Hello Zipcode validators ;-)
This v4.0.0 release is a security-focused update. It requires patched symfony/validator versions only (^5.4.43 || ^6.4.11 || ^7.1.4 || ^8.0) to address CVE-2024-50343 (GHSA-g3rh-rrhp-jhh9). If you still run Symfony Validator 4.x or unsupported 5.x / 6.x / 7.0.x lines, upgrade Symfony before updating this package.
We also pinned PHPUnit to patched releases in development (GHSA-qrr6-mg7r-m243), added composer.lock, and set config.platform.php so locks stay reproducible. CI was adjusted (e.g. prefer-lowest on Symfony 5.4; PHP 8.3 with Symfony 7.1). The ZipCode constraint was aligned with current Symfony Constraint behavior where needed.
To upgrade run:
$ composer update barbieswimcrew/zip-code-validatorSee changes: v3.2.0...v4.0.0
Documentation: https://github.com/barbieswimcrew/zip-code-validator/blob/v4.0.0/README.md
Highlights:
[SECURITY] Require patched symfony/validator for CVE-2024-50343; CI updates; ZipCode constraint alignment with Symfony Validator
[SECURITY] Dev: PHPUnit patched versions; track composer.lock; config.platform.php for reproducible resolution
Happy validating!