[Security] Bump symfony/http-foundation from 4.3.3 to 4.4.0

[dependabot-preview[bot]]

Bumps symfony/http-foundation from 4.3.3 to 4.4.0. This update includes a security fix.

Vulnerabilities fixed

*Sourced from [The PHP Security Advisories Database](https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2019-18888.yaml).* > **CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser** > > Affected versions: >=2.0.0, <2.1.0; >=2.1.0, <2.2.0; >=2.2.0, <2.3.0; >=2.3.0, <2.4.0; >=2.4.0, <2.5.0; >=2.5.0, <2.6.0; >=2.6.0, <2.7.0; >=2.7.0, <2.8.0; >=2.8.0, <2.8.52; >=3.0.0, <3.1.0; >=3.1.0, <3.2.0; >=3.2.0, <3.3.0; >=3.3.0, <3.4.0; >=3.4.0, <3.4.35; >=4.0.0, <4.1.0; >=4.1.0, <4.2.0; >=4.2.0, <4.2.12; >=4.3.0, <4.3.8

Changelog

*Sourced from [symfony/http-foundation's changelog](https://github.com/symfony/http-foundation/blob/master/CHANGELOG.md).* > 4.4.0 > ----- > > * passing arguments to `Request::isMethodSafe()` is deprecated. > * `ApacheRequest` is deprecated, use the `Request` class instead. > * passing a third argument to `HeaderBag::get()` is deprecated, use method `all()` instead > * `PdoSessionHandler` now precalculates the expiry timestamp in the lifetime column, > make sure to run `CREATE INDEX EXPIRY ON sessions (sess_lifetime)` to update your database > to speed up garbage collection of expired sessions. > * added `SessionHandlerFactory` to create session handlers with a DSN > * added `IpUtils::anonymize()` to help with GDPR compliance. > > 4.3.0 > ----- > > * added PHPUnit constraints: `RequestAttributeValueSame`, `ResponseCookieValueSame`, `ResponseHasCookie`, > `ResponseHasHeader`, `ResponseHeaderSame`, `ResponseIsRedirected`, `ResponseIsSuccessful`, and `ResponseStatusCodeSame` > * deprecated `MimeTypeGuesserInterface` and `ExtensionGuesserInterface` in favor of `Symfony\Component\Mime\MimeTypesInterface`. > * deprecated `MimeType` and `MimeTypeExtensionGuesser` in favor of `Symfony\Component\Mime\MimeTypes`. > * deprecated `FileBinaryMimeTypeGuesser` in favor of `Symfony\Component\Mime\FileBinaryMimeTypeGuesser`. > * deprecated `FileinfoMimeTypeGuesser` in favor of `Symfony\Component\Mime\FileinfoMimeTypeGuesser`. > * added `UrlHelper` that allows to get an absolute URL and a relative path for a given path > > 4.2.0 > ----- > > * the default value of the "$secure" and "$samesite" arguments of Cookie's constructor > will respectively change from "false" to "null" and from "null" to "lax" in Symfony > 5.0, you should define their values explicitly or use "Cookie::create()" instead. > * added `matchPort()` in RequestMatcher > > 4.1.3 > ----- > > * [BC BREAK] Support for the IIS-only `X_ORIGINAL_URL` and `X_REWRITE_URL` > HTTP headers has been dropped for security reasons. > > 4.1.0 > ----- > > * Query string normalization uses `parse_str()` instead of custom parsing logic. > * Passing the file size to the constructor of the `UploadedFile` class is deprecated. > * The `getClientSize()` method of the `UploadedFile` class is deprecated. Use `getSize()` instead. > * added `RedisSessionHandler` to use Redis as a session storage > * The `get()` method of the `AcceptHeader` class now takes into account the > `*` and `*/*` default values (if they are present in the Accept HTTP header) > when looking for items. > * deprecated `Request::getSession()` when no session has been set. Use `Request::hasSession()` instead. > * added `CannotWriteFileException`, `ExtensionFileException`, `FormSizeFileException`, > `IniSizeFileException`, `NoFileException`, `NoTmpDirFileException`, `PartialFileException` to > ... (truncated)

Commits

- [`502040d`](https://github.com/symfony/http-foundation/commit/502040dd2b0cf0a292defeb6145f4d7a4753c99c) Merge branch '4.3' into 4.4 - [`0ac9ebf`](https://github.com/symfony/http-foundation/commit/0ac9ebffc17cbff398157c03f2d48b8b59e922da) Merge branch '3.4' into 4.3 - [`a558b18`](https://github.com/symfony/http-foundation/commit/a558b18bafae7c8fdd1d23c4bdc3690210f2f9a6) feature [#34405](https://github-redirect.dependabot.com/symfony/http-foundation/issues/34405) [HttpFoundation] Added possibility to configure expiration tim... - [`0c5217a`](https://github.com/symfony/http-foundation/commit/0c5217a9050712a1e66f851d04962abf8f2c6fc4) [HttpFoundation] Added possibility to configure expiration time in redis sess... - [`ef5fed4`](https://github.com/symfony/http-foundation/commit/ef5fed4469fb079c0b188ab0401cd1b28752865b) [HttpFoundation] Allow redirecting to URLs that contain a semicolon - [`c351789`](https://github.com/symfony/http-foundation/commit/c35178947af16093dfab2d9108ec344f5509e71a) Merge branch '4.3' into 4.4 - [`c8f4571`](https://github.com/symfony/http-foundation/commit/c8f457187827e6faed061357e1b6bc996cc6d539) Merge branch '3.4' into 4.3 - [`9088e3f`](https://github.com/symfony/http-foundation/commit/9088e3f338e443869737d53af064fad9614ecc7d) [HttpFoundation] fix docblock - [`c9425ba`](https://github.com/symfony/http-foundation/commit/c9425bae96ae95449d59f8286529cf144bb228ab) Fix MySQL column type definition. - [`e6e2b4e`](https://github.com/symfony/http-foundation/commit/e6e2b4e3fc2b25724701235ed5a9065da0bd06a8) Merge branch '4.3' into 4.4 - Additional commits viewable in [compare view](https://github.com/symfony/http-foundation/compare/v4.3.3...v4.4.0)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)

[dependabot-preview[bot]]

Superseded by #147.