From 6af04bbac6f65739c00f8e16f4ec975f29f924de Mon Sep 17 00:00:00 2001
From: Vladimir Reznichenko <kalessil@gmail.com>
Date: Wed, 9 Oct 2019 21:00:06 +0200
Subject: [PATCH 1/4] SCA: added missing break in a loop

---
 src/Symfony/Component/Cache/Traits/MemcachedTrait.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Symfony/Component/Cache/Traits/MemcachedTrait.php b/src/Symfony/Component/Cache/Traits/MemcachedTrait.php
index 999687de99..28046e475b 100644
--- a/src/Symfony/Component/Cache/Traits/MemcachedTrait.php
+++ b/src/Symfony/Component/Cache/Traits/MemcachedTrait.php
@@ -249,6 +249,7 @@ trait MemcachedTrait
         foreach ($this->checkResultCode($this->getClient()->deleteMulti($encodedIds)) as $result) {
             if (\Memcached::RES_SUCCESS !== $result && \Memcached::RES_NOTFOUND !== $result) {
                 $ok = false;
+                break;
             }
         }
 

From 21645a5b96dda40070c1555496ede2cb7bd0e213 Mon Sep 17 00:00:00 2001
From: Nicolas Grekas <nicolas.grekas@gmail.com>
Date: Thu, 10 Oct 2019 13:03:19 +0200
Subject: [PATCH 2/4] [VarDumper] fix resetting the "bold" state in CliDumper

---
 src/Symfony/Component/VarDumper/Dumper/CliDumper.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Symfony/Component/VarDumper/Dumper/CliDumper.php b/src/Symfony/Component/VarDumper/Dumper/CliDumper.php
index 2bd347d96a..946df78257 100644
--- a/src/Symfony/Component/VarDumper/Dumper/CliDumper.php
+++ b/src/Symfony/Component/VarDumper/Dumper/CliDumper.php
@@ -28,7 +28,7 @@ class CliDumper extends AbstractDumper
     protected $maxStringWidth = 0;
     protected $styles = [
         // See http://en.wikipedia.org/wiki/ANSI_escape_code#graphics
-        'default' => '38;5;208',
+        'default' => '0;38;5;208',
         'num' => '1;38;5;38',
         'const' => '1;38;5;208',
         'str' => '1;38;5;113',

From 30180417823e5f41c69cbb1fd6eee07e71c13c6c Mon Sep 17 00:00:00 2001
From: soufianZantar <s.zantar@gmail.com>
Date: Mon, 5 Aug 2019 10:42:16 +0200
Subject: [PATCH 3/4] [Dotenv] search variable values in ENV first then env
 file

---
 src/Symfony/Component/Dotenv/Dotenv.php       | 38 ++++++++++++-------
 .../Component/Dotenv/Tests/DotenvTest.php     | 17 +++++++++
 src/Symfony/Component/Dotenv/composer.json    |  2 +-
 3 files changed, 43 insertions(+), 14 deletions(-)

diff --git a/src/Symfony/Component/Dotenv/Dotenv.php b/src/Symfony/Component/Dotenv/Dotenv.php
index c6fc3cbda9..78bc83334e 100644
--- a/src/Symfony/Component/Dotenv/Dotenv.php
+++ b/src/Symfony/Component/Dotenv/Dotenv.php
@@ -183,6 +183,8 @@ final class Dotenv
             throw $this->createFormatException('Whitespace are not supported before the value');
         }
 
+        $loadedVars = array_flip(explode(',', isset($_SERVER['SYMFONY_DOTENV_VARS']) ? $_SERVER['SYMFONY_DOTENV_VARS'] : (isset($_ENV['SYMFONY_DOTENV_VARS']) ? $_ENV['SYMFONY_DOTENV_VARS'] : '')));
+        unset($loadedVars['']);
         $v = '';
 
         do {
@@ -224,8 +226,8 @@ final class Dotenv
                 ++$this->cursor;
                 $value = str_replace(['\\"', '\r', '\n'], ['"', "\r", "\n"], $value);
                 $resolvedValue = $value;
-                $resolvedValue = $this->resolveVariables($resolvedValue);
-                $resolvedValue = $this->resolveCommands($resolvedValue);
+                $resolvedValue = $this->resolveVariables($resolvedValue, $loadedVars);
+                $resolvedValue = $this->resolveCommands($resolvedValue, $loadedVars);
                 $resolvedValue = str_replace('\\\\', '\\', $resolvedValue);
                 $v .= $resolvedValue;
             } else {
@@ -247,8 +249,8 @@ final class Dotenv
                 }
                 $value = rtrim($value);
                 $resolvedValue = $value;
-                $resolvedValue = $this->resolveVariables($resolvedValue);
-                $resolvedValue = $this->resolveCommands($resolvedValue);
+                $resolvedValue = $this->resolveVariables($resolvedValue, $loadedVars);
+                $resolvedValue = $this->resolveCommands($resolvedValue, $loadedVars);
                 $resolvedValue = str_replace('\\\\', '\\', $resolvedValue);
 
                 if ($resolvedValue === $value && preg_match('/\s+/', $value)) {
@@ -301,7 +303,7 @@ final class Dotenv
         }
     }
 
-    private function resolveCommands($value)
+    private function resolveCommands($value, $loadedVars)
     {
         if (false === strpos($value, '$')) {
             return $value;
@@ -317,7 +319,7 @@ final class Dotenv
             )
         /x';
 
-        return preg_replace_callback($regex, function ($matches) {
+        return preg_replace_callback($regex, function ($matches) use ($loadedVars) {
             if ('\\' === $matches[1]) {
                 return substr($matches[0], 1);
             }
@@ -332,7 +334,15 @@ final class Dotenv
 
             $process = new Process('echo '.$matches[0]);
             $process->inheritEnvironmentVariables(true);
-            $process->setEnv($this->values);
+
+            $env = [];
+            foreach ($this->values as $name => $value) {
+                if (isset($loadedVars[$name]) || (!isset($_ENV[$name]) && !(isset($_SERVER[$name]) && 0 !== strpos($name, 'HTTP_')))) {
+                    $env[$name] = $value;
+                }
+            }
+            $process->setEnv($env);
+
             try {
                 $process->mustRun();
             } catch (ProcessException $e) {
@@ -343,7 +353,7 @@ final class Dotenv
         }, $value);
     }
 
-    private function resolveVariables($value)
+    private function resolveVariables($value, array $loadedVars)
     {
         if (false === strpos($value, '$')) {
             return $value;
@@ -359,7 +369,7 @@ final class Dotenv
             (?P<closing_brace>\})?             # optional closing brace
         /x';
 
-        $value = preg_replace_callback($regex, function ($matches) {
+        $value = preg_replace_callback($regex, function ($matches) use ($loadedVars) {
             // odd number of backslashes means the $ character is escaped
             if (1 === \strlen($matches['backslashes']) % 2) {
                 return substr($matches[0], 1);
@@ -375,14 +385,16 @@ final class Dotenv
             }
 
             $name = $matches['name'];
-            if (isset($this->values[$name])) {
+            if (isset($loadedVars[$name]) && isset($this->values[$name])) {
                 $value = $this->values[$name];
-            } elseif (isset($_SERVER[$name]) && 0 !== strpos($name, 'HTTP_')) {
-                $value = $_SERVER[$name];
             } elseif (isset($_ENV[$name])) {
                 $value = $_ENV[$name];
+            } elseif (isset($_SERVER[$name]) && 0 !== strpos($name, 'HTTP_')) {
+                $value = $_SERVER[$name];
+            } elseif (isset($this->values[$name])) {
+                $value = $this->values[$name];
             } else {
-                $value = (string) getenv($name);
+                $value = '';
             }
 
             if (!$matches['opening_brace'] && isset($matches['closing_brace'])) {
diff --git a/src/Symfony/Component/Dotenv/Tests/DotenvTest.php b/src/Symfony/Component/Dotenv/Tests/DotenvTest.php
index b920270da9..dc7c4c1715 100644
--- a/src/Symfony/Component/Dotenv/Tests/DotenvTest.php
+++ b/src/Symfony/Component/Dotenv/Tests/DotenvTest.php
@@ -63,6 +63,7 @@ class DotenvTest extends TestCase
     public function getEnvData()
     {
         putenv('LOCAL=local');
+        $_ENV['LOCAL'] = 'local';
         $_ENV['REMOTE'] = 'remote';
 
         $tests = [
@@ -295,4 +296,20 @@ class DotenvTest extends TestCase
         $this->assertSame('baz1', getenv('BAZ'));
         $this->assertSame('/var/www', getenv('DOCUMENT_ROOT'));
     }
+
+    public function testGetVariablesValueFromEnvFirst()
+    {
+        $_ENV['APP_ENV'] = 'prod';
+        $dotenv = new Dotenv(true);
+
+        $test = "APP_ENV=dev\nTEST1=foo1_\${APP_ENV}";
+        $values = $dotenv->parse($test);
+        $this->assertSame('foo1_prod', $values['TEST1']);
+
+        if ('\\' !== \DIRECTORY_SEPARATOR) {
+            $test = "APP_ENV=dev\nTEST2=foo2_\$(php -r 'echo \$_SERVER[\"APP_ENV\"];')";
+            $values = $dotenv->parse($test);
+            $this->assertSame('foo2_prod', $values['TEST2']);
+        }
+    }
 }
diff --git a/src/Symfony/Component/Dotenv/composer.json b/src/Symfony/Component/Dotenv/composer.json
index 3bcfd89c8d..e35339c98e 100644
--- a/src/Symfony/Component/Dotenv/composer.json
+++ b/src/Symfony/Component/Dotenv/composer.json
@@ -19,7 +19,7 @@
         "php": "^5.5.9|>=7.0.8"
     },
     "require-dev": {
-        "symfony/process": "~3.2|~4.0"
+        "symfony/process": "^3.4.2|^4.0"
     },
     "autoload": {
         "psr-4": { "Symfony\\Component\\Dotenv\\": "" },

From 56895f12b92cc17baa978606cec56165ce56057a Mon Sep 17 00:00:00 2001
From: Ilia Lazarev <ilia.lazarev@icloud.com>
Date: Sat, 12 Oct 2019 10:36:35 +0300
Subject: [PATCH 4/4] Add plus character `+` to legal mime subtype

For example, the following mime type (used for epub) is not recognized given the current regexp: `application/epub+zip`
---
 .../HttpFoundation/File/MimeType/FileBinaryMimeTypeGuesser.php  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Symfony/Component/HttpFoundation/File/MimeType/FileBinaryMimeTypeGuesser.php b/src/Symfony/Component/HttpFoundation/File/MimeType/FileBinaryMimeTypeGuesser.php
index b75242afd0..cfa76843cc 100644
--- a/src/Symfony/Component/HttpFoundation/File/MimeType/FileBinaryMimeTypeGuesser.php
+++ b/src/Symfony/Component/HttpFoundation/File/MimeType/FileBinaryMimeTypeGuesser.php
@@ -89,7 +89,7 @@ class FileBinaryMimeTypeGuesser implements MimeTypeGuesserInterface
 
         $type = trim(ob_get_clean());
 
-        if (!preg_match('#^([a-z0-9\-]+/[a-z0-9\-\.]+)#i', $type, $match)) {
+        if (!preg_match('#^([a-z0-9\-]+/[a-z0-9\-\+\.]+)#i', $type, $match)) {
             // it's not a type, but an error message
             return null;
         }