Bump symfony/security-bundle from 7.4.0 to 8.0.0

[dependabot]

Bumps symfony/security-bundle from 7.4.0 to 8.0.0.

Release notes

Sourced from symfony/security-bundle's releases.

v8.0.0

Changelog (symfony/security-bundle@v8.0.0-RC3...v8.0.0)

• no significant changes

v8.0.0-RC2

Changelog (symfony/security-bundle@v8.0.0-RC1...v8.0.0-RC2)

• bug symfony/symfony#62369 [Security] Set OIDC JWKS cache TTL from provider headers (@​Ali-HENDA)

v8.0.0-RC1

Changelog (symfony/security-bundle@v8.0.0-BETA2...v8.0.0-RC1)

• no significant changes

v8.0.0-BETA1

Changelog (symfony/security-bundle@v7.3.4...v8.0.0-BETA1)

• feature symfony/symfony#62090 [Config] Deprecate setting a default value to a node that is required (@​GromNaN)
• feature symfony/symfony#62043 [Security] Allow multiple OIDC discovery endpoints (@​ruudk)
• feature symfony/symfony#61986 [DependencyInjection] remove getNamespace() and getXsdValidationBasePath() from ExtensionInterface (@​xabbuh)
• feature symfony/symfony#60660 [Security] Add security:oidc-token:generate command (@​Jean-Beru)
• feature symfony/symfony#61930 [DependencyInjection][Routing] Remove support for the XML configuration format (@​nicolas-grekas)
• feature symfony/symfony#61919 [DependencyInjection] Deprecate ExtensionInterface::getXsdValidationBasePath() and getNamespace() (@​nicolas-grekas)
• feature symfony/symfony#60568 [DependencyInjection][Routing] Deprecate XML configuration format (@​MatTheCat)
• feature symfony/symfony#61860 [Config][DependencyInjection][Routing] Deprecate using $this or the internal scope of the loader from PHP config files (@​nicolas-grekas)
• feature symfony/symfony#51273 [Config] Add ArrayNodeDefinition::acceptAndWrap() to list alternative types that should be accepted and wrapped in an array (@​nicolas-grekas)
• feature symfony/symfony#61718 [Config] Add argument $singular to NodeBuilder::arrayNode() to decouple plurals/singulars from XML (@​nicolas-grekas)
• feature symfony/symfony#61034 [Security][SecurityBundle] Dump role hierarchy as mermaid chart (@​damienfern)
• feature symfony/symfony#61379 [Security][TwigBridge] Add access_decision() and access_decision_for_user() (@​florentdestremau)
• feature symfony/symfony#61156 [FrameworkBundle][TwigBundle] Remove options session.sid_length session.sid_bits_per_character router.cache_dir validation.cache and base_template_class (@​nicolas-grekas)
• feature symfony/symfony#61155 [FrameworkBundle][SecurityBundle] Remove autowiring aliases for RateLimiterFactory (@​nicolas-grekas)
• feature symfony/symfony#61046 [SecurityBundle] configuration for the storage service for the login throttling rate limiter (@​xabbuh)
• feature symfony/symfony#61012 [SecurityBundle] remove the deprecated security.authentication.hide_user_not_found parameter (@​xabbuh)
• feature symfony/symfony#60929 [SecurityBundle] Remove deprecated OIDC token handler options algorithm and key (@​OskarStark)
• feature symfony/symfony#60928 [SecurityBundle] Remove deprecated hide_user_not_found option (@​OskarStark)
• feature symfony/symfony#60910 [DependencyInjection] Add argument $target to ContainerBuilder::registerAliasForArgument() (@​nicolas-grekas)
• feature symfony/symfony#60874 [FrameworkBundle] Allow using their name without added suffix when using #[Target] for custom services (@​Valmonzo)
• feature symfony/symfony#60879 [Security] Remove callable firewall listeners support (@​MatTheCat)
• feature symfony/symfony#60614 [Security] Deprecate callable firewall listeners (@​MatTheCat)
• feature symfony/symfony#60742 [Ldap][Security] Remove deprecated eraseCredentials() from (User|Token)Interface (@​chalasr)
• feature symfony/symfony#60371 [SecurityBundle] register alias for argument for password hasher (@​lyrixx, @​chalasr)
• feature symfony/symfony#60639 Bump Symfony 8 to PHP >= 8.4 (@​nicolas-grekas)

Changelog

Sourced from symfony/security-bundle's changelog.

CHANGELOG

8.1

• Add support for the clientHints, prefetchCache, and prerenderCache ClearSite-Data directives
• Add support for #[AsTaggedItem] attribute to configure voter priority

8.0

• Remove the deprecated hide_user_not_found configuration option, use expose_security_errors instead
• Remove the deprecated algorithm and key options from the OIDC token handler configuration, use algorithms and keyset instead
• Remove LazyFirewallContext::__invoke()
• Make ExpressionCacheWarmer class final
• Remove autowiring aliases for RateLimiterFactory; use RateLimiterFactoryInterface instead

7.4

• Add debug:security:role-hierarchy command to dump role hierarchy graphs in the Mermaid.js flowchart format

• Add Security::getAccessDecision() and getAccessDecisionForUser() helpers

• Add options to configure a cache pool and storage service for login throttling rate limiters

• Register alias for argument for password hasher when its key is not a class name:

  With the following configuration:

  security:
    password_hashers:
        recovery_code: auto

  It is possible to inject the recovery_code password hasher in a service:

  public function __construct(
      #[Target('recovery_code')]
      private readonly PasswordHasherInterface $passwordHasher,
  ) {
  }

• Deprecate LazyFirewallContext::__invoke()

7.3

• Add Security::isGrantedForUser() to test user authorization without relying on the session. For example, users not currently logged in, or while processing a message from a message queue
• Add encryption support to OidcTokenHandler (JWE)
• Add expose_security_errors config option to display AccountStatusException

... (truncated)

Commits

• fa06c8b Merge branch '7.4' into 8.0
• 08a1295 Merge branch '7.4' into 8.0
• 8130dd3 Merge branch '7.4' into 8.0
• a7e0330 remove getNamespace() and getXsdValidationBasePath() from ExtensionInterface
• ef1ae45 Merge branch '7.4' into 8.0
• d332665 [DependencyInjection][Routing] Remove support for the XML configuration format
• 500e25f Merge branch '7.4' into 8.0
• d1230dc Merge branch '7.4' into 8.0
• e2bd257 Merge branch '7.4' into 8.0
• 717f2b3 Merge branch '7.4' into 8.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)