|
53207
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Close bookmarks (⌘B)
Bookmarks
Bookmarks
Close sidebar
Search bookmarks
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Preview
Preview
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
10 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Pull Request Toolbar
Pull Request Toolbar
Collapse file tree
All commits
All commits
0
/
1
viewed
Submit comments
Submit
comments
Open diff view settings
Open overview panel
Open comments panel
(
0
)
Filter files…
Filter options
File tree
File tree
composer.lock
composer.lock
Collapse file
composer.lock
composer.lock
composer.lock
Copy file name to clipboard
Expand all lines: composer.lock
Lines changed: 23 additions & 23 deletions
Display the source diff
Display the rich diff
Not Viewed
Viewed
Comment on this file
More options
Original file line number
Original file line
Diff line number
Diff line change
@@ -2876,23 +2876,23 @@
2876
},
2876
},
2877
{
2877
{
2878
"name": "google/protobuf",
2878
"name": "google/protobuf",
2879
-
"version": "v4.33.
5
",
2879
+
"version": "v4.33.
6
",
2880
"source": {
2880
"source": {
2881
"type": "git",
2881
"type": "git",
2882
"url": "https://github.com/protocolbuffers/protobuf-php.git",
2882
"url": "https://github.com/protocolbuffers/protobuf-php.git",
2883
-
"reference": "
ebe8010a61b2ae0cff0d246fe1c4d44e9f7dfa6d
"
2883
+
"reference": "
84b008c23915ed94536737eae46f41ba3bccfe67
"
2884
},
2884
},
2885
"dist": {
2885
"dist": {
2886
"type": "zip",
2886
"type": "zip",
2887
-
"url": "https://api.github.com/repos/protocolbuffers/protobuf-php/zipball/
ebe8010a61b2ae0cff0d246fe1c4d44e9f7dfa6d
",
2887
+
"url": "https://api.github.com/repos/protocolbuffers/protobuf-php/zipball/
84b008c23915ed94536737eae46f41ba3bccfe67
",
2888
-
"reference": "
ebe8010a61b2ae0cff0d246fe1c4d44e9f7dfa6d
",
2888
+
"reference": "
84b008c23915ed94536737eae46f41ba3bccfe67
",
2889
"shasum": ""
2889
"shasum": ""
2890
},
2890
},
2891
"require": {
2891
"require": {
2892...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970/changes
|
53207
|
|
53208
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Close bookmarks (⌘B)
Bookmarks
Bookmarks
Close sidebar
Search bookmarks
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Preview
Preview
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
10 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Pull Request Toolbar
Pull Request Toolbar
Collapse file tree
All commits
All commits
0
/
1
viewed
Submit comments
Submit
comments
Open diff view settings
Open overview panel
Open comments panel
(
0
)
Filter files…
Filter options
File tree
File tree
composer.lock
composer.lock
Collapse file
composer.lock
composer.lock
composer.lock
Copy file name to clipboard
Expand all lines: composer.lock
Lines changed: 23 additions & 23 deletions
Display the source diff
Display the rich diff
Not Viewed
Viewed
Comment on this file
More options
Original file line number
Original file line
Diff line number
Diff line change
@@ -2876,23 +2876,23 @@
2876
},
2876
},
2877
{
2877
{
2878
"name": "google/protobuf",
2878
"name": "google/protobuf",
2879
-
"version": "v4.33.
5
",
2879
+
"version": "v4.33.
6
",
2880
"source": {
2880
"source": {
2881
"type": "git",
2881
"type": "git",
2882
"url": "[URL_WITH_CREDENTIALS] -2914,9 +2914,9 @@
2914
"proto"
2914
"proto"
2915
],
2915
],
2916
"support": {
2916
"support": {
2917
-
"source": "[URL_WITH_CREDENTIALS] -5076,16 +5076,16 @@
5076
},
5076
},
5077
{
5077
{
5078
"name": "laravel/passport",
5078
"name": "laravel/passport",
5079
-
"version": "v13.
6.0
",
5079
+
"version": "v13.
7.4
",
5080
"source": {
5080
"source": {
5081
"type": "git",
5081
"type": "git",...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970/changes
|
53208
|
|
53232
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Close bookmarks (⌘B)
Bookmarks
Bookmarks
Close sidebar
Search bookmarks
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Preview
Preview
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
11 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Pull Request Toolbar
Pull Request Toolbar
Collapse file tree
All commits
All commits
0
/
1
viewed
Submit comments
Submit
comments
Open diff view settings
Open overview panel
Open comments panel
(
0
)
Filter files…
Filter options
File tree
File tree
composer.lock
composer.lock
Collapse file
composer.lock
composer.lock
composer.lock
Copy file name to clipboard
Lines changed: 23 additions & 23 deletions
Display the source diff
Display the rich diff
Not Viewed
Viewed
Comment on this file
More options
Load Diff
Load Diff
Some generated files are not rendered by default. Learn more about
customizing how changed files appear on GitHub.
customizing how changed files appear on GitHub....
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970/changes
|
53232
|
|
53233
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Close bookmarks (⌘B)
Bookmarks
Bookmarks
Close sidebar
Search bookmarks
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Preview
Preview
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
11 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Pull Request Toolbar
Pull Request Toolbar
Collapse file tree
All commits
All commits
0
/
1
viewed
Submit comments
Submit
comments
Open diff view settings
Open overview panel
Open comments panel
(
0
)
Filter files…
Filter options
File tree
File tree
composer.lock
composer.lock
Collapse file
composer.lock
composer.lock
composer.lock
Copy file name to clipboard
Lines changed: 23 additions & 23 deletions
Display the source diff
Display the rich diff
Not Viewed
Viewed
Comment on this file
More options
Load Diff
Load Diff
Some generated files are not rendered by default. Learn more about
customizing how changed files appear on GitHub.
customizing how changed files appear on GitHub....
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970/changes
|
53233
|
|
53237
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Close bookmarks (⌘B)
Bookmarks
Bookmarks
Close sidebar
Search bookmarks
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Preview
Preview
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
11 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Pull Request Toolbar
Pull Request Toolbar
Collapse file tree
All commits
All commits
0
/
1
viewed
Submit comments
Submit
comments
Open diff view settings
Open overview panel
Open comments panel
(
0
)
Filter files…
Filter options
File tree
File tree
composer.lock
composer.lock
Collapse file
composer.lock
composer.lock
composer.lock
Copy file name to clipboard
Lines changed: 23 additions & 23 deletions
Display the source diff
Display the rich diff
Not Viewed
Viewed
Comment on this file
More options
Load Diff
Load Diff
Some generated files are not rendered by default. Learn more about
customizing how changed files appear on GitHub.
customizing how changed files appear on GitHub....
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970/changes
|
53237
|
|
53238
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Close bookmarks (⌘B)
Bookmarks
Bookmarks
Close sidebar
Search bookmarks
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Preview
Preview
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
11 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Pull Request Toolbar
Pull Request Toolbar
Collapse file tree
All commits
All commits
0
/
1
viewed
Submit comments
Submit
comments
Open diff view settings
Open overview panel
Open comments panel
(
0
)
Filter files…
Filter options
File tree
File tree
composer.lock
composer.lock
Collapse file
composer.lock
composer.lock
composer.lock
Copy file name to clipboard
Lines changed: 23 additions & 23 deletions
Display the source diff
Display the rich diff
Not Viewed
Viewed
Comment on this file
More options
Load Diff
Load Diff
Some generated files are not rendered by default. Learn more about
customizing how changed files appear on GitHub.
customizing how changed files appear on GitHub....
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970/changes
|
53238
|
|
53239
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Close bookmarks (⌘B)
Bookmarks
Bookmarks
Close sidebar
Search bookmarks
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Preview
Preview
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
12 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Pull Request Toolbar
Pull Request Toolbar
Collapse file tree
All commits
All commits
0
/
1
viewed
Submit comments
Submit
comments
Open diff view settings
Open overview panel
Open comments panel
(
0
)
Filter files…
Filter options
File tree
File tree
composer.lock
composer.lock
Collapse file
composer.lock
composer.lock
composer.lock
Copy file name to clipboard
Lines changed: 23 additions & 23 deletions
Display the source diff
Display the rich diff
Not Viewed
Viewed
Comment on this file
More options
Load Diff
Load Diff
Some generated files are not rendered by default. Learn more about
customizing how changed files appear on GitHub.
customizing how changed files appear on GitHub.
github.com/jiminny/app/pull/11970...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970/changes
|
53239
|
|
53240
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Close bookmarks (⌘B)
Bookmarks
Bookmarks
Close sidebar
Search bookmarks
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Preview
Preview
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
12 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Pull Request Toolbar
Pull Request Toolbar
Collapse file tree
All commits
All commits
0
/
1
viewed
Submit comments
Submit
comments
Open diff view settings
Open overview panel
Open comments panel
(
0
)
Filter files…
Filter options
File tree
File tree
composer.lock
composer.lock
Collapse file
composer.lock
composer.lock
composer.lock
Copy file name to clipboard
Lines changed: 23 additions & 23 deletions
Display the source diff
Display the rich diff
Not Viewed
Viewed
Comment on this file
More options
Load Diff
Load Diff
Some generated files are not rendered by default. Learn more about
customizing how changed files appear on GitHub.
customizing how changed files appear on GitHub.
github.com/jiminny/app/pull/11970...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970/changes
|
53240
|
|
53241
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Close bookmarks (⌘B)
Bookmarks
Bookmarks
Close sidebar
Search bookmarks
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
12 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Conversation
Conversation
@github-actions
Show options
github-actions bot commented 5 days ago •
github-actions
github-actions
bot
commented
5 days ago
5 days ago
•
edited
edited
Security dependency updates — composer — 2026-04-15
Security dependency updates — composer — 2026-04-15
This PR was opened automatically by the secfix bot. For this ecosystem, one commit carries every dependency upgrade from this run; see
Fixed alerts
below.
CI run logs →
CI run logs →
Upgrade safety (changelog review)
Upgrade safety (changelog review)
Overall verdict:
Mixed
— All previously-actionable alerts were fixed as safe patch/minor bumps. Alert
#463
#463
(phpunit/phpunit) is listed under
Skipped alerts
: the patched version (12.5.22) requires a major version jump from 11.x that includes documented breaking API removals and requires manual migration.
This does not replace CI, tests, or manual smoke checks before merge.
Fixed alerts
Fixed alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
#457
#457
laravel/passport
high
CVE-2026-39976
CVE-2026-39976
13.7.1
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from v13.6.0 to v13.7.4 via
composer update
.
#434
#434
google/protobuf
high
CVE-2026-6409
CVE-2026-6409
4.33.6
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep; bumped from v4.33.5 to v4.33.6 via
composer update
.
#425
#425
phpseclib/phpseclib
high
CVE-2026-32935
CVE-2026-32935
3.0.50
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from 3.0.49 to 3.0.51 (also
fixes
#454).
#429
#429
league/commonmark
medium
CVE-2026-33347
CVE-2026-33347
2.8.2
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep (via laravel/framework); bumped from 2.8.1 to 2.8.2 via
composer update
.
#454
#454
phpseclib/phpseclib
low
CVE-2026-40194
CVE-2026-40194
3.0.51
releases
releases
Breaking-change risk:
none observed (patch/minor). Covered by bump to 3.0.51 (also
fixes
#425).
Alert
#457
#457
#434
#434
#425
#425
#429
#429
#454
#454
Package
laravel/passport
google/protobuf
phpseclib/phpseclib
league/commonmark
phpseclib/phpseclib
Severity
high
high
high
medium
low
CVE
CVE-2026-39976
CVE-2026-39976
CVE-2026-6409
CVE-2026-6409
CVE-2026-32935
CVE-2026-32935
CVE-2026-33347
CVE-2026-33347
CVE-2026-40194
CVE-2026-40194
Patched version
13.7.1
4.33.6
3.0.50
2.8.2
3.0.51
Changelog
releases
releases
releases
releases
releases
releases
releases
releases
releases
releases
Notes
Breaking-change risk:
none observed (patch/minor). Bumped from v13.6.0 to v13.7.4 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Transitive dep; bumped from v4.33.5 to v4.33.6 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Bumped from 3.0.49 to 3.0.51 (also
fixes
#454).
Breaking-change risk:
none observed (patch/minor). Transitive dep (via laravel/framework); bumped from 2.8.1 to 2.8.2 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Covered by bump to 3.0.51 (also
fixes
#425).
Skipped alerts
Skipped alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
#463
#463
phpunit/phpunit
high
—
12.5.22
releases
releases
Not safe:
Major bump 11.x → 12.x. PHPUnit 12.0.0 removes multiple
TestCase
and
MockBuilder
methods (
iniSet()
,
setLocale()
,
getMockForAbstractClass()
,
getMockForTrait()
,
getObjectForTrait()
,
createTestProxy()
, etc.), drops support for doc-comment metadata (
@covers
,
@uses
annotations must be migrated to PHP 8 attributes), and removes several assert methods and CLI options. Breaking changes are fully documented — manual test-suite migration required before upgrading.
Alert
#463
#463
Package
phpunit/phpunit
Severity
high
CVE
—
Patched version
12.5.22
Changelog
releases
releases
Notes
Not safe:
Major bump 11.x → 12.x. PHPUnit 12.0.0 removes multiple
TestCase
and
MockBuilder
methods (
iniSet()
,
setLocale()
,
getMockForAbstractClass()
,
getMockForTrait()
,
getObjectForTrait()
,
createTestProxy()
, etc.), drops support for doc-comment metadata (
@covers
,
@uses
annotations must be migrated to PHP 8 attributes), and removes several assert methods and CLI options. Breaking changes are fully documented — manual test-suite migration required before upgrading.
Automated by secfix-bot.
Add or remove reactions
fix(security): bump composer dependencies (alerts
fix(security): bump composer dependencies (alerts
#457
#457
#454 #434 #429…
#454 #434 #429…
…
12 / 13 checks OK
7f8b428
7f8b428
@yalokin-jiminny
Show options
yalokin-jiminny commented 5 days ago
yalokin-jiminny
yalokin-jiminny
commented
5 days ago
5 days ago
@claude
@claude
Add or remove reactions
react with eyes
👀
1
@claude
Show options
claude bot commented 5 days ago •
claude
claude
bot
commented
5 days ago
5 days ago
•
edited
edited
Claude finished
@yalokin-jiminny
@yalokin-jiminny
's task in 36s
——
View job
View job
PR Review
PR Review
Completed task
Gather context
Completed task
Review composer.lock changes
Completed task
Verify security alerts are addressed
Completed task
Post review feedback
LGTM.
This is a clean automated security bump — only
composer.lock
is modified, no
composer.json
changes required.
Changes verified
Changes verified
Package
Old
New
Alerts fixed
laravel/passport
v13.6.0
v13.7.4
#457
#457
(
CVE-2026-39976
CVE-2026-39976
, high)
phpseclib/phpseclib
3.0.49
3.0.51
#425 (
CVE-2026-32935
CVE-2026-32935
, high) + #454 (
CVE-2026-40194
CVE-2026-40194
, low)
google/protobuf
v4.33.5
v4.33.6
#434 (high)
league/commonmark
2.8.1
2.8.2
#429 (
CVE-2026-33347
CVE-2026-33347
, medium)
Package
laravel/passport
phpseclib/phpseclib
google/protobuf
league/commonmark
Old
v13.6.0
3.0.49
v4.33.5
2.8.1
New
v13.7.4
3.0.51
v4.33.6
2.8.2
Alerts fixed
#457
#457
(
CVE-2026-39976
CVE-2026-39976
, high)
#425 (
CVE-2026-32935
CVE-2026-32935
, high) + #454 (
CVE-2026-40194
CVE-2026-40194
, low)
#434 (high)
#429 (
CVE-2026-33347
CVE-2026-33347
, medium)
All 5 alerts from the PR description are accounted for in the diff. The lock file hashes, references, and timestamps all look consistent with legitimate upstream releases.
One minor observation:
google/protobuf
's dev-dependency on
phpunit/phpunit
changed from
>=5.0.0 <8.5.27
to
>=10.5.62 <11.0.0
— this is a dev-only constraint in the transitive dep and has no production impact.
SonarQube quality gate passed with 0 new issues. Safe to merge.
Add or remove reactions
@yalokin-jiminny
yalokin-jiminny
yalokin-jiminny
self-requested a review
5 days ago
5 days ago
yalokin-jiminny
yalokin-jiminny
yalokin-jiminny
approved these changes
5 days ago
5 days ago
View reviewed changes
View reviewed changes
TodorStamatovJiminny
TodorStamatovJiminny
TodorStamatovJiminny
approved these changes
5 days ago
5 days ago
View reviewed changes
View reviewed changes
@ilian-jiminny
ilian-jiminny
ilian-jiminny
self-requested a review
4 days ago...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970
|
53241
|
|
53242
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Close bookmarks (⌘B)
Bookmarks
Bookmarks
Close sidebar
Search bookmarks
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
12 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Conversation
Conversation
@github-actions
Show options
github-actions bot commented 5 days ago •
github-actions
github-actions
bot
commented
5 days ago
5 days ago
•
edited
edited
Security dependency updates — composer — 2026-04-15
Security dependency updates — composer — 2026-04-15
This PR was opened automatically by the secfix bot. For this ecosystem, one commit carries every dependency upgrade from this run; see
Fixed alerts
below.
CI run logs →
CI run logs →
Upgrade safety (changelog review)
Upgrade safety (changelog review)
Overall verdict:
Mixed
— All previously-actionable alerts were fixed as safe patch/minor bumps. Alert
#463
#463
(phpunit/phpunit) is listed under
Skipped alerts
: the patched version (12.5.22) requires a major version jump from 11.x that includes documented breaking API removals and requires manual migration.
This does not replace CI, tests, or manual smoke checks before merge.
Fixed alerts
Fixed alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
#457
#457
laravel/passport
high
CVE-2026-39976
CVE-2026-39976
13.7.1
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from v13.6.0 to v13.7.4 via
composer update
.
#434
#434
google/protobuf
high
CVE-2026-6409
CVE-2026-6409
4.33.6
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep; bumped from v4.33.5 to v4.33.6 via
composer update
.
#425
#425
phpseclib/phpseclib
high
CVE-2026-32935
CVE-2026-32935
3.0.50
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from 3.0.49 to 3.0.51 (also
fixes
#454).
#429
#429
league/commonmark
medium
CVE-2026-33347
CVE-2026-33347
2.8.2
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep (via laravel/framework); bumped from 2.8.1 to 2.8.2 via
composer update
.
#454
#454
phpseclib/phpseclib
low
CVE-2026-40194
CVE-2026-40194
3.0.51
releases
releases
Breaking-change risk:
none observed (patch/minor). Covered by bump to 3.0.51 (also
fixes
#425).
Alert
#457
#457
#434
#434
#425
#425
#429
#429
#454
#454
Package
laravel/passport
google/protobuf
phpseclib/phpseclib
league/commonmark
phpseclib/phpseclib
Severity
high
high
high
medium
low
CVE
CVE-2026-39976
CVE-2026-39976
CVE-2026-6409
CVE-2026-6409
CVE-2026-32935
CVE-2026-32935
CVE-2026-33347
CVE-2026-33347
CVE-2026-40194
CVE-2026-40194
Patched version
13.7.1
4.33.6
3.0.50
2.8.2
3.0.51
Changelog
releases
releases
releases
releases
releases
releases
releases
releases
releases
releases
Notes
Breaking-change risk:
none observed (patch/minor). Bumped from v13.6.0 to v13.7.4 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Transitive dep; bumped from v4.33.5 to v4.33.6 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Bumped from 3.0.49 to 3.0.51 (also
fixes
#454).
Breaking-change risk:
none observed (patch/minor). Transitive dep (via laravel/framework); bumped from 2.8.1 to 2.8.2 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Covered by bump to 3.0.51 (also
fixes
#425).
Skipped alerts
Skipped alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
#463
#463
phpunit/phpunit
high
—
12.5.22
releases
releases...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970
|
53242
|
|
53243
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Close bookmarks (⌘B)
Bookmarks
Bookmarks
Close sidebar
Search bookmarks
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
12 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Conversation
Conversation
@github-actions
Show options
github-actions bot commented 5 days ago •
github-actions
github-actions
bot
commented
5 days ago
5 days ago
•
edited
edited
Security dependency updates — composer — 2026-04-15
Security dependency updates — composer — 2026-04-15
This PR was opened automatically by the secfix bot. For this ecosystem, one commit carries every dependency upgrade from this run; see
Fixed alerts
below.
CI run logs →
CI run logs →
Upgrade safety (changelog review)
Upgrade safety (changelog review)
Overall verdict:
Mixed
— All previously-actionable alerts were fixed as safe patch/minor bumps. Alert
#463
#463
(phpunit/phpunit) is listed under
Skipped alerts
: the patched version (12.5.22) requires a major version jump from 11.x that includes documented breaking API removals and requires manual migration.
This does not replace CI, tests, or manual smoke checks before merge.
Fixed alerts
Fixed alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
#457
#457
laravel/passport
high
CVE-2026-39976
CVE-2026-39976
13.7.1
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from v13.6.0 to v13.7.4 via
composer update
.
#434
#434
google/protobuf
high
CVE-2026-6409
CVE-2026-6409
4.33.6
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep; bumped from v4.33.5 to v4.33.6 via
composer update
.
#425
#425
phpseclib/phpseclib
high
CVE-2026-32935
CVE-2026-32935
3.0.50
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from 3.0.49 to 3.0.51 (also
fixes
#454).
#429
#429
league/commonmark
medium
CVE-2026-33347
CVE-2026-33347
2.8.2
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep (via laravel/framework); bumped from 2.8.1 to 2.8.2 via
composer update
.
#454
#454
phpseclib/phpseclib
low
CVE-2026-40194
CVE-2026-40194
3.0.51
releases
releases
Breaking-change risk:
none observed (patch/minor). Covered by bump to 3.0.51 (also
fixes
#425).
Alert
#457
#457
#434
#434
#425
#425
#429
#429
#454
#454
Package
laravel/passport
google/protobuf
phpseclib/phpseclib
league/commonmark
phpseclib/phpseclib
Severity
high
high
high
medium
low
CVE
CVE-2026-39976
CVE-2026-39976
CVE-2026-6409
CVE-2026-6409
CVE-2026-32935
CVE-2026-32935
CVE-2026-33347
CVE-2026-33347
CVE-2026-40194
CVE-2026-40194
Patched version
13.7.1
4.33.6
3.0.50
2.8.2
3.0.51
Changelog
releases
releases
releases
releases
releases
releases
releases
releases
releases
releases
Notes
Breaking-change risk:
none observed (patch/minor). Bumped from v13.6.0 to v13.7.4 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Transitive dep; bumped from v4.33.5 to v4.33.6 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Bumped from 3.0.49 to 3.0.51 (also
fixes
#454).
Breaking-change risk:
none observed (patch/minor). Transitive dep (via laravel/framework); bumped from 2.8.1 to 2.8.2 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Covered by bump to 3.0.51 (also
fixes
#425).
Skipped alerts
Skipped alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
#463
#463
phpunit/phpunit
high
—
12.5.22
releases
releases
Not safe:
Major bump 11.x → 12.x. PHPUnit 12.0.0 removes multiple
TestCase
and
MockBuilder
methods (
iniSet()
,
setLocale()
,
getMockForAbstractClass()
,
getMockForTrait()
,
getObjectForTrait()
,
createTestProxy()
, etc.), drops support for doc-comment metadata (
@covers
,
@uses
annotations must be migrated to PHP 8 attributes), and removes several assert methods and CLI options. Breaking changes are fully documented — manual test-suite migration required before upgrading.
Alert
#463
#463
Package
phpunit/phpunit
Severity
high
CVE
—
Patched version
12.5.22
Changelog
releases
releases
Notes
Not safe:
Major bump 11.x → 12.x. PHPUnit 12.0.0 removes multiple...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970
|
53243
|
|
53244
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Close bookmarks (⌘B)
Bookmarks
Bookmarks
Close sidebar
Search bookmarks
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
12 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Merged
fix(security): composer dependency updates – 2026-04-15 #11970 LakyLak merged 2 commits into master from secfix/composer-20260415 Copy head branch name to clipboard
fix(security): composer dependency updates – 2026-04-15
fix(security): composer dependency updates – 2026-04-15
#
11970
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
Conversation
Conversation
@github-actions
Show options
github-actions bot commented 5 days ago •
github-actions
github-actions
bot
commented
5 days ago
5 days ago
•
edited
edited
Security dependency updates — composer — 2026-04-15
Security dependency updates — composer — 2026-04-15
This PR was opened automatically by the secfix bot. For this ecosystem, one commit carries every dependency upgrade from this run; see
Fixed alerts
below.
CI run logs →
CI run logs →
Upgrade safety (changelog review)
Upgrade safety (changelog review)
Overall verdict:
Mixed
— All previously-actionable alerts were fixed as safe patch/minor bumps. Alert
#463
#463
(phpunit/phpunit) is listed under
Skipped alerts
: the patched version (12.5.22) requires a major version jump from 11.x that includes documented breaking API removals and requires manual migration.
This does not replace CI, tests, or manual smoke checks before merge.
Fixed alerts
Fixed alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
#457
#457
laravel/passport
high
CVE-2026-39976
CVE-2026-39976
13.7.1
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from v13.6.0 to v13.7.4 via
composer update
.
#434
#434
google/protobuf
high
CVE-2026-6409
CVE-2026-6409
4.33.6
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep; bumped from v4.33.5 to v4.33.6 via
composer update
.
#425
#425
phpseclib/phpseclib
high
CVE-2026-32935
CVE-2026-32935
3.0.50
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from 3.0.49 to 3.0.51 (also
fixes
#454).
#429
#429
league/commonmark
medium
CVE-2026-33347
CVE-2026-33347
2.8.2
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep (via laravel/framework); bumped from 2.8.1 to 2.8.2 via
composer update
.
#454
#454
phpseclib/phpseclib
low
CVE-2026-40194
CVE-2026-40194
3.0.51
releases
releases
Breaking-change risk:
none observed (patch/minor). Covered by bump to 3.0.51 (also
fixes
#425).
Alert
#457
#457
#434
#434
#425
#425
#429
#429
#454
#454
Package
laravel/passport
google/protobuf
phpseclib/phpseclib
league/commonmark
phpseclib/phpseclib
Severity
high
high
high
medium
low
CVE
CVE-2026-39976
CVE-2026-39976
CVE-2026-6409
CVE-2026-6409
CVE-2026-32935
CVE-2026-32935
CVE-2026-33347
CVE-2026-33347
CVE-2026-40194
CVE-2026-40194
Patched version
13.7.1
4.33.6
3.0.50
2.8.2
3.0.51
Changelog
releases
releases
releases
releases
releases
releases
releases
releases
releases
releases
Notes
Breaking-change risk:
none observed (patch/minor). Bumped from v13.6.0 to v13.7.4 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Transitive dep; bumped from v4.33.5 to v4.33.6 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Bumped from 3.0.49 to 3.0.51 (also
fixes
#454).
Breaking-change risk:
none observed (patch/minor). Transitive dep (via laravel/framework); bumped from 2.8.1 to 2.8.2 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Covered by bump to 3.0.51 (also
fixes
#425).
Skipped alerts
Skipped alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
#463
#463
phpunit/phpunit
high
—
12.5.22
releases
releases
Not safe:
Major bump 11.x → 12.x. PHPUnit 12.0.0 removes multiple
TestCase
and
MockBuilder
methods (
iniSet()
,
setLocale()
,
getMockForAbstractClass()
,
getMockForTrait()
,
getObjectForTrait()
,
createTestProxy()
, etc.), drops support for doc-comment metadata (
@covers
,
@uses
annotations must be migrated to PHP 8 attributes), and removes several assert methods and CLI options. Breaking changes are fully documented — manual test-suite migration required before upgrading.
Alert
#463
#463
Package
phpunit/phpunit
Severity
high
CVE
—
Patched version
12.5.22
Changelog
releases
releases
Notes
Not safe:
Major bump 11.x → 12.x. PHPUnit 12.0.0 removes multiple
TestCase
and
MockBuilder
methods (
iniSet()
,
setLocale()
,
getMockForAbstractClass()
,
getMockForTrait()
,
getObjectForTrait()
,
createTestProxy()
, etc.), drops support for doc-comment metadata (
@covers
,
@uses
annotations must be migrated to PHP 8 attributes), and removes several assert methods and CLI options. Breaking changes are fully documented — manual test-suite migration required before upgrading.
Automated by secfix-bot.
Add or remove reactions
fix(security): bump composer dependencies (alerts
fix(security): bump composer dependencies (alerts
#457
#457
#454 #434 #429…
#454 #434 #429…
…
12 / 13 checks OK
7f8b428
7f8b428
@yalokin-jiminny
Show options
yalokin-jiminny commented 5 days ago
yalokin-jiminny
yalokin-jiminny
commented
5 days ago
5 days ago
@claude
@claude
Add or remove reactions
react with eyes
👀
1
@claude
Show options
claude bot commented 5 days ago •
claude
claude
bot
commented
5 days ago
5 days ago
•
edited
edited
Claude finished
@yalokin-jiminny
@yalokin-jiminny
's task in 36s
——
View job
View job
PR Review
PR Review
Completed task
Gather context
Completed task
Review composer.lock changes
Completed task
Verify security alerts are addressed
Completed task
Post review feedback
LGTM.
This is a clean automated security bump — only
composer.lock
is modified, no
composer.json
changes required.
Changes verified
Changes verified
Package
Old
New
Alerts fixed
laravel/passport
v13.6.0
v13.7.4
#457
#457
(
CVE-2026-39976
CVE-2026-39976
, high)
phpseclib/phpseclib
3.0.49
3.0.51...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970
|
53244
|
|
53245
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Close bookmarks (⌘B)
Bookmarks
Bookmarks
Close sidebar
Search bookmarks
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
12 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Merged
fix(security): composer dependency updates – 2026-04-15 #11970 LakyLak merged 2 commits into master from secfix/composer-20260415 Copy head branch name to clipboard
fix(security): composer dependency updates – 2026-04-15
fix(security): composer dependency updates – 2026-04-15
#
11970
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
Conversation
Conversation
@github-actions
Show options
github-actions bot commented 5 days ago •
github-actions
github-actions
bot
commented
5 days ago
5 days ago
•
edited
edited
Security dependency updates — composer — 2026-04-15
Security dependency updates — composer — 2026-04-15
This PR was opened automatically by the secfix bot. For this ecosystem, one commit carries every dependency upgrade from this run; see
Fixed alerts
below.
CI run logs →
CI run logs →
Upgrade safety (changelog review)
Upgrade safety (changelog review)
Overall verdict:
Mixed
— All previously-actionable alerts were fixed as safe patch/minor bumps. Alert
#463
#463
(phpunit/phpunit) is listed under
Skipped alerts
: the patched version (12.5.22) requires a major version jump from 11.x that includes documented breaking API removals and requires manual migration.
This does not replace CI, tests, or manual smoke checks before merge.
Fixed alerts
Fixed alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
#457
#457
laravel/passport
high
CVE-2026-39976
CVE-2026-39976
13.7.1
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from v13.6.0 to v13.7.4 via
composer update
.
#434
#434
google/protobuf
high
CVE-2026-6409
CVE-2026-6409
4.33.6
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep; bumped from v4.33.5 to v4.33.6 via
composer update
.
#425
#425
phpseclib/phpseclib
high
CVE-2026-32935
CVE-2026-32935
3.0.50
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from 3.0.49 to 3.0.51 (also
fixes
#454).
#429
#429
league/commonmark
medium
CVE-2026-33347
CVE-2026-33347
2.8.2
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep (via laravel/framework); bumped from 2.8.1 to 2.8.2 via
composer update
.
#454
#454
phpseclib/phpseclib
low
CVE-2026-40194
CVE-2026-40194
3.0.51
releases
releases
Breaking-change risk:
none observed (patch/minor). Covered by bump to 3.0.51 (also
fixes
#425).
Alert
#457
#457
#434
#434
#425
#425
#429
#429
#454
#454
Package
laravel/passport
google/protobuf
phpseclib/phpseclib
league/commonmark
phpseclib/phpseclib
Severity
high
high
high
medium
low
CVE
CVE-2026-39976
CVE-2026-39976
CVE-2026-6409
CVE-2026-6409
CVE-2026-32935
CVE-2026-32935
CVE-2026-33347
CVE-2026-33347
CVE-2026-40194
CVE-2026-40194
Patched version
13.7.1
4.33.6
3.0.50
2.8.2
3.0.51
Changelog
releases
releases
releases
releases
releases
releases
releases
releases
releases
releases
Notes
Breaking-change risk:
none observed (patch/minor). Bumped from v13.6.0 to v13.7.4 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Transitive dep; bumped from v4.33.5 to v4.33.6 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Bumped from 3.0.49 to 3.0.51 (also
fixes
#454).
Breaking-change risk:
none observed (patch/minor). Transitive dep (via laravel/framework); bumped from 2.8.1 to 2.8.2 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Covered by bump to 3.0.51 (also
fixes
#425).
Skipped alerts
Skipped alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
#463
#463
phpunit/phpunit
high
—
12.5.22
releases
releases
Not safe:
Major bump 11.x → 12.x. PHPUnit 12.0.0 removes multiple
TestCase
and
MockBuilder
methods (
iniSet()
,
setLocale()
,
getMockForAbstractClass()
,
getMockForTrait()
,
getObjectForTrait()
,
createTestProxy()
, etc.), drops support for doc-comment metadata (
@covers
,
@uses
annotations must be migrated to PHP 8 attributes), and removes several assert methods and CLI options. Breaking changes are fully documented — manual test-suite migration required before upgrading.
Alert
#463
#463
Package
phpunit/phpunit
Severity
high
CVE
—
Patched version
12.5.22
Changelog
releases
releases
Notes
Not safe:
Major bump 11.x → 12.x. PHPUnit 12.0.0 removes multiple
TestCase
and
MockBuilder
methods (
iniSet()
,
setLocale()
,
getMockForAbstractClass()
,
getMockForTrait()
,
getObjectForTrait()
,
createTestProxy()
, etc.), drops support for doc-comment metadata (
@covers
,
@uses
annotations must be migrated to PHP 8 attributes), and removes several assert methods and CLI options. Breaking changes are fully documented — manual test-suite migration required before upgrading.
Automated by secfix-bot.
Add or remove reactions
fix(security): bump composer dependencies (alerts
fix(security): bump composer dependencies (alerts
#457
#457
#454 #434 #429…
#454 #434 #429…
…
12 / 13 checks OK
7f8b428
7f8b428
@yalokin-jiminny
Show options
yalokin-jiminny commented 5 days ago
yalokin-jiminny
yalokin-jiminny
commented
5 days ago
5 days ago
@claude
@claude
Add or remove reactions
react with eyes
👀
1
@claude
Show options
claude bot commented 5 days ago •
claude
claude
bot
commented
5 days ago
5 days ago
•
edited
edited
Claude finished
@yalokin-jiminny
@yalokin-jiminny
's task in 36s
——
View job
View job
PR Review
PR Review
Completed task
Gather context
Completed task
Review composer.lock changes
Completed task
Verify security alerts are addressed
Completed task
Post review feedback
LGTM.
This is a clean automated security bump — only
composer.lock
is modified, no
composer.json
changes required.
Changes verified
Changes verified
Package
Old
New
Alerts fixed
laravel/passport
v13.6.0
v13.7.4
#457
#457
(
CVE-2026-39976
CVE-2026-39976
, high)
phpseclib/phpseclib
3.0.49
3.0.51
#425 (
CVE-2026-32935
CVE-2026-32935
, high) + #454 (
CVE-2026-40194
CVE-2026-40194
, low)
google/protobuf
v4.33.5
v4.33.6
#434 (high)
league/commonmark
2.8.1
2.8.2
#429 (
CVE-2026-33347
CVE-2026-33347
, medium)
Package
laravel/passport
phpseclib/phpseclib
google/protobuf
league/commonmark
Old
v13.6.0
3.0.49
v4.33.5
2.8.1
New
v13.7.4
3.0.51
v4.33.6
2.8.2
Alerts fixed
#457
#457
(
CVE-2026-39976
CVE-2026-39976
, high)
#425 (
CVE-2026-32935
CVE-2026-32935
, high) + #454 (
CVE-2026-40194
CVE-2026-40194
, low)
#434 (high)
#429 (
CVE-2026-33347
CVE-2026-33347
, medium)
All 5 alerts from the PR description are accounted for in the diff. The lock file hashes, references, and timestamps all look consistent with legitimate upstream releases.
One minor observation:
google/protobuf
's dev-dependency on
phpunit/phpunit
changed from
>=5.0.0 <8.5.27
to
>=10.5.62 <11.0.0
— this is a dev-only constraint in the transitive dep and has no production impact.
SonarQube quality gate passed with 0 new issues. Safe to merge.
Add or remove reactions
@yalokin-jiminny
yalokin-jiminny
yalokin-jiminny
self-requested a review
5 days ago
5 days ago
yalokin-jiminny
yalokin-jiminny
yalokin-jiminny
approved these changes
5 days ago
5 days ago
View reviewed changes
View reviewed changes
TodorStamatovJiminny
TodorStamatovJiminny
TodorStamatovJiminny
approved these changes
5 days ago
5 days ago
View reviewed changes
View reviewed changes...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970
|
53245
|
|
53246
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Close bookmarks (⌘B)
Bookmarks
Bookmarks
Close sidebar
Search bookmarks
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
12 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Conversation
Conversation
@github-actions
Show options
github-actions bot commented 5 days ago •
github-actions
github-actions
bot
commented
5 days ago
5 days ago
•
edited
edited
Security dependency updates — composer — 2026-04-15
Security dependency updates — composer — 2026-04-15
This PR was opened automatically by the secfix bot. For this ecosystem, one commit carries every dependency upgrade from this run; see
Fixed alerts
below.
CI run logs →
CI run logs →
Upgrade safety (changelog review)
Upgrade safety (changelog review)
Overall verdict:
Mixed
— All previously-actionable alerts were fixed as safe patch/minor bumps. Alert
#463
#463
(phpunit/phpunit) is listed under
Skipped alerts
: the patched version (12.5.22) requires a major version jump from 11.x that includes documented breaking API removals and requires manual migration.
This does not replace CI, tests, or manual smoke checks before merge.
Fixed alerts
Fixed alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
#457
#457
laravel/passport
high
CVE-2026-39976
CVE-2026-39976
13.7.1
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from v13.6.0 to v13.7.4 via
composer update
.
#434
#434
google/protobuf
high
CVE-2026-6409
CVE-2026-6409
4.33.6
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep; bumped from v4.33.5 to v4.33.6 via
composer update
.
#425
#425
phpseclib/phpseclib
high
CVE-2026-32935
CVE-2026-32935
3.0.50
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from 3.0.49 to 3.0.51 (also
fixes
#454).
#429
#429
league/commonmark
medium
CVE-2026-33347
CVE-2026-33347
2.8.2
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep (via laravel/framework); bumped from 2.8.1 to 2.8.2 via
composer update
.
#454
#454
phpseclib/phpseclib
low
CVE-2026-40194
CVE-2026-40194
3.0.51
releases
releases
Breaking-change risk:
none observed (patch/minor). Covered by bump to 3.0.51 (also
fixes
#425).
Alert
#457
#457
#434
#434
#425
#425
#429
#429
#454
#454
Package
laravel/passport
google/protobuf
phpseclib/phpseclib
league/commonmark
phpseclib/phpseclib
Severity
high
high
high
medium
low
CVE
CVE-2026-39976
CVE-2026-39976
CVE-2026-6409
CVE-2026-6409
CVE-2026-32935
CVE-2026-32935
CVE-2026-33347
CVE-2026-33347
CVE-2026-40194
CVE-2026-40194
Patched version
13.7.1
4.33.6
3.0.50
2.8.2
3.0.51
Changelog
releases
releases
releases
releases
releases
releases
releases
releases
releases
releases
Notes
Breaking-change risk:
none observed (patch/minor). Bumped from v13.6.0 to v13.7.4 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Transitive dep; bumped from v4.33.5 to v4.33.6 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Bumped from 3.0.49 to 3.0.51 (also
fixes
#454).
Breaking-change risk:
none observed (patch/minor). Transitive dep (via laravel/framework); bumped from 2.8.1 to 2.8.2 via...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970
|
53246
|
|
53247
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Close bookmarks (⌘B)
Bookmarks
Bookmarks
Close sidebar
Search bookmarks
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
12 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Conversation
Conversation
@github-actions
Show options
github-actions bot commented 5 days ago •
github-actions
github-actions
bot
commented
5 days ago
5 days ago
•
edited
edited
Security dependency updates — composer — 2026-04-15
Security dependency updates — composer — 2026-04-15
This PR was opened automatically by the secfix bot. For this ecosystem, one commit carries every dependency upgrade from this run; see
Fixed alerts
below.
CI run logs →
CI run logs →
Upgrade safety (changelog review)
Upgrade safety (changelog review)
Overall verdict:
Mixed
— All previously-actionable alerts were fixed as safe patch/minor bumps. Alert
#463
#463
(phpunit/phpunit) is listed under
Skipped alerts
: the patched version (12.5.22) requires a major version jump from 11.x that includes documented breaking API removals and requires manual migration.
This does not replace CI, tests, or manual smoke checks before merge.
Fixed alerts
Fixed alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
#457
#457
laravel/passport
high
CVE-2026-39976
CVE-2026-39976
13.7.1
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from v13.6.0 to v13.7.4 via
composer update
.
#434
#434
google/protobuf
high
CVE-2026-6409
CVE-2026-6409
4.33.6
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep; bumped from v4.33.5 to v4.33.6 via
composer update
.
#425
#425
phpseclib/phpseclib
high
CVE-2026-32935
CVE-2026-32935
3.0.50
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from 3.0.49 to 3.0.51 (also
fixes
#454).
#429
#429
league/commonmark
medium
CVE-2026-33347
CVE-2026-33347
2.8.2
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep (via laravel/framework); bumped from 2.8.1 to 2.8.2 via
composer update
.
#454
#454
phpseclib/phpseclib
low
CVE-2026-40194
CVE-2026-40194
3.0.51
releases
releases
Breaking-change risk:
none observed (patch/minor). Covered by bump to 3.0.51 (also
fixes
#425).
Alert
#457
#457
#434
#434
#425
#425
#429
#429
#454
#454
Package
laravel/passport
google/protobuf
phpseclib/phpseclib
league/commonmark
phpseclib/phpseclib
Severity
high
high
high
medium
low
CVE
CVE-2026-39976
CVE-2026-39976
CVE-2026-6409
CVE-2026-6409
CVE-2026-32935
CVE-2026-32935
CVE-2026-33347
CVE-2026-33347
CVE-2026-40194
CVE-2026-40194
Patched version
13.7.1
4.33.6
3.0.50
2.8.2
3.0.51
Changelog
releases
releases
releases
releases
releases
releases
releases
releases
releases
releases
Notes
Breaking-change risk:
none observed (patch/minor). Bumped from v13.6.0 to v13.7.4 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Transitive dep; bumped from v4.33.5 to v4.33.6 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Bumped from 3.0.49 to 3.0.51 (also
fixes
#454).
Breaking-change risk:
none observed (patch/minor). Transitive dep (via laravel/framework); bumped from 2.8.1 to 2.8.2 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Covered by bump to 3.0.51 (also
fixes
#425).
Skipped alerts
Skipped alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
#463
#463...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970
|
53247
|
|
53248
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Close bookmarks (⌘B)
Bookmarks
Bookmarks
Close sidebar
Search bookmarks
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
12 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Merged
fix(security): composer dependency updates – 2026-04-15 #11970 LakyLak merged 2 commits into master from secfix/composer-20260415 Copy head branch name to clipboard
fix(security): composer dependency updates – 2026-04-15
fix(security): composer dependency updates – 2026-04-15
#
11970
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
Conversation
Conversation
@github-actions
Show options
github-actions bot commented 5 days ago •
github-actions
github-actions
bot
commented
5 days ago
5 days ago
•
edited
edited
Security dependency updates — composer — 2026-04-15
Security dependency updates — composer — 2026-04-15
This PR was opened automatically by the secfix bot. For this ecosystem, one commit carries every dependency upgrade from this run; see
Fixed alerts
below.
CI run logs →
CI run logs →
Upgrade safety (changelog review)
Upgrade safety (changelog review)
Overall verdict:
Mixed
— All previously-actionable alerts were fixed as safe patch/minor bumps. Alert
#463
#463
(phpunit/phpunit) is listed under
Skipped alerts
: the patched version (12.5.22) requires a major version jump from 11.x that includes documented breaking API removals and requires manual migration.
This does not replace CI, tests, or manual smoke checks before merge.
Fixed alerts
Fixed alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
#457
#457
laravel/passport
high
CVE-2026-39976
CVE-2026-39976
13.7.1
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from v13.6.0 to v13.7.4 via
composer update
.
#434
#434
google/protobuf
high
CVE-2026-6409
CVE-2026-6409
4.33.6
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep; bumped from v4.33.5 to v4.33.6 via
composer update
.
#425
#425
phpseclib/phpseclib
high
CVE-2026-32935
CVE-2026-32935
3.0.50
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from 3.0.49 to 3.0.51 (also
fixes
#454).
#429
#429
league/commonmark
medium
CVE-2026-33347
CVE-2026-33347
2.8.2
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep (via laravel/framework); bumped from 2.8.1 to 2.8.2 via
composer update
.
#454
#454
phpseclib/phpseclib
low
CVE-2026-40194
CVE-2026-40194
3.0.51
releases
releases
Breaking-change risk:
none observed (patch/minor). Covered by bump to 3.0.51 (also
fixes
#425).
Alert
#457
#457
#434
#434
#425
#425
#429
#429
#454
#454
Package
laravel/passport
google/protobuf
phpseclib/phpseclib
league/commonmark
phpseclib/phpseclib
Severity
high
high
high
medium
low
CVE
CVE-2026-39976
CVE-2026-39976
CVE-2026-6409
CVE-2026-6409
CVE-2026-32935
CVE-2026-32935
CVE-2026-33347
CVE-2026-33347
CVE-2026-40194
CVE-2026-40194
Patched version
13.7.1
4.33.6
3.0.50
2.8.2
3.0.51
Changelog
releases
releases
releases
releases
releases
releases
releases
releases
releases
releases
Notes
Breaking-change risk:
none observed (patch/minor). Bumped from v13.6.0 to v13.7.4 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Transitive dep; bumped from v4.33.5 to v4.33.6 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Bumped from 3.0.49 to 3.0.51 (also
fixes
#454).
Breaking-change risk:
none observed (patch/minor). Transitive dep (via laravel/framework); bumped from 2.8.1 to 2.8.2 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Covered by bump to 3.0.51 (also
fixes
#425).
Skipped alerts
Skipped alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
#463
#463
phpunit/phpunit
high
—
12.5.22
releases
releases
Not safe:
Major bump 11.x → 12.x. PHPUnit 12.0.0 removes multiple
TestCase
and
MockBuilder
methods (
iniSet()
,
setLocale()
,
getMockForAbstractClass()
,
getMockForTrait()
,
getObjectForTrait()
,
createTestProxy()
, etc.), drops support for doc-comment metadata (
@covers
,
@uses
annotations must be migrated to PHP 8 attributes), and removes several assert methods and CLI options. Breaking changes are fully documented — manual test-suite migration required before upgrading.
Alert
#463
#463
Package
phpunit/phpunit
Severity
high
CVE
—
Patched version
12.5.22
Changelog
releases
releases
Notes
Not safe:
Major bump 11.x → 12.x. PHPUnit 12.0.0 removes multiple
TestCase
and
MockBuilder
methods (
iniSet()
,
setLocale()
,
getMockForAbstractClass()
,
getMockForTrait()
,
getObjectForTrait()
,
createTestProxy()
, etc.), drops support for doc-comment metadata (
@covers
,
@uses
annotations must be migrated to PHP 8 attributes), and removes several assert methods and CLI options. Breaking changes are fully documented — manual test-suite migration required before upgrading.
Automated by secfix-bot.
Add or remove reactions
fix(security): bump composer dependencies (alerts
fix(security): bump composer dependencies (alerts
#457
#457
#454 #434 #429…
#454 #434 #429…
…
12 / 13 checks OK
7f8b428
7f8b428
@yalokin-jiminny
Show options
yalokin-jiminny commented 5 days ago
yalokin-jiminny
yalokin-jiminny
commented
5 days ago
5 days ago
@claude
@claude
Add or remove reactions
react with eyes
👀
1
@claude
Show options
claude bot commented 5 days ago •
claude
claude
bot
commented
5 days ago
5 days ago
•
edited
edited
Claude finished
@yalokin-jiminny
@yalokin-jiminny
's task in 36s
——
View job
View job
PR Review
PR Review
Completed task
Gather context
Completed task...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970
|
53248
|
|
53249
|
Ask Google Gemini
Platform Sprint 2 Q2 - Platform Ask Google Gemini
Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Close bookmarks (⌘B)
Bookmarks
Bookmarks
Close sidebar
Search bookmarks
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
12 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Merged
fix(security): composer dependency updates – 2026-04-15 #11970 LakyLak merged 2 commits into master from secfix/composer-20260415 Copy head branch name to clipboard
fix(security): composer dependency updates – 2026-04-15
fix(security): composer dependency updates – 2026-04-15
#
11970
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
Conversation
Conversation
@github-actions
Show options
github-actions bot commented 5 days ago •
github-actions
github-actions
bot
commented
5 days ago
5 days ago
•
edited
edited
Security dependency updates — composer — 2026-04-15
Security dependency updates — composer — 2026-04-15
This PR was opened automatically by the secfix bot. For this ecosystem, one commit carries every dependency upgrade from this run; see
Fixed alerts
below.
CI run logs →
CI run logs →
Upgrade safety (changelog review)
Upgrade safety (changelog review)
Overall verdict:
Mixed
— All previously-actionable alerts were fixed as safe patch/minor bumps. Alert
#463
#463
(phpunit/phpunit) is listed under
Skipped alerts
: the patched version (12.5.22) requires a major version jump from 11.x that includes documented breaking API removals and requires manual migration.
This does not replace CI, tests, or manual smoke checks before merge.
Fixed alerts
Fixed alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
#457
#457
laravel/passport
high
CVE-2026-39976
CVE-2026-39976
13.7.1
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from v13.6.0 to v13.7.4 via
composer update
.
#434
#434
google/protobuf
high
CVE-2026-6409
CVE-2026-6409
4.33.6
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep; bumped from v4.33.5 to v4.33.6 via
composer update
.
#425
#425
phpseclib/phpseclib
high
CVE-2026-32935
CVE-2026-32935
3.0.50
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from 3.0.49 to 3.0.51 (also
fixes
#454).
#429
#429
league/commonmark
medium
CVE-2026-33347
CVE-2026-33347
2.8.2
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep (via laravel/framework); bumped from 2.8.1 to 2.8.2 via
composer update
.
#454
#454
phpseclib/phpseclib
low
CVE-2026-40194
CVE-2026-40194
3.0.51
releases
releases
Breaking-change risk:
none observed (patch/minor). Covered by bump to 3.0.51 (also
fixes
#425).
Alert
#457
#457
#434
#434
#425
#425
#429
#429
#454
#454
Package
laravel/passport
google/protobuf
phpseclib/phpseclib
league/commonmark
phpseclib/phpseclib
Severity
high
high
high
medium
low
CVE
CVE-2026-39976
CVE-2026-39976
CVE-2026-6409
CVE-2026-6409
CVE-2026-32935
CVE-2026-32935
CVE-2026-33347
CVE-2026-33347
CVE-2026-40194
CVE-2026-40194
Patched version
13.7.1
4.33.6
3.0.50
2.8.2
3.0.51
Changelog
releases
releases
releases
releases
releases
releases
releases
releases
releases
releases
Notes
Breaking-change risk:
none observed (patch/minor). Bumped from v13.6.0 to v13.7.4 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Transitive dep; bumped from v4.33.5 to v4.33.6 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Bumped from 3.0.49 to 3.0.51 (also
fixes
#454).
Breaking-change risk:
none observed (patch/minor). Transitive dep (via laravel/framework); bumped from 2.8.1 to 2.8.2 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Covered by bump to 3.0.51 (also
fixes
#425).
Skipped alerts
Skipped alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
#463
#463
phpunit/phpunit
high
—
12.5.22
releases
releases
Not safe:
Major bump 11.x → 12.x. PHPUnit 12.0.0 removes multiple
TestCase
and
MockBuilder
methods (
iniSet()
,
setLocale()
,
getMockForAbstractClass()
,
getMockForTrait()
,
getObjectForTrait()
,
createTestProxy()
, etc.), drops support for doc-comment metadata (
@covers
,
@uses
annotations must be migrated to PHP 8 attributes), and removes several assert methods and CLI options. Breaking changes are fully documented — manual test-suite migration required before upgrading.
Alert
#463
#463
Package
phpunit/phpunit
Severity
high
CVE
—
Patched version
12.5.22
Changelog
releases
releases
Notes
Not safe:
Major bump 11.x → 12.x. PHPUnit 12.0.0 removes multiple
TestCase
and
MockBuilder
methods (
iniSet()
,
setLocale()
,
getMockForAbstractClass()
,
getMockForTrait()
,
getObjectForTrait()
,
createTestProxy()
, etc.), drops support for doc-comment metadata (
@covers
,
@uses
annotations must be migrated to PHP 8 attributes), and removes several assert methods and CLI options. Breaking changes are fully documented — manual test-suite migration required before upgrading.
Automated by secfix-bot.
Add or remove reactions
fix(security): bump composer dependencies (alerts
fix(security): bump composer dependencies (alerts
#457
#457
#454 #434 #429…
#454 #434 #429…
…
12 / 13 checks OK
7f8b428
7f8b428
@yalokin-jiminny
Show options
yalokin-jiminny commented 5 days ago
yalokin-jiminny
yalokin-jiminny
commented
5 days ago
5 days ago
@claude
@claude
Add or remove reactions
react with eyes
👀
1
@claude...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970
|
53249
|
|
53270
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Close bookmarks (⌘B)
Bookmarks
Bookmarks
Close sidebar
Search bookmarks
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
13 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Merged
fix(security): composer dependency updates – 2026-04-15 #11970 LakyLak merged 2 commits into master from secfix/composer-20260415 Copy head branch name to clipboard
fix(security): composer dependency updates – 2026-04-15
fix(security): composer dependency updates – 2026-04-15
#
11970
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
Conversation
Conversation
@github-actions
Show options
github-actions bot commented 5 days ago •
github-actions
github-actions
bot
commented
5 days ago
5 days ago
•
edited
edited
Security dependency updates — composer — 2026-04-15
Security dependency updates — composer — 2026-04-15
This PR was opened automatically by the secfix bot. For this ecosystem, one commit carries every dependency upgrade from this run; see
Fixed alerts
below.
CI run logs →
CI run logs →
Upgrade safety (changelog review)
Upgrade safety (changelog review)
Overall verdict:
Mixed
— All previously-actionable alerts were fixed as safe patch/minor bumps. Alert
#463
#463
(phpunit/phpunit) is listed under
Skipped alerts
: the patched version (12.5.22) requires a major version jump from 11.x that includes documented breaking API removals and requires manual migration.
This does not replace CI, tests, or manual smoke checks before merge.
Fixed alerts
Fixed alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
#457
#457
laravel/passport
high
CVE-2026-39976
CVE-2026-39976
13.7.1
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from v13.6.0 to v13.7.4 via
composer update
.
#434
#434
google/protobuf
high
CVE-2026-6409
CVE-2026-6409
4.33.6
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep; bumped from v4.33.5 to v4.33.6 via
composer update
.
#425
#425
phpseclib/phpseclib
high
CVE-2026-32935
CVE-2026-32935
3.0.50
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from 3.0.49 to 3.0.51 (also
fixes
#454).
#429
#429
league/commonmark
medium
CVE-2026-33347
CVE-2026-33347
2.8.2
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep (via laravel/framework); bumped from 2.8.1 to 2.8.2 via
composer update
.
#454
#454
phpseclib/phpseclib
low
CVE-2026-40194
CVE-2026-40194
3.0.51
releases
releases
Breaking-change risk:
none observed (patch/minor). Covered by bump to 3.0.51 (also
fixes
#425).
Alert
#457
#457
#434
#434
#425
#425
#429
#429
#454
#454
Package
laravel/passport
google/protobuf
phpseclib/phpseclib
league/commonmark
phpseclib/phpseclib
Severity
high
high
high
medium
low
CVE
CVE-2026-39976
CVE-2026-39976
CVE-2026-6409
CVE-2026-6409
CVE-2026-32935
CVE-2026-32935
CVE-2026-33347
CVE-2026-33347
CVE-2026-40194
CVE-2026-40194
Patched version
13.7.1
4.33.6
3.0.50
2.8.2
3.0.51
Changelog
releases...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970
|
53270
|
|
53271
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Close bookmarks (⌘B)
Bookmarks
Bookmarks
Close sidebar
Search bookmarks
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
13 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Conversation
Conversation
@github-actions
Show options
github-actions bot commented 5 days ago •
github-actions
github-actions
bot
commented
5 days ago
5 days ago
•
edited
edited
Security dependency updates — composer — 2026-04-15
Security dependency updates — composer — 2026-04-15
This PR was opened automatically by the secfix bot. For this ecosystem, one commit carries every dependency upgrade from this run; see
Fixed alerts
below.
CI run logs →
CI run logs →
Upgrade safety (changelog review)
Upgrade safety (changelog review)
Overall verdict:
Mixed
— All previously-actionable alerts were fixed as safe patch/minor bumps. Alert
#463
#463
(phpunit/phpunit) is listed under
Skipped alerts
: the patched version (12.5.22) requires a major version jump from 11.x that includes documented breaking API removals and requires manual migration.
This does not replace CI, tests, or manual smoke checks before merge.
Fixed alerts
Fixed alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
#457
#457
laravel/passport
high
CVE-2026-39976
CVE-2026-39976
13.7.1
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from v13.6.0 to v13.7.4 via
composer update
.
#434
#434
google/protobuf
high
CVE-2026-6409
CVE-2026-6409
4.33.6
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep; bumped from v4.33.5 to v4.33.6 via
composer update
.
#425
#425
phpseclib/phpseclib
high
CVE-2026-32935
CVE-2026-32935
3.0.50
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from 3.0.49 to 3.0.51 (also
fixes
#454).
#429
#429
league/commonmark
medium
CVE-2026-33347
CVE-2026-33347
2.8.2
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep (via laravel/framework); bumped from 2.8.1 to 2.8.2 via
composer update
.
#454
#454
phpseclib/phpseclib
low
CVE-2026-40194
CVE-2026-40194
3.0.51
releases
releases
Breaking-change risk:
none observed (patch/minor). Covered by bump to 3.0.51 (also
fixes
#425).
Alert
#457
#457
#434
#434
#425
#425
#429
#429
#454
#454
Package
laravel/passport
google/protobuf
phpseclib/phpseclib
league/commonmark
phpseclib/phpseclib
Severity
high
high
high
medium
low
CVE
CVE-2026-39976
CVE-2026-39976
CVE-2026-6409
CVE-2026-6409
CVE-2026-32935
CVE-2026-32935
CVE-2026-33347
CVE-2026-33347
CVE-2026-40194
CVE-2026-40194
Patched version
13.7.1
4.33.6
3.0.50
2.8.2
3.0.51
Changelog
releases
releases
releases
releases
releases
releases
releases
releases
releases
releases
Notes
Breaking-change risk:
none observed (patch/minor). Bumped from v13.6.0 to v13.7.4 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Transitive dep; bumped from v4.33.5 to v4.33.6 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Bumped from 3.0.49 to 3.0.51 (also
fixes
#454).
Breaking-change risk:
none observed (patch/minor). Transitive dep (via laravel/framework); bumped from 2.8.1 to 2.8.2 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Covered by bump to 3.0.51 (also
fixes
#425).
Skipped alerts
Skipped alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
#463
#463
phpunit/phpunit
high
—
12.5.22
releases
releases
Not safe:
Major bump 11.x → 12.x. PHPUnit 12.0.0 removes multiple
TestCase
and
MockBuilder
methods (
iniSet()
,
setLocale()
,
getMockForAbstractClass()
,
getMockForTrait()
,
getObjectForTrait()
,
createTestProxy()
, etc.), drops support for doc-comment metadata (
@covers
,
@uses
annotations must be migrated to PHP 8 attributes), and removes several assert methods and CLI options. Breaking changes are fully documented — manual test-suite migration required before upgrading.
Alert
#463
#463
Package
phpunit/phpunit
Severity
high
CVE
—
Patched version
12.5.22
Changelog
releases
releases
Notes
Not safe:
Major bump 11.x → 12.x. PHPUnit 12.0.0 removes multiple
TestCase
and
MockBuilder
methods (
iniSet()
,
setLocale()
,
getMockForAbstractClass()
,
getMockForTrait()
,
getObjectForTrait()
,
createTestProxy()
, etc.), drops support for doc-comment metadata (
@covers
,
@uses
annotations must be migrated to PHP 8 attributes), and removes several assert methods and CLI options. Breaking changes are fully documented — manual test-suite migration required before upgrading.
Automated by secfix-bot.
Add or remove reactions
fix(security): bump composer dependencies (alerts
fix(security): bump composer dependencies (alerts
#457
#457
#454 #434 #429…
#454 #434 #429…
…
12 / 13 checks OK
7f8b428
7f8b428
@yalokin-jiminny
Show options
yalokin-jiminny commented 5 days ago
yalokin-jiminny
yalokin-jiminny
commented
5 days ago
5 days ago
@claude
@claude
Add or remove reactions
react with eyes
👀
1
@claude
Show options
claude bot commented 5 days ago •
claude
claude
bot
commented
5 days ago
5 days ago
•
edited
edited
Claude finished
@yalokin-jiminny
@yalokin-jiminny
's task in 36s
——
View job
View job
PR Review
PR Review
Completed task
Gather context
Completed task
Review composer.lock changes
Completed task
Verify security alerts are addressed
Completed task
Post review feedback
LGTM.
This is a clean automated security bump — only
composer.lock
is modified, no
composer.json
changes required.
Changes verified
Changes verified
Package
Old
New
Alerts fixed
laravel/passport
v13.6.0...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970
|
53271
|
|
53272
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Close bookmarks (⌘B)
Bookmarks
Bookmarks
Close sidebar
Search bookmarks
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
13 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Conversation
Conversation
@github-actions
Show options
github-actions bot commented 5 days ago •
github-actions
github-actions
bot
commented
5 days ago
5 days ago
•
edited
edited
Security dependency updates — composer — 2026-04-15
Security dependency updates — composer — 2026-04-15
This PR was opened automatically by the secfix bot. For this ecosystem, one commit carries every dependency upgrade from this run; see
Fixed alerts
below.
CI run logs →
CI run logs →
Upgrade safety (changelog review)
Upgrade safety (changelog review)
Overall verdict:
Mixed
— All previously-actionable alerts were fixed as safe patch/minor bumps. Alert
#463
#463
(phpunit/phpunit) is listed under
Skipped alerts
: the patched version (12.5.22) requires a major version jump from 11.x that includes documented breaking API removals and requires manual migration.
This does not replace CI, tests, or manual smoke checks before merge.
Fixed alerts
Fixed alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
Revert View details LakyLak merged commit 12ac2f1 into master 12 checks passed LakyLak Restore branch deleted the secfix/composer-20260415 branch...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970/changes
|
53272
|
|
53273
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Close bookmarks (⌘B)
Bookmarks
Bookmarks
Close sidebar
Search bookmarks
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Preview
Preview
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
13 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Pull Request Toolbar
Pull Request Toolbar
Collapse file tree
All commits
All commits
0
/
1
viewed
Submit comments
Submit
comments
Open diff view settings
Open overview panel
Open comments panel
(
0
)
Filter files…
Filter options
File tree
File tree
composer.lock
composer.lock
Collapse file
composer.lock
composer.lock
composer.lock
Copy file name to clipboard
Lines changed: 23 additions & 23 deletions
Display the source diff
Display the rich diff
Not Viewed
Viewed
Comment on this file
More options
Load Diff
Load Diff
Some generated files are not rendered by default. Learn more about
customizing how changed files appear on GitHub.
customizing how changed files appear on GitHub.
Revert View details LakyLak merged commit 12ac2f1 into master 12 checks passed LakyLak Restore branch deleted the secfix/composer-20260415 branch...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970/changes
|
53273
|
|
53287
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Close bookmarks (⌘B)
Bookmarks
Bookmarks
Close sidebar
Search bookmarks
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Preview
Preview
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
13 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Pull Request Toolbar
Pull Request Toolbar
Collapse file tree
All commits
All commits
0
/
1
viewed
Submit comments
Submit
comments
Open diff view settings
Open overview panel
Open comments panel
(
0
)
Filter files…
Filter options
File tree
File tree
composer.lock
composer.lock
Collapse file
composer.lock
composer.lock
composer.lock
Copy file name to clipboard
Lines changed: 23 additions & 23 deletions
Display the source diff
Display the rich diff
Not Viewed
Viewed
Comment on this file
More options
Load Diff
Load Diff
Some generated files are not rendered by default. Learn more about
customizing how changed files appear on GitHub.
customizing how changed files appear on GitHub.
Revert View details LakyLak merged commit 12ac2f1 into master 12 checks passed LakyLak Restore branch deleted the secfix/composer-20260415 branch...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970/changes
|
53287
|
|
53288
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Close bookmarks (⌘B)
Bookmarks
Bookmarks
Close sidebar
Search bookmarks
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Preview
Preview
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
13 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Pull Request Toolbar
Pull Request Toolbar
Collapse file tree
All commits
All commits
0
/
1
viewed
Submit comments
Submit
comments
Open diff view settings
Open overview panel
Open comments panel
(
0
)
Filter files…
Filter options
File tree
File tree
composer.lock
composer.lock
Collapse file
composer.lock
composer.lock
composer.lock
Copy file name to clipboard
Lines changed: 23 additions & 23 deletions
Display the source diff
Display the rich diff
Not Viewed
Viewed
Comment on this file
More options
Load Diff
Load Diff
Some generated files are not rendered by default. Learn more about
customizing how changed files appear on GitHub.
customizing how changed files appear on GitHub.
Revert View details LakyLak merged commit 12ac2f1 into master 12 checks passed LakyLak Restore branch deleted the secfix/composer-20260415 branch...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970/changes
|
53288
|
|
53289
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Close bookmarks (⌘B)
Bookmarks
Bookmarks
Close sidebar
Search bookmarks
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Preview
Preview
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
13 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Pull Request Toolbar
Pull Request Toolbar
Collapse file tree
All commits
All commits
0
/
1
viewed
Submit comments
Submit
comments
Open diff view settings
Open overview panel
Open comments panel
(
0
)
Filter files…
Filter options
File tree
File tree
composer.lock
composer.lock
Collapse file
composer.lock
composer.lock
composer.lock
Copy file name to clipboard
Lines changed: 23 additions & 23 deletions
Display the source diff
Display the rich diff
Not Viewed
Viewed
Comment on this file
More options
Load Diff
Load Diff
Some generated files are not rendered by default. Learn more about
customizing how changed files appear on GitHub.
customizing how changed files appear on GitHub.
Revert View details LakyLak merged commit 12ac2f1 into master 12 checks passed LakyLak Restore branch deleted the secfix/composer-20260415 branch
github.com/jiminny/app/blob/e4e0e6d46de855cb5293da5ea962719905804147/composer.lock...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970/changes
|
53289
|
|
53290
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Close bookmarks (⌘B)
Bookmarks
Bookmarks
Close sidebar
Search bookmarks
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Preview
Preview
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
13 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Pull Request Toolbar
Pull Request Toolbar
Collapse file tree
All commits
All commits
0
/
1
viewed
Submit comments
Submit
comments
Open diff view settings
Open overview panel
Open comments panel
(
0
)
Filter files…
Filter options
File tree
File tree
composer.lock
composer.lock
Collapse file
composer.lock
composer.lock
composer.lock
Copy file name to clipboard
Lines changed: 23 additions & 23 deletions
Display the source diff
Display the rich diff
Not Viewed
Viewed
Comment on this file
More options
Load Diff
Load Diff
Some generated files are not rendered by default. Learn more about
customizing how changed files appear on GitHub.
customizing how changed files appear on GitHub.
Revert View details LakyLak merged commit 12ac2f1 into master 12 checks passed LakyLak Restore branch deleted the secfix/composer-20260415 branch
github.com/jiminny/app/blob/e4e0e6d46de855cb5293da5ea962719905804147/composer.lock...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970/changes
|
53290
|
|
53296
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Open bookmarks (⌘B)
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Preview
Preview
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
14 minutes ago
Conversation
Conversation
Commits (2)
Commits
(
2
)
Checks
Checks
Files changed
Files changed
Pull Request Toolbar
Pull Request Toolbar
Collapse file tree
All commits
All commits
0
/
1
viewed
Submit comments
Submit
comments
Open diff view settings
Open overview panel
Open comments panel
(
0
)
Filter files…
Filter options
File tree
File tree
composer.lock
composer.lock
Collapse file
composer.lock
composer.lock
composer.lock
Copy file name to clipboard
Lines changed: 23 additions & 23 deletions
Display the source diff
Display the rich diff
Not Viewed
Viewed
Comment on this file
More options
Load Diff
Load Diff
Some generated files are not rendered by default. Learn more about
customizing how changed files appear on GitHub.
customizing how changed files appear on GitHub....
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970/changes
|
53296
|
|
53297
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Open bookmarks (⌘B)
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Preview
Preview
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
14 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Pull Request Toolbar
Pull Request Toolbar
Collapse file tree
All commits
All commits
0
/
1
viewed
Submit comments
Submit
comments
Open diff view settings
Open overview panel
Open comments panel
(
0
)
Filter files…
Filter options
File tree
File tree
composer.lock
composer.lock
Collapse file
composer.lock
composer.lock
composer.lock
Copy file name to clipboard
Lines changed: 23 additions & 23 deletions
Display the source diff
Display the rich diff
Not Viewed
Viewed
Comment on this file
More options
Loading
Some generated files are not rendered by default. Learn more about
customizing how changed files appear on GitHub.
customizing how changed files appear on GitHub....
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970/changes
|
53297
|
|
53298
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Open bookmarks (⌘B)
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Preview
Preview
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
14 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Pull Request Toolbar
Pull Request Toolbar
Collapse file tree
All commits
All commits
0
/
1
viewed
Submit comments
Submit
comments
Open diff view settings
Open overview panel
Open comments panel
(
0
)
Filter files…
Filter options
File tree
File tree
composer.lock
composer.lock
Collapse file
composer.lock
composer.lock
composer.lock
Copy file name to clipboard
Lines changed: 23 additions & 23 deletions
Display the source diff
Display the rich diff
Not Viewed
Viewed
Comment on this file
More options
Loading
Some generated files are not rendered by default. Learn more about
customizing how changed files appear on GitHub.
customizing how changed files appear on GitHub....
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970/changes
|
53298
|
|
53299
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Open bookmarks (⌘B)
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Preview
Preview
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
14 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Pull Request Toolbar
Pull Request Toolbar
Collapse file tree
All commits
All commits
0
/
1
viewed
Submit comments
Submit
comments
Open diff view settings
Open overview panel
Open comments panel
(
0
)
Filter files…
Filter options
File tree
File tree
composer.lock
composer.lock
Collapse file
composer.lock
composer.lock
composer.lock
Copy file name to clipboard
Expand all lines: composer.lock
Lines changed: 23 additions & 23 deletions
Display the source diff
Display the rich diff
Not Viewed
Viewed
Comment on this file
More options
Original file line number
Original file line
Diff line number
Diff line change
@@ -2876,23 +2876,23 @@
2876
},
2876
},
2877
{
2877
{
2878
"name": "google/protobuf",
2878
"name": "google/protobuf",
Add comment
More actions
2879
-
"version": "v4.33.
5
",
2879
+
"version": "v4.33.
6
",
2880
"source": {
2880
"source": {
2881
"type": "git",
2881
"type": "git",
2882
"url": "[URL_WITH_CREDENTIALS] -2914,9 +2914,9 @@
2914
"proto"
2914
"proto"
2915
],
2915
],
2916
"support": {
2916
"support": {
2917
-
"source": "[URL_WITH_CREDENTIALS] -5076,16 +5076,16 @@
5076
},
5076
},
5077
{
5077
{
5078
"name": "laravel/passport",
5078
"name": "laravel/passport",
5079
-
"version": "v13.
6.0
",
5079
+
"version": "v13.
7.4
",
5080
"source": {
5080
"source": {
5081
"type": "git",
5081
"type": "git",
5082
"url": "https://github.com/laravel/passport.git",
5082
"url": "https://github.com/laravel/passport.git",
5083
-
"reference": "
d97be1147f3dc2857e5a5cc4be0842c3ed46c5d8
"
5083
+
"reference": "
16c45794c6a6176792fdf555f986aa1b944d9081
"
5084
},
5084
},
5085
"dist": {
5085
"dist": {
5086
"type": "zip",
5086
"type": "zip",
5087
-
"url": "https://api.github.com/repos/laravel/passport/zipball/
d97be1147f3dc2857e5a5cc4be0842c3ed46c5d8
",
5087
+
"url": "https://api.github.com/repos/laravel/passport/zipball/
16c45794c6a6176792fdf555f986aa1b944d9081
",
5088
-
"reference": "
d97be1147f3dc2857e5a5cc4be0842c3ed46c5d8
",
5088
+
"reference": "
16c45794c6a6176792fdf555f986aa1b944d9081
",
5089
"shasum": ""
5089
"shasum": ""
5090
},
5090
},
5091
"require": {
5091...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970/changes
|
53299
|
|
53300
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Open bookmarks (⌘B)
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Preview
Preview
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
14 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Pull Request Toolbar
Pull Request Toolbar
Collapse file tree
All commits
All commits
0
/
1
viewed
Submit comments
Submit
comments
Open diff view settings
Open overview panel
Open comments panel
(
0
)
Filter files…
Filter options
File tree
File tree
composer.lock
composer.lock
Collapse file
composer.lock
composer.lock
composer.lock
Copy file name to clipboard
Expand all lines: composer.lock
Lines changed: 23 additions & 23 deletions
Display the source diff
Display the rich diff
Not Viewed
Viewed
Comment on this file
More options
Original file line number
Original file line
Diff line number
Diff line change
@@ -2876,23 +2876,23 @@
2876
},
2876
},
2877
{
2877
{
2878
"name": "google/protobuf",
2878
"name": "google/protobuf",
2879
-
"version": "v4.33.
5
",
2879
+
"version": "v4.33.
6
",
2880
"source": {
2880
"source": {
2881
"type": "git",
2881
"type": "git",
2882
"url": "[URL_WITH_CREDENTIALS] -2914,9 +2914,9 @@
2914
"proto"
2914
"proto"
2915
],
2915
],
2916
"support": {
2916
"support": {
2917
-
"source": "[URL_WITH_CREDENTIALS] -5076,16 +5076,16 @@
5076
},
5076
},
5077
{
5077
{
5078
"name": "laravel/passport",
5078
"name": "laravel/passport",
5079
-
"version": "v13.
6.0
",
5079
+
"version": "v13.
7.4
",
5080
"source": {
5080
"source": {
5081
"type": "git",
5081
"type": "git",
5082
"url": "https://github.com/laravel/passport.git",
5082
"url": "https://github.com/laravel/passport.git",
5083
-
"reference": "
d97be1147f3dc2857e5a5cc4be0842c3ed46c5d8
"
5083
+
"reference": "
16c45794c6a6176792fdf555f986aa1b944d9081
"
5084
},
5084
},
5085
"dist": {
5085
"dist": {
5086
"type": "zip",
5086
"type": "zip",
5087
-
"url": "https://api.github.com/repos/laravel/passport/zipball/
d97be1147f3dc2857e5a5cc4be0842c3ed46c5d8
",
5087
+
"url": "https://api.github.com/repos/laravel/passport/zipball/
16c45794c6a6176792fdf555f986aa1b944d9081
",
5088
-
"reference": "
d97be1147f3dc2857e5a5cc4be0842c3ed46c5d8
",
5088
+
"reference": "
16c45794c6a6176792fdf555f986aa1b944d9081
",
5089
"shasum": ""
5089
"shasum": ""
5090...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970/changes
|
53300
|
|
53315
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Open bookmarks (⌘B)
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Preview
Preview
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
15 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Pull Request Toolbar
Pull Request Toolbar
Collapse file tree
Merged
fix(security): composer dependency updates – 2026-04-15
fix(security): composer dependency updates – 2026-04-15
#
11970
All commits
All commits
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
0
/
1
viewed
Submit comments
Submit
comments
Open diff view settings
Open overview panel
Open comments panel
(
0
)
Filter files…
Filter options
File tree
File tree
composer.lock
composer.lock
Collapse file
composer.lock
composer.lock
composer.lock
Copy file name to clipboard
Expand all lines: composer.lock
Lines changed: 23 additions & 23 deletions
Display the source diff
Display the rich diff
Not Viewed
Viewed
Comment on this file
More options
Original file line number
Original file line
Diff line number
Diff line change
@@ -2876,23 +2876,23 @@
2876
},
2876
},
2877
{
2877
{
2878
"name": "google/protobuf",
2878
"name": "google/protobuf",
2879
-
"version": "v4.33.
5
",
2879
+
"version": "v4.33.
6
",
2880
"source": {
2880
"source": {
2881
"type": "git",
2881
"type": "git",
2882
"url": "[URL_WITH_CREDENTIALS] -2914,9 +2914,9 @@
2914
"proto"
2914
"proto"
2915
],
2915
],
2916
"support": {
2916
"support": {
2917
-
"source": "[URL_WITH_CREDENTIALS] -5076,16 +5076,16 @@
5076
},
5076
},
5077
{
5077
{
5078
"name": "laravel/passport",
5078
"name": "laravel/passport",
5079
-
"version": "v13.
6.0
",
5079
+
"version": "v13.
7.4
",
5080
"source": {
5080
"source": {
5081
"type": "git",
5081
"type": "git",
5082
"url": "https://github.com/laravel/passport.git",
5082
"url": "https://github.com/laravel/passport.git",
5083
-
"reference": "
d97be1147f3dc2857e5a5cc4be0842c3ed46c5d8
"
5083
+
"reference": "
16c45794c6a6176792fdf555f986aa1b944d9081
"
5084
},
5084
},
5085
"dist": {
5085
"dist": {
5086
"type": "zip",
5086
"type": "zip",
5087
-
"url": "https://api.github.com/repos/laravel/passport/zipball/
d97be1147f3dc2857e5a5cc4be0842c3ed46c5d8
",
5087
+
"url": "https://api.github.com/repos/laravel/passport/zipball/
16c45794c6a6176792fdf555f986aa1b944d9081
",
5088
-
"reference": "
d97be1147f3dc2857e5a5cc4be0842c3ed46c5d8
",
5088
+
"reference": "
16c45794c6a6176792fdf555f986aa1b944d9081
",
5089
"shasum": ""
5089
"shasum": ""
5090
},
5090
},
5091
"require": {
5091...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970/changes
|
53315
|
|
53316
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Open bookmarks (⌘B)
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Preview
Preview
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
15 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Pull Request Toolbar
Pull Request Toolbar
Collapse file tree
Merged
fix(security): composer dependency updates – 2026-04-15
fix(security): composer dependency updates – 2026-04-15
#
11970
All commits
All commits
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
0
/
1
viewed
Submit comments
Submit
comments
Open diff view settings
Open overview panel
Open comments panel
(
0
)
Filter files…
Filter options
File tree
File tree
composer.lock
composer.lock
Collapse file
composer.lock
composer.lock
composer.lock
Copy file name to clipboard
Expand all lines: composer.lock
Lines changed: 23 additions & 23 deletions
Display the source diff
Display the rich diff
Not Viewed
Viewed
Comment on this file
More options
Original file line number
Original file line
Diff line number
Diff line change
@@ -2876,23 +2876,23 @@
2876
},
2876
},
2877
{
2877
{
2878
"name": "google/protobuf",
2878
"name": "google/protobuf",
2879
-
"version": "v4.33.
5
",
2879
+
"version": "v4.33.
6
",
2880
"source": {
2880
"source": {
2881
"type": "git",
2881
"type": "git",
2882
"url": "[URL_WITH_CREDENTIALS] -2914,9 +2914,9 @@
2914
"proto"
2914
"proto"
2915
],
2915
],
2916
"support": {
2916
"support": {
2917
-
"source": "[URL_WITH_CREDENTIALS] -5076,16 +5076,16 @@
5076
},
5076
},
5077
{
5077
{
5078
"name": "laravel/passport",
5078
"name": "laravel/passport",
5079
-
"version": "v13.
6.0
",
5079
+
"version": "v13.
7.4
",
5080
"source": {
5080
"source": {
5081
"type": "git",
5081
"type": "git",
5082
"url": "https://github.com/laravel/passport.git",
5082
"url": "https://github.com/laravel/passport.git",
5083
-
"reference": "
d97be1147f3dc2857e5a5cc4be0842c3ed46c5d8
"
5083
+
"reference": "
16c45794c6a6176792fdf555f986aa1b944d9081
"
5084
},
5084
},
5085
"dist": {
5085
"dist": {
5086
"type": "zip",
5086
"type": "zip",
5087
-
"url": "https://api.github.com/repos/laravel/passport/zipball/
d97be1147f3dc2857e5a5cc4be0842c3ed46c5d8
",
5087
+
"url": "https://api.github.com/repos/laravel/passport/zipball/
16c45794c6a6176792fdf555f986aa1b944d9081
",
5088
-
"reference": "
d97be1147f3dc2857e5a5cc4be0842c3ed46c5d8
",
5088
+
"reference": "
16c45794c6a6176792fdf555f986aa1b944d9081
",
5089
"shasum": ""
5089
"shasum": ""
5090
},
5090
},
5091
"require": {
5091...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970/changes
|
53316
|
|
53329
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Open bookmarks (⌘B)
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Preview
Preview
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
16 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Pull Request Toolbar
Pull Request Toolbar
Collapse file tree
Merged
fix(security): composer dependency updates – 2026-04-15
fix(security): composer dependency updates – 2026-04-15
#
11970
All commits
All commits
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
0
/
1
viewed
Submit comments
Submit
comments
Open diff view settings
Open overview panel
Open comments panel
(
0
)
Filter files…
Filter options
File tree
File tree
composer.lock
composer.lock
Collapse file
composer.lock
composer.lock
composer.lock
Copy file name to clipboard
Expand all lines: composer.lock
Lines changed: 23 additions & 23 deletions
Display the source diff
Display the rich diff
Not Viewed
Viewed
Comment on this file
More options
Original file line number
Original file line
Diff line number
Diff line change
@@ -2876,23 +2876,23 @@
2876
},
2876
},
2877
{
2877
{
2878
"name": "google/protobuf",
2878
"name": "google/protobuf",
2879
-
"version": "v4.33.
5
",
2879
+
"version": "v4.33.
6
",
2880
"source": {
2880
"source": {
2881
"type": "git",
2881
"type": "git",
2882
"url": "https://github.com/protocolbuffers/protobuf-php.git",
2882
"url": "https://github.com/protocolbuffers/protobuf-php.git",
2883
-
"reference": "
ebe8010a61b2ae0cff0d246fe1c4d44e9f7dfa6d
"
2883
+
"reference": "
84b008c23915ed94536737eae46f41ba3bccfe67
"
2884
},
2884
},
2885
"dist": {
2885
"dist": {
2886
"type": "zip",
2886
"type": "zip",
2887
-
"url": "https://api.github.com/repos/protocolbuffers/protobuf-php/zipball/
ebe8010a61b2ae0cff0d246fe1c4d44e9f7dfa6d
",
2887
+
"url": "https://api.github.com/repos/protocolbuffers/protobuf-php/zipball/
84b008c23915ed94536737eae46f41ba3bccfe67
",
2888
-
"reference": "
ebe8010a61b2ae0cff0d246fe1c4d44e9f7dfa6d
",
2888
+
"reference": "
84b008c23915ed94536737eae46f41ba3bccfe67
",
2889
"shasum": ""
2889
"shasum": ""
2890
},
2890
},
2891
"require": {
2891
"require": {
2892
"php": ">=8.1.0"
2892
"php": ">=8.1.0"
2893
},
2893
},
2894
"require-dev": {
2894...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970/changes
|
53329
|
|
53330
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Open bookmarks (⌘B)
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Preview
Preview
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
16 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Pull Request Toolbar
Pull Request Toolbar
Collapse file tree
Merged
fix(security): composer dependency updates – 2026-04-15
fix(security): composer dependency updates – 2026-04-15
#
11970
All commits
All commits
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
0
/
1
viewed
Submit comments
Submit
comments
Open diff view settings
Open overview panel
Open comments panel
(
0
)
Filter files…
Filter options
File tree
File tree
composer.lock
composer.lock
Collapse file
composer.lock
composer.lock
composer.lock
Copy file name to clipboard
Expand all lines: composer.lock
Lines changed: 23 additions & 23 deletions
Display the source diff
Display the rich diff
Not Viewed
Viewed
Comment on this file
More options
Original file line number
Original file line
Diff line number
Diff line change
@@ -2876,23 +2876,23 @@
2876
},
2876
},
2877
{
2877
{
2878
"name": "google/protobuf",
2878
"name": "google/protobuf",
2879
-
"version": "v4.33.
5
",
2879
+
"version": "v4.33.
6
",
2880
"source": {
2880
"source": {
2881
"type": "git",
2881
"type": "git",
2882
"url": "[URL_WITH_CREDENTIALS] -2914,9 +2914,9 @@
2914
"proto"...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970/changes
|
53330
|
|
53331
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Open bookmarks (⌘B)
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Preview
Preview
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
16 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Pull Request Toolbar
Pull Request Toolbar
Collapse file tree
All commits
All commits
0
/
1
viewed
Submit comments
Submit
comments
Open diff view settings
Open overview panel
Open comments panel
(
0
)
Filter files…
Filter options
File tree
File tree
composer.lock
composer.lock
Collapse file
composer.lock
composer.lock
composer.lock
Copy file name to clipboard
Expand all lines: composer.lock
Lines changed: 23 additions & 23 deletions
Display the source diff
Display the rich diff
Not Viewed
Viewed
Comment on this file
More options
Original file line number
Original file line
Diff line number
Diff line change
@@ -2876,23 +2876,23 @@
2876
},
2876
},
2877
{
2877
{
2878
"name": "google/protobuf",
2878...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970/changes
|
53331
|
|
53332
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Open bookmarks (⌘B)
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Preview
Preview
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
16 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Pull Request Toolbar
Pull Request Toolbar
Collapse file tree
All commits
All commits
0
/
1
viewed
Submit comments
Submit
comments
Open diff view settings
Open overview panel
Open comments panel
(
0
)
Filter files…
Filter options
File tree
File tree
composer.lock
composer.lock
Collapse file
composer.lock
composer.lock
composer.lock
Copy file name to clipboard
Expand all lines: composer.lock
Lines changed: 23 additions & 23 deletions
Display the source diff
Display the rich diff
Not Viewed
Viewed
Comment on this file
More options
Original file line number
Original file line
Diff line number
Diff line change
@@ -2876,23 +2876,23 @@
2876
},
2876
},
2877
{
2877
{
2878
"name": "google/protobuf",
2878
"name": "google/protobuf",
2879
-
"version": "v4.33.
5
",
2879
+
"version": "v4.33.
6
",
2880
"source": {
2880
"source": {
2881
"type": "git",
2881
"type": "git",
2882
"url": "https://github.com/protocolbuffers/protobuf-php.git",
2882
"url": "https://github.com/protocolbuffers/protobuf-php.git",
2883
-
"reference": "
ebe8010a61b2ae0cff0d246fe1c4d44e9f7dfa6d
"
2883
+
"reference": "
84b008c23915ed94536737eae46f41ba3bccfe67
"
2884
},
2884
},
2885
"dist": {
2885
"dist": {
2886...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970/changes
|
53332
|
|
53333
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Open bookmarks (⌘B)
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
16 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Conversation
Conversation
@github-actions
Show options
github-actions bot commented 5 days ago •
github-actions
github-actions
bot
commented
5 days ago
5 days ago
•
edited
edited
Security dependency updates — composer — 2026-04-15
Security dependency updates — composer — 2026-04-15
This PR was opened automatically by the secfix bot. For this ecosystem, one commit carries every dependency upgrade from this run; see
Fixed alerts
below.
CI run logs →
CI run logs →
Upgrade safety (changelog review)
Upgrade safety (changelog review)
Overall verdict:
Mixed
— All previously-actionable alerts were fixed as safe patch/minor bumps. Alert
#463
#463
(phpunit/phpunit) is listed under
Skipped alerts
: the patched version (12.5.22) requires a major version jump from 11.x that includes documented breaking API removals and requires manual migration.
This does not replace CI, tests, or manual smoke checks before merge.
Fixed alerts
Fixed alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
#457
#457
laravel/passport
high
CVE-2026-39976
CVE-2026-39976
13.7.1
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from v13.6.0 to v13.7.4 via
composer update
.
#434
#434
google/protobuf
high
CVE-2026-6409
CVE-2026-6409
4.33.6
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep; bumped from v4.33.5 to v4.33.6 via
composer update
.
#425
#425
phpseclib/phpseclib
high
CVE-2026-32935
CVE-2026-32935
3.0.50
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from 3.0.49 to 3.0.51 (also
fixes
#454).
#429
#429
league/commonmark
medium
CVE-2026-33347
CVE-2026-33347
2.8.2
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep (via laravel/framework); bumped from 2.8.1 to 2.8.2 via
composer update
.
#454
#454
phpseclib/phpseclib
low
CVE-2026-40194
CVE-2026-40194
3.0.51
releases
releases
Breaking-change risk:
none observed (patch/minor). Covered by bump to 3.0.51 (also
fixes
#425).
Alert
#457
#457
#434
#434
#425
#425
#429
#429
#454
#454
Package
laravel/passport
google/protobuf
phpseclib/phpseclib
league/commonmark
phpseclib/phpseclib
Severity
high
high
high
medium
low
CVE
CVE-2026-39976
CVE-2026-39976
CVE-2026-6409
CVE-2026-6409
CVE-2026-32935
CVE-2026-32935
CVE-2026-33347
CVE-2026-33347
CVE-2026-40194
CVE-2026-40194
Patched version
13.7.1
4.33.6
3.0.50
2.8.2
3.0.51
Changelog
releases
releases
releases
releases
releases
releases
releases
releases
releases
releases
Notes
Breaking-change risk:
none observed (patch/minor). Bumped from v13.6.0 to v13.7.4 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Transitive dep; bumped from v4.33.5 to v4.33.6 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Bumped from 3.0.49 to 3.0.51 (also
fixes
#454).
Breaking-change risk:
none observed (patch/minor). Transitive dep (via laravel/framework); bumped from 2.8.1 to 2.8.2 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Covered by bump to 3.0.51 (also
fixes
#425).
Skipped alerts
Skipped alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
#463
#463
phpunit/phpunit
high
—
12.5.22
releases
releases
Not safe:
Major bump 11.x → 12.x. PHPUnit 12.0.0 removes multiple
TestCase
and
MockBuilder
methods (
iniSet()
,
setLocale()
,
getMockForAbstractClass()
,
getMockForTrait()
,
getObjectForTrait()
,
createTestProxy()
, etc.), drops support for doc-comment metadata (
@covers
,
@uses
annotations must be migrated to PHP 8 attributes), and removes several assert methods and CLI options. Breaking changes are fully documented — manual test-suite migration required before upgrading.
Alert
#463
#463
Package
phpunit/phpunit
Severity
high
CVE
—
Patched version
12.5.22
Changelog
releases
releases
Notes
Not safe:
Major bump 11.x → 12.x. PHPUnit 12.0.0 removes multiple
TestCase
and
MockBuilder
methods (
iniSet()
,
setLocale()
,
getMockForAbstractClass()
,
getMockForTrait()
,
getObjectForTrait()
,
createTestProxy()
, etc.), drops support for doc-comment metadata (
@covers
,
@uses
annotations must be migrated to PHP 8 attributes), and removes several assert methods and CLI options. Breaking changes are fully documented — manual test-suite migration required before upgrading.
Automated by secfix-bot.
Add or remove reactions
fix(security): bump composer dependencies (alerts
fix(security): bump composer dependencies (alerts
#457
#457
#454 #434 #429…
#454 #434 #429…
…
12 / 13 checks OK
7f8b428
7f8b428
@yalokin-jiminny
Show options
yalokin-jiminny commented 5 days ago
yalokin-jiminny
yalokin-jiminny
commented
5 days ago
5 days ago
@claude
@claude
Add or remove reactions
react with eyes
👀
1
@claude
Show options
claude bot commented 5 days ago •
claude
claude
bot
commented
5 days ago
5 days ago
•
edited
edited
Claude finished
@yalokin-jiminny
@yalokin-jiminny
's task in 36s
——
View job
View job
PR Review
PR Review
Completed task
Gather context
Completed task
Review composer.lock changes
Completed task
Verify security alerts are addressed
Completed task
Post review feedback
LGTM.
This is a clean automated security bump — only
composer.lock
is modified, no
composer.json
changes required.
Changes verified
Changes verified
Package
Old
New
Alerts fixed
laravel/passport
v13.6.0
v13.7.4
#457
#457
(
CVE-2026-39976
CVE-2026-39976
, high)
phpseclib/phpseclib
3.0.49
3.0.51
#425 (
CVE-2026-32935
CVE-2026-32935
, high) + #454 (
CVE-2026-40194
CVE-2026-40194
, low)
google/protobuf
v4.33.5
v4.33.6
#434 (high)
league/commonmark
2.8.1
2.8.2
#429 (
CVE-2026-33347
CVE-2026-33347
, medium)
Package
laravel/passport
phpseclib/phpseclib
google/protobuf
league/commonmark
Old
v13.6.0
3.0.49
v4.33.5
2.8.1
New
v13.7.4
3.0.51
v4.33.6
2.8.2
Alerts fixed
#457
#457
(
CVE-2026-39976
CVE-2026-39976
, high)
#425 (
CVE-2026-32935
CVE-2026-32935
, high) + #454 (
CVE-2026-40194
CVE-2026-40194
, low)
#434 (high)
#429 (
CVE-2026-33347
CVE-2026-33347
, medium)
All 5 alerts from the PR description are accounted for in the diff. The lock file hashes, references, and timestamps all look consistent with legitimate upstream releases.
One minor observation:
google/protobuf
's dev-dependency on
phpunit/phpunit
changed from
>=5.0.0 <8.5.27
to
>=10.5.62 <11.0.0
— this is a dev-only constraint in the transitive dep and has no production impact.
SonarQube quality gate passed with 0 new issues. Safe to merge.
Add or remove reactions
@yalokin-jiminny
yalokin-jiminny
yalokin-jiminny
self-requested a review
5 days ago
5 days ago
yalokin-jiminny
yalokin-jiminny
yalokin-jiminny
approved these changes
5 days ago
5 days ago
View reviewed changes
View reviewed changes
TodorStamatovJiminny
TodorStamatovJiminny
TodorStamatovJiminny
approved these changes
5 days ago
5 days ago
View reviewed changes
View reviewed changes
@ilian-jiminny
ilian-jiminny
ilian-jiminny
self-requested a review...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970
|
53333
|
|
53375
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
JY-20553 | Improve crm-sync delays by yalokin-jiminny · Pull Request #11976 · jiminny/app
JY-20553 | Improve crm-sync delays by yalokin-jiminny · Pull Request #11976 · jiminny/app
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Open bookmarks (⌘B)
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
17 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Conversation
Conversation
@github-actions
Show options
github-actions bot commented 5 days ago •
github-actions
github-actions
bot
commented
5 days ago
5 days ago
•
edited
edited
Security dependency updates — composer — 2026-04-15
Security dependency updates — composer — 2026-04-15
This PR was opened automatically by the secfix bot. For this ecosystem, one commit carries every dependency upgrade from this run; see
Fixed alerts
below.
CI run logs →
CI run logs →
Upgrade safety (changelog review)
Upgrade safety (changelog review)
Overall verdict:
Mixed
— All previously-actionable alerts were fixed as safe patch/minor bumps. Alert
#463
#463
(phpunit/phpunit) is listed under
Skipped alerts
: the patched version (12.5.22) requires a major version jump from 11.x that includes documented breaking API removals and requires manual migration.
This does not replace CI, tests, or manual smoke checks before merge.
Fixed alerts
Fixed alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
#457
#457
laravel/passport
high
CVE-2026-39976
CVE-2026-39976
13.7.1
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from v13.6.0 to v13.7.4 via
composer update
.
#434
#434
google/protobuf
high
CVE-2026-6409
CVE-2026-6409
4.33.6
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep; bumped from v4.33.5 to v4.33.6 via
composer update
.
#425
#425
phpseclib/phpseclib
high
CVE-2026-32935
CVE-2026-32935
3.0.50
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from 3.0.49 to 3.0.51 (also
fixes
#454).
#429
#429
league/commonmark
medium
CVE-2026-33347
CVE-2026-33347
2.8.2
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep (via laravel/framework); bumped from 2.8.1 to 2.8.2 via
composer update
.
#454
#454
phpseclib/phpseclib
low
CVE-2026-40194
CVE-2026-40194
3.0.51
releases
releases
Breaking-change risk:
none observed (patch/minor). Covered by bump to 3.0.51 (also
fixes
#425).
Alert
#457
#457
#434
#434
#425
#425
#429
#429
#454
#454
Package
laravel/passport
google/protobuf
phpseclib/phpseclib
league/commonmark
phpseclib/phpseclib
Severity
high
high
high
medium
low
CVE
CVE-2026-39976
CVE-2026-39976
CVE-2026-6409
CVE-2026-6409
CVE-2026-32935
CVE-2026-32935
CVE-2026-33347
CVE-2026-33347
CVE-2026-40194
CVE-2026-40194
Patched version
13.7.1
4.33.6
3.0.50
2.8.2
3.0.51
Changelog
releases
releases
releases
releases
releases
releases
releases
releases
releases
releases
Notes
Breaking-change risk:
none observed (patch/minor). Bumped from v13.6.0 to v13.7.4 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Transitive dep; bumped from v4.33.5 to v4.33.6 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Bumped from 3.0.49 to 3.0.51 (also
fixes
#454).
Breaking-change risk:
none observed (patch/minor). Transitive dep (via laravel/framework); bumped from 2.8.1 to 2.8.2 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Covered by bump to 3.0.51 (also
fixes
#425).
Skipped alerts
Skipped alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
#463
#463
phpunit/phpunit
high
—
12.5.22
releases
releases
Not safe:
Major bump 11.x → 12.x. PHPUnit 12.0.0 removes multiple
TestCase
and
MockBuilder
methods (
iniSet()
,
setLocale()
,
getMockForAbstractClass()
,
getMockForTrait()
,
getObjectForTrait()
,
createTestProxy()
, etc.), drops support for doc-comment metadata (
@covers
,
@uses
annotations must be migrated to PHP 8 attributes), and removes several assert methods and CLI options. Breaking changes are fully documented — manual test-suite migration required before upgrading.
Alert
#463
#463
Package
phpunit/phpunit
Severity
high
CVE
—
Patched version
12.5.22
Changelog
releases
releases
Notes
Not safe:...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970
|
53375
|
|
53376
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
JY-20553 | Improve crm-sync delays by yalokin-jiminny · Pull Request #11976 · jiminny/app
JY-20553 | Improve crm-sync delays by yalokin-jiminny · Pull Request #11976 · jiminny/app
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Open bookmarks (⌘B)
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
17 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Conversation
Conversation
@github-actions
Show options
github-actions bot commented 5 days ago •
github-actions
github-actions
bot
commented
5 days ago
5 days ago
•
edited
edited
Security dependency updates — composer — 2026-04-15
Security dependency updates — composer — 2026-04-15
This PR was opened automatically by the secfix bot. For this ecosystem, one commit carries every dependency upgrade from this run; see
Fixed alerts
below.
CI run logs →
CI run logs →
Upgrade safety (changelog review)
Upgrade safety (changelog review)
Overall verdict:
Mixed
— All previously-actionable alerts were fixed as safe patch/minor bumps. Alert
#463
#463
(phpunit/phpunit) is listed under
Skipped alerts
: the patched version (12.5.22) requires a major version jump from 11.x that includes documented breaking API removals and requires manual migration.
This does not replace CI, tests, or manual smoke checks before merge.
Fixed alerts
Fixed alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
#457
#457
laravel/passport
high
CVE-2026-39976
CVE-2026-39976
13.7.1
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from v13.6.0 to v13.7.4 via
composer update
.
#434
#434
google/protobuf
high
CVE-2026-6409
CVE-2026-6409
4.33.6
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep; bumped from v4.33.5 to v4.33.6 via
composer update
.
#425
#425
phpseclib/phpseclib
high
CVE-2026-32935
CVE-2026-32935
3.0.50
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from 3.0.49 to 3.0.51 (also
fixes
#454).
#429
#429
league/commonmark
medium
CVE-2026-33347
CVE-2026-33347
2.8.2
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep (via laravel/framework); bumped from 2.8.1 to 2.8.2 via
composer update
.
#454
#454
phpseclib/phpseclib
low
CVE-2026-40194
CVE-2026-40194
3.0.51
releases
releases
Breaking-change risk:
none observed (patch/minor). Covered by bump to 3.0.51 (also
fixes
#425).
Alert
#457
#457
#434
#434
#425
#425
#429
#429
#454
#454
Package
laravel/passport
google/protobuf
phpseclib/phpseclib
league/commonmark
phpseclib/phpseclib
Severity
high
high
high
medium
low
CVE
CVE-2026-39976
CVE-2026-39976
CVE-2026-6409
CVE-2026-6409
CVE-2026-32935
CVE-2026-32935
CVE-2026-33347
CVE-2026-33347
CVE-2026-40194
CVE-2026-40194
Patched version
13.7.1
4.33.6
3.0.50
2.8.2
3.0.51
Changelog
releases
releases
releases
releases
releases
releases
releases
releases
releases
releases
Notes
Breaking-change risk:
none observed (patch/minor). Bumped from v13.6.0 to v13.7.4 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Transitive dep; bumped from v4.33.5 to v4.33.6 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Bumped from 3.0.49 to 3.0.51 (also
fixes
#454).
Breaking-change risk:
none observed (patch/minor). Transitive dep (via laravel/framework); bumped from 2.8.1 to 2.8.2 via
composer update
.
Breaking-change risk:
none observed (patch/minor). Covered by bump to 3.0.51 (also
fixes
#425).
Skipped alerts
Skipped alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
#463
#463
phpunit/phpunit
high
—
12.5.22
releases
releases
Not safe:
Major bump 11.x → 12.x. PHPUnit 12.0.0 removes multiple
TestCase
and
MockBuilder
methods (
iniSet()
,
setLocale()
,
getMockForAbstractClass()
,
getMockForTrait()
,
getObjectForTrait()
,
createTestProxy()
, etc.), drops support for doc-comment metadata (
@covers
,
@uses
annotations must be migrated to PHP 8 attributes), and removes several assert methods and CLI options. Breaking changes are fully documented — manual test-suite migration required before upgrading.
Alert
#463
#463
Package
phpunit/phpunit
Severity
high
CVE
—
Patched version
12.5.22
Changelog
releases
releases
Notes
Not safe:
Major bump 11.x → 12.x. PHPUnit 12.0.0 removes multiple
TestCase
and
MockBuilder
methods (
iniSet()
,
setLocale()
,
getMockForAbstractClass()
,
getMockForTrait()
,
getObjectForTrait()
,
createTestProxy()
, etc.), drops support for doc-comment metadata (
@covers
,
@uses
annotations must be migrated to PHP 8 attributes), and removes several assert methods and CLI options. Breaking changes are fully documented — manual test-suite migration required before upgrading.
Automated by secfix-bot.
Add or remove reactions
fix(security): bump composer dependencies (alerts
fix(security): bump composer dependencies (alerts
#457
#457
#454 #434 #429…
#454 #434 #429…
…
12 / 13 checks OK
7f8b428
7f8b428
@yalokin-jiminny
Show options
yalokin-jiminny commented 5 days ago
yalokin-jiminny
yalokin-jiminny
commented...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970
|
53376
|
|
53645
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
JY-20553 | Improve crm-sync delays by yalokin-jiminny · Pull Request #11976 · jiminny/app
JY-20553 | Improve crm-sync delays by yalokin-jiminny · Pull Request #11976 · jiminny/app
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
Jiminny
Jiminny
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Open bookmarks (⌘B)
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
29 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Conversation
Conversation
@github-actions
Show options
github-actions bot commented 5 days ago •
github-actions
github-actions
bot
commented
5 days ago
5 days ago
•
edited
edited
Security dependency updates — composer — 2026-04-15
Security dependency updates — composer — 2026-04-15
This PR was opened automatically by the secfix bot. For this ecosystem, one commit carries every dependency upgrade from this run; see
Fixed alerts
below.
CI run logs →
CI run logs →
Upgrade safety (changelog review)
Upgrade safety (changelog review)
Overall verdict:
Mixed
— All previously-actionable alerts were fixed as safe patch/minor bumps. Alert
#463
#463
(phpunit/phpunit) is listed under
Skipped alerts
: the patched version (12.5.22) requires a major version jump from 11.x that includes documented breaking API removals and requires manual migration.
This does not replace CI, tests, or manual smoke checks before merge.
Fixed alerts
Fixed alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
#457
#457
laravel/passport
high
CVE-2026-39976
CVE-2026-39976
13.7.1
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from v13.6.0 to v13.7.4 via
composer update
.
#434
#434
google/protobuf
high
CVE-2026-6409
CVE-2026-6409
4.33.6
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep; bumped from v4.33.5 to v4.33.6 via
composer update
.
#425...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970
|
53645
|
|
53646
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
JY-20553 | Improve crm-sync delays by yalokin-jiminny · Pull Request #11976 · jiminny/app
JY-20553 | Improve crm-sync delays by yalokin-jiminny · Pull Request #11976 · jiminny/app
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
Jiminny
Jiminny
New Tab
Customize sidebar
Open Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Open bookmarks (⌘B)
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
29 minutes ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Conversation
Conversation
@github-actions
Show options
github-actions bot commented 5 days ago •
github-actions
github-actions
bot
commented
5 days ago
5 days ago
•
edited
edited
Security dependency updates — composer — 2026-04-15
Security dependency updates — composer — 2026-04-15
This PR was opened automatically by the secfix bot. For this ecosystem, one commit carries every dependency upgrade from this run; see
Fixed alerts
below.
CI run logs →
CI run logs →
Upgrade safety (changelog review)
Upgrade safety (changelog review)
Overall verdict:
Mixed
— All previously-actionable alerts were fixed as safe patch/minor bumps. Alert
#463
#463
(phpunit/phpunit) is listed under
Skipped alerts
: the patched version (12.5.22) requires a major version jump from 11.x that includes documented breaking API removals and requires manual migration.
This does not replace CI, tests, or manual smoke checks before merge.
Fixed alerts
Fixed alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
#457
#457
laravel/passport
high
CVE-2026-39976
CVE-2026-39976
13.7.1
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from v13.6.0 to v13.7.4 via
composer update
.
#434
#434
google/protobuf
high
CVE-2026-6409
CVE-2026-6409
4.33.6
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep; bumped from v4.33.5 to v4.33.6 via
composer update
.
#425
#425
phpseclib/phpseclib
high
CVE-2026-32935
CVE-2026-32935
3.0.50
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from 3.0.49 to 3.0.51 (also
fixes
#454).
#429
#429
league/commonmark
medium
CVE-2026-33347
CVE-2026-33347
2.8.2
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep (via laravel/framework); bumped from 2.8.1 to 2.8.2 via
composer update
.
#454
#454
phpseclib/phpseclib
low
CVE-2026-40194
CVE-2026-40194
3.0.51
releases
releases
Breaking-change risk:
none observed (patch/minor). Covered by bump to 3.0.51 (also
fixes
#425).
Alert
#457
#457
#434
#434
#425
#425
#429
#429
#454
#454
Package
laravel/passport
google/protobuf
phpseclib/phpseclib
league/commonmark
phpseclib/phpseclib
Severity
high...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970
|
53646
|
|
55546
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
JY-20553 | Improve crm-sync delays by yalokin-jiminny · Pull Request #11976 · jiminny/app
JY-20553 | Improve crm-sync delays by yalokin-jiminny · Pull Request #11976 · jiminny/app
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
Jiminny
Jiminny
Jiminny
Jiminny
Jiminny
Jiminny
New Tab
Customize sidebar
Close Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Open bookmarks (⌘B)
AI Chat settings
Close
WORK, Google Account: [EMAIL]
Main menu
New chat
Gemini
New Chat
Open menu for conversation actions.
Conversation with Gemini
Conversation with Gemini
Copy prompt
You said checkout to remote branch
You said
checkout to remote branch
Listen
Show more options
Show thinking
Gemini said
Gemini said
Here is the standard way to check out a remote branch in Git.
Step 1: Fetch the latest remote branches
Step 1: Fetch the latest remote branches
Before checking out, it is best practice to ensure your local repository knows about the latest branches on the remote. Run:
Bash
Copy code
git fetch
Step 2: Check out the branch
Step 2: Check out the branch
You have a few options depending on your version of Git and whether you want to use the exact same name as the remote branch.
Option A: The simplest way (Recommended)
Option A: The simplest way (Recommended)
If the remote branch exists and you don't have a local branch with the same name, Git will automatically create the local branch and set it up to track the remote one.
Using the newer
switch
command:
Bash
Copy code
git switch <branch-name>
Or using the traditional
checkout
command:
Bash
Copy code
git checkout <branch-name>
(Note: Do not include
origin/
in this command. Just use the branch name, e.g.,
git checkout feature-branch
)
Option B: The explicit way
Option B: The explicit way
If Option A doesn't work (for example, if you have multiple remotes), or if you want to give your local branch a
different name
than the remote branch, you can explicitly map them:
Bash
Copy code
git checkout -b <your-local-branch-name> origin/<remote-branch-name>
How to verify it worked
How to verify it worked
To confirm you are on the right branch and tracking the remote properly, run:
Bash
Copy code
git branch -vv
This will list your local branches, highlight your current branch, and show which remote branch it is tracking (e.g.,
[origin/<branch-name>]
).
Copy prompt
Edit
You said lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $ git fetch lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $ co -b JY-20553-debug-crm-sync-delays orign/JY-20553-debug-crm-sync-delays fatal: 'orign/JY-20553-debug-crm-sync-delays' is not a commit and a branch 'JY-20553-debug-crm-sync-delays' cannot be created from it lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $ git checkout -b JY-20553-debug-crm-sync-delays orign/JY-20553-debug-crm-sync-delays fatal: 'orign/JY-20553-debug-crm-sync-delays' is not a commit and a branch 'JY-20553-debug-crm-sync-delays' cannot be created from it lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $
You said
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $ git fetch
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $ co -b JY-20553-debug-crm-sync-delays orign/JY-20553-debug-crm-sync-delays
fatal: 'orign/JY-20553-debug-crm-sync-delays' is not a commit and a branch 'JY-20553-debug-crm-sync-delays' cannot be created from it
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $ git checkout -b JY-20553-debug-crm-sync-delays orign/JY-20553-debug-crm-sync-delays
fatal: 'orign/JY-20553-debug-crm-sync-delays' is not a commit and a branch 'JY-20553-debug-crm-sync-delays' cannot be created from it
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $
Expand
Listen
Show more options
Show thinking
Gemini said
Gemini said
Ah, it looks like just a tiny typo! You spelled
origin
as
orign
in your commands.
Git is throwing that error because it can't find a remote named "orign".
Here is the corrected command:
Bash
Copy code
git checkout -b JY-20553-debug-crm-sync-delays origin/JY-20553-debug-crm-sync-delays
An Easier Shortcut
An Easier Shortcut
Since your local branch name matches the remote branch exactly, you can actually skip the
-b
and
origin/
entirely. Git is smart enough to figure it out automatically:
Bash
Copy code
git checkout JY-20553-debug-crm-sync-delays
(Or if
co
is your alias for checkout, just
co JY-20553-debug-crm-sync-delays
will work!)
Enter a prompt for Gemini
encrypted
Enter a prompt for Gemini
encrypted
Open upload file menu
Tools
Open mode picker
Pro
Microphone
Your Jiminny chats aren’t used to improve our models. Gemini is AI and can make mistakes, including about people.
Your privacy & Gemini Opens in a new window
Your privacy & Gemini
Opens in a new window
Summarize page
Summarize page
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
2 hours ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Conversation
Conversation
@github-actions
Show options
github-actions bot commented 5 days ago •
github-actions
github-actions
bot
commented
5 days ago
5 days ago
•
edited
edited
Security dependency updates — composer — 2026-04-15
Security dependency updates — composer — 2026-04-15
This PR was opened automatically by the secfix bot. For this ecosystem, one commit carries every dependency upgrade from this run; see
Fixed alerts
below.
CI run logs →
CI run logs →
Upgrade safety (changelog review)
Upgrade safety (changelog review)
Overall verdict:
Mixed
— All previously-actionable alerts were fixed as safe patch/minor bumps. Alert
#463
#463
(phpunit/phpunit) is listed under
Skipped alerts
: the patched version (12.5.22) requires a major version jump from 11.x that includes documented breaking API removals and requires manual migration.
This does not replace CI, tests, or manual smoke checks before merge.
Fixed alerts
Fixed alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
#457
#457
laravel/passport
high
CVE-2026-39976
CVE-2026-39976...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970
|
55546
|
|
55547
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
JY-20553 | Improve crm-sync delays by yalokin-jiminny · Pull Request #11976 · jiminny/app
JY-20553 | Improve crm-sync delays by yalokin-jiminny · Pull Request #11976 · jiminny/app
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
Jiminny
Jiminny
Jiminny
Jiminny
Jiminny
Jiminny
New Tab
Customize sidebar
Close Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Open bookmarks (⌘B)
AI Chat settings
Close
WORK, Google Account: [EMAIL]
Main menu
New chat
Gemini
New Chat
Open menu for conversation actions.
Conversation with Gemini
Conversation with Gemini
Copy prompt
You said checkout to remote branch
You said
checkout to remote branch
Listen
Show more options
Show thinking
Gemini said
Gemini said
Here is the standard way to check out a remote branch in Git.
Step 1: Fetch the latest remote branches
Step 1: Fetch the latest remote branches
Before checking out, it is best practice to ensure your local repository knows about the latest branches on the remote. Run:
Bash
Copy code
git fetch
Step 2: Check out the branch
Step 2: Check out the branch
You have a few options depending on your version of Git and whether you want to use the exact same name as the remote branch.
Option A: The simplest way (Recommended)
Option A: The simplest way (Recommended)
If the remote branch exists and you don't have a local branch with the same name, Git will automatically create the local branch and set it up to track the remote one.
Using the newer
switch
command:
Bash
Copy code
git switch <branch-name>
Or using the traditional
checkout
command:
Bash
Copy code
git checkout <branch-name>
(Note: Do not include
origin/
in this command. Just use the branch name, e.g.,
git checkout feature-branch
)
Option B: The explicit way
Option B: The explicit way
If Option A doesn't work (for example, if you have multiple remotes), or if you want to give your local branch a
different name
than the remote branch, you can explicitly map them:
Bash
Copy code
git checkout -b <your-local-branch-name> origin/<remote-branch-name>
How to verify it worked
How to verify it worked
To confirm you are on the right branch and tracking the remote properly, run:
Bash
Copy code
git branch -vv
This will list your local branches, highlight your current branch, and show which remote branch it is tracking (e.g.,
[origin/<branch-name>]
).
Copy prompt
Edit
You said lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $ git fetch lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $ co -b JY-20553-debug-crm-sync-delays orign/JY-20553-debug-crm-sync-delays fatal: 'orign/JY-20553-debug-crm-sync-delays' is not a commit and a branch 'JY-20553-debug-crm-sync-delays' cannot be created from it lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $ git checkout -b JY-20553-debug-crm-sync-delays orign/JY-20553-debug-crm-sync-delays fatal: 'orign/JY-20553-debug-crm-sync-delays' is not a commit and a branch 'JY-20553-debug-crm-sync-delays' cannot be created from it lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $
You said
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $ git fetch
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $ co -b JY-20553-debug-crm-sync-delays orign/JY-20553-debug-crm-sync-delays
fatal: 'orign/JY-20553-debug-crm-sync-delays' is not a commit and a branch 'JY-20553-debug-crm-sync-delays' cannot be created from it
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $ git checkout -b JY-20553-debug-crm-sync-delays orign/JY-20553-debug-crm-sync-delays
fatal: 'orign/JY-20553-debug-crm-sync-delays' is not a commit and a branch 'JY-20553-debug-crm-sync-delays' cannot be created from it
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $
Expand
Listen
Show more options
Show thinking
Gemini said
Gemini said
Ah, it looks like just a tiny typo! You spelled
origin
as
orign
in your commands.
Git is throwing that error because it can't find a remote named "orign".
Here is the corrected command:
Bash
Copy code
git checkout -b JY-20553-debug-crm-sync-delays origin/JY-20553-debug-crm-sync-delays
An Easier Shortcut
An Easier Shortcut
Since your local branch name matches the remote branch exactly, you can actually skip the
-b
and
origin/
entirely. Git is smart enough to figure it out automatically:
Bash
Copy code
git checkout JY-20553-debug-crm-sync-delays
(Or if
co
is your alias for checkout, just
co JY-20553-debug-crm-sync-delays
will work!)
Enter a prompt for Gemini
encrypted
Enter a prompt for Gemini
encrypted
Open upload file menu
Tools
Open mode picker
Pro
Microphone
Your Jiminny chats aren’t used to improve our models. Gemini is AI and can make mistakes, including about people.
Your privacy & Gemini Opens in a new window
Your privacy & Gemini
Opens in a new window
Summarize page
Summarize page
Skip to content
Skip to content
Open menu
Homepage (g then d)
jiminny
jiminny
app
app
Search or jump to…
Type
/
to search
Chat with Copilot
Open Copilot…
Create new...
Issues(g then i)
Pull requests
Repositories
You have unread notifications(g then n)
Open user navigation menu
Repository navigation
Repository navigation
Code
Code
Pull requests (31)
Pull requests
(
31
)
Agents
Agents
Actions
Actions
Wiki
Wiki
Security and quality (22)
Security and quality
(
22
)
Insights
Insights
Settings
Settings
Important update
Important update
On April 24 we'll start using GitHub Copilot interaction data for AI model training unless you opt out.
Review this update
Review this update
and manage your preferences in your
GitHub account settings
GitHub account settings
.
Dismiss banner
fix(security): composer dependency updates – 2026-04-15 #11970 Edit title
fix(security): composer dependency updates – 2026-04-15
#
11970
Edit title
Code
Code
Merged
LakyLak
LakyLak
merged 2 commits into
master
master
from
secfix/composer-20260415
secfix/composer-20260415
Copy head branch name to clipboard
2 hours ago
Lines changed: 23 additions & 23 deletions
Conversation (3)
Conversation
(
3
)
Commits (2)
Commits
(
2
)
Checks (5)
Checks
(
5
)
Files changed (1)
Files changed
(
1
)
Conversation
Conversation
@github-actions
Show options
github-actions bot commented 5 days ago •
github-actions
github-actions
bot
commented
5 days ago
5 days ago
•
edited
edited
Security dependency updates — composer — 2026-04-15
Security dependency updates — composer — 2026-04-15
This PR was opened automatically by the secfix bot. For this ecosystem, one commit carries every dependency upgrade from this run; see
Fixed alerts
below.
CI run logs →
CI run logs →
Upgrade safety (changelog review)
Upgrade safety (changelog review)
Overall verdict:
Mixed
— All previously-actionable alerts were fixed as safe patch/minor bumps. Alert
#463
#463
(phpunit/phpunit) is listed under
Skipped alerts
: the patched version (12.5.22) requires a major version jump from 11.x that includes documented breaking API removals and requires manual migration.
This does not replace CI, tests, or manual smoke checks before merge.
Fixed alerts
Fixed alerts
Alert
Package
Severity
CVE
Patched version
Changelog
Notes
#457
#457
laravel/passport
high
CVE-2026-39976
CVE-2026-39976
13.7.1
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from v13.6.0 to v13.7.4 via
composer update
.
#434
#434
google/protobuf
high
CVE-2026-6409
CVE-2026-6409
4.33.6
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep; bumped from v4.33.5 to v4.33.6 via
composer update
.
#425
#425
phpseclib/phpseclib
high
CVE-2026-32935
CVE-2026-32935
3.0.50
releases
releases
Breaking-change risk:
none observed (patch/minor). Bumped from 3.0.49 to 3.0.51 (also
fixes
#454).
#429
#429
league/commonmark
medium
CVE-2026-33347
CVE-2026-33347
2.8.2
releases
releases
Breaking-change risk:
none observed (patch/minor). Transitive dep (via laravel/framework); bumped from 2.8.1 to 2.8.2 via
composer update
.
#454
#454
phpseclib/phpseclib
low
CVE-2026-40194
CVE-2026-40194
3.0.51
releases...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
github.com/jiminny/app/pull/11970
|
55547
|
|
55548
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
JY-20553 | Improve crm-sync delays by yalokin-jiminny · Pull Request #11976 · jiminny/app
JY-20553 | Improve crm-sync delays by yalokin-jiminny · Pull Request #11976 · jiminny/app
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
Jiminny
Jiminny
Jiminny
Jiminny
Jiminny
Jiminny
New Tab
Customize sidebar
Close Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Open bookmarks (⌘B)
AI Chat settings
Close
WORK, Google Account: [EMAIL]
Main menu
New chat
Gemini
New Chat
Open menu for conversation actions.
Conversation with Gemini
Conversation with Gemini
Copy prompt
You said checkout to remote branch
You said
checkout to remote branch
Listen
Show more options
Show thinking
Gemini said
Gemini said
Here is the standard way to check out a remote branch in Git.
Step 1: Fetch the latest remote branches
Step 1: Fetch the latest remote branches
Before checking out, it is best practice to ensure your local repository knows about the latest branches on the remote. Run:
Bash
Copy code
git fetch
Step 2: Check out the branch
Step 2: Check out the branch
You have a few options depending on your version of Git and whether you want to use the exact same name as the remote branch.
Option A: The simplest way (Recommended)
Option A: The simplest way (Recommended)
If the remote branch exists and you don't have a local branch with the same name, Git will automatically create the local branch and set it up to track the remote one.
Using the newer
switch
command:
Bash
Copy code
git switch <branch-name>
Or using the traditional
checkout
command:
Bash
Copy code
git checkout <branch-name>
(Note: Do not include
origin/
in this command. Just use the branch name, e.g.,
git checkout feature-branch
)
Option B: The explicit way
Option B: The explicit way
If Option A doesn't work (for example, if you have multiple remotes), or if you want to give your local branch a
different name
than the remote branch, you can explicitly map them:
Bash
Copy code
git checkout -b <your-local-branch-name> origin/<remote-branch-name>
How to verify it worked
How to verify it worked
To confirm you are on the right branch and tracking the remote properly, run:
Bash
Copy code
git branch -vv
This will list your local branches, highlight your current branch, and show which remote branch it is tracking (e.g.,
[origin/<branch-name>]
).
Copy prompt
Edit
You said lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $ git fetch lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $ co -b JY-20553-debug-crm-sync-delays orign/JY-20553-debug-crm-sync-delays fatal: 'orign/JY-20553-debug-crm-sync-delays' is not a commit and a branch 'JY-20553-debug-crm-sync-delays' cannot be created from it lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $ git checkout -b JY-20553-debug-crm-sync-delays orign/JY-20553-debug-crm-sync-delays fatal: 'orign/JY-20553-debug-crm-sync-delays' is not a commit and a branch 'JY-20553-debug-crm-sync-delays' cannot be created from it lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $
You said
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $ git fetch
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $ co -b JY-20553-debug-crm-sync-delays orign/JY-20553-debug-crm-sync-delays
fatal: 'orign/JY-20553-debug-crm-sync-delays' is not a commit and a branch 'JY-20553-debug-crm-sync-delays' cannot be created from it
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $ git checkout -b JY-20553-debug-crm-sync-delays orign/JY-20553-debug-crm-sync-delays
fatal: 'orign/JY-20553-debug-crm-sync-delays' is not a commit and a branch 'JY-20553-debug-crm-sync-delays' cannot be created from it
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $
Expand
Listen
Show more options
Show thinking
Gemini said
Gemini said
Ah, it looks like just a tiny typo! You spelled
origin
as
orign
in your commands.
Git is throwing that error because it can't find a remote named "orign".
Here is the corrected command:
Bash
Copy code
git checkout -b JY-20553-debug-crm-sync-delays origin/JY-20553-debug-crm-sync-delays
An Easier Shortcut
An Easier Shortcut
Since your local branch name matches the remote branch exactly, you can actually skip the
-b
and
origin/
entirely. Git is smart enough to figure it out automatically:
Bash
Copy code
git checkout JY-20553-debug-crm-sync-delays
(Or if
co
is your alias for checkout, just
co JY-20553-debug-crm-sync-delays
will work!)
Enter a prompt for Gemini
encrypted
Enter a prompt for Gemini
encrypted
Open upload file menu
Tools
Open mode picker
Pro
Microphone
Your Jiminny chats aren’t used to improve our models. Gemini is AI and can make mistakes, including about people.
Your privacy & Gemini Opens in a new window
Your privacy & Gemini
Opens in a new window
Summarize page
Summarize page...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
app.dev.jiminny.com/ai-reports/manage
|
55548
|
|
55549
|
Platform Sprint 2 Q2 - Platform Team - Scrum Board Platform Sprint 2 Q2 - Platform Team - Scrum Board - Jira
JY-20553 | Improve crm-sync delays by yalokin-jiminny · Pull Request #11976 · jiminny/app
JY-20553 | Improve crm-sync delays by yalokin-jiminny · Pull Request #11976 · jiminny/app
[SRD-6793] Les Mills activity types not pulling in - Jira
[SRD-6793] Les Mills activity types not pulling in - Jira
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20698 handle failed field sync on playbook import activity types by LakyLak · Pull Request #11988 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
JY-20692 change confirmation parameter by LakyLak · Pull Request #11986 · jiminny/app
[JY-20543] AJ Reports > Tracking - Jira
[JY-20543] AJ Reports > Tracking - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
[JY-18909] [Part2] Automated reports with Ask Jiminny - Jira
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
Ask Jiminny Reports by nikolay-yankov · Pull Request #11894 · jiminny/app
New Tab
New Tab
Product Growth Platform | Userpilot
Product Growth Platform | Userpilot
Userpilot | Logged-activity
Userpilot | Logged-activity
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Pipelines - jiminny/app
Pipelines - jiminny/app
Feed — jiminny — Sentry
Feed — jiminny — Sentry
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app
Close tab
Jiminny
Jiminny
Jiminny
Jiminny
Jiminny
Jiminny
New Tab
Customize sidebar
Close Google Gemini (⌃X)
Tabs from other devices
Open history (⇧⌘H)
Open bookmarks (⌘B)
AI Chat settings
Close
WORK, Google Account: [EMAIL]
Main menu
New chat
Gemini
New Chat
Open menu for conversation actions.
Conversation with Gemini
Conversation with Gemini
Copy prompt
You said checkout to remote branch
You said
checkout to remote branch
Listen
Show more options
Show thinking
Gemini said
Gemini said
Here is the standard way to check out a remote branch in Git.
Step 1: Fetch the latest remote branches
Step 1: Fetch the latest remote branches
Before checking out, it is best practice to ensure your local repository knows about the latest branches on the remote. Run:
Bash
Copy code
git fetch
Step 2: Check out the branch
Step 2: Check out the branch
You have a few options depending on your version of Git and whether you want to use the exact same name as the remote branch.
Option A: The simplest way (Recommended)
Option A: The simplest way (Recommended)
If the remote branch exists and you don't have a local branch with the same name, Git will automatically create the local branch and set it up to track the remote one.
Using the newer
switch
command:
Bash
Copy code
git switch <branch-name>
Or using the traditional
checkout
command:
Bash
Copy code
git checkout <branch-name>
(Note: Do not include
origin/
in this command. Just use the branch name, e.g.,
git checkout feature-branch
)
Option B: The explicit way
Option B: The explicit way
If Option A doesn't work (for example, if you have multiple remotes), or if you want to give your local branch a
different name
than the remote branch, you can explicitly map them:
Bash
Copy code
git checkout -b <your-local-branch-name> origin/<remote-branch-name>
How to verify it worked
How to verify it worked
To confirm you are on the right branch and tracking the remote properly, run:
Bash
Copy code
git branch -vv
This will list your local branches, highlight your current branch, and show which remote branch it is tracking (e.g.,
[origin/<branch-name>]
).
Copy prompt
Edit
You said lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $ git fetch lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $ co -b JY-20553-debug-crm-sync-delays orign/JY-20553-debug-crm-sync-delays fatal: 'orign/JY-20553-debug-crm-sync-delays' is not a commit and a branch 'JY-20553-debug-crm-sync-delays' cannot be created from it lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $ git checkout -b JY-20553-debug-crm-sync-delays orign/JY-20553-debug-crm-sync-delays fatal: 'orign/JY-20553-debug-crm-sync-delays' is not a commit and a branch 'JY-20553-debug-crm-sync-delays' cannot be created from it lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $
You said
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $ git fetch
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $ co -b JY-20553-debug-crm-sync-delays orign/JY-20553-debug-crm-sync-delays
fatal: 'orign/JY-20553-debug-crm-sync-delays' is not a commit and a branch 'JY-20553-debug-crm-sync-delays' cannot be created from it
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $ git checkout -b JY-20553-debug-crm-sync-delays orign/JY-20553-debug-crm-sync-delays
fatal: 'orign/JY-20553-debug-crm-sync-delays' is not a commit and a branch 'JY-20553-debug-crm-sync-delays' cannot be created from it
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/jiminny/app (JY-18909-automated-reports-ask-jiminny) $
Expand
Listen
Show more options
Show thinking
Gemini said
Gemini said
Ah, it looks like just a tiny typo! You spelled
origin
as
orign
in your commands.
Git is throwing that error because it can't find a remote named "orign".
Here is the corrected command:
Bash
Copy code
git checkout -b JY-20553-debug-crm-sync-delays origin/JY-20553-debug-crm-sync-delays
An Easier Shortcut
An Easier Shortcut
Since your local branch name matches the remote branch exactly, you can actually skip the
-b
and
origin/
entirely. Git is smart enough to figure it out automatically:
Bash
Copy code
git checkout JY-20553-debug-crm-sync-delays
(Or if
co
is your alias for checkout, just
co JY-20553-debug-crm-sync-delays
will work!)
Enter a prompt for Gemini
encrypted
Enter a prompt for Gemini...
|
Firefox
|
fix(security): composer dependency updates – 2026- fix(security): composer dependency updates – 2026-04-15 by github-actions[bot] · Pull Request #11970 · jiminny/app — Work...
|
app.dev.jiminny.com/ai-reports/manage
|
55549
|
|
24415
|
-- Text content
text_content TEXT,
text_le -- Text content
text_content TEXT,
text_length INTEGER,
-- App context
app_name TEXT,
app_pid INTEGER,
window_title TEXT,
browser_url TEXT,
-- Element context (from accessibility APIs)
element_role TEXT,
element_name TEXT,
element_value TEXT,
element_description TEXT,
element_automation_id TEXT,
element_bounds TEXT, -- JSON: {"x":0,"y":0,"width":100,"height":50}
-- Frame correlation
frame_id INTEGER,
-- Sync columns
sync_id TEXT,
machine_id TEXT,
synced_at DATETIME
)
CREATE TABLE video_chunks (
id INTEGER PRIMARY KEY AUTOINCREMENT,
file_path TEXT NOT NULL
, device_name TEXT NOT NULL DEFAULT '', sync_id TEXT, machine_id TEXT, synced_at DATETIME, fps REAL NOT NULL DEFAULT 0.5, cloud_blob_id TEXT DEFAULT NULL)
CREATE TABLE vision_tags (
vision_id INTEGER NOT NULL,
tag_id INTEGER NOT NULL,
PRIMARY KEY (vision_id, tag_id),
FOREIGN KEY (vision_id) REFERENCES frames(id) ON DELETE CASCADE,
FOREIGN KEY (tag_id) REFERENCES tags(id) ON DELETE CASCADE
)
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/.screenpipe $ sqlite3 ~/.screenpipe/db.sqlite "
SELECT frame_id, app_name, window_name, browser_url, focused,
substr(text, 1, 100) as text_preview
FROM ocr_text
ORDER BY frame_id DESC
LIMIT 5;
"
Error: in prepare, no such column: browser_url
SELECT frame_id, app_name, window_name, browser_url, focused, substr(
error here ---^
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/.screenpipe $ clear
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/.screenpipe $ ls ~/.screenpipe/data/ | head -20
data
pending-transcriptions
screenpipe.db
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/.screenpipe $ ls ~/.screenpipe/data/$(ls ~/.screenpipe/data/ | head -1)/ | head -30
2026-04-09
2026-04-11
2026-04-12
2026-04-13
2026-04-14
2026-04-15
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/.screenpipe $ find ~/.screenpipe/data -name "*.jpg" | wc -l
146
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~/.screenpipe $
DOCKER
Close Tab
DEV (-zsh)
Close Tab
APP (-zsh)
Close Tab
ec2-user@ip-10-30-159-14:~ (nc)
Close Tab
-zsh
Close Tab
find
Close Tab
-zsh
Close Tab
✳ Unable to access screenpipe activity data (claude)
Close Tab
-zsh
Close Tab
⌥⌘1
find...
|
iTerm2
|
find
|
NULL
|
24415
|
|
39411
|
Last login: Thu Apr 16 15:48:11 on ttys009
Poetry Last login: Thu Apr 16 15:48:11 on ttys009
Poetry could not find a pyproject.toml file in /Users/lukas or its parents
Poetry could not find a pyproject.toml file in /Users/lukas or its parents
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT app_name, window_name FROM ocr_text WHERE app_name LIKE '%Safari%' OR window_name LIKE '%Boosteroid%' ORDER BY created_at DESC LIMIT 20;"
Error: in prepare, no such column: created_at
ari%' OR window_name LIKE '%Boosteroid%' ORDER BY created_at DESC LIMIT 20;
error here ---^
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT app_name, window_name FROM ocr_text WHERE app_name LIKE '%Safari%' OR window_name LIKE '%Boosteroid%' ORDER BY created_at DESC LIMIT 20;"
Error: in prepare, no such column: created_at
ari%' OR window_name LIKE '%Boosteroid%' ORDER BY created_at DESC LIMIT 20;
error here ---^
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT app_name, window_name FROM ocr_text WHERE app_name LIKE '%Safari%' OR window_name LIKE '%Boosteroid%' ORDER BY created_at DESC LIMIT 20;"
Error: in prepare, no such column: created_at
ari%' OR window_name LIKE '%Boosteroid%' ORDER BY created_at DESC LIMIT 20;
error here ---^
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT app_name, window_name FROM ocr_text WHERE app_name LIKE '%Safari%' OR window_name LIKE '%Boosteroid%' ORDER BY timestamp DESC LIMIT 20;"
Error: in prepare, no such column: timestamp
ari%' OR window_name LIKE '%Boosteroid%' ORDER BY timestamp DESC LIMIT 20;
error here ---^
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite ".schema ocr_text"
CREATE TABLE IF NOT EXISTS "ocr_text" (
frame_id INTEGER NOT NULL,
text TEXT NOT NULL,
text_json TEXT,
app_name TEXT NOT NULL DEFAULT '',
ocr_engine TEXT NOT NULL DEFAULT 'unknown'
, window_name TEXT, focused BOOLEAN DEFAULT FALSE, text_length INTEGER, sync_id TEXT, synced_at DATETIME);
CREATE INDEX idx_ocr_text_frame_id ON ocr_text(frame_id);
CREATE INDEX idx_ocr_text_frame_app_window ON ocr_text(frame_id, app_name, window_name);
CREATE INDEX idx_ocr_text_length ON ocr_text (text_length);
CREATE INDEX idx_ocr_text_sync_id ON ocr_text(sync_id) WHERE sync_id IS NOT NULL;
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT DISTINCT app_name, window_name FROM ocr_text WHERE app_name LIKE '%Safari%' OR window_name LIKE '%Boosteroid%' LIMIT 20;"
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT DISTINCT app_name, window_name FROM ocr_text WHERE app_name LIKE '%Safari%' OR window_name LIKE '%Boosteroid%' LIMIT 20;"
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT DISTINCT app_name, window_name FROM ocr_text WHERE window_name LIKE '%Boosteroid%' OR window_name LIKE '%boosteroid%' OR app_name LIKE '%Boosteroid%' OR app_name LIKE '%Chrome%' OR app_name LIKE '%Firefox%' OR app_name LIKE '%Arc%' OR app_name LIKE '%Brave%' OR app_name LIKE '%Vivaldi%' LIMIT 50;"
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT DISTINCT app_name FROM ocr_text LIMIT 50;"
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ st-status
zsh: command not found: st-status
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ st-status
zsh: command not found: st-status
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sp-status
{
"status": "healthy",
"frame_status": "ok",
"audio_status": "disabled",
"last_frame": "2026-04-16T16:37:14+03:00",
"uptime": 2866.983892584,
"fps": 0.[CREDIT_CARD],
"frames": 1762
}
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sp-status
{
"status": "healthy",
"frame_status": "ok",
"audio_status": "disabled",
"last_frame": "2026-04-16T16:37:44+03:00",
"uptime": 2894.494524792,
"fps": 0.612196701297038,
"frames": 1772
}
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT DISTINCT app_name FROM ocr_text LIMIT 50;"
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT DISTINCT app_name, window_name FROM ocr_text WHERE window_name LIKE '%Boosteroid%' OR window_name LIKE '%boosteroid%' OR app_name LIKE '%Boosteroid%' OR app_name LIKE '%Chrome%' OR app_name LIKE '%Firefox%' OR app_name LIKE '%Arc%' OR app_name LIKE '%Brave%' OR app_name LIKE '%Vivaldi%' LIMIT 50;"
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ pgrep -la screenpipe
10874 screenpipe
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ ls -lh ~/.screenpipe/db.sqlite
# Check if there are other DB files
find ~ -name "db.sqlite" 2>/dev/null
-rw-r--r-- 1 lukas staff 2.6G 16 Apr 16:36 /Users/lukas/.screenpipe/db.sqlite
zsh: command not found: #
/Users/lukas/.screenpipe/db.sqlite
DOCKER
Close Tab
DEV (-zsh)
Close Tab
APP (-zsh)
Close Tab
-zsh
Close Tab
find
Close Tab
⌥⌘1
find...
|
iTerm2
|
find
|
NULL
|
39411
|
|
39414
|
Last login: Thu Apr 16 15:48:11 on ttys009
Poetry Last login: Thu Apr 16 15:48:11 on ttys009
Poetry could not find a pyproject.toml file in /Users/lukas or its parents
Poetry could not find a pyproject.toml file in /Users/lukas or its parents
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT app_name, window_name FROM ocr_text WHERE app_name LIKE '%Safari%' OR window_name LIKE '%Boosteroid%' ORDER BY created_at DESC LIMIT 20;"
Error: in prepare, no such column: created_at
ari%' OR window_name LIKE '%Boosteroid%' ORDER BY created_at DESC LIMIT 20;
error here ---^
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT app_name, window_name FROM ocr_text WHERE app_name LIKE '%Safari%' OR window_name LIKE '%Boosteroid%' ORDER BY created_at DESC LIMIT 20;"
Error: in prepare, no such column: created_at
ari%' OR window_name LIKE '%Boosteroid%' ORDER BY created_at DESC LIMIT 20;
error here ---^
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT app_name, window_name FROM ocr_text WHERE app_name LIKE '%Safari%' OR window_name LIKE '%Boosteroid%' ORDER BY created_at DESC LIMIT 20;"
Error: in prepare, no such column: created_at
ari%' OR window_name LIKE '%Boosteroid%' ORDER BY created_at DESC LIMIT 20;
error here ---^
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT app_name, window_name FROM ocr_text WHERE app_name LIKE '%Safari%' OR window_name LIKE '%Boosteroid%' ORDER BY timestamp DESC LIMIT 20;"
Error: in prepare, no such column: timestamp
ari%' OR window_name LIKE '%Boosteroid%' ORDER BY timestamp DESC LIMIT 20;
error here ---^
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite ".schema ocr_text"
CREATE TABLE IF NOT EXISTS "ocr_text" (
frame_id INTEGER NOT NULL,
text TEXT NOT NULL,
text_json TEXT,
app_name TEXT NOT NULL DEFAULT '',
ocr_engine TEXT NOT NULL DEFAULT 'unknown'
, window_name TEXT, focused BOOLEAN DEFAULT FALSE, text_length INTEGER, sync_id TEXT, synced_at DATETIME);
CREATE INDEX idx_ocr_text_frame_id ON ocr_text(frame_id);
CREATE INDEX idx_ocr_text_frame_app_window ON ocr_text(frame_id, app_name, window_name);
CREATE INDEX idx_ocr_text_length ON ocr_text (text_length);
CREATE INDEX idx_ocr_text_sync_id ON ocr_text(sync_id) WHERE sync_id IS NOT NULL;
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT DISTINCT app_name, window_name FROM ocr_text WHERE app_name LIKE '%Safari%' OR window_name LIKE '%Boosteroid%' LIMIT 20;"
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT DISTINCT app_name, window_name FROM ocr_text WHERE app_name LIKE '%Safari%' OR window_name LIKE '%Boosteroid%' LIMIT 20;"
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT DISTINCT app_name, window_name FROM ocr_text WHERE window_name LIKE '%Boosteroid%' OR window_name LIKE '%boosteroid%' OR app_name LIKE '%Boosteroid%' OR app_name LIKE '%Chrome%' OR app_name LIKE '%Firefox%' OR app_name LIKE '%Arc%' OR app_name LIKE '%Brave%' OR app_name LIKE '%Vivaldi%' LIMIT 50;"
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT DISTINCT app_name FROM ocr_text LIMIT 50;"
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ st-status
zsh: command not found: st-status
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ st-status
zsh: command not found: st-status
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sp-status
{
"status": "healthy",
"frame_status": "ok",
"audio_status": "disabled",
"last_frame": "2026-04-16T16:37:14+03:00",
"uptime": 2866.983892584,
"fps": 0.[CREDIT_CARD],
"frames": 1762
}
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sp-status
{
"status": "healthy",
"frame_status": "ok",
"audio_status": "disabled",
"last_frame": "2026-04-16T16:37:44+03:00",
"uptime": 2894.494524792,
"fps": 0.612196701297038,
"frames": 1772
}
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT DISTINCT app_name FROM ocr_text LIMIT 50;"
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT DISTINCT app_name, window_name FROM ocr_text WHERE window_name LIKE '%Boosteroid%' OR window_name LIKE '%boosteroid%' OR app_name LIKE '%Boosteroid%' OR app_name LIKE '%Chrome%' OR app_name LIKE '%Firefox%' OR app_name LIKE '%Arc%' OR app_name LIKE '%Brave%' OR app_name LIKE '%Vivaldi%' LIMIT 50;"
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ pgrep -la screenpipe
10874 screenpipe
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ ls -lh ~/.screenpipe/db.sqlite
# Check if there are other DB files
find ~ -name "db.sqlite" 2>/dev/null
-rw-r--r-- 1 lukas staff 2.6G 16 Apr 16:36 /Users/lukas/.screenpipe/db.sqlite
zsh: command not found: #
/Users/lukas/.screenpipe/db.sqlite
DOCKER
Close Tab
DEV (-zsh)
Close Tab
APP (-zsh)
Close Tab
-zsh
Close Tab
find
Close Tab
⌥⌘1
find...
|
iTerm2
|
find
|
NULL
|
39414
|
|
39415
|
Last login: Thu Apr 16 15:48:11 on ttys009
Poetry Last login: Thu Apr 16 15:48:11 on ttys009
Poetry could not find a pyproject.toml file in /Users/lukas or its parents
Poetry could not find a pyproject.toml file in /Users/lukas or its parents
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT app_name, window_name FROM ocr_text WHERE app_name LIKE '%Safari%' OR window_name LIKE '%Boosteroid%' ORDER BY created_at DESC LIMIT 20;"
Error: in prepare, no such column: created_at
ari%' OR window_name LIKE '%Boosteroid%' ORDER BY created_at DESC LIMIT 20;
error here ---^
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT app_name, window_name FROM ocr_text WHERE app_name LIKE '%Safari%' OR window_name LIKE '%Boosteroid%' ORDER BY created_at DESC LIMIT 20;"
Error: in prepare, no such column: created_at
ari%' OR window_name LIKE '%Boosteroid%' ORDER BY created_at DESC LIMIT 20;
error here ---^
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT app_name, window_name FROM ocr_text WHERE app_name LIKE '%Safari%' OR window_name LIKE '%Boosteroid%' ORDER BY created_at DESC LIMIT 20;"
Error: in prepare, no such column: created_at
ari%' OR window_name LIKE '%Boosteroid%' ORDER BY created_at DESC LIMIT 20;
error here ---^
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT app_name, window_name FROM ocr_text WHERE app_name LIKE '%Safari%' OR window_name LIKE '%Boosteroid%' ORDER BY timestamp DESC LIMIT 20;"
Error: in prepare, no such column: timestamp
ari%' OR window_name LIKE '%Boosteroid%' ORDER BY timestamp DESC LIMIT 20;
error here ---^
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite ".schema ocr_text"
CREATE TABLE IF NOT EXISTS "ocr_text" (
frame_id INTEGER NOT NULL,
text TEXT NOT NULL,
text_json TEXT,
app_name TEXT NOT NULL DEFAULT '',
ocr_engine TEXT NOT NULL DEFAULT 'unknown'
, window_name TEXT, focused BOOLEAN DEFAULT FALSE, text_length INTEGER, sync_id TEXT, synced_at DATETIME);
CREATE INDEX idx_ocr_text_frame_id ON ocr_text(frame_id);
CREATE INDEX idx_ocr_text_frame_app_window ON ocr_text(frame_id, app_name, window_name);
CREATE INDEX idx_ocr_text_length ON ocr_text (text_length);
CREATE INDEX idx_ocr_text_sync_id ON ocr_text(sync_id) WHERE sync_id IS NOT NULL;
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT DISTINCT app_name, window_name FROM ocr_text WHERE app_name LIKE '%Safari%' OR window_name LIKE '%Boosteroid%' LIMIT 20;"
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT DISTINCT app_name, window_name FROM ocr_text WHERE app_name LIKE '%Safari%' OR window_name LIKE '%Boosteroid%' LIMIT 20;"
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT DISTINCT app_name, window_name FROM ocr_text WHERE window_name LIKE '%Boosteroid%' OR window_name LIKE '%boosteroid%' OR app_name LIKE '%Boosteroid%' OR app_name LIKE '%Chrome%' OR app_name LIKE '%Firefox%' OR app_name LIKE '%Arc%' OR app_name LIKE '%Brave%' OR app_name LIKE '%Vivaldi%' LIMIT 50;"
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT DISTINCT app_name FROM ocr_text LIMIT 50;"
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ st-status
zsh: command not found: st-status
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ st-status
zsh: command not found: st-status
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sp-status
{
"status": "healthy",
"frame_status": "ok",
"audio_status": "disabled",
"last_frame": "2026-04-16T16:37:14+03:00",
"uptime": 2866.983892584,
"fps": 0.[CREDIT_CARD],
"frames": 1762
}
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sp-status
{
"status": "healthy",
"frame_status": "ok",
"audio_status": "disabled",
"last_frame": "2026-04-16T16:37:44+03:00",
"uptime": 2894.494524792,
"fps": 0.612196701297038,
"frames": 1772
}
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT DISTINCT app_name FROM ocr_text LIMIT 50;"
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT DISTINCT app_name, window_name FROM ocr_text WHERE window_name LIKE '%Boosteroid%' OR window_name LIKE '%boosteroid%' OR app_name LIKE '%Boosteroid%' OR app_name LIKE '%Chrome%' OR app_name LIKE '%Firefox%' OR app_name LIKE '%Arc%' OR app_name LIKE '%Brave%' OR app_name LIKE '%Vivaldi%' LIMIT 50;"
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ pgrep -la screenpipe
10874 screenpipe
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ ls -lh ~/.screenpipe/db.sqlite
# Check if there are other DB files
find ~ -name "db.sqlite" 2>/dev/null
-rw-r--r-- 1 lukas staff 2.6G 16 Apr 16:36 /Users/lukas/.screenpipe/db.sqlite
zsh: command not found: #
/Users/lukas/.screenpipe/db.sqlite
DOCKER
Close Tab
DEV (-zsh)
Close Tab
APP (-zsh)
Close Tab
-zsh
Close Tab
find
Close Tab
⌥⌘1
find...
|
iTerm2
|
find
|
NULL
|
39415
|
|
39416
|
Last login: Thu Apr 16 15:48:11 on ttys009
Poetry Last login: Thu Apr 16 15:48:11 on ttys009
Poetry could not find a pyproject.toml file in /Users/lukas or its parents
Poetry could not find a pyproject.toml file in /Users/lukas or its parents
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT app_name, window_name FROM ocr_text WHERE app_name LIKE '%Safari%' OR window_name LIKE '%Boosteroid%' ORDER BY created_at DESC LIMIT 20;"
Error: in prepare, no such column: created_at
ari%' OR window_name LIKE '%Boosteroid%' ORDER BY created_at DESC LIMIT 20;
error here ---^
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT app_name, window_name FROM ocr_text WHERE app_name LIKE '%Safari%' OR window_name LIKE '%Boosteroid%' ORDER BY created_at DESC LIMIT 20;"
Error: in prepare, no such column: created_at
ari%' OR window_name LIKE '%Boosteroid%' ORDER BY created_at DESC LIMIT 20;
error here ---^
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT app_name, window_name FROM ocr_text WHERE app_name LIKE '%Safari%' OR window_name LIKE '%Boosteroid%' ORDER BY created_at DESC LIMIT 20;"
Error: in prepare, no such column: created_at
ari%' OR window_name LIKE '%Boosteroid%' ORDER BY created_at DESC LIMIT 20;
error here ---^
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT app_name, window_name FROM ocr_text WHERE app_name LIKE '%Safari%' OR window_name LIKE '%Boosteroid%' ORDER BY timestamp DESC LIMIT 20;"
Error: in prepare, no such column: timestamp
ari%' OR window_name LIKE '%Boosteroid%' ORDER BY timestamp DESC LIMIT 20;
error here ---^
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite ".schema ocr_text"
CREATE TABLE IF NOT EXISTS "ocr_text" (
frame_id INTEGER NOT NULL,
text TEXT NOT NULL,
text_json TEXT,
app_name TEXT NOT NULL DEFAULT '',
ocr_engine TEXT NOT NULL DEFAULT 'unknown'
, window_name TEXT, focused BOOLEAN DEFAULT FALSE, text_length INTEGER, sync_id TEXT, synced_at DATETIME);
CREATE INDEX idx_ocr_text_frame_id ON ocr_text(frame_id);
CREATE INDEX idx_ocr_text_frame_app_window ON ocr_text(frame_id, app_name, window_name);
CREATE INDEX idx_ocr_text_length ON ocr_text (text_length);
CREATE INDEX idx_ocr_text_sync_id ON ocr_text(sync_id) WHERE sync_id IS NOT NULL;
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT DISTINCT app_name, window_name FROM ocr_text WHERE app_name LIKE '%Safari%' OR window_name LIKE '%Boosteroid%' LIMIT 20;"
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT DISTINCT app_name, window_name FROM ocr_text WHERE app_name LIKE '%Safari%' OR window_name LIKE '%Boosteroid%' LIMIT 20;"
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT DISTINCT app_name, window_name FROM ocr_text WHERE window_name LIKE '%Boosteroid%' OR window_name LIKE '%boosteroid%' OR app_name LIKE '%Boosteroid%' OR app_name LIKE '%Chrome%' OR app_name LIKE '%Firefox%' OR app_name LIKE '%Arc%' OR app_name LIKE '%Brave%' OR app_name LIKE '%Vivaldi%' LIMIT 50;"
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT DISTINCT app_name FROM ocr_text LIMIT 50;"
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ st-status
zsh: command not found: st-status
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ st-status
zsh: command not found: st-status
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sp-status
{
"status": "healthy",
"frame_status": "ok",
"audio_status": "disabled",
"last_frame": "2026-04-16T16:37:14+03:00",
"uptime": 2866.983892584,
"fps": 0.[CREDIT_CARD],
"frames": 1762
}
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sp-status
{
"status": "healthy",
"frame_status": "ok",
"audio_status": "disabled",
"last_frame": "2026-04-16T16:37:44+03:00",
"uptime": 2894.494524792,
"fps": 0.612196701297038,
"frames": 1772
}
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT DISTINCT app_name FROM ocr_text LIMIT 50;"
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ sqlite3 ~/.screenpipe/db.sqlite "SELECT DISTINCT app_name, window_name FROM ocr_text WHERE window_name LIKE '%Boosteroid%' OR window_name LIKE '%boosteroid%' OR app_name LIKE '%Boosteroid%' OR app_name LIKE '%Chrome%' OR app_name LIKE '%Firefox%' OR app_name LIKE '%Arc%' OR app_name LIKE '%Brave%' OR app_name LIKE '%Vivaldi%' LIMIT 50;"
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ pgrep -la screenpipe
10874 screenpipe
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ ls -lh ~/.screenpipe/db.sqlite
# Check if there are other DB files
find ~ -name "db.sqlite" 2>/dev/null
-rw-r--r-- 1 lukas staff 2.6G 16 Apr 16:36 /Users/lukas/.screenpipe/db.sqlite
zsh: command not found: #
/Users/lukas/.screenpipe/db.sqlite
^C
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ ls -lh ~/.screenpipe/db.sqlite
-rw-r--r-- 1 lukas staff 2.6G 16 Apr 16:38 /Users/lukas/.screenpipe/db.sqlite
lukas@Lukas-Kovaliks-MacBook-Pro-Jiminny ~ $ find ~ -name "db.sqlite" 2>/dev/null
/Users/lukas/.screenpipe/db.sqlite
DOCKER
Close Tab
DEV (-zsh)
Close Tab
APP (-zsh)
Close Tab
-zsh
Close Tab
find
Close Tab
⌥⌘1
find...
|
iTerm2
|
find
|
NULL
|
39416
|