Composer update patch versions #470
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
johanib
force-pushed
the
feature/package_updates_nov_25
branch
from
2990856 to
3528277
Compare
MKodde
reviewed
Nov 5, 2025
Member
MKodde
left a comment
MKodde
left a comment
There was a problem hiding this comment.
Nice work! See some remarks below.
Feel free to discuss the points I'm touching on regarding conventions. If they no longer fit your needs, or work against you.
johanib
force-pushed
the
feature/package_updates_nov_25
branch
6 times, most recently
from
262d744 to
1f89d25
Compare
johanib
commented
Nov 17, 2025
johanib
force-pushed
the
feature/package_updates_nov_25
branch
from
f5a2c49 to
14b835b
Compare
Contributor
Author
|
@MKodde I updated the surfnet libraries. I think this should be ready as is. Only thing I'm considering is cleaning up the commits a bit, but I don't want to make your review job more difficult, so might do that after the review. Also: I'm doing the frontend in a serparate PR. |
johanib
force-pushed
the
feature/package_updates_nov_25
branch
from
14b835b to
91369d0
Compare
MKodde
requested changes
Nov 19, 2025
Member
MKodde
left a comment
MKodde
left a comment
There was a problem hiding this comment.
What a bunch of work again!
I think your latest changes look good in general. I found three things of which 1 or 2 need some attention the other is a nitpick.
Feel free to rebase, squash or rewrite history as you please.
src/Surfnet/StepupGateway/GatewayBundle/Container/ContainerController.php
Show resolved
Hide resolved
src/Surfnet/StepupGateway/GatewayBundle/DependencyInjection/Configuration.php
Outdated
Show resolved
Hide resolved
Prior to this change, the test files had errors in the namespace, triggering errors during `composer dump-autoload`. This change corrects the namespacing errors.
Prior to this change, running the functional behat tests would fail after a clear-cache. This happened because clear-cache removes the cache dir, and recreates it as root (because cache-clear is run as root). This causes the web php runner to not be able to write the cache, resulting in errors. This causes the functional tests to fail. Also scoutfix the phpcbf not fixing anything by default. It should match phpcs.
Upgrade phpstan, and rulesets. Use the phpstan extension loader, to ensure added rulesets are loaded automatically. Fix the typehint of secondfactor.id to varchar, as it is not an int in the db. Also fix `doctrine.finalConstructor`.
Prior to this change, in development / test mode, it was not possible to reliably and consistently see the deprecation notices triggered by the pipeline. This change logs all deprecations triggered during PHPUnit and behat to the deprecation.log file.
Prior to this change, PHPUnit would complain about using a legacy configuration file. This change commits the new phpunit.xml as generated by the `phpunit --migrate-configuration` script.
Attributes are not supported by PHPUnit 9, so update to 10 as well. PHPCpd is eol, remove as it is not installable alongside PHPUnit 10.
Prior to this change, if the doctrine mapping was invalid, the build would still be green. This change ensures the doctrine mapping is validated in the qa check.
* `nelmio/security-bundle` * 'doctrine/orm' 2 > 3
johanib
force-pushed
the
feature/package_updates_nov_25
branch
from
e0c72b7 to
c603724
Compare
AddReturnTypeDeclarationRector MagicClosureTwigExtensionToNativeMethodsRector SimplifyFormRenderingRector RenameAttributeRector
Remove duplicated code in the ContainerController as it causes issues with phpstan.
Prior to this change, the application was using the deprecated `xss_protection` option from nelmio/security-bundle (deprecated since v3.4.0), which caused deprecation warnings in the logs. Additionally, the X-XSS-Protection HTTP header is obsolete and no longer supported by modern browsers. Also fix an inline style attribute that violated the Content Security Policy. This change removes the deprecated `xss_protection` configuration and fixes the CSP violation by refactoring the inline style in templates/form/fields.html.twig to use a CSS class `.icon-inverted` instead. See - https://github.com/nelmio/NelmioSecurityBundle/releases/tag/v3.4.0 - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
reinstate phpcpd Update packages & commit config from monitor from flex.
johanib
force-pushed
the
feature/package_updates_nov_25
branch
from
c603724 to
de1f119
Compare
Contributor
Author
Cleaned the commits a bit, but I think it would be better to merge them as is, as each does an isolated task. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
6.0.0
Upgrade instructions:
database_server_versionsetting in parameters.yaml is up-to-date with the production db server version. e.g.10.6.23-MariaDBAttention:
jms/translation-bundleseems EOL, it relies ondoctrine/annotations, which is abandoned. See jms/translation-bundle is EOL #471