Bump symfony/security-bundle from 6.4.0-RC1 to 6.4.2

[dependabot]

Bumps symfony/security-bundle from 6.4.0-RC1 to 6.4.2.

Release notes

Sourced from symfony/security-bundle's releases.

v6.4.2

Changelog (symfony/security-bundle@v6.4.1...v6.4.2)

• bug symfony/symfony#53172 [SecurityBundle] Prevent to login/logout without a request context (@​symfonyaml)
• bug symfony/symfony#52870 [SecurityBundle] Fix redeclaration of InternalSecurity class when opcache preload is active (@​kaznovac)

v6.4.0

Changelog (symfony/security-bundle@v6.4.0-RC2...v6.4.0)

• no significant changes

Changelog

Sourced from symfony/security-bundle's changelog.

CHANGELOG

7.0

• Enabling SecurityBundle and not configuring it is not allowed
• Remove configuration options enable_authenticator_manager, csrf_token_generator and require_previous_session

6.4

• Deprecate Security::ACCESS_DENIED_ERROR, AUTHENTICATION_ERROR and LAST_USERNAME constants, use the ones on SecurityRequestAttributes instead
• Allow an array of pattern in firewall configuration
• Add $badges argument to Security::login
• Deprecate the require_previous_session config option. Setting it has no effect anymore
• Add LogoutRouteLoader

6.3

• Deprecate enabling bundle and not configuring it
• Add _stateless attribute to the request when firewall is stateless and the attribute is not already set
• Add StatelessAuthenticatorFactoryInterface for authenticators targeting stateless firewalls only and that don't require a user provider
• Modify "icon.svg" to improve accessibility for blind/low vision users
• Make Security::login() return the authenticator response
• Deprecate the security.firewalls.logout.csrf_token_generator config option, use security.firewalls.logout.csrf_token_manager instead
• Make firewalls event dispatcher traceable on debug mode
• Add TokenHandlerFactoryInterface, OidcUserInfoTokenHandlerFactory, OidcTokenHandlerFactory and ServiceTokenHandlerFactory for AccessTokenFactory

6.2

• Add the Security helper class
• Deprecate the Symfony\Component\Security\Core\Security service alias, use Symfony\Bundle\SecurityBundle\Security instead
• Add Security::getFirewallConfig() to help to get the firewall configuration associated to the Request
• Add Security::login() to login programmatically
• Add Security::logout() to logout programmatically
• Add security.firewalls.logout.enable_csrf to enable CSRF protection using the default CSRF token generator
• Add RFC6750 Access Token support to allow token-based authentication
• Add security.firewalls.switch_user.target_route option to configure redirect target route on switch user
• Deprecate the security.enable_authenticator_manager config option

6.1

• The security.access_control now accepts a RequestMatcherInterface under the request_matcher option as scope configuration
• The security.access_control now accepts an attributes array to match request attributes in the RequestMatcher
• The security.access_control now accepts a route option to match request route in the RequestMatcher
• Display the inherited roles of the logged-in user in the Web Debug Toolbar

... (truncated)

Commits

• 97d4fb6 Merge branch '6.3' into 6.4
• a185fa0 bug #53172 [SecurityBundle] Prevent to login/logout without a request context...
• fb98e1f [SecurityBundle] Prevent to login/logout without a request context
• 006d0a0 Merge branch '6.3' into 6.4
• 6449980 Merge branch '5.4' into 6.3
• 6477c31 fix typo
• 1a237e7 fix tests
• 8fc60d7 [SecurityBundle] Fix redeclaration of InternalSecurity class when opcache p...
• 57889eb Merge branch '5.4' into 6.3
• 92e24de wire the secret for Symfony 6.4 compatibility
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[sonarcloud]

Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud