Bump symfony/security-bundle from 7.2.9 to 7.3.3

[dependabot]

Bumps symfony/security-bundle from 7.2.9 to 7.3.3.

Release notes

Sourced from symfony/security-bundle's releases.

v7.3.3

Changelog (symfony/security-bundle@v7.3.2...v7.3.3)

• no significant changes

v7.3.2

Changelog (symfony/security-bundle@v7.3.1...v7.3.2)

• bug symfony/symfony#61194 [Security] Fix added $token argument to UserCheckerInterface::checkPostAuth() (@​nicolas-grekas)

v7.3.1

Changelog (symfony/security-bundle@v7.3.0...v7.3.1)

• no significant changes

v7.3.0

Changelog (symfony/security-bundle@v7.3.0-RC1...v7.3.0)

• no significant changes

v7.3.0-RC1

Changelog (symfony/security-bundle@v7.3.0-BETA2...v7.3.0-RC1)

• bug symfony/symfony#60419 [SecurityBundle] normalize string values to a single ExposeSecurityLevel instance (@​xabbuh)
• bug symfony/symfony#60266 [Security] Exclude remember_me from default login authenticators (@​santysisi)

v7.3.0-BETA2

Changelog (symfony/security-bundle@v7.3.0-BETA1...v7.3.0-BETA2)

• bug symfony/symfony#58643 [SecurityBundle] Use Composer InstalledVersions to check if flex is installed (@​andyexeter)

v7.3.0-BETA1

Changelog (symfony/security-bundle@v7.2.6...v7.3.0-BETA1)

• feature symfony/symfony#59762 [Config] Add NodeDefinition::docUrl() (@​alexandre-daubois)
• feature symfony/symfony#60069 [FrameworkBundle] Deprecate setting the collect_serializer_data to false (@​mtarld)
• feature symfony/symfony#54932 [Security][SecurityBundle] OIDC discovery (@​vincentchalamon)
• feature symfony/symfony#50027 [Security] OAuth2 Introspection Endpoint (RFC7662) (@​Spomky)
• feature symfony/symfony#59805 [Security] Improve DX of recent additions (@​nicolas-grekas)
• feature symfony/symfony#59150 [Security] Allow using a callable with #[IsGranted] (@​alexandre-daubois)
• feature symfony/symfony#59771 [Security] Add ability for voters to explain their vote (@​nicolas-grekas)
• feature symfony/symfony#52181 [Security] Ability to add roles in form_login_ldap by ldap group (@​Spomky)
• feature symfony/symfony#59682 [Security] Deprecate UserInterface & TokenInterface's eraseCredentials() (@​chalasr, @​nicolas-grekas)
• feature symfony/symfony#58300 [Security][SecurityBundle] Show user account status errors (@​core23)
• feature symfony/symfony#57721 [Security][SecurityBundle] Add encryption support to OIDC tokens (@​Spomky)
• feature symfony/symfony#59129 [SecurityBundle][TwigBridge] Add is_granted_for_user() function (@​natewiebe13)
• feature symfony/symfony#48142 [Security][SecurityBundle] User authorization checker (@​natewiebe13)

Changelog

Sourced from symfony/security-bundle's changelog.

CHANGELOG

7.3

• Add Security::isGrantedForUser() to test user authorization without relying on the session. For example, users not currently logged in, or while processing a message from a message queue
• Add encryption support to OidcTokenHandler (JWE)
• Add expose_security_errors config option to display AccountStatusException
• Deprecate the security.hide_user_not_found config option in favor of security.expose_security_errors
• Add ability to fetch LDAP roles
• Add OAuth2TokenHandlerFactory for AccessTokenFactory
• Add discovery support to OidcTokenHandler and OidcUserInfoTokenHandler

7.2

• Allow configuring the secret used to sign login links
• Allow passing optional passport attributes to Security::login()

7.1

• Mark class ExpressionCacheWarmer as final
• Support multiple signature algorithms for OIDC Token
• Support JWK or JWKSet for OIDC Token

7.0

• Enabling SecurityBundle and not configuring it is not allowed
• Remove the enable_authenticator_manager config option
• Remove the security.firewalls.logout.csrf_token_generator config option, use security.firewalls.logout.csrf_token_manager instead
• Remove the require_previous_session config option from authenticators

6.4

• Deprecate Security::ACCESS_DENIED_ERROR, AUTHENTICATION_ERROR and LAST_USERNAME constants, use the ones on SecurityRequestAttributes instead
• Allow an array of pattern in firewall configuration
• Add $badges argument to Security::login
• Deprecate the require_previous_session config option. Setting it has no effect anymore
• Add LogoutRouteLoader

6.3

• Deprecate enabling bundle and not configuring it
• Add _stateless attribute to the request when firewall is stateless and the attribute is not already set
• Add StatelessAuthenticatorFactoryInterface for authenticators targeting stateless firewalls only and that don't require a user provider

... (truncated)

Commits

• fbecca9 Merge branch '6.4' into 7.3
• 9780abd [SecurityBundle] Add tests for debug:firewall command
• d8278a9 Merge branch '7.2' into 7.3
• 034665e Merge branch '7.2' into 7.3
• 428a281 Merge branch '7.2' into 7.3
• 9a208c6 Merge branch '7.2' into 7.3
• 61e7433 minor #60425 [SecurityBundle] forbid to use hide_user_not_found and `expose...
• 5630fb2 Merge branch '7.2' into 7.3
• 6f53315 forbid to use "hide_user_not_found" and "expose_security_errors" at the same ...
• 7fff19a normalize string values to a single ExposeSecurityLevel instance
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #204.