[SECURITY] Update dependencies to fix security issues (4.x branch) (k…

…itodo#1175)

.github/workflows/codeql.yml

@@ -2,9 +2,9 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ "master", "1.x", "2.x", "3.2.x", "3.3.x", "4.x" ]
+    branches: [ "4.x" ]
   pull_request:
-    branches: [ "master" ]
+    branches: [ "4.x" ]
 
 jobs:
   analyze:
@@ -22,18 +22,18 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
           config-file: ./.github/codeql.yml
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v3
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3
         with:
           category: "/language:${{ matrix.language }}"

.github/workflows/tests.yml

@@ -2,19 +2,19 @@ name: Unit and Functional Testing
 
 on:
   push:
-    branches: [master]
+    branches: [ "4.x" ]
   pull_request:
-    branches: [master]
+    branches: [ "4.x" ]
 
 jobs:
   test:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        typo3: [9.5, 10.4]
+        typo3: [ 9.5, 10.4 ]
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Install dependencies
         run: Build/Test/runTests.sh -s composerInstall -t ${{ matrix.typo3 }}

README.md

@@ -16,14 +16,14 @@ Kitodo.Presentation requires [TYPO3](https://get.typo3.org) with [PHP](https://s
 
 Currently **TYPO3 9.5 LTS** and **TYPO3 10.4 LTS** is supported with the following system requirements:
 
-| Component   | Constraints for 9 LTS | Constraints for 10 LTS |
-| ----------- | --------------------- | ---------------------- |
-| TYPO3       | 9.5.x                 | 10.4.x                 |
-| PHP         | 7.3.x - 7.4.x         | 7.3.x - 7.4.x          |
-| MySQL       | 5.7.x                 | 5.7.x                  |
-| MariaDB     | 10.2.x - 10.3.x       | 10.3.x - 10.5.x        |
-| Apache Solr | 8.x - 9.x             | 8.x - 9.x              |
-| OCR Highlighting Plugin | 0.8.x     | 0.8.x                  |
+| Component               | Constraints for 9 LTS | Constraints for 10 LTS |
+| ----------------------- | --------------------- | ---------------------- |
+| TYPO3                   | 9.5.46                | 10.4.43                |
+| PHP                     | 7.4.33                | 7.4.33                 |
+| MySQL                   | 5.7.x                 | 5.7.x                  |
+| MariaDB                 | 10.2.x - 10.3.x       | 10.3.x - 10.5.x        |
+| Apache Solr             | 8.x                   | 8.x                    |
+| OCR Highlighting Plugin | 0.8.x-solr78          | 0.8.x-solr78           |
 
 Application level dependencies are handled by [Composer](https://getcomposer.org) (see [composer.json](./composer.json)).
 

composer.json

@@ -32,20 +32,20 @@
     "ext-libxml": "*",
     "ext-openssl": "*",
     "ext-simplexml": "*",
-    "typo3/cms-core": "^9.5.31|^10.4.36",
-    "typo3/cms-extbase": "^9.5.31|^10.4.36",
-    "typo3/cms-tstemplate": "^9.5.31|^10.4.36",
+    "typo3/cms-core": "^9.5.31|^10.4.37",
+    "typo3/cms-extbase": "^9.5.31|^10.4.37",
+    "typo3/cms-tstemplate": "^9.5.31|^10.4.37",
     "caseyamcl/phpoaipmh": "^3.3.1",
     "ubl/php-iiif-prezi-reader": "0.3.0",
     "solarium/solarium": "^5.2.0"
   },
   "require-dev": {
     "spatie/phpunit-watcher": "^1.23.0",
-    "typo3/cms-backend": "^9.5.31|^10.4.36",
-    "typo3/cms-fluid": "^9.5.31|^10.4.36",
-    "typo3/cms-fluid-styled-content": "^9.5.31|^10.4.36",
-    "typo3/cms-frontend": "^9.5.31|^10.4.36",
-    "typo3/testing-framework": "^4.15.5|^6.16.7"
+    "typo3/cms-backend": "^9.5.31|^10.4.37",
+    "typo3/cms-fluid": "^9.5.31|^10.4.37",
+    "typo3/cms-fluid-styled-content": "^9.5.31|^10.4.37",
+    "typo3/cms-frontend": "^9.5.31|^10.4.37",
+    "typo3/testing-framework": "^4.15.5|^6.16.9"
   },
   "replace": {
     "typo3-ter/dlf": "self.version"