fortis / silex-angular-starter

Silex 2 🌶 and AngularJS 1.5 Starter Application Boilerplate 🎯 https://silex-angular-starter.herokuapp.com/
0 stars 0 forks source link

Bump symfony/security from 3.1.3 to 3.4.26 #4

Open dependabot[bot] opened 3 years ago

dependabot[bot] commented 3 years ago

Bumps symfony/security from 3.1.3 to 3.4.26.

Changelog

Sourced from symfony/security's changelog.

CHANGELOG

4.4.0

  • Deprecated class LdapUserProvider, use Symfony\Component\Ldap\Security\LdapUserProvider instead
  • Added method needsRehash() to PasswordEncoderInterface and UserPasswordEncoderInterface
  • Added MigratingPasswordEncoder
  • Added and implemented PasswordUpgraderInterface, for opportunistic password migrations
  • Added Guard\PasswordAuthenticatedInterface, an optional interface for "guard" authenticators that deal with user passwords
  • Marked all dispatched event classes as @final
  • Deprecated returning a non-boolean value when implementing Guard\AuthenticatorInterface::checkCredentials().
  • Deprecated passing more than one attribute to AccessDecisionManager::decide() and AuthorizationChecker::isGranted()
  • Added new argon2id encoder, undeprecated the bcrypt and argon2i ones (using auto is still recommended by default.)
  • Added AbstractListener which replaces the deprecated ListenerInterface

4.3.0

  • Added methods __serialize and __unserialize to the TokenInterface
  • Added SodiumPasswordEncoder and NativePasswordEncoder
  • The Role and SwitchUserRole classes are deprecated and will be removed in 5.0. Use strings for roles instead.
  • The getReachableRoles() method of the RoleHierarchyInterface is deprecated and will be removed in 5.0. Role hierarchies must implement the getReachableRoleNames() method instead and return roles as strings.
  • The getRoles() method of the TokenInterface is deprecated. Tokens must implement the getRoleNames() method instead and return roles as strings.
  • Made the serialize() and unserialize() methods of AbstractToken and AuthenticationException final, use __serialize()/__unserialize() instead
  • AuthenticationException doesn't implement Serializable anymore
  • Deprecated the ListenerInterface, turn your listeners into callables instead
  • Deprecated Firewall::handleRequest(), use Firewall::callListeners() instead
  • Dispatch AuthenticationSuccessEvent on security.authentication.success
  • Dispatch AuthenticationFailureEvent on security.authentication.failure
  • Dispatch InteractiveLoginEvent on security.interactive_login
  • Dispatch SwitchUserEvent on security.switch_user
  • Deprecated Argon2iPasswordEncoder, use SodiumPasswordEncoder instead
  • Deprecated BCryptPasswordEncoder, use NativePasswordEncoder instead
  • Added DeauthenticatedEvent dispatched in case the user has changed when trying to refresh the token

4.2.0

  • added the is_granted() function in security expressions
  • deprecated the has_role() function in security expressions, use is_granted() instead
  • Passing custom class names to the Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver to define custom anonymous and remember me token classes is deprecated. To

... (truncated)

Commits
  • fdbff3d bug #31142 Revert "bug #30423 [Security] Rework firewall's access denied rule...
  • 5965614 Revert "bug #30423 [Security] Rework firewall's access denied rule (dimabory)"
  • f5bf68f security #cve-2019-10911 [Security] Add a separator in the remember me cookie...
  • 165f221 bug #30423 [Security] Rework firewall's access denied rule (dimabory)
  • 6c70955 Rework firewall access denied rule
  • 6505d7f [Security] Add a separator in the remember me cookie hash
  • c707296 SCA: minor code tweaks
  • e43a467 Update composer.json
  • 50aba08 use behavior instead of behaviour
  • 9d17d15 Correct language code for ukrainian language in security translations.
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/fortis/silex-angular-starter/network/alerts).