> composer req --dev friendsofphp/php-cs-fixer:^3.12.0
> Build/Scripts/runTests.sh -s cgl -p 8.1

Resolves: #98938
Releases: main, 11.5
Change-Id: I42b247fa4ea51ef20e29fef855c12af1b756d558
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76303


Tested-by: core-ci <typo3@b13.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>

Also update the PHPUnit PHPStan configuration.

This update gets rid of some false positives.

Run commands:

> composer req --dev phpstan/phpstan:^1.8.11
> composer req --dev phpstan/phpstan-phpunit:^1.1.3
> ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #98913
Releases: main, 11.5
Change-Id: Ifc374d02a2ad343bd6be9a61b2075deb019b98f7
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76257


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

This update gets rid of some false positives.

Run commands:

> composer req --dev phpstan/phpstan:^1.8.9
> ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #98610
Releases: main, 11.5
Change-Id: I65425faaf3c9b0f08bacb6fa56e60b97ca905ed1
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76116


Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>

This update finds new problems and gets rid of some
false positives.

Run commands:

> composer req --dev phpstan/phpstan:^1.8.8
> ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #98541
Releases: main, 11.5
Change-Id: Idff8e6f7f9baa700a79ec0e823aee14f0fb63efb
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76013


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

This update finds new problems and gets rid of some
false positives.

Run commands:

> composer req --dev phpstan/phpstan:^1.8.7
> ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #98524
Releases: main, 11.5
Change-Id: Idbb8e62aac0b480eb0590e483968741f2b58916d
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75985


Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Stefan Bürk <stefan@buerk.tech>

This avoids abandoned php-cs-fixer/diff

> composer req --dev friendsofphp/php-cs-fixer:^3.11.0
> Build/Scripts/runTests.sh -s cgl -p 7.4

Change-Id: I84704208cc891916e5354c0900dc4bac4e771380
Resolves: #98522
Releases: main, 11.5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75980


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

see https://github.com/TYPO3/html-sanitizer/releases/tag/v2.0.16

composer req masterminds/html5:^2.7.6 typo3/html-sanitizer:^2.0.16
composer req masterminds/html5:^2.7.6 typo3/html-sanitizer:^2.0.16 \
  -d typo3/sysext/core --no-update

Resolves: #98340
Releases: main, 11.5, 10.4
Change-Id: I254ea25410e01f7610b0c4ef8b83441ab216f1ca
Security-Bulletin: TYPO3-CORE-SA-2022-011
Security-References: CVE-2022-36020
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75714


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

To avoid divergent code-style results among other Git branches,
package friendsofphp/php-cs-fixer is upgraded to version 3.9.5.

Resolves: #98331
Releases: 11.5
Change-Id: I9cac87b225b816dc5c4a943ef4a90827a164496c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75691


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

PHPStan fails with composer max installation due
changes in the detection. Raising the version to
corresponding version leads to abnormal performance
decrease. Thus not an option we can use.

This change pins phpstan to a fixed version to avoid
failing nightlies until the performance issue in the
PHPStan tool has been fixed.

See: https://github.com/phpstan/phpstan/issues/7903

Used commands:

> composer req --dev "phpstan/phpstan":"1.8.2"

Resolves: #98253
Releases: main, 11.5
Change-Id: I38a31b87c36b9ae4c5915422dd3f09a6fca38b57
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75601


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

This patch raises "typo3/class-alias-loader" which
contains some bugfixes.

Used commands:

> composer req "typo3/class-alias-loader":"^1.1.4" \
  --no-update -d typo3/sysext/core
> composer req "typo3/class-alias-loader":"^1.1.4"

Resolves: #98102
Releases: main, 11.5
Change-Id: I772a40dd9676afc7721e819077f05662ce2c6bd7
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75397


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Benni Mack <benni@typo3.org>

Raising from 2.7.1 brings:
* A couple of bug fixes, especially ternary should
  work much better when cached
* Basic PHP 8.2 support
* A couple of minor additions and more relaxed
  handling. Some of these will materialize in v12
  with upcoming patches

> composer req typo3fluid/fluid:^2.7.2
> composer req typo3fluid/fluid:^2.7.2 -d typo3/sysext/fluid --no-update
> composer req typo3fluid/fluid:^2.7.2 -d typo3/sysext/adminpanel --no-update
> composer req typo3fluid/fluid:^2.7.2 -d typo3/sysext/redirects --no-update
> composer req typo3fluid/fluid:^2.7.2 -d typo3/sysext/core --no-update
> Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #98048
Releases: main, 11.5
Change-Id: Ibc94b02823913347465245201442277f048c5c0b
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75327


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Benni Mack <benni@typo3.org>

Brings PHP 8.2 fixes.

> composer u mikey179/vfsstream
> composer req --dev typo3/testing-framework:^6.16.6

Change-Id: I4761948bd8827ab4638f280d5b69403d300afcb1
Resolves: #98026
Releases: main, 11.5, 10.4
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75293


Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>

These raises fix the bulk of PHP 8.2 unit test
fails.

We need to make webmozart/assert:^1.11.0 explicit
to pin it as minimum version for PHP 8.2
composer update --prefer-lowest in nightlies.

We don't strictly need the phpunit raise, but
pick it as casual dev update along the way.

$ composer require --dev phpunit/phpunit:^9.5.21
$ composer require --dev webmozart/assert:^1.11.0

Resolves: #97967
Releases: master, 11.5
Change-Id: I5c79a8577c5eb836566cb5c00bb6b63aa1b7ea1f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75242


Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>

PHPStan 1.8.1 removes some warnings.

Used commands:

> composer req --dev phpstan/phpstan:^1.8.1
> ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #97959
Releases: main, 11.5
Change-Id: Ifaaf37add767f98d16b3e847447a2882c3c77ee8
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75209


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Patch level raise of a monorepo --dev dependency
as yet another raise to unblock psr/container:^2.

$ composer req --dev bnf/phpstan-psr-container:^1.0.1

Change-Id: I73da5737bfbad6dfb739f5f56732d5d283e3e372
Resolves: #97958
Releases: main, 11.5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75207


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

This patch raises egulias/email-validator to min version of
3.2.1, which incorporates latest changes. This also contains
a fix to avoid the usage of PHP8.2 deprecated methods, namely
`utf8_encode()` and `utf8_decode()`.

Used commands:

> composer req egulias/email-validator:"^3.2.1"
> composer req egulias/email-validator:"^3.2.1" \
    -d typo3/sysext/core --no-update

Resolves: #97879
Releases: main, 11.5
Change-Id: Ia985dd3171ec988201022052d036b00e765c2654
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75078


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Used commands:
> composer req --dev phpstan/phpstan:^1.8.0
> ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #97823
Releases: main, 11.5
Change-Id: Ia124e34cf81c55915c2815cdff71bdde6aabe972
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75018


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The maintainers of the package guzzlehttp/guzzle released a new version
7.4.5 that fixes two security issues:

* CURLOPT_HTTPAUTH option not cleared on change of origin [1]
* Change in port should be considered a change in origin [2]

Executed commands:

    composer require \
        guzzlehttp/guzzle:^7.4.5 \
        -W
    composer require \
        -d typo3/sysext/core \
        guzzlehttp/guzzle:^7.4.5 \
        --no-update

[1] https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r
[2] https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699

Resolves: #97802
Releases: main, 11.5, 10.4
Change-Id: Ia49f75f8ed078beb43ba42f89efdd8e68ee146c5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74972


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>

The package guzzlehttp/guzzle has been updated to version 7.4.4
and 6.5.7 which both fix the security issues [1] and [2]. Since
TYPO3 is not affected by the issues by default, this is handled
as a public bugfix.

3rd party extensions may however be affected by the vulnerabilities
if `Authorization` or `Cookie` headers are used.

Executed commands:

    composer require \
        guzzlehttp/guzzle:^7.4.4 \
        -W
    composer require \
        -d typo3/sysext/core \
        guzzlehttp/guzzle:^7.4.4 \
        --no-update

[1] https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q
[2] https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9

Resolves: #97759
Releases: main, 11.5, 10.4
Change-Id: I6ed48f2b03e5e0ca82a9aa493499a5eaf65b184c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74878


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

composer req --dev composer/composer:^2.2.12

Resolves: #97722
Releases: main, 11.5
Change-Id: I526de4c62b5f9bc03230a8794cd42082e9f00560
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74801


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Used commands:

> composer req --dev phpstan/phpstan:^1.7.3
> ./Build/Scripts/runTests.sh -s clean
> ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #97706
Releases: main, 11.5
Change-Id: Ida82935064ad4ff5c2858d9a5a6696befd52e512
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74789


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

The package guzzlehttp/guzzle has been updated to 7.4.3 and 6.5.6
respectively, both fixing a security vulnerability related to
cross-domain cookie leakage [1]. Since TYPO3 is not affected by
this issue by default, this is handled as a public bugfix.

However, 3rd party code (e.g. thru extensions) may be affected by this
issue, as long `'cookies' => true` is used in requests done by Guzzle.

Executed commands:

    composer require \
        guzzlehttp/guzzle:^7.4.3 \
        -W
    composer require \
        -d typo3/sysext/core \
        guzzlehttp/guzzle:^7.4.3 \
        --no-update

[1] https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3

Resolves: #97694
Releases: main, 11.5, 10.4
Change-Id: I39071c917c7ed26392f66b0ea2f774ecbceead9f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74751


Tested-by: core-ci <typo3@b13.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>

Update testing-framework to incorporate latest changes.

Some phpstan-baseline ignore-patterns are added and will
be addressed with dedicated patches.

This change is a manual backport of #97677.

Used commands:

> composer req typo3/testing-framework:^6.16.5 --dev
> Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #97679
Related: #97677
Releases: 11.5
Change-Id: I4decfc4ceb9bacc59e81669443dd4a06ed1b0a72
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74724


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

The new version finds some new possible bugs and
removes some incorrect ones.

Used commands:

> composer req --dev phpstan/phpstan:^1.7.0
> Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #97678
Releases: main, 11.5
Change-Id: I0359ab80b0a6afc907f76bee328fb32c1e0655b7
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74723


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Raise phpstan to include latest phpstan bugfixes.
See: https://github.com/phpstan/phpstan/releases/tag/1.6.9

Used commands:

> composer req phpstan/phpstan:^1.6.9 --dev
> Build/Scripts/runTests.sh -s clean ; \
  Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #97668
Releases: main, 11.5
Change-Id: I61298c1696b14a6e89ddc98043de13acb127c6a0
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74720


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Brings a multibyte fix when dealing with word-based
diffs, which is our default usage.

composer req lolli42/finediff:^1.0.1

Resolves: #97611
Releases: main, 11.5, 10.4
Change-Id: I601842ed75917f9a6d438191273e602238d3edda
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74606


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

A series of minor TF fixes, nothing fancy.

composer req --dev typo3/testing-framework:^6.16.4

Change-Id: I3b8fcec5d16398ba0b1b88379c3dc54b129252d3
Resolves: #97600
Releases: 11.5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74592


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Raise phpstan to newest release, which find more
things in a proper way. This includes some opcache
and autoloading fixes which may hopefully help with
lately occurrence of long-running phpstan ci runs.

Used commands:

> composer req --dev phpstan/phpstan:^1.6.7
> Build/Scripts/runTests.sh -s clean
> Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #97551
Releases: main, 11.5
Change-Id: If7493bc4138e99ff173047cba358d3be43cf2357
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74525


Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>

symfony/rate-limiter:5.4.8 has been released, so the failing
tests commented out with #97298 can be included again.

Raised symfony/rate-limiter:^5.4.8 to ensure that broken
version is not used.

Used commands:

> composer req "symfony/rate-limiter":"^5.4.8"
> composer req "symfony/rate-limiter":"^5.4.8" \
    -d typo3/sysext/core --no-update

Resolves: #97494
Related: #97298
Releases: main, 11.5
Change-Id: Idaa17f130a56f3e23c56243f24ecdccc14ac4b46
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74486


Tested-by: core-ci <typo3@b13.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>

The new version finds some new possible bugs.

Used commands:

> composer require --dev phpstan/phpstan:^1.6.3
> Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #97508
Releases: main, 11.5
Change-Id: I7a813c4f12258aad96b99cec3feb93ee10d55bcf
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74482


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

The new version finds some new possible bugs and
removes some incorrect ones.

Used commands:

> composer require --dev phpstan/phpstan:^1.6.0
> composer require --dev phpstan/phpstan-phpunit:^1.1.1
> Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #97476
Releases: main, 11.5
Change-Id: Idaa2b920eacf0c36de8b5d97ae96549ad56a9e52
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74436


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Used commands:
> composer req --dev -W phpunit/phpunit:^9.5.20
> composer req --dev -W phpspec/prophecy:^1.15.0
> composer req --dev -W phpspec/prophecy-phpunit:^2.0.1

Resolves: #97402
Releases: main, 11.5
Change-Id: I1d4ed2470cb22b97578ee7b5749dfc3439558f9c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74333


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Benni Mack <benni@typo3.org>

The new version finds some new possible bugs and
removes some incorrect ones.

Also update phpstan/phpstan-phpunit.

Used commands:
> composer req --dev phpstan/phpstan:^1.5.6
> composer req --dev phpstan/phpstan-phpunit:^1.1.0
> Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #97397
Releases: main, 11.5
Change-Id: I052ba01b33582f3f18f49c0ee2375f63d1048f4b
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74329


Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Benni Mack <benni@typo3.org>

Recent guzzlehttp/psr7 versions address vulnerability CVE-2022-24775.
Mentioned known vulnerability is not considered relevant for the
TYPO3 core. That's why this issue is handled as regular bugfix.

Commands executed:
  composer req guzzlehttp/psr7:"^1.8.5 || ^2.1.2"
  composer req guzzlehttp/psr7:"^1.8.5 || ^2.1.2" \
    -d typo3/sysext/core --no-update

Resolves: #97240
Releases: main, 11.5, 10.4
Change-Id: I915b5620140912ecf1e0dc5bc887f4cc25ffb85a
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74060


Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Used command:

> composer req --dev -W \
    "composer/composer":"^2.2.7" \
    "friendsofphp/php-cs-fixer":"^3.8.0"

> Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #97227
Releases: main, 11.5
Change-Id: Iad07abbef89a4b69c9d0ab2ea76cc3645bdb5476
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74023


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

This patch raises doctrine/dbal to 2.13.8 as minimum version,
which contains a bugfix to avoid a native php error is emitted,
stating "mysqli::real_connect(): Passing null to parameter #7".

See: https://github.com/doctrine/dbal/pull/5296

One phpstan ignore pattern slightly changed because of a
changed return type declarion of doctrine/dbal. Tackling
the corresponding error should be done in a dedicated test
after proper investigation.

Used commands:

> composer req doctrine/dbal:^2.13.8
> composer req doctrine/dbal:^2.13.8 \
  -d typo3/sysext/core --no-update
> composer req doctrine/dbal:^2.13.8 \
  -d typo3/sysext/install --no-update
> composer req doctrine/dbal:^2.13.8 \
  -d typo3/sysext/redirects --no-update
> composer req doctrine/dbal:^2.13.8 \
  -d typo3/sysext/core --no-update
> Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #97222
Releases: 11.5
Change-Id: I6c1712a792780bd2966b3977d43f767e59304bd5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74013


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>

The new release allows versions 1, 2, or 3 of psr/log,
so unblocks core using psr/log 3.

Commands run:
> composer req typo3/html-sanitizer ^2.0.14
> composer req typo3/html-sanitizer ^2.0.14 \
  -d typo3/sysext/core --no-update

Resolves: #97183
Releases: main, 11.5
Change-Id: Id0369aefb034ce477d4aa863f58e04518485ee47
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73997


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>

This update gets rid of a false positive:

https://github.com/phpstan/phpstan-phpunit/issues/120

Resolves: #97163
Releases: main, 11.5
Change-Id: I6f7ecd909a127b5940b928d81c94ab7b3404cd49
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73896


Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>

The testing-framework with FE requests using sub requests
is now able to handle DELETE,PATCH,PUT and POST requests.

The situation in testing-framework is not the final solution,
though. The patch adds a test to verify if testing-framework
request details are properly received in the FE application.

This not only adds a use case to the core for these kind
of requests, but also ensures that we don't break this
detail again when testing-framework internal handling is
further refactored.

Also needs a testing-framework bugfix in v11:
> composer req --dev typo3/testing-framework:^6.16.2

Resolves: #97084
Releases: main, 11.5
Change-Id: I8268625d4b439f1657168d6b9c9a3878b36477bd
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73768


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The new version finds some new possible bugs and
removes some incorrect ones. Combined with a TF
raise.

Used commands:
> composer req --dev phpstan/phpstan:^1.4.8
> composer req --dev typo3/testing-framework:^6.16.1
> Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #97097
Releases: main, 11.5
Change-Id: I97cec4c07f70b6d451ba55f9aaec7df109c36f71
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73811


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>