search

web-auth / symfony-webauthn-demo

Demo Application using Symfony 6, Tailwind, FrankenPHP, AssetMapper and Webauthn
MIT License
41 stars 7 forks source link

Bump symfony/security-bundle from 6.4.0-RC1 to 6.4.2 #400

Open dependabot[bot] opened 10 months ago

dependabot[bot] commented 10 months ago

Bumps symfony/security-bundle from 6.4.0-RC1 to 6.4.2.

Release notes

Sourced from symfony/security-bundle's releases.

v6.4.2

Changelog (https://github.com/symfony/security-bundle/compare/v6.4.1...v6.4.2)

v6.4.0

Changelog (https://github.com/symfony/security-bundle/compare/v6.4.0-RC2...v6.4.0)

  • no significant changes
Changelog

Sourced from symfony/security-bundle's changelog.

CHANGELOG

7.0

  • Enabling SecurityBundle and not configuring it is not allowed
  • Remove configuration options enable_authenticator_manager, csrf_token_generator and require_previous_session

6.4

  • Deprecate Security::ACCESS_DENIED_ERROR, AUTHENTICATION_ERROR and LAST_USERNAME constants, use the ones on SecurityRequestAttributes instead
  • Allow an array of pattern in firewall configuration
  • Add $badges argument to Security::login
  • Deprecate the require_previous_session config option. Setting it has no effect anymore
  • Add LogoutRouteLoader

6.3

  • Deprecate enabling bundle and not configuring it
  • Add _stateless attribute to the request when firewall is stateless and the attribute is not already set
  • Add StatelessAuthenticatorFactoryInterface for authenticators targeting stateless firewalls only and that don't require a user provider
  • Modify "icon.svg" to improve accessibility for blind/low vision users
  • Make Security::login() return the authenticator response
  • Deprecate the security.firewalls.logout.csrf_token_generator config option, use security.firewalls.logout.csrf_token_manager instead
  • Make firewalls event dispatcher traceable on debug mode
  • Add TokenHandlerFactoryInterface, OidcUserInfoTokenHandlerFactory, OidcTokenHandlerFactory and ServiceTokenHandlerFactory for AccessTokenFactory

6.2

  • Add the Security helper class
  • Deprecate the Symfony\Component\Security\Core\Security service alias, use Symfony\Bundle\SecurityBundle\Security instead
  • Add Security::getFirewallConfig() to help to get the firewall configuration associated to the Request
  • Add Security::login() to login programmatically
  • Add Security::logout() to logout programmatically
  • Add security.firewalls.logout.enable_csrf to enable CSRF protection using the default CSRF token generator
  • Add RFC6750 Access Token support to allow token-based authentication
  • Add security.firewalls.switch_user.target_route option to configure redirect target route on switch user
  • Deprecate the security.enable_authenticator_manager config option

6.1

  • The security.access_control now accepts a RequestMatcherInterface under the request_matcher option as scope configuration
  • The security.access_control now accepts an attributes array to match request attributes in the RequestMatcher
  • The security.access_control now accepts a route option to match request route in the RequestMatcher
  • Display the inherited roles of the logged-in user in the Web Debug Toolbar

... (truncated)

Commits
  • 97d4fb6 Merge branch '6.3' into 6.4
  • a185fa0 bug #53172 [SecurityBundle] Prevent to login/logout without a request context...
  • fb98e1f [SecurityBundle] Prevent to login/logout without a request context
  • 006d0a0 Merge branch '6.3' into 6.4
  • 6449980 Merge branch '5.4' into 6.3
  • 6477c31 fix typo
  • 1a237e7 fix tests
  • 8fc60d7 [SecurityBundle] Fix redeclaration of InternalSecurity class when opcache p...
  • 57889eb Merge branch '5.4' into 6.3
  • 92e24de wire the secret for Symfony 6.4 compatibility
  • See full diff in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
sonarcloud[bot] commented 10 months ago

Quality Gate Passed Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud