Bump symfony/symfony from 6.0.7 to 6.0.20 in /sandbox

[dependabot[bot]]

Bumps symfony/symfony from 6.0.7 to 6.0.20.

Release notes

Sourced from symfony/symfony's releases.

v6.0.20

Changelog (https://github.com/symfony/symfony/compare/v6.0.19...v6.0.20)

• bug #49141 [HttpFoundation] Fix bad return type in IpUtils::checkIp4() (@​tristankretzer)
• bug #49126 [DependencyInjection] Fix order of arguments when mixing positional and named ones (@​nicolas-grekas)
• bug #49104 [HttpClient] Fix collecting data non-late for the profiler (@​nicolas-grekas)
• bug #49103 [Security/Http] Fix compat of persistent remember-me with legacy tokens (@​nicolas-grekas)
• security #cve-2022-24895 [Security/Http] Remove CSRF tokens from storage on successful login (@​nicolas-grekas)
• security #cve-2022-24894 [HttpKernel] Remove private headers before storing responses with HttpCache (@​nicolas-grekas)

[PR] symfony/symfony#49180 [EOM] End of maintenance release for branch 6.0 [SECURITY] Security release

v6.0.19

Changelog (https://github.com/symfony/symfony/compare/v6.0.18...v6.0.19)

• bug #49078 [Security/Http] Check tokens before loading users from providers (@​nicolas-grekas)
• bug #49077 [DependencyInjection] Fix named arguments when using ContainerBuilder before compilation (@​nicolas-grekas)
• bug #49031 [Cache] fix collecting cache stats when nesting computations (@​nicolas-grekas)
• bug #49046 Fix for Windows when projects are deployed on junctions/symlinks (@​nerdgod)
• bug #49025 [Notifier] [OvhCloud] handle invalid receiver (@​seferov)
• bug #48993 [VarDumper] Fix JS to expand / collapse (@​nicolas-grekas)
• bug #48983 Fix BC user_identifier support after deprecation username (@​vtsykun)
• bug #48986 [Validator] Fix Email validator logic (@​fabpot)
• bug #48969 [PropertyInfo] Fixes constructor extractor for mixed type (@​michael.kubovic)
• bug #48978 [Serializer] use method_exists() instead of catching reflection exceptions (@​xabbuh)
• bug #48937 [SecurityBundle] Fix using same handler for multiple authenticators (@​RobertMe)
• bug #48971 [DependencyInjection] Fix dump order of inlined deps (@​nicolas-grekas)
• bug #48966 [HttpClient] Let curl handle content-length headers (@​nicolas-grekas)
• bug #48968 [VarExporter] Fix exporting enums (@​nicolas-grekas)
• bug #48926 [DependencyInjection] Fix support for named arguments on non-autowired services (@​nicolas-grekas)
• bug #48943 [FrameworkBundle] Fix deprecation when accessing a "container.private" service from the test container (@​nicolas-grekas)
• bug #48931 [DependencyInjection] Fix dumping inlined withers (@​nicolas-grekas)
• bug #48898 [HttpClient] Move Http clients data collecting at a late level (@​pforesi)
• bug #48896 [DoctrineBridge] Fix detecting mapping with one line annotations (@​franmomu)
• bug #48916 [FrameworkBundle] restore call to addGlobalIgnoredName (@​alexislefebvre)
• bug #48917 [Config] Fix XML dump when node example is an array (@​alexandre-daubois)
• bug #48904 [Validator] Allow egulias/email-validator v4 (@​chalasr)
• bug #48831 [Uid] Fix validating nil and max uuid (@​fancyweb)

[PR] symfony/symfony#49087

v6.0.18

Changelog (https://github.com/symfony/symfony/compare/v6.0.17...v6.0.18)

• bug #48823 [Cache] Fix possibly null value passed to preg_match() in RedisTrait (@​chalasr)
• bug #48816 [Cache] Fix for RedisAdapter without auth parameter (@​rikvdh)

[PR] symfony/symfony#48827

... (truncated)

Changelog

Sourced from symfony/symfony's changelog.

• 6.0.20 (2023-02-01)

• bug #49141 [HttpFoundation] Fix bad return type in IpUtils::checkIp4() (tristankretzer)

• bug #49126 [DependencyInjection] Fix order of arguments when mixing positional and named ones (nicolas-grekas)

• bug #49104 [HttpClient] Fix collecting data non-late for the profiler (nicolas-grekas)

• bug #49103 [Security/Http] Fix compat of persistent remember-me with legacy tokens (nicolas-grekas)

• security #cve-2022-24895 [Security/Http] Remove CSRF tokens from storage on successful login (nicolas-grekas)

• security #cve-2022-24894 [HttpKernel] Remove private headers before storing responses with HttpCache (nicolas-grekas)

• 6.0.19 (2023-01-24)

• bug #49078 [Security/Http] Check tokens before loading users from providers (nicolas-grekas)

• bug #49077 [DependencyInjection] Fix named arguments when using ContainerBuilder before compilation (nicolas-grekas)

• bug #49031 [Cache] fix collecting cache stats when nesting computations (nicolas-grekas)

• bug #49046 Fix for Windows when projects are deployed on junctions/symlinks (nerdgod)

• bug #49025 [Notifier] [OvhCloud] handle invalid receiver (seferov)

• bug #48993 [VarDumper] Fix JS to expand / collapse (nicolas-grekas)

• bug #48983 Fix BC user_identifier support after deprecation username (vtsykun)

• bug #48986 [Validator] Fix Email validator logic (fabpot)

• bug #48969 [PropertyInfo] Fixes constructor extractor for mixed type (michael.kubovic)

• bug #48978 [Serializer] use method_exists() instead of catching reflection exceptions (xabbuh)

• bug #48937 [SecurityBundle] Fix using same handler for multiple authenticators (RobertMe)

• bug #48971 [DependencyInjection] Fix dump order of inlined deps (nicolas-grekas)

• bug #48966 [HttpClient] Let curl handle content-length headers (nicolas-grekas)

• bug #48968 [VarExporter] Fix exporting enums (nicolas-grekas)

• bug #48926 [DependencyInjection] Fix support for named arguments on non-autowired services (nicolas-grekas)

• bug #48943 [FrameworkBundle] Fix deprecation when accessing a "container.private" service from the test container (nicolas-grekas)

• bug #48931 [DependencyInjection] Fix dumping inlined withers (nicolas-grekas)

• bug #48898 [HttpClient] Move Http clients data collecting at a late level (pforesi)

• bug #48896 [DoctrineBridge] Fix detecting mapping with one line annotations (franmomu)

• bug #48916 [FrameworkBundle] restore call to addGlobalIgnoredName (alexislefebvre)

• bug #48917 [Config] Fix XML dump when node example is an array (alexandre-daubois)

• bug #48904 [Validator] Allow egulias/email-validator v4 (chalasr)

• bug #48831 [Uid] Fix validating nil and max uuid (fancyweb)

• 6.0.18 (2022-12-29)

• bug #48823 [Cache] Fix possibly null value passed to preg_match() in RedisTrait (chalasr)

• bug #48816 [Cache] Fix for RedisAdapter without auth parameter (rikvdh)

• 6.0.17 (2022-12-28)

• bug #48787 [PhpUnitBridge] Use verbose deprecation output for quiet types only when it reaches the threshold (ogizanagi)

• bug #48784 [Console] Correctly overwrite progressbars with different line count per step (ncharalampidis)

• bug #48801 [Form] Make ButtonType handle form_attr option (MatTheCat)

• bug #48791 [DependencyInjection] Fix deduplicating service instances in circular graphs (nicolas-grekas)

• bug #48771 [CssSelector] Fix escape patterns (fancyweb)

• bug #48711 [Cache] RedisTrait::createConnection does not pass auth value from redis sentinel cluster DSN (evgkord)

• bug #48724 [VarExporter] Fix exporting classes with __unserialize() but not __serialize() (fancyweb)

• bug #48746 [Validator] Fix IBAN format for Tunisia and Mauritania (smelesh)

... (truncated)

Commits

• b101b71 Merge pull request #49180 from fabpot/release-6.0.20
• f536d8c Update VERSION for 6.0.20
• f9adfa3 Update CHANGELOG for 6.0.20
• ea85677 Merge branch '5.4' into 6.0
• 107a0e5 Merge branch '4.4' into 5.4
• b8c7604 bug #49141 [HttpFoundation] Fix bad return type in IpUtils::checkIp4() (trist...
• f694aa8 [HttpFoundation] Fix bad return type in IpUtils::checkIp4()
• 387a6b0 bug #49126 [DependencyInjection] Fix order of arguments when mixing positiona...
• 45d614d [DependencyInjection] Fix order of arguments when mixing positional and named...
• ef26e93 bug #49104 [HttpClient] Fix collecting data non-late for the profiler (nicola...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ikappas/vscode-composer/network/alerts).