* 3.4:
minor: the meaning of the data breach was not correct
Optimize SVGs
property normalizer should also pass format and context to isAllowedAttribute
This PR was merged into the 3.4 branch.
Discussion
----------
Optimize SVGs
| Q | A
| ------------- | ---
| Branch? | 3.4 <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | / <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | / <!-- required for new features -->
Used [svgo](https://github.com/svg/svgo) to optimize the svgs. I kept the `viewBox` attribute to keep the aspects when SVGs are rescaled.
I also added `insert_final_newline = false` to the `.editorconfig` file because the newlines are removed from the SVGs and there's only one line left.
Commits
-------
4614cea9d2 Optimize SVGs
This PR was merged into the 3.4 branch.
Discussion
----------
property normalizer should also pass format and context to isAllowedAttribute
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | found while working on https://github.com/symfony/symfony/pull/30888
| License | MIT
| Doc PR | -
the context and format are optional parameters to `isAllowedAttribute`, but should be forwarded. due to this omission, the PropertyNormalizer was ignoring the 'attributes' context option (and does in version 4 also ignore the 'ignore_attributes' context option - that one is a property on the normalizer class in version 3 and therefore not ignored here)
Commits
-------
13e2fb735d property normalizer should also pass format and context to isAllowedAttribute
* 3.4:
Show more accurate message in profiler when missing stopwatch
CS Fixes: Not double split with one array argument
Remove redundant animation prefixes
Remove redundant `box-sizing` prefixes
Rework firewall access denied rule
fixed CS
Fix missing $extraDirs when open_basedir returns
This PR was merged into the 3.4 branch.
Discussion
----------
CS Fixes: Not double split with one array argument
| Q | A
| ------------- | ---
| Branch? | 3.4 (master from #31063)
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | None
| License | MIT
| Doc PR | None
Keep to use the same CS in all the Symfony code base.
Use:
```php
$resolver->setDefaults([
'compound' => false
]);
```
Instead of:
```php
$resolver->setDefaults(
[
'compound' => false,
]
);
```
Keep the double split when the method has two or more arguments.
I miss a PSR with this rule.
Commits
-------
a56bf552ad CS Fixes: Not double split with one array argument
Keep to use the same CS in all the Symfony code base.
Use:
```php
$resolver->setDefaults([
'compound' => false
]);
```
Instead of:
```php
$resolver->setDefaults(
[
'compound' => false,
]
);
```
Keep the double split when the method has two or more arguments.
I miss a PSR with this rule.
This PR was squashed before being merged into the 4.2 branch (closes#31026).
Discussion
----------
[Serializer] Add default object class resolver
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The commit 1d8b5af3f0 introduce a BC break because before that commit the `extractAttributes` the `$object` can be a string which contain the fully qualified name of an object.
To fix the BC break and preserve the new feature, I suggest to create a default object class resolver if it is not set by the developer.
Commits
-------
dd5b8f16f5 [Serializer] Add default object class resolver
This PR was merged into the 4.2 branch.
Discussion
----------
[Serializer] MetadataAwareNameConverter: Do not assume that property names are strings
| Q | A
| ------------- | ---
| Branch? | 4.2 (class introduced in v4.2.3)
| Bug fix? | yes
| New feature? | no
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/api-platform/core/pull/2709
| License | MIT
| Doc PR | n/a
When this class was introduced, there was an assumption made about the type of `propertyNames` and therefore a `: ?string` return type was introduced in the fallbacks/normalization private methods. Because symfony doesn't use strict mode yet (compatibility issues with php IIRC), when using a non-string property name (for example the integer `0` which is a valid property name in an array), it will convert the integer to a string.
This is not good, especially if you have a name converter that returns the given property name (ie no transformation) you'll have it's type changed which isn't correct.
I've discovered this bug while working on adding this name converter in api platform (https://github.com/api-platform/core/pull/2709).
Commits
-------
af1e136ca0 MetadataAwareNameConverter: Do not assume that property names are strings
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Rework firewall's access denied rule
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~~#30099~~, #28229
| License | MIT
| Doc PR |
Follow tickets provided above to reproduce bugs. (there are also some project examples)
~~In addition, I'm looking for someone who knows an answer to [this](https://github.com/symfony/symfony/issues/30099#issuecomment-468693492) regarding rework in this PR.~~
Commits
-------
5790859275 Rework firewall access denied rule
This PR was merged into the 4.2 branch.
Discussion
----------
[Console] fix buildTableRows when Colspan is use with content too long
| Q | A
| ------------- | ---
| Branch? | 4.2 for bug fixes
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes ( new test added TableTest::testWithColspanAndMaxWith)
| Fixed tickets | https://github.com/symfony/symfony/issues/30701
| License | MIT
| Doc PR | no
<!-- fix for keeping ColumnMaxwith when Content is too long
Commits
-------
1cf9659b5f fix buildTableRows when Colspan is use with content too long
This PR was merged into the 4.2 branch.
Discussion
----------
[Serializer] take setIgnoredAttributes() deprecation into account
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
4134be127a take setIgnoredAttributes() deprecation into account
* 3.4:
[Serializer] Respect ignored attributes in cache key of normalizer
fix resetting the COLUMN environment variable
Fix TestRunner compatibility to PhpUnit 8
prevent mixup of the object to populate
This PR was squashed before being merged into the 3.4 branch (closes#30907).
Discussion
----------
[Serializer] Respect ignored attributes in cache key of normalizer
EUFOSSA
| Q | A
| ------------- | ---
| Branch | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Do not share the attributes cache in object normalizer when using a different setting for the ignoredAttributes setting.
In Symfony 4.2, the setter is deprecated in favor of the ignored_attibutes option in the $context. When merging this up, we will however still need to respect the field as well for BC, the cache key does not look at the default context (apart from the deprecated modifiers, the default context is immutable)
There might be performance regression for some use cases, but also could be a performance improvement when using 'attributes' in the context with lists of objects of the same class.
Commits
-------
926d228877 [Serializer] Respect ignored attributes in cache key of normalizer
This PR was merged into the 3.4 branch.
Discussion
----------
[serializer] prevent mixup in normalizer of the object to populate
EUFOSSA
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
OBJECT_TO_POPULATE is meant to specify the top level object. The implementation left the option in the context and it would be used whenever we have the first element that matches the class. #30607 (to master) introduces the feature to also keep the instances of attributes to deeply populate an existing object tree. In both cases, we do not want the mix up to happen with what the current OBJECT_TO_POPULATE is.
Commits
-------
fdb668e051 prevent mixup of the object to populate
This PR was merged into the 3.4 branch.
Discussion
----------
Make tests independent from each other
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | n/a
Environment variables set in a test need to be restored to their
previous values or unset if we want to be able to run tests
independently.
Credits to @ostrolucky for spotting this issue, I'm available for help when merging this in more recent branch (issues may appear then).
Created during the EU-FOSSA hackathon
Commits
-------
00883fc409 Make tests independent from each other
* 3.4:
fix PHPUnit 4.8 compatibility
[Debug] Fixed error handling when an error is already handled when another error is already handled (5)
sync validator translations
This PR was merged into the 3.4 branch.
Discussion
----------
[Debug] Fixed error handling when an error is already handled when another error is already handled (5)
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
---
Please, don't ask how to reproduce it :)
Commits
-------
a36c7315f4 [Debug] Fixed error handling when an error is already handled when another error is already handled (5)
This PR was squashed before being merged into the 3.4 branch (closes#30979).
Discussion
----------
Fix the configurability of CoreExtension deps in standalone usage
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | not yet, but will allow fixing them
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
When using the Forms entrypoint to configure the component, there was no chance to configure dependencies of the CoreExtension, as the one registered without argument was first and would win.
The builder now delays the prepending of the CoreExtension to do it only if the CoreExtension is not registered explicitly.
We discovered that when trying to fix tests for the FileType, where we wanted to pass a Translator to it.
Commits
-------
934118b131 Fix the configurability of CoreExtension deps in standalone usage
