* 5.2:
[Uid] fix checking for valid UUIDs
[Validator] Fix DebugCommand
check parent types for label_format and translation_domain
[HttpKernel] Configure the ErrorHandler even when it is overriden
Allow relative path to composer cache
[RateLimiter] Fix infinite values with NoLimiter
This PR was merged into the 5.1 branch.
Discussion
----------
[Uid] fix checking for valid UUIDs
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Some versions of `uuid_type()` trigger a PHP warning. This handles it.
Commits
-------
7daef4ff6d [Uid] fix checking for valid UUIDs
This PR was squashed before being merged into the 5.3-dev branch.
Discussion
----------
[Notifier] [Mobyt] Change ctor signature and validate message types
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes (validating the message type)
| Deprecations? | no
| Tickets | ---
| License | MIT
| Doc PR | ---
cc @Deamon as you provided the bridge
Commits
-------
e5e2cd4b9f [Notifier] [Mobyt] Change ctor signature and validate message types
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Notifier] Check for MercureBundle in MercureTransportFactory
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
https://github.com/symfony/symfony/pull/39903 has removed the check for `MercureBundle` from the `FrameworkExtension`.
The following PR is re-adding that check but in the `MercureTransportFactory` class.
Commits
-------
49bbbc1ed5 [Notifier] Check for MercureBundle in Factory
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Security] Randomize CSRF token to harden BREACH attacks
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | TODO
This PR randomize the CSRF token in each request in order to hardening the [BREACH attack](https://en.wikipedia.org/wiki/Cross-site_request_forgery)
Commits
-------
8b01095933 Randomize CSRF token to harden BREACH attacks
This PR was merged into the 5.2 branch.
Discussion
----------
[RateLimiter] Fix infinite values with NoLimiter
| Q | A
| ------------- | ---
| Branch? | 5.2
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#39899
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 5.x.
-->
See #39899. I don't find any solution to convert `\INF` constant (which is a float value) to an integer.
Commits
-------
4f9eedfcf7 [RateLimiter] Fix infinite values with NoLimiter
This PR was squashed before being merged into the 5.2 branch.
Discussion
----------
[Validator] Fix DebugCommand
| Q | A
| ------------- | ---
| Branch? | 5.2
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 5.x.
-->
Commits
-------
1eb13767fc [Validator] Fix DebugCommand
This PR was merged into the 4.4 branch.
Discussion
----------
[PhpUnitBridge] Allow relative path to composer cache
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | fix#37652
| License | MIT
| Doc PR | -
When users defines a relative path in the `COMPOSER_CACHE_DIR` env variable,
The `simple-phpunit` code, by changing the directory (with `chdir`), give to composer a different context. At the end, composer stores its cache inside the `vendor/bin/.phpunit` folder, and inside the `vendor/bin/.phpunit/phpunit-X.Y.Z` folder.
This PR convert the relative path provided by the user into Absolute path.
Commits
-------
cde0ffdc83 Allow relative path to composer cache
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpKernel] Configure the ErrorHandler even when it is overriden
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Fixes the part of https://github.com/getsentry/sentry-symfony/issues/421 that is about `DebugHandlersListener`.
Commits
-------
31817b48e2 [HttpKernel] Configure the ErrorHandler even when it is overriden
* 5.2:
fix test
"export-ignore" contracts and phpunit-bridge
[Console][Command] Fix Closure code binding when it is a static anonymous function
Use class const in test
[Security] [HttpFoundation] Use class const in test
[Notifier] [OvhCloud] “Invalid signature” for message with slashes
Remove wrong test
[PropertyInfo] Fix breaking change with has*(arguments...) methods
[Uid] Unable to extend Uuid/Ulid and use fromString()
Fix typo in property name
* 5.1:
"export-ignore" contracts and phpunit-bridge
[Console][Command] Fix Closure code binding when it is a static anonymous function
Use class const in test
[Security] [HttpFoundation] Use class const in test
[PropertyInfo] Fix breaking change with has*(arguments...) methods
This PR was merged into the 5.2 branch.
Discussion
----------
[Notifier] fix test
| Q | A
| ------------- | ---
| Branch? | 5.2
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
542dddca9a fix test
This PR was merged into the 5.1 branch.
Discussion
----------
[PropertyInfo] Fix breaking change with has*(arguments...) methods
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#39885
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 5.x.
-->
Until 5.0:
```php
class Dummy
{
private $elements;
public function hasElement($element): bool
{
// ...
}
}
$extractor = new ReflectionExtractor();
$extractor->isReadable('Dummy', 'element'); // false
```
After 5.0:
```php
class Dummy
{
private $elements;
public function hasElement($element): bool
{
// ...
}
}
$extractor = new ReflectionExtractor();
$extractor->isReadable('Dummy', 'element'); // true => BREAKING CHANGE
```
Commits
-------
37cc16e3d8 [PropertyInfo] Fix breaking change with has*(arguments...) methods
This PR was merged into the 4.4 branch.
Discussion
----------
"export-ignore" contracts and phpunit-bridge
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#39934
| License | MIT
| Doc PR | -
Since these directories are not autoloaded.
Commits
-------
12e19a9a3d "export-ignore" contracts and phpunit-bridge
This PR was merged into the 4.4 branch.
Discussion
----------
[Console] [Command] Fix Closure code binding when it is a static anonymous function
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
I'm building a single command application and I did:
```php
->setCode(static function (InputInterface $input, OutputInterface $output): void {
// my code
})
```
and it results in a warning `Cannot bind an instance to a static closure` + an exception `You must override the execute() method in the concrete command class.` I guess we should silently fail here if the Closure is not bindable.
Commits
-------
18d426871e [Console][Command] Fix Closure code binding when it is a static anonymous function
This PR was merged into the 5.1 branch.
Discussion
----------
Use class const in test
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | ---
| License | MIT
| Doc PR | ---
super minor, same as #39930, but for `5.1`
I will finish this PR after #39930 is merged and upmerged
Commits
-------
4a98eeecdc [Security] [HttpFoundation] Use class const in test
This PR was merged into the 4.4 branch.
Discussion
----------
Use class const in test
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | ---
| License | MIT
| Doc PR | ---
super minor
Commits
-------
39181f4fdf Use class const in test
This PR was squashed before being merged into the 5.1 branch.
Discussion
----------
[Notifier] [OvhCloud] “Invalid signature” for message with slashes
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#39836 <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
Test to show issue of invalid signature when message contains slash.
Commits
-------
9f01fb84b7 [Notifier] [OvhCloud] “Invalid signature” for message with slashes
This PR was merged into the 4.4 branch.
Discussion
----------
[SecurityBundle] Remove wrong test
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This tests, asserts that all links to logout are identical, which is wrong and incompatible with BREACH mitigation #39919
Commits
-------
91c360ec75 Remove wrong test