Resolve SMS Bypass issue (#242)

Implement Stepup Bundle SMS interface changes

Stepup Bundle has become more strict in storing its SMS state into
session. The session key is now created based on the second factor id.
This ID is not yet created on most accounts when registering a token.
Therefore a hard coded (fictional) second factor id is used in these
instances.

CHANGELOG.md

@@ -1,6 +1,14 @@
 # Changelog
+## 3.5.3
+- Added browserlist entry in package.json to ensure IE 11 support
 
-## 3.4.0
+## 3.5.2
+Update Stepup Bundle and Http Foundation to prevent deprecation warnings
+
+## 3.5.1
+Update stepup-saml-bundle and stepup-bundle
+
+## 3.5.0
 **Feature**
 * Self vetting (vet token with previously RA vetted token) #227
 

composer.json

@@ -22,13 +22,14 @@
         "nelmio/security-bundle": "^2",
         "openconext/monitor-bundle": "^2.0",
         "sensio/framework-extra-bundle": "^5.0",
-        "surfnet/stepup-bundle": "^4.0",
+        "surfnet/stepup-bundle": "^4.2",
         "surfnet/stepup-middleware-client-bundle": "^4.1",
-        "surfnet/stepup-saml-bundle": "^4.2.1",
+        "surfnet/stepup-saml-bundle": "^4.3.1",
         "symfony/console": "4.4.*",
         "symfony/expression-language": "4.4.*",
         "symfony/flex": "^1.8",
         "symfony/form": "4.4.*",
+        "symfony/http-foundation": "^5.0",
         "symfony/monolog-bundle": "^3.1.0",
         "symfony/security-bundle": "4.4.*",
         "symfony/stopwatch": "4.4.*",
@@ -54,12 +55,6 @@
         "symfony/css-selector": "4.4.*",
         "symfony/phpunit-bridge": "^3.0"
     },
-    "repositories": [
-        {
-            "type": "git",
-            "url": "https://github.com/OpenConext/Stepup-Middleware-clientbundle.git"
-        }
-    ],
     "scripts": {
         "test": [
             "@lint",
@@ -112,7 +107,7 @@
         "optimize-autoloader": true,
         "sort-packages": true,
         "platform": {
-            "php": "7.2"
+            "php": "7.2.5"
         }
     },
     "archive": {