Update dependency symfony/process to ^7.1.7 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
symfony/process (source)	^7.0.4 -> ^7.1.7

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2024-51736

Description

On Window, when an executable file named cmd.exe is located in the current working directory it will be called by the Process class when preparing command arguments, leading to possible hijacking.

Resolution

The Process class now uses the absolute path to cmd.exe.

The patch for this issue is available here for branch 5.4.

Credits

We would like to thank Jordi Boggiano for reporting the issue and Nicolas Grekas for providing the fix.

---

Release Notes

symfony/process (symfony/process)

v7.1.7

Compare Source

v7.1.6

Compare Source

v7.1.5

Compare Source

Changelog (symfony/process@v7.1.4...v7.1.5)

• bug symfony/symfony#58291 [Process] Fix finding executables independently of open_basedir (@​BlackbitDevs)
• bug symfony/symfony#58195 [Process] Fix the removal of host-specific configuration when managing the ini settings in PhpSubprocess (@​M-arcus)
• bug symfony/symfony#58189 [Process] Fix backwards compatibility for invalid commands (@​ausi)

v7.1.3

Compare Source

Changelog (symfony/process@v7.1.2...v7.1.3)

• no significant changes

---

Configuration

📅 Schedule: Branch creation - "" in timezone UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

Read more about the use of Renovate Bot within ocramius/* projects.