This PR was merged into the 4.4 branch.
Discussion
----------
[4.4] Disallow symfony/contracts v2
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
Travis is red at the moment because unit tests on 4.4 are run against the incompatible event dispatcher contracts v2. https://travis-ci.org/symfony/symfony/jobs/609622341#L4719-L4725
~~This PR proposes to switch to individual packages, so we can specifically disallow those incompatible contracts.~~
This PR pins the `symfony/contracts` package to v1.1 on `symfony/symfony`.
Commits
-------
f2dc2d6d8b Disallow symfony/contracts v2.
This PR was merged into the 4.4 branch.
Discussion
----------
[Security] Fix defining multiple roles per access_control rule
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/12371 needs to be reverted
#33584 deprecated passing multiple attributes to `AccessDecisionManager::decide()`, but this change must not impact `access_control` as you cannot define multiple rules with the same criteria for request matching (the first match wins).
Commits
-------
338b3dfd9f [Security] Fix defining multiple roles per access_control rule
This PR was merged into the 4.4 branch.
Discussion
----------
[Messenger] Fixed bad event dispatcher mocks
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
`EventDispatcherInterface::dispatch()` must return the passed event object. This PR fixes two mocks that violated this contract.
Commits
-------
103930039b [Messenger] Fixed bad event dispatcher mocks.
This PR was merged into the 3.4 branch.
Discussion
----------
[Routing] revert the return type for UrlGeneratorInterface::generate to remove null
…to remove null
| Q | A
| ------------- | ---
| Branch? | 3.4 (only)
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| License | MIT
Bit of a casualty of commit tennis this:
A change to add `null` here as an option for how `UrlGeneratorInterface::generate()` (rather than the concrete `UrlGenerator`) was merged in https://github.com/symfony/symfony/pull/28321, but then [reverted](90494c20cc) for the reason [that this could be seen as a BC break](https://github.com/symfony/symfony/pull/28321#issuecomment-418540080), as the `null` return had not previously been documented (and is still not as part of the interface method docs).
However, in a subsequent change (https://github.com/symfony/symfony/pull/33252) with a wider scope, this doc change was added _back_ in order to reflect the underlying implementation as a result of a PHPStorm plugin complaining. There's no indication though of what a `null` return here though would mean, and for the same reason as the first revert (that this should be seen as a BC break), I'd like to submit this to be reverted for the 3.4 branch. (In 4.4 the `null` has already been removed.)
Having the interface indicating that this method can return `null` necessitates introducing a lot of actually redundant null checks in code that is covered by static analysis tools such as PHPStan.
Commits
-------
9f853f324f [Routing] revert the return type for UrlGeneratorInterface::generate to remove null
This PR was merged into the 4.3 branch.
Discussion
----------
[Workflow] Simplified EventDispatcherMock
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
This PR simplifies the Workflow component's mock implementation of the event dispatcher by implementing the much simpler contracts interface instead of the full-blown component interface.
Commits
-------
5aee181c83 [Workflow] Simplified EventDispatcherMock.
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpFoundation] Add a way to anonymize IPs
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features --> TODO
This is helpful for GDPR compliance reasons, and it isn't much code saved but it's also good if you don't have to think about how to do it.
Commits
-------
9e62330bc4 [HttpFoundation] Add a way to anonymize IPs
This PR was merged into the 4.4 branch.
Discussion
----------
[DI] Remove LazyString from 4.4, before adding back to the String component
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
In #34190 I'm proposing to move LazyString to the Service contracts, but String might be a better fit actually. Let's remove the class from 4.4 where it's not really needed, and add it back on 5.0 in the String component.
Commits
-------
b1a3ee76ac [DI] Remove LazyString from 4.4, before adding back to the String component
This PR was merged into the 4.3 branch.
Discussion
----------
[Workflow] Fix error when we use ValueObject for the marking property
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#28203#22031
| License | MIT
Fix Illegal offset type in `MethodMarkingStore` class when we use Value Object for
the marking property.
Now, we can avoid to use only a string an we can have a Subject class with a Value Object like this :
```php
final class State
{
public const DRAFT = 'draft';
public const REVIEWED = 'reviewed';
public const REJECTED = 'rejected';
public const PUBLISHED = 'published';
/** @var string */
private $state;
public function __construct(string $state)
{
// some validation
$this->state = $state;
}
public function __toString()
{
return $this->state;
}
public static function Draft()
{
return new self(self::DRAFT);
}
...
}
final class Subject
{
private $marking;
public function __construct(State $marking = null)
{
$this->marking = $marking;
}
public function getMarking()
{
return $this->marking;
}
public function setMarking($marking)
{
$this->marking = $marking instanceof State ? $marking : new State($marking);
}
```
Commits
-------
6570d5cbe2 Fix error when we use VO for the marking property
This PR was merged into the 4.4 branch.
Discussion
----------
[Console] Add support for NO_COLOR env var
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| License | MIT
| Doc PR |
Adds support for https://no-color.org/ - ideally this would be considered a bugfix and added to older releases IMO, but submitting as new feature for now.
cc @johnstevenson
Commits
-------
c1b0a8e956 Add support for NO_COLOR env var
This PR was merged into the 4.4 branch.
Discussion
----------
[DI][FrameworkBundle] add EnvVarLoaderInterface - remove SecretEnvVarProcessor
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This PR allows encrypting any env vars - not only those using the `%env(secret:<...>)%` processor (and the processor is removed actually).
It does so by introducing a new `EnvVarLoaderInterface` (and a corresponding `container.env_var_loader` tag), which are objects that should return a list of key/value pairs that will be accessible via the regular `%env(FOO)%` syntax.
The PR fixes a few issues found meanwhile. One is especially important: files in the vault should end with `.php` to protect against inadvertant exposures of the document root.
Commits
-------
ba2148fff3 [DI][FrameworkBundle] add EnvVarLoaderInterface - remove SecretEnvVarProcessor
This PR was merged into the 4.4 branch.
Discussion
----------
[DependencyInjection] Added option `ignore_errors: not_found` for imported config files
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | symfony/symfony-docs#11647
If someone want to add optional config file. The only available choice was to add `ignore_errors: true` option
e.g.
```
imports:
- { resource: parameters.yml, ignore_errors: true }
```
But this will hide all errors in imported file. We ran in many situations that broke our Symfony applications because we had a typo in this imported files.
This PR introduce new possible value `not_found` for `ignore_errors` option. It can be used for optional config files like the `ignore_errors: true`, but it will ignore only the file non-existence, not the possible syntax errors inside.
Usage:
```
imports:
- { resource: parameters.yml, ignore_errors: not_found}
```
Commits
-------
e0ee01c10d [DependencyInjection] Added option `ignore_errors: not_found` while importing config files
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] fix SodiumVault after stof review
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
As spotted by @stof in https://github.com/symfony/symfony/pull/34275#pullrequestreview-313355834
Commits
-------
a594599078 [FrameworkBundle] fix SodiumVault after stof review
* 4.3:
[DI] Dont cache classes with missing parents
[HttpClient] Fix a crash when calling CurlHttpClient::__destruct()
[Validator] Add the missing translations for the Hebrew (\"he\") locale and fix 2 typos
[FrameworkBundle][Translation] Invalidate cached catalogues when the scanned directories change
This PR was merged into the 4.3 branch.
Discussion
----------
[HttpClient] Fix a crash when calling CurlHttpClient::__destruct()
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a
| License | MIT
| Doc PR | n/a
I've not identified the exact issue, but when the profiler is enabled, an HttpClient instance is created and not used, then a crash occurs when `__destruct()` is called because `$this->mutli->handle` value is `0` has this point, while `curl_multi_setopt` expect a `resource`.
This PR fixes the issue, but it's maybe not the good approach.
Reproducer: symfony/mercure-bundle#14
curl version: 7.67.0
```
php -v
PHP 7.3.11 (cli) (built: Oct 24 2019 11:29:52) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.3.11, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.3.11, Copyright (c) 1999-2018, by Zend Technologies
with blackfire v1.27.1~mac-x64-non_zts73, https://blackfire.io, by Blackfire
```
Commits
-------
d2c5ffda52 [HttpClient] Fix a crash when calling CurlHttpClient::__destruct()
This PR was merged into the 4.4 branch.
Discussion
----------
Unallow symfony/http-kernel ^5.0
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/pull/34265#discussion_r343739637
| License | MIT
| Doc PR | -
The components that have a data collector cannot be compatible with HttpKernel `DataCollectorInterface` 5.0.
Commits
-------
da454db947 Unallow symfony/http-kernel ^5.0