From dfb6ccb3fb46fa64414dd8f9517bbe20b49a6ef4 Mon Sep 17 00:00:00 2001 From: Alexander Schranz Date: Mon, 9 Dec 2024 12:47:05 +0100 Subject: [PATCH 1/5] Update to Symfony 7.2 --- composer.json | 30 +++++++++++++++--------------- config/packages/csrf.yaml | 11 +++++++++++ symfony.lock | 12 ++++++++++++ 3 files changed, 38 insertions(+), 15 deletions(-) create mode 100644 config/packages/csrf.yaml diff --git a/composer.json b/composer.json index 8a5547bf..d9e6fa28 100644 --- a/composer.json +++ b/composer.json @@ -42,16 +42,16 @@ "scheb/2fa-trusted-device": "^7.2", "stof/doctrine-extensions-bundle": "^1.11", "sulu/sulu": "~2.6.6", - "symfony/config": "^7.1", - "symfony/dotenv": "^7.1", + "symfony/config": "^7.2", + "symfony/dotenv": "^7.2", "symfony/flex": "^1.17 || ^2.0", - "symfony/framework-bundle": "^7.1", - "symfony/mailer": "^7.1", - "symfony/monolog-bridge": "^7.1", + "symfony/framework-bundle": "^7.2", + "symfony/mailer": "^7.2", + "symfony/monolog-bridge": "^7.2", "symfony/monolog-bundle": "^3.4", - "symfony/runtime": "^7.1", - "symfony/security-bundle": "^7.1", - "symfony/twig-bundle": "^7.1" + "symfony/runtime": "^7.2", + "symfony/security-bundle": "^7.2", + "symfony/twig-bundle": "^7.2" }, "require-dev": { "jangregor/phpstan-prophecy": "^1.0", @@ -66,13 +66,13 @@ "phpunit/phpunit": "^9.6", "rector/rector": "^1.0", "sulu/sulu-rector": "^1.0", - "symfony/browser-kit": "^7.1", - "symfony/css-selector": "^7.1", - "symfony/debug-bundle": "^7.1", - "symfony/error-handler": "^7.1", - "symfony/phpunit-bridge": "^7.1", + "symfony/browser-kit": "^7.2", + "symfony/css-selector": "^7.2", + "symfony/debug-bundle": "^7.2", + "symfony/error-handler": "^7.2", + "symfony/phpunit-bridge": "^7.2", "symfony/thanks": "^1.2", - "symfony/web-profiler-bundle": "^7.1", + "symfony/web-profiler-bundle": "^7.2", "thecodingmachine/phpstan-strict-rules": "^1.0", "vincentlanglet/twig-cs-fixer": "^3.0" }, @@ -203,7 +203,7 @@ "extra": { "symfony": { "allow-contrib": true, - "require": "7.1.*" + "require": "7.2.*" } } } diff --git a/config/packages/csrf.yaml b/config/packages/csrf.yaml new file mode 100644 index 00000000..40d40405 --- /dev/null +++ b/config/packages/csrf.yaml @@ -0,0 +1,11 @@ +# Enable stateless CSRF protection for forms and logins/logouts +framework: + form: + csrf_protection: + token_id: submit + + csrf_protection: + stateless_token_ids: + - submit + - authenticate + - logout diff --git a/symfony.lock b/symfony.lock index 799cd8f9..cce62d80 100644 --- a/symfony.lock +++ b/symfony.lock @@ -211,6 +211,18 @@ ".env" ] }, + "symfony/form": { + "version": "7.2", + "recipe": { + "repo": "github.com/symfony/recipes", + "branch": "main", + "version": "7.2", + "ref": "7d86a6723f4a623f59e2bf966b6aad2fc461d36b" + }, + "files": [ + "config/packages/csrf.yaml" + ] + }, "symfony/framework-bundle": { "version": "7.1", "recipe": { From cf14e12bc131800b05cf593e03e6ba3b34f4c390 Mon Sep 17 00:00:00 2001 From: Alexander Schranz Date: Mon, 9 Dec 2024 12:47:26 +0100 Subject: [PATCH 2/5] Update twig cs fixer --- symfony.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/symfony.lock b/symfony.lock index cce62d80..a4bfbc3e 100644 --- a/symfony.lock +++ b/symfony.lock @@ -371,12 +371,12 @@ ] }, "vincentlanglet/twig-cs-fixer": { - "version": "3.0", + "version": "3.4", "recipe": { "repo": "github.com/symfony/recipes-contrib", "branch": "main", - "version": "0.6", - "ref": "e4da12a48e8138479bd24a675321bcfd84950266" + "version": "3.0", + "ref": "d42582ae1bce86fd43491d6264c738b0867f8ffe" } } } From 2ee85cb13a08f84bf75874d60b1c6191fc310fbe Mon Sep 17 00:00:00 2001 From: Alexander Schranz Date: Mon, 9 Dec 2024 12:47:41 +0100 Subject: [PATCH 3/5] Update Symfony Flex --- .env.dev | 0 symfony.lock | 7 ++++--- 2 files changed, 4 insertions(+), 3 deletions(-) create mode 100644 .env.dev diff --git a/.env.dev b/.env.dev new file mode 100644 index 00000000..e69de29b diff --git a/symfony.lock b/symfony.lock index a4bfbc3e..516e1c26 100644 --- a/symfony.lock +++ b/symfony.lock @@ -204,11 +204,12 @@ "recipe": { "repo": "github.com/symfony/recipes", "branch": "main", - "version": "1.0", - "ref": "146251ae39e06a95be0fe3d13c807bcf3938b172" + "version": "2.4", + "ref": "52e9754527a15e2b79d9a610f98185a1fe46622a" }, "files": [ - ".env" + ".env", + ".env.dev" ] }, "symfony/form": { From dfe257726c94dcd604de7706b8214583b5406a31 Mon Sep 17 00:00:00 2001 From: Alexander Schranz Date: Mon, 9 Dec 2024 12:51:37 +0100 Subject: [PATCH 4/5] Update framework bundle --- .env.dev | 4 ++++ config/packages/csrf.yaml | 16 ++++++++-------- config/packages/framework.yaml | 3 +-- symfony.lock | 6 +++--- 4 files changed, 16 insertions(+), 13 deletions(-) diff --git a/.env.dev b/.env.dev index e69de29b..743e182a 100644 --- a/.env.dev +++ b/.env.dev @@ -0,0 +1,4 @@ + +###> symfony/framework-bundle ### +APP_SECRET=c9798d38335165263bcb913df2c4a79c +###< symfony/framework-bundle ### diff --git a/config/packages/csrf.yaml b/config/packages/csrf.yaml index 40d40405..e723308a 100644 --- a/config/packages/csrf.yaml +++ b/config/packages/csrf.yaml @@ -1,11 +1,11 @@ # Enable stateless CSRF protection for forms and logins/logouts framework: form: - csrf_protection: - token_id: submit - - csrf_protection: - stateless_token_ids: - - submit - - authenticate - - logout +# csrf_protection: +# token_id: submit +# +# csrf_protection: +# stateless_token_ids: +# - submit +# - authenticate +# - logout diff --git a/config/packages/framework.yaml b/config/packages/framework.yaml index f3f438ea..8748117d 100644 --- a/config/packages/framework.yaml +++ b/config/packages/framework.yaml @@ -1,8 +1,7 @@ # see https://symfony.com/doc/current/reference/configuration/framework.html framework: secret: '%env(APP_SECRET)%' - #csrf_protection: true - http_method_override: true # enable also in the index.php + http_method_override: true # enabled also in the index.php # Enables session support. Note that the session will ONLY be started if you read or write from it. # Remove or comment this section to explicitly disable session support. diff --git a/symfony.lock b/symfony.lock index 516e1c26..03c06d0d 100644 --- a/symfony.lock +++ b/symfony.lock @@ -225,12 +225,12 @@ ] }, "symfony/framework-bundle": { - "version": "7.1", + "version": "7.2", "recipe": { "repo": "github.com/symfony/recipes", "branch": "main", - "version": "7.0", - "ref": "6356c19b9ae08e7763e4ba2d9ae63043efc75db5" + "version": "7.2", + "ref": "87bcf6f7c55201f345d8895deda46d2adbdbaa89" }, "files": [ "config/packages/cache.yaml", From fc414cde81f9bf9ca7cc352f89fe6f422d46cb93 Mon Sep 17 00:00:00 2001 From: Alexander Schranz Date: Thu, 9 Jan 2025 11:32:50 +0100 Subject: [PATCH 5/5] Fix recipes update conflicts --- .env.dev | 4 ---- symfony.lock | 6 +++--- 2 files changed, 3 insertions(+), 7 deletions(-) delete mode 100644 .env.dev diff --git a/.env.dev b/.env.dev deleted file mode 100644 index 743e182a..00000000 --- a/.env.dev +++ /dev/null @@ -1,4 +0,0 @@ - -###> symfony/framework-bundle ### -APP_SECRET=c9798d38335165263bcb913df2c4a79c -###< symfony/framework-bundle ### diff --git a/symfony.lock b/symfony.lock index 03c06d0d..516e1c26 100644 --- a/symfony.lock +++ b/symfony.lock @@ -225,12 +225,12 @@ ] }, "symfony/framework-bundle": { - "version": "7.2", + "version": "7.1", "recipe": { "repo": "github.com/symfony/recipes", "branch": "main", - "version": "7.2", - "ref": "87bcf6f7c55201f345d8895deda46d2adbdbaa89" + "version": "7.0", + "ref": "6356c19b9ae08e7763e4ba2d9ae63043efc75db5" }, "files": [ "config/packages/cache.yaml",