Used commands:

    composer require symfony/polyfill-php80:^1.16
    composer require symfony/polyfill-php80:^1.16 \
        -d typo3/sysext/form --no-update

This fixes a composer min acceptance test failure, that chokes on the
function str_ends_with() not being available in a PHP 7.4 environment.

Resolves: #95110
Releases: master
Change-Id: I54d410adc7ad813dc3c840c4292ee9ec3df6f76c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70894


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>

Our dependency guzzlehttp/psr7 is raised to 2.0,
however "LazyOpenStream" is now final, and that's
why we need to change our "SelfEmittableLazyOpenStream"
to become a decorator of the LazyOpenStream.

Used composer commands:

composer req guzzlehttp/guzzle:^7.3.0 guzzlehttp/psr7:^2.0
composer req guzzlehttp/guzzle:^7.3.0 guzzlehttp/psr7:^2.0 -d typo3/sysext/core --no-update

Resolves: #94454
Releases: master
Change-Id: Ica487d9bb04bf344e3d763fa83d561e2771afd21
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70437


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>

This minor version raise brings significant
performance improvements for functional tests,
especially with mysql/mariadb & sqlite.

composer req --dev typo3/testing-framework:^6.10.0

Change-Id: I09f8a673f55710b8d237faa280121853dcabc378
Resolves: #95028
Releases: master, 10.4
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70806


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>

Cli commands were fixed by adding a fallback where
undefined array key warning occured. Added tests
as well to make sure it will work ever after.

Resolves: #94763
Releases: master
Change-Id: I76e91d61649b5e2c54b83f737e46d679df2526a5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70306


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

composer req typo3/html-sanitizer:^2.0.10;\
composer req typo3/html-sanitizer:^2.0.10 \
  -d typo3/sysext/core --no-update

Resolves: #95000
Releases: master, 11.3, 10.4, 9.5
Change-Id: Ia2170f6bd6f3bace862fac124ef8cc2966d35171
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70763


Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>

The package symfony/filesystem is used in the class "CliEntryPoint"
but has no direct dependency defined in main composer.json.
Require the package to not break TYPO3 when packages that rely
on symfony/filesystem get removed.

composer req symfony/filesystem:^5.3.0
composer req symfony/filesystem:^5.3.0 -d typo3/sysext/core/ --no-update

Resolves: #94982
Releases: master, 10.4
Change-Id: Ib116913a709fbc2e635f1a7882f86d6be4c4c704
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70729


Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

The extesion "about" is moved to EXT:backend and can
safely be removed in composer.json.

Resolves: #94967
Related: #91888
Releases: master
Change-Id: I61e00b78ea12c1226fe35244778612e1d82fd054
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70604


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>

composer req typo3/html-sanitizer:^2.0.9
composer req typo3/html-sanitizer:^2.0.9 \
  -d typo3/sysext/core --no-update

Resolves: #94883
Releases: master, 11.3, 10.4, 9.5
Change-Id: I997ddc423ffcb216927e3ba807e303e604174ee8
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70614


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

diff-format option has been removed. udiff is the default
now since v3.

composer u friendsofphp/php-cs-fixer composer/xdebug-handler php-cs-fixer/diff
composer req --dev friendsofphp/php-cs-fixer:^3.0

Resolves: #94856
Releases: master
Change-Id: I33470fc49b4355130e73326c85323a1848fe3562
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70516


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>

https://github.com/TYPO3/html-sanitizer/releases/tag/v2.0.8

composer req typo3/html-sanitizer:^2.0.8

Resolves: #94849
Releases: master, 11.3, 10.4, 9.5
Change-Id: I367343abe5b18445ddc28023ef45c65bc6d0de23
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70499


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Use the latest version which gets full support.

composer req egulias/email-validator:^3.1
composer req egulias/email-validator:^3.1 -d typo3/sysext/core --no-update

Resolves: #94830
Releases: master
Change-Id: I6336a15d28401e364d343eb9c2a4d50708b520a9
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70464


Tested-by: core-ci <typo3@b13.com>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Benni Mack <benni@typo3.org>

This change is a pre-requisite for allowing
guzzle/psr7 2.0.

Used composer command:
  composer req --dev codeception/codeception:^4.1.22 -W

Resolves: #94800
Related: #94422
Releases: master
Change-Id: I1440249440c739d52acc448285ce053aeee67579
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70442


Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>

This reverts commit c35316f6.

Not defining replaced version of `t3g/svg-sanitizer` leads to
problems with `roave/security-advisories`. Overall it seems to
be better, to completely revert previous change.

Resolves: #94782
Reverts: #94719
Releases: master, 11.3, 10.4, 9.5
Change-Id: I43c2ea986ffec72bc0c8eb740a84daad33e9257f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70433


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Due to missing internal handling of provided RTE configuration, it
was possible to directly persist XSS in database fields. Unless full
blown backend RTE tag configuration is available, this patch still
allows persisting potentially malicious data - which is not reflected
in the backend user interface - but to be sanitized during frontend
rendering (see below).

Corresponding configuration directives (`removeTags`, `allowedAttribs`)
are now considered again. Besides that a new, but simplified sequential
HTML parser ensures that runaway node-boundaries are detected & denied.

To sanitize and purge XSS from markup during frontend rendering, new
custom HTML sanitizer has been introduced, based on `masterminds/html5`.
Both `DefaultBuilder` and `CommonVisitor` provide common configuration
which is in line with expected tags that are allowed in backend RTE.
Using a custom builder instance, it is possible to adjust for individual
demands - however, configuration possibilities cannot be modified using
TypoScript - basically since the existing syntax does not cover all
necessary scenarios.

Resolves: #94375
Related: #83027
Related: #94484
Releases: master, 11.3, 10.4, 9.5
Change-Id: I5f8de43faab57b00052614ad37bd10ea9e384dc0
Security-Bulletin: TYPO3-CORE-SA-2021-013
Security-References: CVE-2021-32768
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70345


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Functionality of package t3g/svg-sanitizer has been
integrated into the TYPO3 core.

Resolves: #94719
Releases: master, 11.3, 10.4, 9.5
Change-Id: I9bef46af0b76275844aa4acb2b54214f37936ecc
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70210


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Addresses work-around of issues #94565 and #94582
concerning libxml2 segmentation faults.

https://github.com/darylldoyle/svg-sanitizer/compare/0.14.0...0.14.1

Resolves: #94768
Releases: master, 11.3, 10.4, 9.5
Change-Id: I10f6386f0986f514a1387fb1153bbfc36f9c9dcc
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70333


Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Brings a new feature to speed up functional tests
and a series of tasks and bug fixes.

composer req --dev typo3/testing-framework:^6.9.0
composer req --dev typo3/testing-framework:^6.9.0 -d typo3/sysext/core/ --no-update

Change-Id: Iacfda77682d89468c0158fb467df90120a41a099
Resolves: #94733
Releases: master, 10.4
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70272


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Jochen <rothjochen@gmail.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Jochen <rothjochen@gmail.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

composer req --dev codeception/codeception:^4.1.21
composer req --dev codeception/module-webdriver:^1.2.1
composer req --dev php-webdriver/webdriver:^1.11.1
composer req --dev composer/package-versions-deprecated:^1.11.99.2

composer req --dev codeception/codeception:^4.1.21 -d typo3/sysext/core --no-update
composer req --dev codeception/module-webdriver:^1.2.1 -d typo3/sysext/core --no-update
composer req --dev php-webdriver/webdriver:^1.11.1 -d typo3/sysext/core --no-update
composer req --dev composer/package-versions-deprecated:^1.11.99.2 -d typo3/sysext/core --no-update

composer u mikey179/vfsstream behat/gherkin composer/semver codeception/stub

Resolves: #94722
Releases: master
Change-Id: I2ec0277374a2bf4e1501e79469826b7ea6360557
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70234


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>

PHPunit v9 allows to use further improvements to our testing
API, and also offers extended support until at least Feb 2022.

PHPunit v9 requires PHP 7.3+ which isn't a problem
for us per-se.

In addition, composer does not complain about
an abandoned package anymore if we upgrade to PHPunit 9.

In order to achieve this, we need to explicitly
require "codeception/phpunit-wrapper:^9.0" which we
can then remove later-on again.

Used composer commands:
> composer req --dev "phpunit/phpunit:^9.5" "phpspec/prophecy-phpunit" "codeception/phpunit-wrapper:^9.0" -W
> composer req --dev "phpunit/phpunit:^9.5" "phpspec/prophecy-phpunit" -d typo3/sysext/core --no-update
> composer remove --dev codeception/phpunit-wrapper

Used rector to migrate all Unit tests to prevent warnings..

Resolves: #94706
Releases: master
Change-Id: I68d9df07421149f4ad40964afc512f0f995b295b
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69297


Tested-by: core-ci <typo3@b13.com>
Tested-by: Mathias Brodala <mbrodala@pagemachine.de>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Mathias Brodala <mbrodala@pagemachine.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Benni Mack <benni@typo3.org>

Similar to styleguide's backend TCA data generator,
the extension can now generate a demo frontend to
render a page tree with menu having examples of
the default core content elements and demos for
ext:felogin and ext:form.
The generator is accessible through the existing
backend styleguide module below the '?' help button
in the toolbar.
The FE data will be used for core acceptance tests
soon.

The raise also brings a minor TCA change for a
pending core regression patch.

composer req --dev typo3/cms-styleguide:~11.4.0
composer req --dev typo3/cms-styleguide:~11.4.0 -d typo3/sysext/core --no-update

Change-Id: Ie1ef73400cda2b82c6379401341e69ff9e78645e
Resolves: #94658
Related: #94621
Releases: master
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70124


Tested-by: core-ci <typo3@b13.com>
Tested-by: Jochen <rothjochen@gmail.com>
Tested-by: Nikita Hovratov <nikita.h@live.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Jochen <rothjochen@gmail.com>
Reviewed-by: Nikita Hovratov <nikita.h@live.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Several benefits come (basically for free) with this change.

1. We only maintain platform dependencies in composer.json
2. Advanced users can omit the runtime check from being generated
3. Relying on canonical functionality instead of our own

For this to work, Composer 2.0 must be required not only for
development, but also for any production install of the packages.

With doing so, eventually other runtime functionality like installed
package versions can be used as well.

composer req composer-runtime-api:^2.0

This also remove the upper version check for PHP <9
because Composer runtime API does not provide upper bound checks,
to allow future compatiblity of software installs, in case it isn't
updated any more, but would run with later PHP versions.

Upper PHP version check and failing with an appropriate error message
is useful for cases when users accidentally use a PHP version
higher than TYPO3 is capable of running on. However not only isn't
there a PHP version 9 on the horizon, it isn't even remotely clear,
whether this PHP version would have a compatiblity impact on TYPO3.

Therefore an upper version check at this point in time provides zero
value and can be safely omitted.

Besides that, also from a maintainer perspective it will be much easier
to check the impact on PHP 9 release candidates, because tests could be run
automatically against this version, without modifying the code, so that
compatiblity with this future PHP version can be provided ahead of time,
making the upper bound check obsolete as well.

Resolves: #93257
Releases: master
Change-Id: I55c0c17088f222736afa99d929fe8646a483a5ee
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/67371


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Simon Gilli <typo3@gilbertsoft.org>
Tested-by: Helmut Hummel <typo3@helhum.io>
Reviewed-by: Xavier Perseguers <xavier@typo3.org>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Mathias Brodala <mbrodala@pagemachine.de>
Reviewed-by: Simon Gilli <typo3@gilbertsoft.org>
Reviewed-by: Helmut Hummel <typo3@helhum.io>

The GitHub main repository has been renamed from "TYPO3/TYPO3.CMS"
to "typo3/typo3".

The new URL is https://github.com/typo3/typo3

This change reflects all places in TYPO3 Core to adapt to this
renaming.

Resolves: #94639
Releases: master, 10.4, 9.5
Change-Id: Ia5c3136a48b8b4580283277da4b7b11768c32132
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70092


Tested-by: core-ci <typo3@b13.com>
Tested-by: Susanne Moog <look@susi.dev>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Susanne Moog <look@susi.dev>
Reviewed-by: Benni Mack <benni@typo3.org>

Change-Id: I3380d28e1da80e182f073ce7ed38c893c7ffdc9a
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69821


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>

This change introduces behavior of extension `t3g/svg-sanitizer` into
the TYPO3 core. Sanitizing SVG data is actually done by external package
`enshrined/svg-sanitize` by Daryll Doyle.

The following aspects are introduced:
+ handle `GeneralUtility::upload_copy_move` invocations
+ handle FAL action events `file-add`, `file-replace`, `set-content`
+ provide upgrade wizard, sanitizing all SVG files in storages that
  are using `LocalDriver`

Custom usage:
```
$sanitizer = new \TYPO3\CMS\Core\Resource\Security\SvgSanitizer();
$sanitizer->sanitizeFile($sourcePath, $targetPath);
$svg = $sanitizer->sanitizeContent($svg);
```

Basically this change enforces following public service announcements
concerning SVG files, to enhance these security aspects per default:
+ https://typo3.org/security/advisory/typo3-psa-2020-003
+ https://typo3.org/security/advisory/typo3-psa-2019-010

Resolves: #94492
Releases: master, 10.4, 9.5
Change-Id: I42c206190d8a335ebaf77b7e5d57b383e3bcbae1
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69809


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

The PHP library `symfony/rate-limiter` has been integrated
in order to provide a rate limiting API for the TYPO3 core
and extensions.

As a new system default, the TYPO3 backend and
frontend login now uses a rate limiter, which prevents
further authentication attempts for an IP address, if
a configurable amount of login attempts is
exceeded in a given time.

The hardcoded wait time of 5 seconds after a failed login has
been removed, since it offers no real protection against brute
force attacks.

The following dependencies are introduced:

* symfony/rate-limiter "^5.3"

Resolves: #93825
Releases: master
Change-Id: Ib248b78b501a4d50556aa97938f4c51f12f7522a
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68624


Tested-by: core-ci <typo3@b13.com>
Tested-by: Jochen <rothjochen@gmail.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Jochen <rothjochen@gmail.com>
Reviewed-by: Benni Mack <benni@typo3.org>

guzzlehttp/psr7 is not only an indirect dependency
from guzzlehttp/guzzle, but also a direct core
dependency since we extend LazyOpenStream in
SelfEmittableLazyOpenStream. Declare that dependency
directly, which also blocks upcoming guzzlehttp/psr7:2.0
which is currently incompatible with our core use.

composer req guzzlehttp/psr7:^1.7.0
composer req guzzlehttp/psr7:^1.7.0 -d typo3/sysext/core --no-update

Change-Id: I4968bc854545262ce0230ea71647463f5a332f54
Resolves: #94422
Releases: master, 10.4, 9.5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69668


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Brings minor adaptions and a patch to unblock #94417

composer req --dev typo3/cms-styleguide:~11.3.1
composer req --dev typo3/cms-styleguide:~11.3.1 -d typo3/sysext/core --no-update

Change-Id: I26a6e66fe42ee37e247873f68a135ce87c68fee4
Resolves: #94431
Related: #94417
Releases: master
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69654


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Jochen <rothjochen@gmail.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Jochen <rothjochen@gmail.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

In order to make TYPO3 Core compatible with doctrine/dbal 3.0,
Core now requires doctrine/dbal 2.13 to allow to track all deprecations
and use the forward-facing APIs.

Used composer commands:
* composer req doctrine/dbal:^2.13
* composer req doctrine/dbal:^2.13 -d typo3/sysext/core --no-update
* composer req doctrine/dbal:^2.13 -d typo3/sysext/install --no-update
* composer req doctrine/dbal:^2.13 -d typo3/sysext/redirects --no-update

Resolves: #94423
Releases: master
Change-Id: Ifede8ebdac0b47a0db0ba5d304878c91c3579f58
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69632


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>

TYPO3 v11 will require symfony 5.3.0 (and hopefully
further versions once they will be released).

Used composer command:

> composer req -W "symfony/config:^5.3.0" \
"symfony/console:^5.3.0" \
"symfony/dependency-injection:^5.3.0" \
"symfony/expression-language:^5.3.0" \
"symfony/finder:^5.3.0" \
"symfony/http-foundation:^5.3.0" \
"symfony/mailer:^5.3.0" \
"symfony/mime:^5.3.0" \
"symfony/property-access:^5.3.0" \
"symfony/property-info:^5.3.0" \
"symfony/routing:^5.3.0" \
"symfony/var-dumper:^5.3.0" \
"symfony/yaml:^5.3.0"

Resolves: #94340
Releases: master
Change-Id: I3777975d144b3424910043f2445d576f885f0e41
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69490


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>

Acceptance tests now properly configure graphics
magick, so image generation works for them. This
triggeres different and more relevant code paths.

composer req --dev typo3/testing-framework:^6.8.4
composer req --dev typo3/testing-framework:^6.8.4 -d typo3/sysext/core --no-update

Change-Id: I65dd2061c13479fb031373973860d3204dfe4bbf
Resolves: #94339
Releases: master, 10.4
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69484


Tested-by: core-ci <typo3@b13.com>
Tested-by: Jochen <rothjochen@gmail.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Jochen <rothjochen@gmail.com>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Brings a composer conflict setting to prevent incompatible
doctrine/dbal versions, and an acceptance test related fix.

composer req --dev typo3/testing-framework:^6.8.3
composer req --dev typo3/testing-framework:^6.8.3 -d typo3/sysext/core --no-update

Resolves: #94332
Releases: master, 10.4
Change-Id: Ib1192c5135c02d485c8f28b54755c22a1a50c10f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69481


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Brings a PHP 8.0 related fix, backend module bug fixes
and features representing more v11 related markup.

composer req --dev typo3/cms-styleguide:~11.3.0
composer req --dev typo3/cms-styleguide:~11.3.0 -d typo3/sysext/core --no-update

Change-Id: I716237ad6256db87f6b6e20081a67fa674c203d5
Resolves: #94331
Releases: master
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69479


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Usage of FriendsOfTYPO3/rsaauth is pretty low and there
is no reason to support the extension any more in TYPO3 11.

This patch removes all ext:rsaauth related code.

Resolves: #94279
Releases: master
Change-Id: I8e318bcc3c04fcc66a033507d0dddb931529c17d
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69397


Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

composer req friendsoftypo3/phpstan-typo3 ^0.8.1 --dev

This patch is the next step towards full level 3
compatibility of the TYPO3 core.

Releases: master
Resolves: #94127
Change-Id: I5092ce3a9248a7e5ecba3f42183765c1b1d5b1cc
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69327


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Daniel Goerz <daniel.goerz@posteo.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Daniel Goerz <daniel.goerz@posteo.de>

A minor raise from 2.6 to 2.7 brings an aria
related feature and a cleanup we adapt in core.

composer req typo3fluid/fluid:^2.7.0

Resolves: #94242
Releases: master
Change-Id: I9b479c33aa5183ea2bad845452dfa8cba52245e6
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69334


Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Jochen <rothjochen@gmail.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Jochen <rothjochen@gmail.com>
Reviewed-by: Claus Due <claus@phpmind.net>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Brings a PHP 8 fix and adaptions to recent core works.

composer req --dev typo3/cms-styleguide:~11.2.2

Change-Id: Ie74b225ff23990a3d2b6dd0964b5cc6d16bc7c0c
Resolves: #94161
Releases: master
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69186


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Jochen <rothjochen@gmail.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Jochen <rothjochen@gmail.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

This change adds a normalization for slug source before converting it
to ascii. This helps to avoid issues with various ways to encode the
same Unicode characters.

Used command:
   composer req symfony/polyfill-intl-normalizer

Resolves: #93764
Releases: master, 10.4
Change-Id: I9982fafd9c34c69bb6ca47ee8242f504b9974121
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68492


Tested-by: core-ci <typo3@b13.com>
Tested-by: Daniel Goerz <daniel.goerz@posteo.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Daniel Goerz <daniel.goerz@posteo.de>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>

Brings a bugfix to be more strict comparing
CSV fixtures with DB rows.

composer req --dev typo3/testing-framework:^6.8.2

Resolves: #94066
Releases: master, 10.4
Change-Id: Ie21e85cdb29af0da02d6c8081a3fc842289cc09c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69024


Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Needs a phpdocumentor/type-resolver raise:
composer req phpdocumentor/type-resolver:^1.4

Change-Id: Iffecb88d34a4c04816eff5543611192fcc3b8296
Resolves: #94063
Releases: master
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69018


Tested-by: core-ci <typo3@b13.com>
Tested-by: Daniel Goerz <daniel.goerz@posteo.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Daniel Goerz <daniel.goerz@posteo.de>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>

Next to pre-merge test suite, nightlies now especially run
the composer min/max functionals with PHP8. Using mariadb
10.5 to cover another DBMS variant.

Needs a friendsoftypo3/phpstan-typo3 raise:
composer require --dev friendsoftypo3/phpstan-typo3:^0.7.0

Change-Id: Iea86496e32a586b20d4d6eeb6db84ec5a06d0767
Resolves: #94061
Releases: master
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68991


Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Daniel Goerz <daniel.goerz@posteo.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Daniel Goerz <daniel.goerz@posteo.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>