Bump symfony/security-bundle from 5.2.5 to 5.3.4

[dependabot-preview]

Bumps symfony/security-bundle from 5.2.5 to 5.3.4.

Release notes

Sourced from symfony/security-bundle's releases.

v5.3.4

Changelog (symfony/security-bundle@v5.3.3...v5.3.4)

• no significant changes

v5.3.3

Changelog (symfony/security-bundle@v5.3.2...v5.3.3)

• bug #41242 Change information label from red to yellow (94noni)
• bug #41747 Fixed 'security.command.debug_firewall' not found (Nyholm)

v5.3.2

Changelog (symfony/security-bundle@v5.3.1...v5.3.2)

• bug #41509 Link UserProviderListener to correct firewall dispatcher (Matth--)

v5.3.0

Changelog (symfony/security-bundle@v5.3.0-RC1...v5.3.0)

• bug #41376 Don't register deprecated listeners with authenticator manager enabled (chalasr)

v5.3.0-RC1

Changelog (symfony/security-bundle@v5.3.0-BETA4...v5.3.0-RC1)

• feature #41175 Add support for parallel requests doing remember-me re-authentication (Seldaek)
• feature #41247 Deprecate the old authentication mechanisms (chalasr)
• bug #41269 Remove invalid unused service (chalasr)
• bug #41139 Remove allows anonymous information in datacollector (ismail1432)
• bug #41254 Fix handling secure: auto using the new RememberMeAuthenticator (chalasr)

v5.3.0-BETA4

Changelog (symfony/security-bundle@v5.3.0-BETA3...v5.3.0-BETA4)

• bug #41164 fix debug:event-dispatcher and debug:firewall (nicolas-grekas)

v5.3.0-BETA3

Changelog (symfony/security-bundle@v5.3.0-BETA2...v5.3.0-BETA3)

• bug #40902 Allow ips parameter in access_control to accept comma-separated string (edefimov)

v5.2.12

Changelog (symfony/security-bundle@v5.2.11...v5.2.12)

• no significant changes

v5.2.11

Changelog (symfony/security-bundle@v5.2.10...v5.2.11)

• bug #41242 Change information label from red to yellow (94noni)
• bug #41509 Link UserProviderListener to correct firewall dispatcher (Matth--)

... (truncated)

Changelog

Sourced from symfony/security-bundle's changelog.

CHANGELOG

5.3

• The authenticator system is no longer experimental
• Login Link functionality is no longer experimental
• Add required_badges firewall config option
• [BC break] Add login_throttling.lock_factory setting defaulting to null (instead of lock.factory)
• Add a login_throttling.interval (in security.firewalls) option to change the default throttling interval.
• Add the debug:firewall command.
• Deprecate UserPasswordEncoderCommand class and the corresponding user:encode-password command, use UserPasswordHashCommand and user:hash-password instead
• Deprecate the security.encoder_factory.generic service, the security.encoder_factory and Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface aliases, use security.password_hasher_factory and Symfony\Component\PasswordHasher\Hasher\PasswordHasherFactoryInterface instead
• Deprecate the security.user_password_encoder.generic service, the security.password_encoder and the Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface aliases, use security.user_password_hasher, security.password_hasher and Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface instead
• Deprecate the public security.authorization_checker and security.token_storage services to private
• Not setting the enable_authenticator_manager config option to true is deprecated
• Deprecate the security.authentication.provider.* services, use the new authenticator system instead
• Deprecate the security.authentication.listener.* services, use the new authenticator system instead
• Deprecate the Guard component integration, use the new authenticator system instead

5.2.0

• Added FirewallListenerFactoryInterface, which can be implemented by security factories to add firewall listeners
• Added SortFirewallListenersPass to make the execution order of firewall listeners configurable by leveraging Symfony\Component\Security\Http\Firewall\FirewallListenerInterface
• Added ability to use comma separated ip address list for security.access_control
• [BC break] Removed EntryPointFactoryInterface, authenticators must now implement AuthenticationEntryPointInterface if they require autoregistration of a Security entry point.

5.1.0

• Added XSD for configuration
• Added security configuration for priority-based access decision strategy
• Marked the AnonymousFactory, FormLoginFactory, FormLoginLdapFactory, GuardAuthenticationFactory, HttpBasicFactory, HttpBasicLdapFactory, JsonLoginFactory, JsonLoginLdapFactory, RememberMeFactory, RemoteUserFactory and X509Factory as @internal
• Renamed method AbstractFactory#createEntryPoint() to AbstractFactory#createDefaultEntryPoint()

5.0.0

• The switch_user.stateless firewall option has been removed.
• Removed the ability to configure encoders using argon2i or bcrypt as algorithm, use auto instead
• The simple_form and simple_preauth authentication listeners have been removed, use Guard instead.
• The SimpleFormFactory and SimplePreAuthenticationFactory classes have been removed,

... (truncated)

Commits

• 7db2c7d Merge branch '5.2' into 5.3
• bc36546 Merge branch '4.4' into 5.2
• 49a0906 minor #42010 Improve usage of twig ternary (Seb33300)
• 88e23e1 Improve usage of twig ternary
• 721e0bf Merge branch '5.2' into 5.3
• bcee325 Merge branch '4.4' into 5.2
• 73c7de5 Leverage str_contains/str_starts_with
• 9be4694 Merge branch '5.2' into 5.3
• 4be8ec8 Backport type fixes
• f1fabca Merge branch '5.2' into 5.3
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)