.1

v2.2.3 (2026-03-09)

Details

• #18747 Fix panther build (@​TheMilek)
• #18758 Remove duplicated serialization group field (@​TheMilek)
• #18785 Try to fix build after ResourceBundle release (@​TheMilek)
• #18742 [Admin] Fix order history address fields not displaying empty values (@​Wojdylak)
• #18806 Fix after new release of PayumBundle (@​TheMilek)
• #18836 Upgrade BuildTestAppAction from v3.0.1 to v4 (@​TheMilek)
• #18832 [Admin] Fix images not being emitted with Webpack 5.105+ (@​GSadee)
• #18841 Fix Dutch translation for payment method (@​JordiDekker)
• #18871 Add conflict to api-platform/serializer 4.2.17 (@​TheMilek)
• #18888 Remove redundant check with apip4.1.7 in matrix (@​TheMilek)
• #18887 [BUGFIX] Make GitHub actions green again 2.1 (@​rust-le)
• #18844 Fix formatting in UPGRADE-2.0.md (@​LucaGallinari)

v2.2.2 (2026-01-20)

Details

• #18691 [CS][DX] Refactor
• #18690 [CS][DX] Refactor
• #18689 [CS][DX] Refactor
• #18693 [CI] Standardize job timeouts to 15 minutes (@​Rafikooo)
• #18703 [Deps] Allow psr/http-message ^2.0 (@​Rafikooo)
• #18716 Try to fix build with PHP 8.5 and 8.4 (@​TheMilek)
• #18707 [DX] Update branch aliases to 1.14-dev (@​Rafikooo)
• #18721 Fix tests application error templates (@​loic425)
• #16892 [FIXTURES] Fix menu taxon code (@​TheMilek)
• #18366 Fix ro PayumBundle Translation (@​revoltek-daniel)
• #18725 Bugfix/merged overrides missing operations (@​TheMilek)
• #18702 [Composer] Remove outdated twig/twig conflicts from bundles (@​Rafikooo)
• #18722 [API] Payment Request fix default action when IRI is given (@​Prometee)
• #18732 Make PostgreSQL telemetry migration extend dedicated abstract (@​TheMilek)
• #18369 Add form help rendering to forms (@​tomkalon)
• #18735 [CS][DX] Refactor
• #18726 [Channel] Resolve localhost equivalents when matching channel by hostname (@​Rafikooo)
• #18708 [DX] Improve AI contribution guidelines (@​Rafikooo)

... (truncated)

Commits

• 9ed4623 Generate changelog for v2.2.4
• 2c53b60 Change application's version to v2.2.4
• 3e449b0 [UPMERGE] 2.1 -> 2.2 (#18923)
• 4176a8b Telemetry improvements 2.1 (#18920)
• 291be2a Add upgrade file
• 7458fb9 Telemetry improvements
• f01ac8d [UPMERGE] 2.1 -> 2.2 (#18902)
• 1e226ce Resolve conflicts between 2.1 and 2.2
• caab66d [BUGFIX] fix build errors (#18911)
• 0bb7199 Fix TranslatableDenormalizer for IRI strings and shop customer 404 for guests
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)