This PR was squashed before being merged into the 3.4 branch (closes#22124).
Discussion
----------
Shift responsibility for keeping Date header to ResponseHeaderBag
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This is an improvement over #22036. It shifts responsibility for preserving a `Date` header to the `ResponseHeaderBag`.
We already have similar logic there for the `Cache-Control` header.
Commits
-------
5d838360f3 Shift responsibility for keeping Date header to ResponseHeaderBag
This PR was submitted for the 2.7 branch but it was merged into the 3.4 branch instead (closes#23122).
Discussion
----------
Xml encoder optional type cast
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22478
| License | MIT
| Doc PR | n/a
This fixes the issue where certain XML attributes are typecasted when you don't want them to by providing the ability opt out of any typecasting of xml attributes via an option in the context. If this is approved, then I'll add docs in the serializer component describing the new context option.
Commits
-------
8f6e67d319 XML Encoder Optional Type Cast
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Adds support to check specific DNS record type for URL
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
URL validation with the `checkDNS` option can time out for some international registrars or for reasons unknown. When the `URL` constraint is implemented, the context may logically allow for a single DNS record type to be checked, which is less prone to timing out. This updates the `checkDNS` option value to be one of any valid for the underlying `checkdnsrr()` method with backwards compatibility for the original boolean value.
Commits
-------
e66d8f1bef [Validator] Adds support to check specific DNS record type for URL
This PR was squashed before being merged into the 3.4 branch (closes#22629).
Discussion
----------
[Security] Trigger a deprecation when a voter is missing the VoterInterface
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Right now it's possible to add voters to the access decision manager that do not have a `VoterInterface`.
- No Interface, no `vote()` method, and it will give a PHP error.
- No Interface, but `vote()` method, it will still work.
- If I don't implement the interface _and_ have no `vote()` method, I will get weird exception that's not meaningful: `Attempted to call an undefined method named "vote" of class "App\Voter\MyVoter".`
This PR will deprecate the ability to use voters without the interface, it will also throw a proper exception when missing the interface _and_ the `vote()` method. Why when using and not when setting? Due to the fact that the voters can be set lazily via the `IteratorArgument`. The SecurityBundle will trigger a deprecation if the interface is not implemented and an exception if there's not even a `vote()` method present (to prevent exceptions at run-time).
This should have full backwards compatibility with 3.3, but give more meaningful errors. The only behavioral difference, might be that the container will throw an exception instead of maybe succeeding in voting when 1 voter would be broken at the end of the list (based on strategy). This case however, will be detected during development and deployment, rather than run-time.
Commits
-------
9c253e1ff6 [Security] Trigger a deprecation when a voter is missing the VoterInterface
This PR was merged into the 3.4 branch.
Discussion
----------
[Yaml] Deprecate using the non-specific tag
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Values tagged with the non-specific tag must not be transformed in an integer, this tag means that they must not be evaluated (see [the spec](http://www.yaml.org/spec/1.2/spec.html#tag/non-specific/)).
I applied this change in https://github.com/symfony/symfony/pull/22762 to comply with the spec.
Commits
-------
60f5046661 [Yaml] Deprecate using the non-specific tag
This PR was merged into the 3.4 branch.
Discussion
----------
Consistent error handling in remember me services
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | yes
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
RememberMeServices lacked consistent error handling so far making it impossible for implementors to e.g. maintain sufficiently detailed audit logs for remember me errors. Since remember me is a very sensitive area in any application, detailed logging is crucial.
The change proposed allows `loginFail` to optionally take the exception object as a second parameter and uses said exception consistently internally by calling `loginFail` instead of `cancelCookie`.
Commits
-------
eda1888f71 Consistent error handling in remember me services
This PR was merged into the 3.4 branch.
Discussion
----------
[Serializer] DateTimeNormalizer: allow to provide timezone
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
My own use-case was for denormalization of a csv file provided by a third-party. The datetime format inside does not contain any timezone information, and won't change, but it's established to be UTC (or at least consistent).
So by providing the new `datetime_timezone` option, the returned instance of `\DateTime(Interface)` will properly be set with the expected timezone. (In case the format already supports the time offset, the provided timezone is ignored in favor of the one parsed by the `\DateTime` object)
Regarding normalization, the expected behavior of this feature is to consistently return the same time offset.
Commits
-------
c10a780afb [Serializer] DateTimeNormalizer: allow to provide timezone
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Reference instead of inline for array-params
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
- [x] Tests to be written.
This PR is part of my "container on a diet" quest.
When big array parameters are resolved, they create data duplication in the dumped container. This is even worse when the same big array parameters are used several times.
Even though OPcache stores static arrays in shared memory (php7), it does not deduplicate them (it does for strings.)
Instead of inlining arrays, this PR leverages the `$this->parameters` property when possible.
Commits
-------
7c3d0c7a46 [DI] Reference instead of inline for array-params
This PR was squashed before being merged into the 3.4 branch (closes#23154).
Discussion
----------
[WebProfilerBundle] Sticky ajax window
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23125
| License | MIT
| Doc PR | -
This toggles the ajax toolbar block being sticky on click. I find it quite useful in heavy ajax apps :)
Not sure the state needs to be persisted in local storage or so, could be done :) however for our app all the navigating happens via react router, hence no real need for us to persist it between requests.
Commits
-------
b92929b0be [WebProfilerBundle] Sticky ajax window
* 3.3:
[TwigBundle] Add Doctrine Cache to dev dependencies
[Yaml] Fix linting yaml with constants as keys
[Routing] Revert the change in [#b42018] with respect to Routing/Route.php
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] Deprecate useless --no-prefix option
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
It was a workaround, not needed since https://github.com/symfony/symfony/pull/21228. Let's deprecate it and remove it in 4.0.
Commits
-------
f7afa777d8 [FrameworkBundle] Deprecate useless --no-prefix option
This PR was merged into the 3.4 branch.
Discussion
----------
[TwigBundle] Add Doctrine Cache to dev dependencies to fix failing unit tests
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | None
| License | MIT
| Doc PR | N/A
Currently, the unit tests of TwigBundle are failing because Doctrine Cache is missing. Before the changes of #23131, this dependency was pulled via FrameworkBundle. This PR adds Doctrine Cache to the dev dependencies of TwigBundle, so the tests pass again.
```
There were 3 errors:
1) Symfony\Bundle\TwigBundle\Tests\CacheWarmingTest::testCacheIsProperlyWarmedWhenTemplatingIsAvailable
Symfony\Component\DependencyInjection\Exception\LogicException: Annotations cannot be enabled as the Doctrine Cache library is not installed.
2) Symfony\Bundle\TwigBundle\Tests\CacheWarmingTest::testCacheIsProperlyWarmedWhenTemplatingIsDisabled
Symfony\Component\DependencyInjection\Exception\LogicException: Annotations cannot be enabled as the Doctrine Cache library is not installed.
3) Symfony\Bundle\TwigBundle\Tests\NoTemplatingEntryTest::test
Symfony\Component\DependencyInjection\Exception\LogicException: Annotations cannot be enabled as the Doctrine Cache library is not installed.
```
Commits
-------
2dfde58851 Add Doctrine Cache to dev dependencies to fix failing unit tests.
This PR was merged into the 3.3 branch.
Discussion
----------
[Yaml] Fix linting yaml with constants as keys
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23167
| License | MIT
| Doc PR | n/a
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the 3.4,
legacy code removals go to the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
55a8d35e64 [Yaml] Fix linting yaml with constants as keys
This PR was submitted for the master branch but it was merged into the 3.3 branch instead (closes#23121).
Discussion
----------
[Routing] Revert the change in [#b42018] with respect to Routing/Route.php
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21090#23109
| License | MIT
| Doc PR |
...because it breaks BC with third-party code which, for instance, might use a subclass of CompiledRoute within the options portion of the Route. Refers to https://github.com/symfony/symfony/pull/21090 and https://github.com/symfony/symfony/issues/23109
Commits
-------
f09893bed4 [Routing] Revert the change in [#b42018] with respect to Routing/Route.php
This PR was merged into the 3.4 branch.
Discussion
----------
[SecurityBundle][Profiler] Give info about called security listeners in profiler
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11134
| License | MIT
| Doc PR | n/a
Currently the profiler gives no info about security listeners (see fixed ticket), this displays each called listener with the time spent at calling it and its response if any.
![preview](https://image.prntscr.com/image/Wx-n-Ni_RQK5JGTdTZsdGw.png)
Commits
-------
369f19fcfd Give info about called security listeners in profiler
This PR was merged into the 3.4 branch.
Discussion
----------
Fix the usage of FrameworkBundle in debug mode without Stopwatch
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
https://github.com/symfony/symfony/pull/23148 removed the loading of the debug.xml file when Stopwatch is not installed.
While all services defined in it are related to Stopwatch, the parameter was not (it is related to dumping the debug container in the compiler pass), which was breaking the usage of the bundle in debug mode without Stopwatch (exception triggered in the compiler pass)
Commits
-------
2ea26c1ffe Fix the usage of FrameworkBundle in debug mode without Stopwatch
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] drop hard dependency on the Stopwatch component
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | related to symfony/flex#14
| License | MIT
| Doc PR |
Commits
-------
8d70ca0ff4 drop hard dependency on the Stopwatch component
This PR was squashed before being merged into the 3.4 branch (closes#23131).
Discussion
----------
[FrameworkBundle] Remove dependency on Doctrine cache
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | yes
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | related to symfony/flex#14
| License | MIT
| Doc PR | n/a
In our quest to remove hard dependencies, I propose to remove `doctrine/cache` from the default dependencies on the Framework bundle. That's possible now as we have PSR6 cache support in Symfony and because Doctrine cache is only used for the validator mapping cache.
The two other occurrences are for the serializer (already deprecated in 3.3) and for annotations, where we need to keep it, but as Doctrine annotations is already optional, that's not an issue.
Commits
-------
a4e336ea34 [FrameworkBundle] removed doctrine/cache as a dependency
b57895ccaf [FrameworkBundle] deprecated validator.mapping.cache.doctrine.apc
* 3.3:
Fix the conditional definition of the SymfonyTestsListener
[DI] Fix keys resolution in ResolveParameterPlaceHoldersPass
[EventDispatcher] Remove dead code in WrappedListener
Fix non-dumped voters in security panel
[Yaml] Remove line number in deprecation notices
[SecurityBundle] Made 2 service aliases private
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] Fix colliding service ids
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Rereading #23044, I realized that `routing.loader.directory` is already used, so it should be changed.
Commits
-------
a4d799ad0e [FrameworkBundle] Fix colliding service ids
This PR was merged into the 3.3 branch.
Discussion
----------
[DI] Fix keys resolution in ResolveParameterPlaceHoldersPass
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Keys are resolved in 3.2, but we broke that when moving to AbstractRecursivePass.
Commits
-------
9251a2143d [DI] Fix keys resolution in ResolveParameterPlaceHoldersPass
This PR was merged into the 3.3 branch.
Discussion
----------
Fix the conditional definition of the SymfonyTestsListener
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This is a continuation of the attempts at fixing the PHPUnit 5 compatibility layer for the listener.
The signature mismatch error still happened when using the PHPUnit PHAR instead of a source install (hint: people using `simple-phpunit` are using a source install).
It looks like the class definition gets loaded by PHP before executing the code placed above it (and so the early return breaks). Putting the code inside a `else` instead works fine (the class definition probably cannot bubble up).
The known difference between the PHAR and a source install is that the source install relies on autoloading while the PHAR loads all PHPUnit classes through `require_once` eagerly (and so the parent class already exists when using the Symfony file).
@jpauli is it an expected behavior that early returns before class definitions don't work consistently ?
Regarding the patch itself, an alternative would be to move the PHPUnit 6+ implementation to a dedicated class instead, and use a `class_alias` for the else clause too. But I don't think it is worth it.
Commits
-------
0ec8b1c1ff Fix the conditional definition of the SymfonyTestsListener
This PR was merged into the 3.4 branch.
Discussion
----------
[Console] remove now useless condition
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
c9c3495fc0 remove now useless condition
This PR was merged into the 3.4 branch.
Discussion
----------
[SecurityBundle] Lazy load security listeners
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | yes (edge case)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Each of them is heavy and unused if a previous one sets a response or breaks in the middle.
Commits
-------
e3ee6bc349 Lazy load security listeners