Bump symfony/symfony from 3.4.28 to 3.4.35

[dependabot[bot]]

Bumps symfony/symfony from 3.4.28 to 3.4.35.

Release notes

Sourced from symfony/symfony's releases.

v3.4.35

Changelog (since https://github.com/symfony/symfony/compare/v3.4.34...v3.4.35)

• bug #34344 [Console] Constant STDOUT might be undefined (@nicolas-grekas)
• security #cve-2019-18889 [Cache] forbid serializing AbstractAdapter and TagAwareAdapter instances (@nicolas-grekas)
• security #cve-2019-18888 [HttpFoundation] fix guessing mime-types of files with leading dash (@nicolas-grekas)
• security #cve-2019-18887 [HttpKernel] Use constant time comparison in UriSigner (@stof)

[PR] symfony/symfony#34350 [SECURITY] Security release

v3.4.34

Changelog (since https://github.com/symfony/symfony/compare/v3.4.33...v3.4.34)

• bug #34297 [DI] fix locators with numeric keys (@nicolas-grekas)
• bug #34282 [DI] Dont cache classes with missing parents (@nicolas-grekas)
• bug #34181 [Stopwatch] Fixed bug in getDuration when counting multiple ongoing periods (@TimoBakx)
• bug #34179 [Stopwatch] Fixed a bug in StopwatchEvent::getStartTime (@TimoBakx)
• bug #34203 [FrameworkBundle] [HttpKernel] fixed correct EOL and EOM month (@erics86)

[PR] symfony/symfony#34322

v3.4.33

Changelog (since https://github.com/symfony/symfony/compare/v3.4.32...v3.4.33)

• bug #33998 [Config] Disable default alphabet sorting in glob function due of unstable sort (@hurricane-voronin)
• bug #34144 [Serializer] Improve messages for unexpected resources values (@fancyweb)
• bug #34080 [SecurityBundle] correct types for default arguments for firewall configs (@shieldo)
• bug #33999 [Form] Make sure to collect child forms created on *_SET_DATA events (@yceruto)
• bug #34021 [TwigBridge] do not render errors for checkboxes twice (@xabbuh)
• bug #34041 [HttpKernel] fix wrong removal of the just generated container dir (@nicolas-grekas)
• bug #34023 [Dotenv] allow LF in single-quoted strings (@nicolas-grekas)
• bug #33818 [Yaml] Throw exception for tagged invalid inline elements (@gharlan)
• bug #33948 [PropertyInfo] Respect property name case when guessing from public method name (@antograssiot)
• bug #33962 [Cache] fixed TagAwareAdapter returning invalid cache (@v-m-i)
• bug #33965 [HttpFoundation] Add plus character + to legal mime subtype (@ilzrv)
• bug #32943 [Dotenv] search variable values in ENV first then env file (@soufianZantar)
• bug #33943 [VarDumper] fix resetting the "bold" state in CliDumper (@nicolas-grekas)

[PR] symfony/symfony#34208

v3.4.32

Changelog (since https://github.com/symfony/symfony/compare/v3.4.31...v3.4.32)

• bug #33834 [Validator] Fix ValidValidator group cascading usage (@fancyweb)
• bug #33841 [VarDumper] fix dumping uninitialized SplFileInfo (@nicolas-grekas)
• bug #33799 [Security]: Don't let falsy usernames slip through impersonation (@j4nr6n)
• bug #33814 [HttpFoundation] Check if data passed to SessionBagProxy::initialize is an array (@mynameisbogdan)
• bug #33805 [FrameworkBundle] Fix wrong returned status code in ConfigDebugCommand (@jschaedl)
• bug #33781 [AnnotationCacheWarmer] add RedirectController to annotation cache (@jenschude)

... (truncated)

Changelog

Sourced from symfony/symfony's changelog.

• 3.4.35 (2019-11-13)

• bug #34344 [Console] Constant STDOUT might be undefined (nicolas-grekas)

• security #cve-2019-18889 [Cache] forbid serializing AbstractAdapter and TagAwareAdapter instances (nicolas-grekas)

• security #cve-2019-18888 [HttpFoundation] fix guessing mime-types of files with leading dash (nicolas-grekas)

• security #cve-2019-18887 [HttpKernel] Use constant time comparison in UriSigner (stof)

• 3.4.34 (2019-11-11)

• bug #34297 [DI] fix locators with numeric keys (nicolas-grekas)

• bug #34282 [DI] Dont cache classes with missing parents (nicolas-grekas)

• bug #34181 [Stopwatch] Fixed bug in getDuration when counting multiple ongoing periods (TimoBakx)

• bug #34179 [Stopwatch] Fixed a bug in StopwatchEvent::getStartTime (TimoBakx)

• bug #34203 [FrameworkBundle] [HttpKernel] fixed correct EOL and EOM month (erics86)

• 3.4.33 (2019-11-01)

• bug #33998 [Config] Disable default alphabet sorting in glob function due of unstable sort (hurricane-voronin)

• bug #34144 [Serializer] Improve messages for unexpected resources values (fancyweb)

• bug #34080 [SecurityBundle] correct types for default arguments for firewall configs (shieldo)

• bug #33999 [Form] Make sure to collect child forms created on *_SET_DATA events (yceruto)

• bug #34021 [TwigBridge] do not render errors for checkboxes twice (xabbuh)

• bug #34041 [HttpKernel] fix wrong removal of the just generated container dir (nicolas-grekas)

• bug #34023 [Dotenv] allow LF in single-quoted strings (nicolas-grekas)

• bug #33818 [Yaml] Throw exception for tagged invalid inline elements (gharlan)

• bug #33948 [PropertyInfo] Respect property name case when guessing from public method name (antograssiot)

• bug #33962 [Cache] fixed TagAwareAdapter returning invalid cache (v-m-i)

• bug #33965 [HttpFoundation] Add plus character + to legal mime subtype (ilzrv)

• bug #32943 [Dotenv] search variable values in ENV first then env file (soufianZantar)

• bug #33943 [VarDumper] fix resetting the "bold" state in CliDumper (nicolas-grekas)

• 3.4.32 (2019-10-07)

• bug #33834 [Validator] Fix ValidValidator group cascading usage (fancyweb)

• bug #33841 [VarDumper] fix dumping uninitialized SplFileInfo (nicolas-grekas)

• bug #33799 [Security]: Don't let falsy usernames slip through impersonation (j4nr6n)

• bug #33814 [HttpFoundation] Check if data passed to SessionBagProxy::initialize is an array (mynameisbogdan)

• bug #33805 [FrameworkBundle] Fix wrong returned status code in ConfigDebugCommand (jschaedl)

• bug #33781 [AnnotationCacheWarmer] add RedirectController to annotation cache (jenschude)

• bug #33777 Fix the :only-of-type pseudo class selector (jakzal)

• bug #32051 [Serializer] Add CsvEncoder tests for PHP 7.4 (ro0NL)

• feature #33776 Copy phpunit.xsd to a predictable path (julienfalque)

• bug #33759 [Security/Http] fix parsing X509 emailAddress (nicolas-grekas)

• bug #33733 [Serializer] fix denormalization of string-arrays with only one element (mkrauser)

• bug #33754 [Cache] fix known tag versions ttl check (SwenVanZanten)

• bug #33646 [HttpFoundation] allow additinal characters in not raw cookies (marie)

• bug #33748 [Console] Do not include hidden commands in suggested alternatives (m-vo)

• bug #33625 [DependencyInjection] Fix wrong exception when service is synthetic (k0d3r1s)

• bug #32522 [Validator] Accept underscores in the URL validator, as the URL will load (battye)

• bug #32437 Fix toolbar load when GET params are present in "_wdt" route (Molkobain)

... (truncated)

Commits

• 2adc85d Merge pull request #34350 from fabpot/release-3.4.35
• 02257c8 updated VERSION for 3.4.35
• 3e25850 updated CHANGELOG for 3.4.35
• 32bde39 bug #34344 [Console] Constant STDOUT might be undefined (nicolas-grekas)
• 53dc781 minor #34340 Allow returning null from NormalizerInterface::normalize (teohha...
• bb8c82c [Console] Constant STDOUT might be undefined.
• 1c8edc5 Allow returning null from NormalizerInterface::normalize
• 4cc37df security #cve-2019-18889 [Cache] forbid serializing AbstractAdapter and TagAw...
• b21025b security #cve-2019-18888 [HttpFoundation] fix guessing mime-types of files wi...
• 0102134 security #cve-2019-18887 [HttpKernel] Use constant time comparison in UriSign...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/VlaamseKunstcollectie/Imagehub/network/alerts).