composer(deps-dev): update sylius/sylius requirement from ~1.9.0 to ~1.9.0 || ~1.10.0

[dependabot]

Updates the requirements on sylius/sylius to permit the latest version.

Release notes

Sourced from sylius/sylius's releases.

v1.10.11

TL;DR

🔒 This is a security release!

Fixes the following vulnerabilities:

• Improper sanitize of SVG files during content upload ('Cross-site Scripting') in Sylius/Sylius
• User token not setup to null after reset password
• Add missing HTTP headers to avoid login forms clickjacking
• Exposure of sensitive information by using the back button after logging out in sylius/sylius

Details

• #13432 Update SalesDataProvider.php (@​remoteclient)
• #13723 [Docs] Deployment on artifakt (@​AdamKasp)
• #13731 [Taxation] Add validation of negative tax rate (@​coldic3)
• #13734 [JS] add empty value to autocomplete selects (@​SirDomin)
• #13750 [Admin][Shop] placehold.it replaced to local placeholders (@​ernestWarwas)
• #13756 [GitHub Actions] Change PHP ini values + clear cache (@​GSadee)
• #13765 [Security] Fixes for SVG XSS, wrong cache for logged in users and clickjacking (@​ernestWarwas, @​lchrusciel, @​GSadee, @​Zales0123, @​Rafikooo)
• #13766 [Security][API] passwordResetToken nulled after password is changed (@​lchrusciel, @​ernestWarwas, @​GSadee, @​TheMilek)

Changelog

Sourced from sylius/sylius's changelog.

v1.10.11 (2022-03-14)

Details

• #13432 Update SalesDataProvider.php (@​remoteclient)
• #13723 [Docs] Deployment on artifakt (@​AdamKasp)
• #13731 [Taxation] Add validation of negative tax rate (@​coldic3)
• #13734 [JS] add empty value to autocomplete selects (@​SirDomin)
• #13750 [Admin][Shop] placehold.it replaced to local placeholders (@​ernestWarwas)
• #13756 [GitHub Actions] Change PHP ini values + clear cache (@​GSadee)
• #13765 [Security] Fixes for SVG XSS, wrong cache for logged in users and clickjacking (@​ernestWarwas, @​lchrusciel, @​GSadee, @​Zales0123, @​Rafikooo)
• #13766 [Security][API] passwordResetToken nulled after password is changed (@​lchrusciel, @​ernestWarwas, @​GSadee, @​TheMilek)

v1.10.10 (2022-03-07)

Details

• #13575 [DX] add correct return type to getAdjustments method (@​PILLOWPET)
• #13641 [ADR] Declaring services as public in container (@​lchrusciel)
• #13647 Update Sylius supported versions (@​Zales0123)
• #13650 [Documentation] Update installation guide for Plus (@​GSadee)
• #13660 [CLI] Cancel unpaid orders command (@​rafalswierczek)
• #13676 [Cart] Fix retrieving/overriding cart of logged in user by guest (@​SirDomin, @​GSadee)
• #13683 Improve verbosity of canceling unpaid orders test (@​rafalswierczek)
• #13684 [Product][API][Bug] Fixed product sorting by translated names (@​Rafikooo)
• #13695 [Order] Change getters and setters to use a proper flag name (@​GSadee)
• #13715 add dependency injection conflict (@​SirDomin)
• #13716 [Documentation] Fix start date of development 1.12 version (@​GSadee)
• #13725 [PaypalExpress] Dont take shipping tax adjustment to shipping cost (@​SirDomin)
• #13730 [Maintenance] Add conflict to symfony/framework-bundle to fix problem with solving path prefix in API scenarios (@​GSadee)
• #13732 [Hot-fix] Conflict with symfony/dependency-injection even more (@​Zales0123)

v1.10.9 (2022-02-14)

Details

• #13421 [Docs] How to customize the invoice logo - updated cookbook (@​Rafikooo)
• #13423 [Docs] Customizing Credit Memo's logo (@​TheMilek)
• #13431 FIX: Avoid passing empty needle to strpos() (@​rimas-kudelis)
• #13498 [Docs] Sylius 1.8 is not supported anymore (@​Zales0123)
• #13504 Postpone 1.10 end of maintenance date (@​Zales0123)
• #13506 [Docs] How to customize the invoice logo - neatly cut invoice image (@​Rafikooo)
• #13513 [Architecture] Do not double install PHP dependencies (@​lchrusciel)
• #13514 [Documentation] Update Core Team in our documentation (@​lchrusciel)
• #13515 [Maintenance] Replace test-package.sh with native GH Actions (@​lchrusciel)
• #13516 [Maintenance] Remove NelmioAlice from the main packages config (@​lchrusciel)
• #13517 [Docs] Change the template path in customization (@​Roshyo)
• #13519 [Docs] Altered custom invoice logo path (@​Rafikooo)
• #13520 change suggested path in refund docs (@​AdamKasp)
• #13527 [Minor] Typo fixes in github packages config (@​lchrusciel)

... (truncated)

Commits

• a235221 Generate changelog for v1.10.11
• 009cfbf Change application's version to v1.10.11
• 8f3a08a bug #13766 [Security][API] passwordResetToken nulled after password is change...
• 4a74042 Merge branch '1.9' into 1.10
• cb824ad Change application's version to v1.9.11-dev
• 0aa2e0a Generate changelog for v1.9.10
• e2a0aa0 Change application's version to v1.9.10
• 4107162 Merge branch '1.9' into 1.10
• 3da169e bug #13765 [Security] Fixes for SVG XSS, wrong cache for logged in users and ...
• 91c9bef bug #13432 Update SalesDataProvider.php (remoteclient)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

Merging #84 (9533d24) into master (1d20db0) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff            @@
##             master     #84   +/-   ##
========================================
  Coverage      0.00%   0.00%           
+ Complexity      264     263    -1     
========================================
  Files            51      50    -1     
  Lines           911     875   -36     
========================================
+ Misses          911     875   -36     

Impacted Files	Coverage Δ
src/Client/Client.php	0.00% <0.00%> (ø)
src/Menu/AdminMenuBuilder.php	0.00% <0.00%> (ø)
src/Form/Type/AudienceType.php	0.00% <0.00%> (ø)
src/Loader/AudiencesLoader.php	0.00% <0.00%> (ø)
src/DataGenerator/DataGenerator.php	0.00% <0.00%> (ø)
src/Command/LoadAudiencesCommand.php	0.00% <0.00%> (ø)
src/DataGenerator/OrderDataGenerator.php	0.00% <0.00%> (ø)
src/DataGenerator/StoreDataGenerator.php	0.00% <0.00%> (ø)
src/DataGenerator/ProductDataGenerator.php	0.00% <0.00%> (ø)
src/Form/Type/SubscribeToNewsletterType.php	0.00% <0.00%> (ø)
... and 7 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1d20db0...9533d24. Read the comment docs.

[dependabot]

Superseded by #88.