[Security] Bump symfony/http-foundation from 4.2.5 to 4.3.0

[dependabot-preview[bot]]

Bumps symfony/http-foundation from 4.2.5 to 4.3.0. This update includes security fixes.

Vulnerabilities fixed

*Sourced from [The PHP Security Advisories Database](https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-10913.yaml).* > **CVE-2019-10913: Reject invalid HTTP method overrides** > > Affected versions: >=2.7.0, <2.7.51; >=2.8.0, <2.8.50; >=3.0.0, <3.1.0; >=3.1.0, <3.2.0; >=3.2.0, <3.3.0; >=3.3.0, <3.4.0; >=3.4.0, <3.4.26; >=4.0.0, <4.1.0; >=4.1.0, <4.1.12; >=4.2.0, <4.2.7

Changelog

*Sourced from [symfony/http-foundation's changelog](https://github.com/symfony/http-foundation/blob/master/CHANGELOG.md).* > 4.3.0 > ----- > > * added PHPUnit constraints: `RequestAttributeValueSame`, `ResponseCookieValueSame`, `ResponseHasCookie`, > `ResponseHasHeader`, `ResponseHeaderSame`, `ResponseIsRedirected`, `ResponseIsSuccessful`, and `ResponseStatusCodeSame` > * deprecated `MimeTypeGuesserInterface` and `ExtensionGuesserInterface` in favor of `Symfony\Component\Mime\MimeTypesInterface`. > * deprecated `MimeType` and `MimeTypeExtensionGuesser` in favor of `Symfony\Component\Mime\MimeTypes`. > * deprecated `FileBinaryMimeTypeGuesser` in favor of `Symfony\Component\Mime\FileBinaryMimeTypeGuesser`. > * deprecated `FileinfoMimeTypeGuesser` in favor of `Symfony\Component\Mime\FileinfoMimeTypeGuesser`. > * added `UrlHelper` that allows to get an absolute URL and a relative path for a given path > > 4.2.0 > ----- > > * the default value of the "$secure" and "$samesite" arguments of Cookie's constructor > will respectively change from "false" to "null" and from "null" to "lax" in Symfony > 5.0, you should define their values explicitly or use "Cookie::create()" instead. > * added `matchPort()` in RequestMatcher > > 4.1.3 > ----- > > * [BC BREAK] Support for the IIS-only `X_ORIGINAL_URL` and `X_REWRITE_URL` > HTTP headers has been dropped for security reasons. > > 4.1.0 > ----- > > * Query string normalization uses `parse_str()` instead of custom parsing logic. > * Passing the file size to the constructor of the `UploadedFile` class is deprecated. > * The `getClientSize()` method of the `UploadedFile` class is deprecated. Use `getSize()` instead. > * added `RedisSessionHandler` to use Redis as a session storage > * The `get()` method of the `AcceptHeader` class now takes into account the > `*` and `*/*` default values (if they are present in the Accept HTTP header) > when looking for items. > * deprecated `Request::getSession()` when no session has been set. Use `Request::hasSession()` instead. > * added `CannotWriteFileException`, `ExtensionFileException`, `FormSizeFileException`, > `IniSizeFileException`, `NoFileException`, `NoTmpDirFileException`, `PartialFileException` to > handle failed `UploadedFile`. > * added `MigratingSessionHandler` for migrating between two session handlers without losing sessions > * added `HeaderUtils`. > > 4.0.0 > ----- > > * the `Request::setTrustedHeaderName()` and `Request::getTrustedHeaderName()` > methods have been removed > * the `Request::HEADER_CLIENT_IP` constant has been removed, use > `Request::HEADER_X_FORWARDED_FOR` instead > * the `Request::HEADER_CLIENT_HOST` constant has been removed, use > ... (truncated)

Commits

- [`e8da078`](https://github.com/symfony/http-foundation/commit/e8da078912bed1339f046c3a9488a5cbd0605971) Merge branch '4.2' into 4.3 - [`e3e3ee2`](https://github.com/symfony/http-foundation/commit/e3e3ee2915e13287bcac5dddcf27b88b96fb27b9) Merge branch '3.4' into 4.2 - [`8209369`](https://github.com/symfony/http-foundation/commit/820936976d91674a52b3589d2cc75a0e93cd1af9) [HttpFoundation] Do not set X-Accel-Redirect for paths outside of X-Accel-Map... - [`1083dce`](https://github.com/symfony/http-foundation/commit/1083dce548200fcdbf9324ec57c849a82b4f51ea) Use AsserEquals for floating-point values - [`c566df1`](https://github.com/symfony/http-foundation/commit/c566df1958856bfcf25804bbb56315f50a4e5607) Merge branch '4.2' into 4.3 - [`0d37a9b`](https://github.com/symfony/http-foundation/commit/0d37a9bd2c7cbf887c29fee1a3301d74c73851dd) Merge branch '3.4' into 4.2 - [`677ae5e`](https://github.com/symfony/http-foundation/commit/677ae5e892b081e71a665bfa7dd90fe61800c00e) Fixes a small doc blocks syntax error - [`0a37815`](https://github.com/symfony/http-foundation/commit/0a37815b8681bd25b42e0c5692611adb19798e8f) [Mime][HttpFoundation] Added mime type audio/x-hx-aac-adts - [`704ffae`](https://github.com/symfony/http-foundation/commit/704ffae70046342d56440e874004afc3d8b95eb7) Merge branch '4.2' into 4.3 - [`4240621`](https://github.com/symfony/http-foundation/commit/424062149f6c32ef5f8a9ecd790cffadedb9043f) Merge branch '3.4' into 4.2 - Additional commits viewable in [compare view](https://github.com/symfony/http-foundation/compare/v4.2.5...v4.3.0)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.

---

[dependabot-preview[bot]]

Superseded by #27.