Bump symfony/var-dumper from 7.3.0 to 7.4.4 in /plib/library

[dependabot]

Bumps symfony/var-dumper from 7.3.0 to 7.4.4.

Release notes

Sourced from symfony/var-dumper's releases.

v7.4.4

Changelog (symfony/var-dumper@v7.4.3...v7.4.4)

• no significant changes

v7.4.3

Changelog (symfony/var-dumper@v7.4.2...v7.4.3)

• bug symfony/symfony#62805 [VarDumper] Fix dumper selection for Accept: / requests (@​apoca)

v7.4.0

Changelog (symfony/var-dumper@v7.4.0-RC3...v7.4.0)

• no significant changes

v7.4.0-RC1

Changelog (symfony/var-dumper@v7.4.0-BETA2...v7.4.0-RC1)

• no significant changes

v7.4.0-BETA2

Changelog (symfony/var-dumper@v7.4.0-BETA1...v7.4.0-BETA2)

• bug symfony/symfony#62182 [VarDumper] Fix dumping CurlHttpClient instances (@​nicolas-grekas)

v7.4.0-BETA1

Changelog (symfony/var-dumper@v7.3.4...v7.4.0-BETA1)

• feature symfony/symfony#58070 [VarDumper] Select HtmlDumper only if Accept header contains "html" (@​alexandre-daubois)
• feature symfony/symfony#60480 [VarDumper] Add support for adding more default casters to AbstractCloner::addDefaultCasters() (@​lyrixx)
• feature symfony/symfony#60394 [Console][FrameworkBundle] Simplify using invokable commands when the component is used standalone (@​HypeMC)

v7.3.10

Changelog (symfony/var-dumper@v7.3.9...v7.3.10)

• no significant changes

v7.3.5

Changelog (symfony/var-dumper@v7.3.4...v7.3.5)

• no significant changes

v7.3.4

Changelog (symfony/var-dumper@v7.3.3...v7.3.4)

• bug symfony/symfony#61727 Replace __sleep/wakeup() by __(un)serialize() for throwing and internal usages (@​nicolas-grekas)

v7.3.3

Changelog (symfony/var-dumper@v7.3.2...v7.3.3)

... (truncated)

Changelog

Sourced from symfony/var-dumper's changelog.

CHANGELOG

7.4

• Add support for adding more default casters to AbstractCloner::addDefaultCasters()
• Select HtmlDumper only if Accept header contains "html"

7.3

• Add casters for Dba\Connection, SQLite3Result, OpenSSLAsymmetricKey and OpenSSLCertificateSigningRequest
• Deprecate ResourceCaster::castCurl(), ResourceCaster::castGd() and ResourceCaster::castOpensslX509()
• Mark all casters as @internal

7.2

• Add support for FORCE_COLOR environment variable
• Add support for virtual properties

7.1

• Add support for new DOM extension classes in DOMCaster

7.0

• Add argument $label to VarDumper::dump()
• Require explicit argument when calling VarDumper::setHandler()
• Remove display of backtrace in Twig_Template, only Twig\Template is supported

6.4

• Dump uninitialized properties

6.3

• Add caster for WeakMap
• Add support of named arguments to dd() and dump() to display the argument name
• Add support for Relay\Relay
• Add display of invisible characters

6.2

... (truncated)

Commits

• 0e4769b Merge branch '7.3' into 7.4
• 3649e62 Merge branch '6.4' into 7.3
• 131fc99 do not use PHPUnit mock objects without configured expectations
• 7e99beb [VarDumper] Fix dumper selection for Accept: / requests
• 41fd6c4 bug #62182 [VarDumper] Fix dumping CurlHttpClient instances (nicolas-grekas)
• cb1fbca [VarDumper] Fix dumping CurlHttpClient instances
• 0c9272c do not use deprecated PHPUnit features
• b44731c Merge branch '7.3' into 7.4
• 476c4ae Merge branch '6.4' into 7.3
• cfae149 do not coerce NAN to other types
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Note

Dependency updates in plib/library/composer.lock

• Upgrade symfony/var-dumper from v7.3.0 to v7.4.4 (new commit ref, support link, release time; expanded require-dev to allow Symfony 8 components)
• Upgrade transitive symfony/polyfill-mbstring from v1.32.0 to v1.33.0 (updated support link and funding entries)

No application code changes; only lockfile updates.

^{Written by Cursor Bugbot for commit 5252fb7. This will update automatically on new commits. Configure here.}

[secure-code-warrior-for-github]

Micro-Learning Topic: SQL injection (Detected by phrase)

Matched on "SQLi"

What is this? (2min video)

This is probably one of the two most exploited vulnerabilities in web applications and has led to a number of high profile company breaches. It occurs when an application fails to sanitize or validate input before using it to dynamically construct a statement. An attacker that exploits this vulnerability will be able to gain access to the underlying database and view or modify data without permission.

Try a challenge in Secure Code Warrior

Helpful references

• PHP SQL Injection Page - A detailed page on SQL injection in the online PHP manual.
• OWASP SQL Injection Prevention Cheat Sheet - This article is focused on providing clear, simple, actionable guidance for preventing SQL Injection flaws in your applications.
• OWASP SQL Injection - OWASP community page with comprehensive information about SQL injection, and links to various OWASP resources to help detect or prevent it.
• OWASP Query Parameterization Cheat Sheet - A derivative work of the OWASP SQL Injection Prevention Cheat Sheet focused on SQL query parameterization.
• Preventing SQL Injection Attacks With Python - A tutorial on crafting parameterized queries, SQL composition and safe query execution in Python.