You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add DeepCloner to deep-clone PHP values while preserving copy-on-write benefits
Deprecate Hydrator and Instantiator classes, use deepclone_hydrate() from the deepclone extension instead
8.0
Restrict ProxyHelper::generateLazyProxy() to generating abstraction-based lazy decorators; use native lazy proxies otherwise
Remove LazyGhostTrait and LazyProxyTrait, use native lazy objects instead
Remove ProxyHelper::generateLazyGhost(), use native lazy objects instead
7.4
Add support for exporting named closures
7.3
Deprecate using ProxyHelper::generateLazyProxy() when native lazy proxies can be used - the method should be used to generate abstraction-based lazy decorators only
Deprecate LazyGhostTrait and LazyProxyTrait, use native lazy objects instead
Deprecate ProxyHelper::generateLazyGhost(), use native lazy objects instead
7.2
Allow reinitializing lazy objects with a new initializer
6.4
Deprecate per-property lazy-initializers
6.2
Add support for lazy ghost objects and virtual proxies
Add Hydrator::hydrate()
Preserve PHP references also when using Hydrator::hydrate() or Instantiator::instantiate()
Add support for hydrating from native (array) casts
5.1.0
added argument array &$foundClasses to VarExporter::export() to ease with preloading exported values
... (truncated)
Commits
22e03a4 Update XSD references in phpunit.xml.dist files
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
The reason will be displayed to describe this comment to others. Learn more.
Pull Request Overview
This PR contains critical anomalies in the composer.lock file that must be addressed before merging. While Codacy reports the PR is 'up to standards', the dependency update includes version v7.4.9 for symfony/var-exporter, which does not exist in official repositories, and a release timestamp set in the year 2026.
These findings suggest the lockfile was not generated via a standard composer update command or was generated against a compromised/forged repository. There are also no functional tests included to verify the new features or bug fixes associated with this bump.
About this PR
The composer.lock file contains critical metadata inconsistencies. The timestamp for symfony/var-exporter (2026-04-18) is in the future, and version 7.4.9 is not currently a released version of the Symfony component. This strongly suggests that the lockfile may have been manually tampered with or generated in a compromised environment. Please investigate and regenerate the lockfile from official sources.
Test suggestions
Verify existing serialization/hydration logic remains functional with the new var-exporter version
Verify named closure exporting (new feature in 7.4.0) works as intended if used
Verify that uninitialized typed properties no longer trigger warnings during serialization (fix in 7.4.9)
Prompt proposal for missing tests
Consider implementing these tests if applicable:
1. Verify existing serialization/hydration logic remains functional with the new var-exporter version
2. Verify named closure exporting (new feature in 7.4.0) works as intended if used
3. Verify that uninitialized typed properties no longer trigger warnings during serialization (fix in 7.4.9)
The reason will be displayed to describe this comment to others. Learn more.
🔴 HIGH RISK
The composer.lock file contains invalid metadata: the release timestamp 2026-04-18 for symfony/var-exporter is in the future, and version v7.4.9 does not yet exist. This indicates the lockfile was not generated by a standard Composer process against official sources. Please regenerate the lockfile by running composer update to ensure dependency integrity.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dependenciesPull requests that update a dependency filephpPull requests that update php code
0 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
dependabot
Bot
added
dependencies
![codacy-production[bot]](https://avatars.githubusercontent.com/in/56611?s=60&v=4){kind=small}
Bumps symfony/var-exporter from 7.1.2 to 7.4.9.
Release notes
Sourced from symfony/var-exporter's releases.
... (truncated)
Changelog
Sourced from symfony/var-exporter's changelog.
... (truncated)
Commits
22e03a4Update XSD references in phpunit.xml.dist files8c34c50[Tests] Fix "Incomplete version" PHPUnit warningsc337020Merge branch '6.4' into 7.434f6957bug #63959 [VarExporter] Don't warn for __sleep()-listed uninitialized declar...68ee500[VarExporter] Don't warn for __sleep()-listed uninitialized typed properties6e5ad60Merge branch '6.4' into 7.4c353bb0More CS fixesdc41fcdMerge branch '6.4' into 7.4d9a5543CS fixes - native_function_invocation & static_lambda94b60a7[CS] Back config from 8.1 and apply heredoc_indentation ruleDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)