This PR was merged into the 3.4 branch.
Discussion
----------
Extend Argon2i support check to account for sodium_compat
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
In the Argon2i password encoder, if in an environment where `sodium_compat` is installed without either natively running PHP 7.2 or the (lib)sodium extension, the `isSupported` check can return true because the library exposes the `sodium_crypto_pwhash_str()` function however a pure PHP implementation of the method is not implemented, so the library does not actually support the hashes.
https://github.com/paragonie/sodium_compat/issues/55 requested a way to check support through the polyfill to avoid this condition and the 1.4 release added it. This PR extends the encoder's `isSupported` check to be aware of the `sodium_compat` library and use its support check if able to avoid misreporting that `sodium_crypto_pwhash_str()` is available for use when it isn't.
Commits
-------
95c1fc8 Extend Argon2i support check to account for sodium_compat
This PR was merged into the 4.1-dev branch.
Discussion
----------
[Process] add type hint and changelog entry
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
5a1dc67 add type hint and changelog entry
* 4.0: (42 commits)
fix merge
Remove some unused variables and properties
[appveyor] disable memory limit on composer up
[HttpFoundation] don't prefix cookies with "Set-Cookie:"
Remove some unused variables and properties
[HttpFoundation] Fixed default user-agent (3.X -> 4.X)
Fix debug:form definition
Remove some unused variables, properties and methods
fix some edge cases with indented blocks
[ExpressionLanguage] Fix parse error on 5.3
[HttpKernel] remove noisy frame in controller stack traces
[DI] Force root-namespace for function calls in the dumper container
[DI] Fix circular-aliases message
register system cache clearer only if it's used
doc : Namespace prefix must end with a "\"
[ExpressionLanguage] throw an SyntaxError instead of letting a undefined index notice
Prevent a loop in aliases within the `findDefinition` method
[HttpKernel] Disable inlining on PHP 5
Ensure that inlined services with parameterized class name can be dumped
[DI] Fix non-string class handling in PhpDumper
...
* 3.4: (37 commits)
Remove some unused variables and properties
[appveyor] disable memory limit on composer up
[HttpFoundation] don't prefix cookies with "Set-Cookie:"
Remove some unused variables and properties
Fix debug:form definition
Remove some unused variables, properties and methods
fix some edge cases with indented blocks
[ExpressionLanguage] Fix parse error on 5.3
[HttpKernel] remove noisy frame in controller stack traces
[DI] Force root-namespace for function calls in the dumper container
[DI] Fix circular-aliases message
register system cache clearer only if it's used
doc : Namespace prefix must end with a "\"
[ExpressionLanguage] throw an SyntaxError instead of letting a undefined index notice
Prevent a loop in aliases within the `findDefinition` method
[HttpKernel] Disable inlining on PHP 5
Ensure that inlined services with parameterized class name can be dumped
[DI] Fix non-string class handling in PhpDumper
Throw a sensible exception when controller has been removed
Remove LOCK_EX That Breaks Cache Usage on NFS
...
This PR was merged into the 3.4 branch.
Discussion
----------
Remove some unused variables and properties
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
Analyzing symfony/symfony using https://insight.sensiolabs.com, I found several chunks of dead code. This PR removes them in the 3.4 branch.
Commits
-------
ec92d9b Remove some unused variables and properties
* 3.3: (21 commits)
[appveyor] disable memory limit on composer up
Remove some unused variables and properties
Remove some unused variables, properties and methods
fix some edge cases with indented blocks
[ExpressionLanguage] Fix parse error on 5.3
[HttpKernel] remove noisy frame in controller stack traces
[DI] Fix circular-aliases message
[ExpressionLanguage] throw an SyntaxError instead of letting a undefined index notice
Prevent a loop in aliases within the `findDefinition` method
Fix php doc in Table class
bumped Symfony version to 3.3.15
updated VERSION for 3.3.14
updated CHANGELOG for 3.3.14
bumped Symfony version to 2.8.33
updated VERSION for 2.8.32
updated CHANGELOG for 2.8.32
bumped Symfony version to 2.7.40
updated VERSION for 2.7.39
update CONTRIBUTORS for 2.7.39
updated CHANGELOG for 2.7.39
...
This PR was merged into the 3.3 branch.
Discussion
----------
[Yaml] fix some edge cases with indented blocks
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25329, #25341
| License | MIT
| Doc PR |
Now that comment-like lines are no longer ignored when subparsers are
created, we need to ignore them in some functions (e.g. when detecting
the indentation depth of the next block).
Commits
-------
b201c22 fix some edge cases with indented blocks
This PR was merged into the 3.3 branch.
Discussion
----------
[appveyor] disable memory limit on composer up
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Let's see if this makes appveyor happy.
Commits
-------
362f9bc [appveyor] disable memory limit on composer up
This PR was merged into the 3.4 branch.
Discussion
----------
doc : Namespace prefix must end with a "\"
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
ef2ca56 doc : Namespace prefix must end with a "\"
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] Fix debug:form command definition
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Sadly these changes were forgotten in https://github.com/symfony/symfony/pull/25011 and the `debug:form` command does not work properly right now :(
Commits
-------
97fdf31 Fix debug:form definition
* 2.8:
Remove some unused variables, properties and methods
[ExpressionLanguage] Fix parse error on 5.3
[HttpKernel] remove noisy frame in controller stack traces
[ExpressionLanguage] throw an SyntaxError instead of letting a undefined index notice
Fix php doc in Table class
bumped Symfony version to 2.8.33
updated VERSION for 2.8.32
updated CHANGELOG for 2.8.32
bumped Symfony version to 2.7.40
updated VERSION for 2.7.39
update CONTRIBUTORS for 2.7.39
updated CHANGELOG for 2.7.39
This PR was merged into the 3.3 branch.
Discussion
----------
Remove some unused variables and properties
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
Analyzing symfony/symfony using https://insight.sensiolabs.com, I found several chunks of dead code. This PR removes them in the 3.3 branch.
Commits
-------
8bc2fbb Remove some unused variables and properties
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation] don't prefix cookies with "Set-Cookie:"
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | ?
| Fixed tickets | #25393
| License | MIT
Commits
-------
a4db20f [HttpFoundation] don't prefix cookies with "Set-Cookie:"
This PR was merged into the 4.1-dev branch.
Discussion
----------
[DI][FrameworkBundle] Add PSR-11 "ContainerBag" to access parameters as-a-service
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #17160
| License | MIT
| Doc PR | -
There is one thing that prevents us from not injecting the container: access to the parameter bag.
This PR fixes this limitation by providing a PSR-11 `ContainerBagInterface` + related implementation, and wiring it as a service that ppl can then also autowire using the new interface as a type hint, or `ParameterBagInterface`.
Needed to complete e.g. #24738
Commits
-------
561cd7e Add tests on the ContainerBag
0e18d3e [DI][FrameworkBundle] Add PSR-11 "ContainerBag" to access parameters as-a-service
* 2.7:
Remove some unused variables, properties and methods
[ExpressionLanguage] Fix parse error on 5.3
[HttpKernel] remove noisy frame in controller stack traces
[ExpressionLanguage] throw an SyntaxError instead of letting a undefined index notice
Fix php doc in Table class
bumped Symfony version to 2.7.40
updated VERSION for 2.7.39
update CONTRIBUTORS for 2.7.39
updated CHANGELOG for 2.7.39
This PR was merged into the 2.7 branch.
Discussion
----------
[2.7] Remove some unused variables, properties and methods
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | kind of
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
Analyzing symfony/symfony using https://insight.sensiolabs.com, I found several chunks of dead code. This PR removes them in the 2.7 branch.
fabbot failure is unrelated.
Commits
-------
30e2273 Remove some unused variables, properties and methods
Now that comment-like lines are no longer ignored when subparsers are
created, we need to ignore them in some functions (e.g. when detecting
the indentation depth of the next block).
This PR was merged into the 4.1-dev branch.
Discussion
----------
[FrameworkBundle] debug:autowiring: don't list FQCN when they are aliased
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
In order to favor type-hinting for interfaces, I propose to not list the class as explicitly autowireable when an alias exists for it.
Which means displaying only
```
App\FooInterface
alias to App\Foo
```
instead of
```
App\Foo
App\FooInterface
alias to App\Foo
```
ping @weaverryan
Commits
-------
8cbfa1eaf3 [FrameworkBundle] debug:autowiring: don't list FQCN when they are aliased
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Fix non-string class handling in PhpDumper
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25353
| License | MIT
| Doc PR | -
Commits
-------
28f00866b1 Ensure that inlined services with parameterized class name can be dumped
730b156f35 [DI] Fix non-string class handling in PhpDumper
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Force root-namespace for function calls in the dumper container
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Was not needed before 3.4, but now that the dumped container is namespaced, it is required.
Commits
-------
f87380c22a [DI] Force root-namespace for function calls in the dumper container
This PR was merged into the 3.3 branch.
Discussion
----------
[Serializer] Unset attributes when creating child context
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
In some cases, the `attributes` key isn't overrode when creating the context passed to nested normalizers.
It's definitely a bug, but an attacker cannot access to non public data (ignored attributes are checked before the `attributes` key). However some data that must be public may be missing as highlighted by the test.
I've introduced the initial bug here: https://github.com/symfony/symfony/pull/18834
Commits
-------
4ff9d99f23 [Serializer] Unset attributes when creating child context
