Bump symfony/security-bundle from 7.4.0 to 8.0.0

[dependabot]

Bumps symfony/security-bundle from 7.4.0 to 8.0.0.

Release notes

Sourced from symfony/security-bundle's releases.

v8.0.0

Changelog (symfony/security-bundle@v8.0.0-RC3...v8.0.0)

• no significant changes

v8.0.0-RC2

Changelog (symfony/security-bundle@v8.0.0-RC1...v8.0.0-RC2)

• bug symfony/symfony#62369 [Security] Set OIDC JWKS cache TTL from provider headers (@​Ali-HENDA)

v8.0.0-RC1

Changelog (symfony/security-bundle@v8.0.0-BETA2...v8.0.0-RC1)

• no significant changes

v8.0.0-BETA1

Changelog (symfony/security-bundle@v7.3.4...v8.0.0-BETA1)

• feature symfony/symfony#62090 [Config] Deprecate setting a default value to a node that is required (@​GromNaN)
• feature symfony/symfony#62043 [Security] Allow multiple OIDC discovery endpoints (@​ruudk)
• feature symfony/symfony#61986 [DependencyInjection] remove getNamespace() and getXsdValidationBasePath() from ExtensionInterface (@​xabbuh)
• feature symfony/symfony#60660 [Security] Add security:oidc-token:generate command (@​Jean-Beru)
• feature symfony/symfony#61930 [DependencyInjection][Routing] Remove support for the XML configuration format (@​nicolas-grekas)
• feature symfony/symfony#61919 [DependencyInjection] Deprecate ExtensionInterface::getXsdValidationBasePath() and getNamespace() (@​nicolas-grekas)
• feature symfony/symfony#60568 [DependencyInjection][Routing] Deprecate XML configuration format (@​MatTheCat)
• feature symfony/symfony#61860 [Config][DependencyInjection][Routing] Deprecate using $this or the internal scope of the loader from PHP config files (@​nicolas-grekas)
• feature symfony/symfony#51273 [Config] Add ArrayNodeDefinition::acceptAndWrap() to list alternative types that should be accepted and wrapped in an array (@​nicolas-grekas)
• feature symfony/symfony#61718 [Config] Add argument $singular to NodeBuilder::arrayNode() to decouple plurals/singulars from XML (@​nicolas-grekas)
• feature symfony/symfony#61034 [Security][SecurityBundle] Dump role hierarchy as mermaid chart (@​damienfern)
• feature symfony/symfony#61379 [Security][TwigBridge] Add access_decision() and access_decision_for_user() (@​florentdestremau)
• feature symfony/symfony#61156 [FrameworkBundle][TwigBundle] Remove options session.sid_length session.sid_bits_per_character router.cache_dir validation.cache and base_template_class (@​nicolas-grekas)
• feature symfony/symfony#61155 [FrameworkBundle][SecurityBundle] Remove autowiring aliases for RateLimiterFactory (@​nicolas-grekas)
• feature symfony/symfony#61046 [SecurityBundle] configuration for the storage service for the login throttling rate limiter (@​xabbuh)
• feature symfony/symfony#61012 [SecurityBundle] remove the deprecated security.authentication.hide_user_not_found parameter (@​xabbuh)
• feature symfony/symfony#60929 [SecurityBundle] Remove deprecated OIDC token handler options algorithm and key (@​OskarStark)
• feature symfony/symfony#60928 [SecurityBundle] Remove deprecated hide_user_not_found option (@​OskarStark)
• feature symfony/symfony#60910 [DependencyInjection] Add argument $target to ContainerBuilder::registerAliasForArgument() (@​nicolas-grekas)
• feature symfony/symfony#60874 [FrameworkBundle] Allow using their name without added suffix when using #[Target] for custom services (@​Valmonzo)
• feature symfony/symfony#60879 [Security] Remove callable firewall listeners support (@​MatTheCat)
• feature symfony/symfony#60614 [Security] Deprecate callable firewall listeners (@​MatTheCat)
• feature symfony/symfony#60742 [Ldap][Security] Remove deprecated eraseCredentials() from (User|Token)Interface (@​chalasr)
• feature symfony/symfony#60371 [SecurityBundle] register alias for argument for password hasher (@​lyrixx, @​chalasr)
• feature symfony/symfony#60639 Bump Symfony 8 to PHP >= 8.4 (@​nicolas-grekas)

Changelog

Sourced from symfony/security-bundle's changelog.

CHANGELOG

8.1

• Add support for the clientHints, prefetchCache, and prerenderCache ClearSite-Data directives
• Add support for #[AsTaggedItem] attribute to configure voter priority

8.0

• Remove the deprecated hide_user_not_found configuration option, use expose_security_errors instead
• Remove the deprecated algorithm and key options from the OIDC token handler configuration, use algorithms and keyset instead
• Remove LazyFirewallContext::__invoke()
• Make ExpressionCacheWarmer class final
• Remove autowiring aliases for RateLimiterFactory; use RateLimiterFactoryInterface instead

7.4

• Add debug:security:role-hierarchy command to dump role hierarchy graphs in the Mermaid.js flowchart format

• Add Security::getAccessDecision() and getAccessDecisionForUser() helpers

• Add options to configure a cache pool and storage service for login throttling rate limiters

• Register alias for argument for password hasher when its key is not a class name:

  With the following configuration:

  security:
    password_hashers:
        recovery_code: auto

  It is possible to inject the recovery_code password hasher in a service:

  public function __construct(
      #[Target('recovery_code')]
      private readonly PasswordHasherInterface $passwordHasher,
  ) {
  }

• Deprecate LazyFirewallContext::__invoke()

7.3

• Add Security::isGrantedForUser() to test user authorization without relying on the session. For example, users not currently logged in, or while processing a message from a message queue
• Add encryption support to OidcTokenHandler (JWE)
• Add expose_security_errors config option to display AccountStatusException

... (truncated)

Commits

• fa06c8b Merge branch '7.4' into 8.0
• 08a1295 Merge branch '7.4' into 8.0
• 8130dd3 Merge branch '7.4' into 8.0
• a7e0330 remove getNamespace() and getXsdValidationBasePath() from ExtensionInterface
• ef1ae45 Merge branch '7.4' into 8.0
• d332665 [DependencyInjection][Routing] Remove support for the XML configuration format
• 500e25f Merge branch '7.4' into 8.0
• d1230dc Merge branch '7.4' into 8.0
• e2bd257 Merge branch '7.4' into 8.0
• 717f2b3 Merge branch '7.4' into 8.0
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.