Bump symfony/security-bundle from 5.3.12 to 5.4.20

[dependabot[bot]]

Bumps symfony/security-bundle from 5.3.12 to 5.4.20.

Release notes

Sourced from symfony/security-bundle's releases.

v5.4.20

Changelog (https://github.com/symfony/security-bundle/compare/v5.4.19...v5.4.20)

• no significant changes

v5.4.19

Changelog (https://github.com/symfony/security-bundle/compare/v5.4.18...v5.4.19)

• bug #48937 Fix using same handler for multiple authenticators (RobertMe)

v5.4.17

Changelog (https://github.com/symfony/security-bundle/compare/v5.4.16...v5.4.17)

• bug #48718 Compatibility with doctrine/annotations 2 (derrabus)
• bug #48615 Fix getting the name of closures on PHP 8.1.11+ (nicolas-grekas)

v5.4.11

Changelog (https://github.com/symfony/security-bundle/compare/v5.4.10...v5.4.11)

• no significant changes

v5.4.9

Changelog (https://github.com/symfony/security-bundle/compare/v5.4.8...v5.4.9)

• bug #46317 Ignore invalid URLs found in failure/success paths (nicolas-grekas)

v5.4.8

Changelog (https://github.com/symfony/security-bundle/compare/v5.4.7...v5.4.8)

• bug #46054 Use config's secret in remember-me signatures (jderusse)

v5.4.5

Changelog (https://github.com/symfony/security-bundle/compare/v5.4.4...v5.4.5)

• bug #45469 fix autoconfiguring Monolog's ProcessorInterface (nicolas-grekas)

v5.4.3

Changelog (https://github.com/symfony/security-bundle/compare/v5.4.2...v5.4.3)

• no significant changes

v5.4.2

Changelog (https://github.com/symfony/security-bundle/compare/v5.4.1...v5.4.2)

• no significant changes

v5.4.1

Changelog (https://github.com/symfony/security-bundle/compare/v5.4.0...v5.4.1)

• bug #44460 Fix ambiguous deprecation message on missing provider (chalasr)

... (truncated)

Changelog

Sourced from symfony/security-bundle's changelog.

CHANGELOG

6.2

• Add the Security helper class
• Deprecate the Symfony\Component\Security\Core\Security service alias, use Symfony\Bundle\SecurityBundle\Security instead
• Add Security::getFirewallConfig() to help to get the firewall configuration associated to the Request
• Add Security::login() to login programmatically
• Add Security::logout() to logout programmatically
• Add security.firewalls.logout.enable_csrf to enable CSRF protection using the default CSRF token generator
• Add RFC6750 Access Token support to allow token-based authentication
• Add security.firewalls.switch_user.target_route option to configure redirect target route on switch user
• Deprecate the security.enable_authenticator_manager config option

6.1

• The security.access_control now accepts a RequestMatcherInterface under the request_matcher option as scope configuration
• The security.access_control now accepts an attributes array to match request attributes in the RequestMatcher
• The security.access_control now accepts a route option to match request route in the RequestMatcher
• Display the inherited roles of the logged-in user in the Web Debug Toolbar

6.0

• The security.authorization_checker and security.token_storage services are now private
• Remove UserPasswordEncoderCommand class and the corresponding user:encode-password command, use UserPasswordHashCommand and user:hash-password instead
• Remove the security.encoder_factory.generic service, the security.encoder_factory and Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface aliases, use security.password_hasher_factory and Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactoryInterface instead
• Remove the security.user_password_encoder.generic service, the security.password_encoder and the Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface aliases, use security.user_password_hasher, security.password_hasher and Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface instead
• Remove the logout.success_handler and logout.handlers config options, register a listener on the LogoutEvent event instead
• Remove FirewallConfig::getListeners(), use FirewallConfig::getAuthenticators() instead

5.4

• Deprecate FirewallConfig::getListeners(), use FirewallConfig::getAuthenticators() instead
• Deprecate security.authentication.basic_entry_point and security.authentication.retry_entry_point services, the logic is moved into the HttpBasicAuthenticator and ChannelListener respectively
• Deprecate FirewallConfig::allowsAnonymous() and the allows_anonymous from the data collector data, there will be no anonymous concept as of version 6.
• Deprecate not setting $authenticatorManagerEnabled to true in SecurityDataCollector and DebugFirewallCommand
• Deprecate SecurityFactoryInterface and SecurityExtension::addSecurityListenerFactory() in favor of AuthenticatorFactoryInterface and SecurityExtension::addAuthenticatorFactory()
• Add AuthenticatorFactoryInterface::getPriority() which replaces SecurityFactoryInterface::getPosition()
• Deprecate passing an array of arrays as 1st argument to MainConfiguration, pass a sorted flat array of factories instead.

... (truncated)

Commits

• 1a049b7 Merge branch '4.4' into 5.4
• 076fd20 [Security/Http] Remove CSRF tokens from storage on successful login
• e16ac30 [SecurityBundle] Fix using same handler for multiple authenticators
• 8203ec9 Bump license year to 2023
• 5891533 Compatibility with doctrine/annotations 2
• 5c96cbd Fix getting the name of closures on PHP 8.1.11+
• 86b49fe Fix CS
• 8ec874d Merge branch '4.4' into 5.4
• d2a6bf4 Fix CS
• 4d5f495 [SecurityBundle] Remove dead class_exists checks
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jorge07/symfony-5-es-cqrs-boilerplate/network/alerts).

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.