* 4.3:
[OptionsResolve] Revert change in tests for a not-merged change in code
[HttpClient] fix handling of 3xx with no Location header - ignore Content-Length when no body is expected
[Workflow] Made the configuration more robust for the 'property' key
[Security/Core] make NativePasswordEncoder use sodium to validate passwords when possible
#30432 fix an error message
fix paths to detect code owners
[HttpClient] ignore the body of responses to HEAD requests
[Validator] Ensure numeric subpaths do not cause errors on PHP 7.4
[SecurityBundle] Fix wrong assertion
Remove unused local variables in tests
[Yaml][Parser] Remove the getLastLineNumberBeforeDeprecation() internal unused method
Make sure to collect child forms created on *_SET_DATA events
[WebProfilerBundle] Improve display in Email panel for dark theme
do not render errors for checkboxes twice
* 3.4:
#30432 fix an error message
fix paths to detect code owners
[Validator] Ensure numeric subpaths do not cause errors on PHP 7.4
Remove unused local variables in tests
Make sure to collect child forms created on *_SET_DATA events
do not render errors for checkboxes twice
This PR was merged into the 4.3 branch.
Discussion
----------
[Workflow] Made the configuration more robust for the 'property' key
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34092
| License | MIT
| Doc PR |
Commits
-------
0c31ff007e [Workflow] Made the configuration more robust for the 'property' key
This PR was merged into the 4.3 branch.
Discussion
----------
[HttpClient] fix handling of 3xx with no Location header - ignore Content-Length when no body is expected
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
A `304` is the final response code.
This PR implements the same logic as curl.
Commits
-------
50a88c59f6 [HttpClient] fix handling of 3xx with no Location header - ignore Content-Length when no body is expected
This PR was merged into the 4.3 branch.
Discussion
----------
[Security/Core] make NativePasswordEncoder use sodium to validate passwords when possible
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
sodium implementations are always faster, let's use them when possible. This also allows validating argon2 passwords when bcrypt is configured as the main one, making migrations possible.
Commits
-------
799a2eae2d [Security/Core] make NativePasswordEncoder use sodium to validate passwords when possible
This PR was merged into the 4.4 branch.
Discussion
----------
[Security] Allow to stick to a specific password hashing algorithm
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#33054
| License | MIT
| Doc PR | todo
Allows using `argon2i`, `argon2id` and `bcrypt`.
Commits
-------
6712d1e504 [Security] Allow to set a fixed algorithm
This PR was merged into the 4.4 branch.
Discussion
----------
[Security/Core] add fast path when encoded password cannot match anything
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Only `MessageDigestPasswordEncoder` and `Pbkdf2PasswordEncoder` need this fast path: the sodium and the native encoders already implement it natively.
When a migrating encoder is used, a failed password validation fallbacks to all encoders. This makes the process slower than needed currently.
Commits
-------
c57f8f7f93 [Security/Core] add fast path when encoded password cannot match anything
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] Remove suffix convention when using env vars to override secrets from the vault
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Right now, env vars that override encrypted secrets must en up with `_SECRET`.
This PR removes this convention. It also enforces that only vars defined in the vault can be overriden locally. This means one cannot set a local-only secret.
Commits
-------
2ec9647e75 [FrameworkBundle] Remove suffix convention when using env vars to override secrets from the vault
This PR was merged into the 4.4 branch.
Discussion
----------
[Messenger] Fix redis test
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 4.4.
- Legacy code removals go to the master branch.
-->
Commits
-------
3fdaf970c3 [Messenger] Fix redis test
This PR was merged into the 3.4 branch.
Discussion
----------
fix paths to detect code owners
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
I was wondering why sometimes I didn't receive any notifications for PRs where I thought a file for which I claimed code ownership was modified. Turns out according to https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners#codeowners-syntax the `dir/*` pattern does not include nested directories.
Commits
-------
cb7523d595 fix paths to detect code owners
This PR was merged into the 3.4 branch.
Discussion
----------
[OptionsResolver] Fix an error message to be more accurate
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #30432
| License | MIT
| Doc PR |
See #30432 for more details:
> **Symfony version(s) affected**: 3.4, maybe other versions too (not tested)
>
> **Description**
> Error message when allowedTypes is an array contains `[]` but should not:
> `The option "testme" with value array is expected to be of type "string[]", but one of the elements is of type "integer[]".`
> It should be:
> `The option "testme" with value array is expected to be of type "string[]", but one of the elements is of type "integer".`
>
> **How to reproduce**
>
> ```
> $resolver = (new OptionsResolver())
> ->setDefault('testme', [])
> ->setAllowedTypes('testme', ['string[]'])
> ->resolve(['testme' => ['test', 12]]);
> ```
In addition I changed an error message to be more
accurate if provided more than one incorrect value:
> [...] is expected to be of type "integer[][]", but is of type "integer|boolean|string".
Commits
-------
7fa2fc2#30432 fix an error message
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] Make sure to collect child forms created on *_SET_DATA events
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#29291
| License | MIT
| Doc PR | -
See reproducer provided by @WubbleWobble https://github.com/WubbleWobble/symfony-issue-29291.
Commits
-------
50efc1a Make sure to collect child forms created on *_SET_DATA events
This PR was merged into the 4.3 branch.
Discussion
----------
[Yaml][Parser] Remove the getLastLineNumberBeforeDeprecation() internal unused method
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This method is internal and unused. It was removed by a2ae6bf745 but was added back mistakenly by 1baac5a74f.
Commits
-------
49acc16424 [Yaml][Parser] Remove the getLastLineNumberBeforeDeprecation() internal unused method
This PR was merged into the 4.3 branch.
Discussion
----------
[HttpClient] ignore the body of responses to HEAD requests
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34102
| License | MIT
| Doc PR | -
Commits
-------
0fc371e7df [HttpClient] ignore the body of responses to HEAD requests
This PR was squashed before being merged into the 3.4 branch (closes#34097).
Discussion
----------
[Validator] Ensure numeric subpaths do not cause errors on PHP 7.4
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
Drupal is testing on PHP7.4 and hitting a problem with the line `if ('[' === $subPath[0]) {` because `$subPath` is not a string. We're already doing string casting in the method so we could do it once and be done. Note this is not a problem on the master branch / SF5 because of primitive typehinting.
Without this fix on PHP7.4 you see errors like...
```
1) Symfony\Component\Validator\Tests\Util\PropertyPathTest::testAppend with data set #5 ('0', 1, '0.1', 'Numeric subpaths do not cause...rrors.')
Trying to access array offset on value of type int
```
Commits
-------
6244a1ec47 [Validator] Ensure numeric subpaths do not cause errors on PHP 7.4
This PR was merged into the 4.4 branch.
Discussion
----------
[Messenger] remove infinite (nullable) max retries
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#33284
| License | MIT
| Doc PR |
Infinite retries are useless and putting a high enough number is more self-explaining. Infinite retries could not be configured using the framework anyway, see issue.
Commits
-------
4a6ec8554e [Messenger] remove nullable max retries
This PR was merged into the 4.3 branch.
Discussion
----------
[Messenger] use database platform to convert correctly the DateTime
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | yes <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/32427
| License | MIT
In Doctrine Messenger the method `\Symfony\Component\Messenger\Transport\Doctrine\Connection::formatDateTime()` is used to format dateTime into this: `Y-m-d\TH:i:s`.
But this is not supported in all databases platform.
Here we use the database platform to convert correctly the dateTime.
Commits
-------
cfa11561d1 Format DateTime depending on database platform
This PR was merged into the 4.3 branch.
Discussion
----------
[Messenger] prevent infinite redelivery loops and blocked queues
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#32055
| License | MIT
| Doc PR |
This PR solves a very common fitfall of amqp redeliveries. It's for example explained in https://blog.forma-pro.com/rabbitmq-redelivery-pitfalls-440e0347f4e0
Newer RabbitMQ versions provide a solution for this by itself but only for quorum queues and not the classic ones, see https://github.com/rabbitmq/rabbitmq-server/pull/1889
This PR adds a middleware that throws a RejectRedeliveredMessageException when a message is detected that has been redelivered by AMQP.
The middleware runs before the HandleMessageMiddleware and prevents redelivered messages from being handled directly. The thrown exception is caught by the worker and will trigger the retry logic according to the retry strategy.
AMQP redelivers messages when they do not get acknowledged or rejected. This can happen when the connection times out or an exception is thrown before acknowledging or rejecting. When such errors happen again while handling the redelivered message, the message would get redelivered again and again. The purpose of this middleware is to prevent infinite redelivery loops and to unblock the queue by republishing the redelivered messages as retries with a retry limit and potential delay.
Commits
-------
d211904c8e [Messenger] prevent infinite redelivery loops and blocked queues
This PR was merged into the 3.4 branch.
Discussion
----------
Remove unused local variables
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This PR removes useless assignations. There are also somes fixes in tests.
Commits
-------
c07cee8f61 Remove unused local variables in tests
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpClient] allow option "buffer" to be a stream resource
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Commits
-------
e87301603e [HttpClient] allow option "buffer" to be a stream resource
Nicolas Grekas
Grégoire Pineau
Robin Chalas
Fabien Potencier
Yonel Ceruto
Dmytro
Christian Flothmann
Tobias Schultze
Alex Pott
Mathias STRASSER
Thomas Calvet
