* 4.4:
[Serializer][Validator] Update some phpDoc relative to "getters"
Update README.md
[SecurityBundle] Empty line starting with dash under "access_control" causes all rules to be skipped
[Cache] Apply NullAdapter as Null Object
This PR was merged into the 5.2 branch.
Discussion
----------
[WebProfilerBundle] Use ControllerReference instead of URL in twig render()
| Q | A
| ------------- | ---
| Branch? | 5.2
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#40709
| License | MIT
| Doc PR |
Use `ControllerReference` instead of `UrlGenerator`'s URL. Helps to deal with different baseUrl
Feel free to help me with some advice. Thank you in advance
Commits
-------
f2ee8bc7ae [WebProfiler] Use ControllerReference instead of URL in twig render()
This PR was squashed before being merged into the 5.3-dev branch.
Discussion
----------
[Security] Stop using a shared changelog for our security packages
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
I understand there are historical reasons for why our four security packages share a changelog. However, I dont believe it makes much sense moving forward.
I suggest that ~~6.0~~ will start using separate changelogs.
#### Update
Lets start in 5.4 for the reasons explained by Christophe
Commits
-------
0b1103ae48 [Security] Stop using a shared changelog for our security packages
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Security] [LoginLink] remove experimental
| Q | A
| ------------- | ---
| Branch? | 5.3
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | tbd
Symfony's new security Login Link functionality is no longer experimental as of 5.3
Commits
-------
f2842f26e7 [Security][LoginLink] remove experimental
This PR was merged into the 5.3-dev branch.
Discussion
----------
Fixed the deprecation message about Master/Main requests
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
I saw this while running tests in an app just updated to 5.x version:
```
Remaining direct deprecation notices (61)
61x: Since symfony/http-kernel 5.3: "%s()" is deprecated, use "isMainRequest()" instead.
```
Commits
-------
65f7408c61 Fixed the deprecation message about Master/Main requests
This PR was squashed before being merged into the 5.3-dev branch.
Discussion
----------
[Workflow] Add Mermaid.js dumper
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | #40165
| License | MIT
| Doc PR | symfony/symfony-docs#15102
Mermaid is - next to PlantUML - one of the most popular simple graphing solutions. This workflow dumper mirrors the feature set of the PlantUML dumper except that Mermaid does not currently support colored transitions.
**Things I need help with:**
- ~I basically tried to copy the code style of the surrounding files and hope everything is conforming. Please let me know if I missed something.~ I see, that's the magic of fabbot. Nice. ❤️
- There are currently no tests for the different graph direction constants, I can add those, just did not see value in doing so yet.
- I am unsure how to integrate this with the current documentation. This however is likely better discussed in the corresponding issue (see above).
Commits
-------
ada6f7d315 [Workflow] Add Mermaid.js dumper
This PR was merged into the 5.3-dev branch.
Discussion
----------
[DependencyInjection] Allow calling custom processors directly on EnvConfigurator
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
This is a proposition of addition to the feature added by https://github.com/symfony/symfony/pull/40682 to allow calling custom processors in the same way we call builtin ones. This is not perfect since it doesn't allow auto-completion for these custom methods but I think this provides a cleaner API for custom processors.
Commits
-------
1d008f76da Allow calling custom processors directly on EnvConfigurator
This PR was merged into the 5.3-dev branch.
Discussion
----------
[MonologBridge] Reset loggers on workers
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
This PR tries to solve some problems with buffered handlers (FingerCrossed) in workers.
Let's consider the default configuration (`stop_buffering: true`):
- When the threshold is crossed, all logs are flushed. Logs for the current message but also logs of previous messages in the buffer. Although buffer is limited `buffer_size`, it's a shame to keep logs of previous messages.
- When the threshold is crossed, buffering is disabled. So finger crossed configuration is not used anymore, all the logs are flushed as soon as they are written.
Then with (`stop_buffering: false`) (why isn't this the default configuration ?)
- It's a bit better since buffering isn't disabled when the threshold is crossed
- Like with `stop_buffering: true`, logs of previous messages are kept in memory
In a similar way of `DoctrineClearEntityManagerWorkerSubscriber`, this PR adds a `ResetLoggersWorkerSubscribber` to reset resettable loggers.
Integration in Monolog bundle: symfony/monolog-bundle#403
Commits
-------
1d2f7f1f87 [Messenger] Reset loggers on workers
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[Serializer][Validator] Update some phpDoc relative to "getters"
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yesish (phpDoc unaccurate after code updates)
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
5046500deb [Serializer][Validator] Update some phpDoc relative to "getters"
This PR was merged into the 4.4 branch.
Discussion
----------
Update README.md
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | yes as doc
| Tickets | see desc
| License | MIT
| Doc PR | .
Related to https://packagist.org/packages/symfony/web-server-bundle/stats
Also I do have a question, do Symfony uses the https://getcomposer.org/doc/04-schema.md#abandoned feature?
It can be useful I think
I’ve seen many differents way, inside the repo readme, via github repo description with [DEPRECATED], even marking the repo as readonly
IMHO a similar aproach should be done for all packages of the organisation :)
Commits
-------
37b19d9c06 Update README.md
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Security] Deprecate using UsageTrackingTokenStorage outside the request-response cycle
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | yes
| New feature? | no
| Deprecations? | yes
| Tickets | Fix#40778
| License | MIT
| Doc PR | -
Currently, you get an "There is currently no session available" exception when using the `security.token_storage` service outside the main request-response cycle (e.g. in a `kernel.terminate` listener). This PR deprecates such usage and requires developers to update their definitions to explicitly use `security.untracked_token_storage` instead.
A different solution would be to silently disable tracking in these cases, but I think that might create some unnecessary technical debt.
Commits
-------
7452476156 [Security] Fix UsageTrackingTokenStorage outside the request cycle
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Messenger] Add X-Ray trace header support to the SQS transport
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
aws documentation: https://docs.aws.amazon.com/xray/latest/devguide/xray-services-sqs.html
Commits
-------
5fa7ff9541 [Messenger] Added X-Ray trace header support to the SQS transport
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[SecurityBundle] Empty line starting with dash under "access_control" causes all rules to be skipped
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#40235 ... <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
When the IDE by mistake puts an empty line in `access_control` in security.yaml there is no warning that we have an empty row, making the rest of routes defined, to be ignored and possible to be accessed by anyone that can authenticate no matter the role.
# How to reproduce the issue
- git clone git@github.com:monteiro/symfony-issue-40235.git
- composer install
- symfony server:start
- open 127.0.0.1:8000/admin with username: "john_user" and password "123456"
- Since that user has only ROLE_USER should not be able to access the route... but because there is an empty line in "access_control" in `security.yaml`, "by mistake" it is possible to access the protected `ROLE_ADMIN` route.
Commits
-------
ee26ce5987 [SecurityBundle] Empty line starting with dash under "access_control" causes all rules to be skipped
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[Cache] Apply NullAdapter as Null Object
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix https://github.com/symfony/symfony/issues/40753
| License | MIT
<!--| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
There is a problem with the NullAdapter if I have to add an expression to work:
```php
$adapter = new NullAdapter();
$item = new CacheItem();
$item->set('FooBar');
if (!$adapter->save($item) && !($adapter instanceof NullAdapter)) {
throw new Exception('Uoh oh');
}
```
So the goal here is to modify the methods that are causing a problem to behave as a Null Object.
Commits
-------
f6818eb7ac [Cache] Apply NullAdapter as Null Object
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Notifier] Inject Mailer instead of service locator for FakeSms and FakeChat
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fixes#40731
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/15206
| Recipe PR | https://github.com/symfony/recipes/pull/930
Until now the locator was not injected and therefore not working.
We decided to make the transport name configurable instead of the service_id.
[How is it working?](https://github.com/symfony/symfony/pull/40739#issuecomment-816609850)
### Todos
* [x] add tests
* [x] test in a real project
Commits
-------
0f6d5079cb [Notifier] Inject Mailer instead of service locator for FakeSms and FakeChat
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[HttpKernel] Minor fixes and tweaks in the Symfony Welcome Page
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | (not needed)
The current "Welcome Page" has a minor issue related to CSS flexbox. See how the "debug mode" text looks in smaller screens:
The solution is to wrap the contents in a HTML element such as `<p>`, but this PR also does some other minor tweaks. This is how it'd look now:
Commits
-------
ee49cfe2b9 [HttpKernel] Minor fixes and tweaks in the Symfony Welcome Page
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpClient] Revert "minor #40768 [PHPDoc] Fix 2 remaining return mixed
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This reverts commit 40d7315202, reversing
changes made to 4e904ec108.
As spotted by the CI and reported in https://github.com/symfony/symfony/pull/40768#issuecomment-817388657
Using `Psr7ResponseInterface|mixed` instead of just `mixed` provides a better DX, by making autocompletion more useful.
Commits
-------
afea0a0dc2 Revert "minor #40768 [HttpClient] [PHPDoc] Fix 2 remaining return mixed (fancyweb)"
* 5.2:
[HttpClient][PHPDoc] Fix 2 remaining return mixed
[Cache] [FrameworkBundle] Fix logging for TagAwareAdapter
[Route] Better inline requirements and defaults parsing
Simplified condition and removed unused code from AbstractSessionListener::onKernelRequest
[PhpUnitBridge] Fix phpunit symlink on Windows
[Yaml] Fixed infinite loop when parser goes through an additional and invalid closing tag
[Form] Fix 'invalid_message' use in multiple ChoiceType
* 4.4:
[HttpClient][PHPDoc] Fix 2 remaining return mixed
[Cache] [FrameworkBundle] Fix logging for TagAwareAdapter
[Route] Better inline requirements and defaults parsing
Simplified condition and removed unused code from AbstractSessionListener::onKernelRequest
[PhpUnitBridge] Fix phpunit symlink on Windows
[Yaml] Fixed infinite loop when parser goes through an additional and invalid closing tag
This PR was merged into the 5.3-dev branch.
Discussion
----------
[TwigBundle] Require TwigBridge 5.3 for SerializerExtension
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Caught while testing 5.x in one of our apps. Without this, you'll get an error when you're using TwigBridge <5.3 with TwigBundle 5.3+:
```
In KernelDevDebugContainer.php line 944:
Attempted to load class "SerializerExtension" from namespace "Symfony\Bridge\Twig\Extension".
```
Commits
-------
e4cedfa21a [TwigBundle] Require TwigBridge 5.3 for SerializerExtension
This PR was merged into the 5.3-dev branch.
Discussion
----------
[DependencyInjection] Add env() and EnvConfigurator in the PHP-DSL
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Recently, I have been using env var processors a lot. This is a proposition to improve the DX a bit when you use the PHP-DSL to configure services.
Firstly, I am "annoyed" by the fact that I can do `param('my_param')` but not `env('MY_ENV')`.
Secondly, long chains of env var processors (eg: `%env(default:my_param:key:path:url:MY_ENV_VAR)` have two issues:
- you must construct and read them in "reverse"
- some env var processor are actually composed of 2 parts (key:path), you don't distinguish them easily from the rest
Before:
```php
->arg('$myArg', '%env(default:my_param:key:path:url:MY_ENV_VAR)%')
```
After:
```php
->arg(
'$myArg',
env('MY_ENV_VAR')
->url()
->key('path')
->default('my_param')
)
```
Custom env var processor would be callable with `->custom('my_custom_env_var_processor')` or you could extend the configurator and add your own methods.
WDYT?
Commits
-------
5f0fe3235f [DependencyInjection] Add env() and EnvConfigurator in the PHP-DSL
This PR was merged into the 4.4 branch.
Discussion
----------
[Routing] Better inline requirements and defaults parsing
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#40749#40701
| License | MIT
| Doc PR |
Remove `!` symbol from requirements and defaults array keys in Route class. Leave `!` symbol in Route compiled path for correct token creation.
**The only restriction I found:**
Important variable can't get default value, only in UrlGenerator.
As mentioned in
0f96ac7484/src/Symfony/Component/Routing/RouteCompiler.php (L217)
they are not optional
Feel free to help me with some advice. Thank you in advance
Commits
-------
2a8c94a871 [Route] Better inline requirements and defaults parsing
Remove ! symbol from requirements and defaults array keys in Route class. Leave ! symbol in Route compiled path for correct token creation
Added some inline route settings tests
This PR was merged into the 4.4 branch.
Discussion
----------
[PhpUnitBridge] Fix phpunit symlink on Windows
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
If the symlink to `.phpunit/phpunit` already exists, unlink is called to remove it. But this fails on Windows (because it is a directory and requires `rmdir`), which in turn causes the subsequent `symlink` call to fail (because it already exists).
Additionally, creating symlinks on Windows requires Administrator permissions (generally), so `.phpunit/phpunit` can never be created for ordinary Users.
This PR uses a junction instead of a symlink on Windows. It also fixes some issues with stderror output and adds some argument escaping.
Commits
-------
ff8093246b [PhpUnitBridge] Fix phpunit symlink on Windows
