197b296
This commit was signed with the committer’s verified signature.
vincentauger
Vincent Auger
What's Changed
Security
- Upgrade
saloonphp/saloonfrom^3.0to^4.0to resolve three CVEs published 2026-03-25:- GHSA-rf88-776r-rcq9 — Insecure deserialisation in
AccessTokenAuthenticator(RCE) - GHSA-c83f-3xp6-hfcp — Absolute URL in endpoint overrides base URL (SSRF / credential leakage)
- GHSA-f7xc-5852-fj99 — Fixture name path traversal (out-of-bounds file read/write)
- GHSA-rf88-776r-rcq9 — Insecure deserialisation in