Bump symfony/security-bundle from 7.1.6 to 7.2.0

[dependabot]

Bumps symfony/security-bundle from 7.1.6 to 7.2.0.

Release notes

Sourced from symfony/security-bundle's releases.

v7.2.0

Changelog (symfony/security-bundle@v7.2.0-RC1...v7.2.0)

• no significant changes

v7.2.0-RC1

Changelog (symfony/security-bundle@v7.2.0-BETA2...v7.2.0-RC1)

• no significant changes

v7.2.0-BETA1

Changelog (symfony/security-bundle@v7.1.6...v7.2.0-BETA1)

• feature symfony/symfony#58166 [Security][SecurityBundle] Allow passing attributes to passport via Security::login() (@​alexandre-daubois)
• feature symfony/symfony#58145 allow Twig 4 (@​xabbuh)
• feature symfony/symfony#57525 [SecurityBundle] Improve profiler’s authenticators tab (@​MatTheCat)
• feature symfony/symfony#57694 [SecurityBundle] Update web-token/jwt-library version and adjust checker parameters (@​Spomky)
• feature symfony/symfony#57692 [SecurityBundle] Link to the profile the token was (de)authenticated (@​MatTheCat)
• feature symfony/symfony#57369 [Security] Display authenticators in the profiler even if they are all skipped (@​MatTheCat)
• feature symfony/symfony#57425 [SecurityBundle] Improve profiler’s data (@​MatTheCat)
• feature symfony/symfony#56838 [Security] Deprecate argument $secret of RememberMeToken and RememberMeAuthenticator (@​nicolas-grekas)

Changelog

Sourced from symfony/security-bundle's changelog.

CHANGELOG

7.2

• Allow configuring the secret used to sign login links
• Allow passing optional passport attributes to Security::login()

7.1

• Mark class ExpressionCacheWarmer as final
• Support multiple signature algorithms for OIDC Token
• Support JWK or JWKSet for OIDC Token

7.0

• Enabling SecurityBundle and not configuring it is not allowed
• Remove the enable_authenticator_manager config option
• Remove the security.firewalls.logout.csrf_token_generator config option, use security.firewalls.logout.csrf_token_manager instead
• Remove the require_previous_session config option from authenticators

6.4

• Deprecate Security::ACCESS_DENIED_ERROR, AUTHENTICATION_ERROR and LAST_USERNAME constants, use the ones on SecurityRequestAttributes instead
• Allow an array of pattern in firewall configuration
• Add $badges argument to Security::login
• Deprecate the require_previous_session config option. Setting it has no effect anymore
• Add LogoutRouteLoader

6.3

• Deprecate enabling bundle and not configuring it
• Add _stateless attribute to the request when firewall is stateless and the attribute is not already set
• Add StatelessAuthenticatorFactoryInterface for authenticators targeting stateless firewalls only and that don't require a user provider
• Modify "icon.svg" to improve accessibility for blind/low vision users
• Make Security::login() return the authenticator response
• Deprecate the security.firewalls.logout.csrf_token_generator config option, use security.firewalls.logout.csrf_token_manager instead
• Make firewalls event dispatcher traceable on debug mode
• Add TokenHandlerFactoryInterface, OidcUserInfoTokenHandlerFactory, OidcTokenHandlerFactory and ServiceTokenHandlerFactory for AccessTokenFactory

6.2

• Add the Security helper class
• Deprecate the Symfony\Component\Security\Core\Security service alias, use Symfony\Bundle\SecurityBundle\Security instead

... (truncated)

Commits

• 4bed202 minor #58637 revert allowing Twig 4 (xabbuh)
• 97bb792 revert allowing Twig 4
• 697da80 Remove always true/false occurrences
• c4652f9 Remove unused imports
• 4e0df38 Merge branch '7.1' into 7.2
• 2972115 [Security][SecurityBundle] Allow passing attributes to passport via `Security...
• 287f2a2 minor #58146 [Bundles] Fix configurations info consistency (alexandre-daubois)
• ea9cd53 allow Twig 4
• b686c47 Fix configurations info consistency
• 095f4d5 bump requirement for Twig to 3.12+
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[melroy89]

@dependabot rebase