Bump symfony/security-core from 5.4.5 to 6.0.19

[dependabot]

Bumps symfony/security-core from 5.4.5 to 6.0.19.

Release notes

Sourced from symfony/security-core's releases.

v6.0.19

Changelog (symfony/security-core@v6.0.18...v6.0.19)

• bug #49078 Check tokens before loading users from providers (nicolas-grekas)

v6.0.17

Changelog (symfony/security-core@v6.0.16...v6.0.17)

• no significant changes

v6.0.15

Changelog (symfony/security-core@v6.0.14...v6.0.15)

• bug #47955 Add missing args to trigger_deprecation (alamirault)

v6.0.14

Changelog (symfony/security-core@v6.0.13...v6.0.14)

• no significant changes

v6.0.13

Changelog (symfony/security-core@v6.0.12...v6.0.13)

• no significant changes

v6.0.12

Changelog (symfony/security-core@v6.0.11...v6.0.12)

• bug #47335 getUserIdentifier() must return a string (mpiot)

v6.0.11

Changelog (symfony/security-core@v6.0.10...v6.0.11)

• no significant changes

v6.0.8

Changelog (symfony/security-core@v6.0.7...v6.0.8)

• no significant changes

v6.0.7

Changelog (symfony/security-core@v6.0.6...v6.0.7)

• bug #45808 Fixed TOCTOU in RememberMe cache token verifier (Ivan Kurnosov)
• bug #45697 Fix return value of NullToken::getUser() (chalasr)

v6.0.5

Changelog (symfony/security-core@v6.0.4...v6.0.5)

• bug #44259 AccountStatusException::$user should be nullable (Cantepie)

... (truncated)

Changelog

Sourced from symfony/security-core's changelog.

CHANGELOG

6.2

• Deprecate the Security class, use Symfony\Bundle\SecurityBundle\Security instead
• Change the signature of TokenStorageInterface::setToken() to setToken(?TokenInterface $token)
• Deprecate calling TokenStorage::setToken() without arguments
• Add a ChainUserChecker to allow calling multiple user checkers for a firewall

6.0

• TokenInterface does not extend Serializable anymore
• Remove all classes in the Core\Encoder\ sub-namespace, use the PasswordHasher component instead
• Remove methods getPassword() and getSalt() from UserInterface, use PasswordAuthenticatedUserInterface or LegacyPasswordAuthenticatedUserInterface instead
• AccessDecisionManager requires the strategy to be passed as in instance of AccessDecisionStrategyInterface

5.4

• Add a CacheableVoterInterface for voters that vote only on identified attributes and subjects
• Deprecate AuthenticationEvents::AUTHENTICATION_FAILURE, use the LoginFailureEvent instead
• Deprecate AnonymousToken, as the related authenticator was deprecated in 5.3
• Deprecate Token::getCredentials(), tokens should no longer contain credentials (as they represent authenticated sessions)
• Deprecate returning string|\Stringable from Token::getUser() (it must return a UserInterface)
• Deprecate AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY and AuthenticatedVoter::IS_ANONYMOUS, use AuthenticatedVoter::IS_AUTHENTICATED_FULLY or AuthenticatedVoter::IS_AUTHENTICATED instead.
• Deprecate AuthenticationTrustResolverInterface::isAnonymous() and the is_anonymous() expression function as anonymous no longer exists in version 6, use the isFullFledged() or the new isAuthenticated() instead if you want to check if the request is (fully) authenticated.
• Deprecate the $authenticationManager argument of the AuthorizationChecker constructor
• Deprecate setting the $alwaysAuthenticate argument to true and not setting the $exceptionOnNoToken argument to false of AuthorizationChecker
• Deprecate methods TokenInterface::isAuthenticated() and setAuthenticated, return null from "getUser()" instead when a token is not authenticated
• Add AccessDecisionStrategyInterface to allow custom access decision strategies
• Add access decision strategies AffirmativeStrategy, ConsensusStrategy, PriorityStrategy, UnanimousStrategy
• Deprecate passing the strategy as string to AccessDecisionManager, pass an instance of AccessDecisionStrategyInterface instead
• Flag AccessDecisionManager as @final

5.3

The CHANGELOG for version 5.3 and earlier can be found at https://github.com/symfony/symfony/blob/5.3/src/Symfony/Component/Security/CHANGELOG.md

Commits

• 6085f2b Merge branch '5.4' into 6.0
• 76fe5a7 [Security/Http] Check tokens before loading users from providers
• bc16932 Merge branch '5.4' into 6.0
• 6bf7df0 Bump license year to 2023
• 544a1f6 Minor (comment only), part 2
• 0bd4ad1 Merge branch '5.4' into 6.0
• 4ef922c Merge branch '4.4' into 5.4
• 32ffcb0 [Security][Serializer] Add missing args to trigger_deprecation
• 423ccb3 Added Urdu Language Translation in Form Component, Security Core and in Vali...
• 4c2ad4f Merge branch '5.4' into 6.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)