search

3035app / pialab-back

GNU Affero General Public License v3.0
8 stars 7 forks source link

Bump symfony/security from 4.1.4 to 4.2.12 #94

Open dependabot[bot] opened 3 years ago

dependabot[bot] commented 3 years ago

Bumps symfony/security from 4.1.4 to 4.2.12.

Changelog

Sourced from symfony/security's changelog.

CHANGELOG

4.4.0

  • Deprecated class LdapUserProvider, use Symfony\Component\Ldap\Security\LdapUserProvider instead
  • Added method needsRehash() to PasswordEncoderInterface and UserPasswordEncoderInterface
  • Added MigratingPasswordEncoder
  • Added and implemented PasswordUpgraderInterface, for opportunistic password migrations
  • Added Guard\PasswordAuthenticatedInterface, an optional interface for "guard" authenticators that deal with user passwords
  • Marked all dispatched event classes as @final
  • Deprecated returning a non-boolean value when implementing Guard\AuthenticatorInterface::checkCredentials().
  • Deprecated passing more than one attribute to AccessDecisionManager::decide() and AuthorizationChecker::isGranted()
  • Added new argon2id encoder, undeprecated the bcrypt and argon2i ones (using auto is still recommended by default.)
  • Added AbstractListener which replaces the deprecated ListenerInterface

4.3.0

  • Added methods __serialize and __unserialize to the TokenInterface
  • Added SodiumPasswordEncoder and NativePasswordEncoder
  • The Role and SwitchUserRole classes are deprecated and will be removed in 5.0. Use strings for roles instead.
  • The getReachableRoles() method of the RoleHierarchyInterface is deprecated and will be removed in 5.0. Role hierarchies must implement the getReachableRoleNames() method instead and return roles as strings.
  • The getRoles() method of the TokenInterface is deprecated. Tokens must implement the getRoleNames() method instead and return roles as strings.
  • Made the serialize() and unserialize() methods of AbstractToken and AuthenticationException final, use __serialize()/__unserialize() instead
  • AuthenticationException doesn't implement Serializable anymore
  • Deprecated the ListenerInterface, turn your listeners into callables instead
  • Deprecated Firewall::handleRequest(), use Firewall::callListeners() instead
  • Dispatch AuthenticationSuccessEvent on security.authentication.success
  • Dispatch AuthenticationFailureEvent on security.authentication.failure
  • Dispatch InteractiveLoginEvent on security.interactive_login
  • Dispatch SwitchUserEvent on security.switch_user
  • Deprecated Argon2iPasswordEncoder, use SodiumPasswordEncoder instead
  • Deprecated BCryptPasswordEncoder, use NativePasswordEncoder instead
  • Added DeauthenticatedEvent dispatched in case the user has changed when trying to refresh the token

4.2.0

  • added the is_granted() function in security expressions
  • deprecated the has_role() function in security expressions, use is_granted() instead
  • Passing custom class names to the Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver to define custom anonymous and remember me token classes is deprecated. To

... (truncated)

Commits
  • ee8a924 [Security\Core] throw AccessDeniedException when switch user fails
  • fda257c Remove dead tests fixtures
  • f5566cf Merge branch '3.4' into 4.2
  • 61eea20 [Security] [Guard] Removed useless param annotations
  • 40cb66f Merge branch '3.4' into 4.2
  • 24a4e2d [Security/Core] work around sodium_compat issue
  • 1289f7a Merge branch '3.4' into 4.2
  • e527570 [Security/Core] Don't use ParagonIE_Sodium_Compat
  • fb62dca Merge branch '3.4' into 4.2
  • 2b79d1b minor #32001 [Security] Fix AuthenticationException::getToken typehint (norku...
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/pia-lab/pialab-back/network/alerts).