Skip to content

fix(sec-auto): aikido Fix security issue in nikic/php-parser via minor version upgrade from 5.7.0 to 5.8.0#162

Open
aikido-autofix[bot] wants to merge 1 commit into
mainfrom
fix/SEC-AUTOFIX-update-packages-64822282-fhst
Open

fix(sec-auto): aikido Fix security issue in nikic/php-parser via minor version upgrade from 5.7.0 to 5.8.0#162
aikido-autofix[bot] wants to merge 1 commit into
mainfrom
fix/SEC-AUTOFIX-update-packages-64822282-fhst

Conversation

@aikido-autofix

Copy link
Copy Markdown

AI AutoFix

These PRs will require human vetting and potentially some fixes to fully integrate with the codebase.

Upgrade nikic/php-parser to fix RCE vulnerability in ConstExprEvaluator where pipe operator could invoke arbitrary functions on untrusted PHP code.

✅ 1 CVE resolved by this upgrade

This PR will resolve the following CVEs:

Issue Severity           Description
AIKIDO-2026-862723
MEDIUM
[nikic/php-parser] A pipe operator (`

@aikido-autofix aikido-autofix Bot added aikido-autofix Label created by Aikido AutoFix Security Label created by Aikido AutoFix labels Jul 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

aikido-autofix Label created by Aikido AutoFix Security Label created by Aikido AutoFix

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants