Raise phpstan to include latest phpstan bugfixes.
See: https://github.com/phpstan/phpstan/releases/tag/1.6.9

Used commands:

> composer req phpstan/phpstan:^1.6.9 --dev
> Build/Scripts/runTests.sh -s clean ; \
  Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #97668
Releases: main, 11.5
Change-Id: I61298c1696b14a6e89ddc98043de13acb127c6a0
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74720


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Brings a multibyte fix when dealing with word-based
diffs, which is our default usage.

composer req lolli42/finediff:^1.0.1

Resolves: #97611
Releases: main, 11.5, 10.4
Change-Id: I601842ed75917f9a6d438191273e602238d3edda
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74606


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

A series of minor TF fixes, nothing fancy.

composer req --dev typo3/testing-framework:^6.16.4

Change-Id: I3b8fcec5d16398ba0b1b88379c3dc54b129252d3
Resolves: #97600
Releases: 11.5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74592


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Raise phpstan to newest release, which find more
things in a proper way. This includes some opcache
and autoloading fixes which may hopefully help with
lately occurrence of long-running phpstan ci runs.

Used commands:

> composer req --dev phpstan/phpstan:^1.6.7
> Build/Scripts/runTests.sh -s clean
> Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #97551
Releases: main, 11.5
Change-Id: If7493bc4138e99ff173047cba358d3be43cf2357
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74525


Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>

symfony/rate-limiter:5.4.8 has been released, so the failing
tests commented out with #97298 can be included again.

Raised symfony/rate-limiter:^5.4.8 to ensure that broken
version is not used.

Used commands:

> composer req "symfony/rate-limiter":"^5.4.8"
> composer req "symfony/rate-limiter":"^5.4.8" \
    -d typo3/sysext/core --no-update

Resolves: #97494
Related: #97298
Releases: main, 11.5
Change-Id: Idaa17f130a56f3e23c56243f24ecdccc14ac4b46
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74486


Tested-by: core-ci <typo3@b13.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>

The new version finds some new possible bugs.

Used commands:

> composer require --dev phpstan/phpstan:^1.6.3
> Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #97508
Releases: main, 11.5
Change-Id: I7a813c4f12258aad96b99cec3feb93ee10d55bcf
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74482


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

The new version finds some new possible bugs and
removes some incorrect ones.

Used commands:

> composer require --dev phpstan/phpstan:^1.6.0
> composer require --dev phpstan/phpstan-phpunit:^1.1.1
> Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #97476
Releases: main, 11.5
Change-Id: Idaa2b920eacf0c36de8b5d97ae96549ad56a9e52
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74436


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Used commands:
> composer req --dev -W phpunit/phpunit:^9.5.20
> composer req --dev -W phpspec/prophecy:^1.15.0
> composer req --dev -W phpspec/prophecy-phpunit:^2.0.1

Resolves: #97402
Releases: main, 11.5
Change-Id: I1d4ed2470cb22b97578ee7b5749dfc3439558f9c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74333


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Benni Mack <benni@typo3.org>

The new version finds some new possible bugs and
removes some incorrect ones.

Also update phpstan/phpstan-phpunit.

Used commands:
> composer req --dev phpstan/phpstan:^1.5.6
> composer req --dev phpstan/phpstan-phpunit:^1.1.0
> Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #97397
Releases: main, 11.5
Change-Id: I052ba01b33582f3f18f49c0ee2375f63d1048f4b
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74329


Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Benni Mack <benni@typo3.org>

Recent guzzlehttp/psr7 versions address vulnerability CVE-2022-24775.
Mentioned known vulnerability is not considered relevant for the
TYPO3 core. That's why this issue is handled as regular bugfix.

Commands executed:
  composer req guzzlehttp/psr7:"^1.8.5 || ^2.1.2"
  composer req guzzlehttp/psr7:"^1.8.5 || ^2.1.2" \
    -d typo3/sysext/core --no-update

Resolves: #97240
Releases: main, 11.5, 10.4
Change-Id: I915b5620140912ecf1e0dc5bc887f4cc25ffb85a
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74060


Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Used command:

> composer req --dev -W \
    "composer/composer":"^2.2.7" \
    "friendsofphp/php-cs-fixer":"^3.8.0"

> Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #97227
Releases: main, 11.5
Change-Id: Iad07abbef89a4b69c9d0ab2ea76cc3645bdb5476
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74023


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

This patch raises doctrine/dbal to 2.13.8 as minimum version,
which contains a bugfix to avoid a native php error is emitted,
stating "mysqli::real_connect(): Passing null to parameter #7".

See: https://github.com/doctrine/dbal/pull/5296

One phpstan ignore pattern slightly changed because of a
changed return type declarion of doctrine/dbal. Tackling
the corresponding error should be done in a dedicated test
after proper investigation.

Used commands:

> composer req doctrine/dbal:^2.13.8
> composer req doctrine/dbal:^2.13.8 \
  -d typo3/sysext/core --no-update
> composer req doctrine/dbal:^2.13.8 \
  -d typo3/sysext/install --no-update
> composer req doctrine/dbal:^2.13.8 \
  -d typo3/sysext/redirects --no-update
> composer req doctrine/dbal:^2.13.8 \
  -d typo3/sysext/core --no-update
> Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #97222
Releases: 11.5
Change-Id: I6c1712a792780bd2966b3977d43f767e59304bd5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74013


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>

The new release allows versions 1, 2, or 3 of psr/log,
so unblocks core using psr/log 3.

Commands run:
> composer req typo3/html-sanitizer ^2.0.14
> composer req typo3/html-sanitizer ^2.0.14 \
  -d typo3/sysext/core --no-update

Resolves: #97183
Releases: main, 11.5
Change-Id: Id0369aefb034ce477d4aa863f58e04518485ee47
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73997


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>

This update gets rid of a false positive:

https://github.com/phpstan/phpstan-phpunit/issues/120

Resolves: #97163
Releases: main, 11.5
Change-Id: I6f7ecd909a127b5940b928d81c94ab7b3404cd49
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73896


Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>

The testing-framework with FE requests using sub requests
is now able to handle DELETE,PATCH,PUT and POST requests.

The situation in testing-framework is not the final solution,
though. The patch adds a test to verify if testing-framework
request details are properly received in the FE application.

This not only adds a use case to the core for these kind
of requests, but also ensures that we don't break this
detail again when testing-framework internal handling is
further refactored.

Also needs a testing-framework bugfix in v11:
> composer req --dev typo3/testing-framework:^6.16.2

Resolves: #97084
Releases: main, 11.5
Change-Id: I8268625d4b439f1657168d6b9c9a3878b36477bd
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73768


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The new version finds some new possible bugs and
removes some incorrect ones. Combined with a TF
raise.

Used commands:
> composer req --dev phpstan/phpstan:^1.4.8
> composer req --dev typo3/testing-framework:^6.16.1
> Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #97097
Releases: main, 11.5
Change-Id: I97cec4c07f70b6d451ba55f9aaec7df109c36f71
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73811


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

doctrine/lexer has released a new minor version with
fixed method docblocks, thus phpstan ignore pattern
can now be removed again.

See: https://github.com/doctrine/lexer/issues/62

> composer req doctrine/lexer:"^1.2.3"
> composer req doctrine/lexer:"^1.2.3 \
  --no-update -d typo3/sysext/core
> Build/Scripts/runTests.sh \
  -s phpstanGenerateBaseline

Resolves: #97063
Related: #97055
Releases: main, 11.5
Change-Id: I5e729543c4721e7f9a17511c113139bf7908b208
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73754


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>

doctrine/lexer has released a new minor version with changed
method docblocks, which now emits phpstan errors because of
incompatible types.

This patch raises the minor version for development and core
usage and adding phpstan ignore pattern to the baseline file
until doctrine/lexer has fixed the incompatible state. This
is a dedicated preparation to raise other dev dependencies.

Issue has been reported to the corresponding github repository:
https://github.com/doctrine/lexer/issues/62

used commands:

> composer req doctrine/lexer:"^1.2.2"
> composer req doctrine/lexer:"^1.2.2" \
  --no-update -d typo3/sysext/core
> Build/Scripts/runTests.sh \
  -s phpstanGenerateBaseline

Resolves: #97055
Releases: main, 11.5
Change-Id: Ib5c04202bdc6a4b5787a191e4bf1e175982fb217
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73736


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The private container now provides access to non-public
services that have been at least once injected (and thus
be considered as service during DI compilation phase).

This may be used to provide dependencies to functional
test setups where some dependencies needs to be mocked
while other should receive the vanilla dependency
the container would normally inject.

A functional test case does implement the ContainerInterface
now, allowing tests to access both public and private
services.

$this->getContainer() may still be used if the default
container (delivering public services only) needs to
be injected into a service.

Related testing-framework pull request:
https://github.com/TYPO3/testing-framework/pull/331

Commands executed:
  composer req --dev typo3/testing-framework:^6.16.0
  git grep -l "this->getContainer()->get("  | xargs sed -i 's/this->getContainer()->get(/this->get(/g'

Resolves: #97032
Releases: main, 11.5
Change-Id: I5987d5244270a3e190c8721f6a8971c7fd1309ef
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73732


Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

This patch raises styleguide to the recently
released version to test against a more actual
codebase, including backports and the one or
other bugfix (postgres install etc).

used command:

> composer req typo3/cms-styleguide:"~11.5.4" --dev
> cd Build/composer ; \
    rm -rf composer.json ; \
    mv composer.dist.json composer.json ; \
    composer req typo3/cms-styleguide:"~11.5.4" \
      --dev --no-update ; \
    mv composer.json composer.dist.json ; \
    cd ../../

Resolves: #97012
Releases: 11.5
Change-Id: Ic03b13ac3737d29a8d90e4957806a2f6dd173ab5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73674


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Recent release of enshrined/svg-sanitize addressed a XSS vulnerability.

The main purpose of having this library in TYPO3 is to protect against
user submitted images that contains markup - which is possible with
SVG files. In most TYPO3 scenarios these files would be stored in
https://example.org/fileadmin/evil.svg and can be fetched directly.

However, recent update for CVE-2022-23638 of the svg-sanitizer library
seems to address the usage of inline SVG, used in an embedded HTML
context, see https://github.com/darylldoyle/svg-sanitizer/issues/71

Resolves: #96901
Releases: main, 11.5, 10.4
Change-Id: Iacbaf4b9c9725dee9c12df3646fc1131b7ed93ed
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73627


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Raise development dependency "php-webdriver/webdriver" to a
version which includes officially PHP8.1 fixes and opens for
up for "Symfony 6 components" installation on main.

used command:

> composer req php-webdriver/webdriver:"^1.12.0" --dev

Resolves: #96979
Releases: main, 11.5
Change-Id: I1ca15e0473e179c89c39fa2aa46073f3d09a2687
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73621


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benjamin Franzke <bfr@qbus.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benjamin Franzke <bfr@qbus.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

see https://github.com/TYPO3/testing-framework/pull/328

composer req --dev typo3/testing-framework:^6.15.3

Besides that, corresponding test cases for shortcut redirects
were extended to make the actual behavior more explicit there.

Resolves: #96818
Releases: 11.5
Change-Id: Ia0ffaaf0a6c93a05513f73bec5a5e5fb75b9eac7
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73387


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

This brings a couple of fixes for false positives
that shrink the baseline by around 90 errors.

> composer req --dev phpstan/phpstan:^1.4.5
> Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Change-Id: I47ba88117866a59f2b7760539f1be217d1bcde34
Resolves: #96747
Releases: main, 11.5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73295


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The plugins adds a dynamic return type resolver for the
ContainerInterface::get() method and is especially useful
in core ServiceProviders once we enable phpstan level 5
as invalid parameter usage will then be detected.

The plugin already revealed wrong interface usage in
functional MFA tests which are fixed as a drive by.

Commands executed:

  composer req --dev bnf/phpstan-psr-container:^1.0
  Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Releases: main, 11.5
Resolves: #96691
Change-Id: I4149a75e9a94ba61218e18c0639c03a06a7c53c1
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73222


Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>

Adding phpstan/phpstan-phpunit makes phpstan
"understand" mocking and a couple of related things.

Loading the extension in phpstan.neon reduces removes
a bunch of PHPStan warnings, makes others more specific,
and adds new warnings for some PHPUnit-specific issues.

> composer require --dev phpstan/phpstan-phpunit:^1.0

Resolves: #96690
Releases: main, 11.5
Change-Id: Ib77f18f9492c3891b46d213b4f3981be1ac21c1a
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73221


Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>

Having jangregor/phpstan-prophecy and including it
in the phpstan config cuts the baseline by ~half.
Details can now be sorted out with single patches.

> composer req --dev jangregor/phpstan-prophecy:^1.0
> Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #96684
Releases: main, 11.5
Change-Id: I7a2a8fd4a40a1a791d7622b506680a53e73187f9
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73212


Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>

The index.php entry point handling and package
handling core scripts are composer plugins. As
such, they rely on composer. To resolve dependencies
in IDE's and phpstan, composer should be a core
monorepo dev dependency. This resolves about 50
issues from phpstan baseline.

> composer req --dev composer/composer:^2.2
> Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Change-Id: Iaaa4d327b7e82ca1e377d66cb1846a1699a20254
Resolves: #96676
Releases: main, 11.5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73201


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

We currently have the situation that phpstan is
hard to update and maintain due to the phpstan
config file that sets very specific rulesets.

This is unfortunate since phpstan tends to change
and rename rules at will.

The general usage API of phpstan is basically as
follows: Have a slim config file that sets the
basic level. Then maintain a 'baseline' file that
lists violations, using the --generate-baseline
command option. The todo job for people working
on phpstan errors is then to look at the baseline
file, pick up some issues, fix them, then re-generate
baseline. When baseline is small enough, the level
is raised, a new baseline is generated, and the
fix-job starts again.

The patch does exactly this: The existing config
is dropped and runTests.sh receives a command to
generate baseline.

With this in place, we can easily raise phpstan
to a PHP 8.1 compatible version:

> composer req friendsoftypo3/phpstan-typo3:"^0.9.0" --dev
> composer req phpstan/phpstan:"^1.4.3" --dev
> Build/Script/runTests.sh -s phpstanGenerateBaseline

This initialy adds about 4000 ignores to the baseline
with level 3, but we can reduce this drastically with
just a couple of dedicated patches, soon.

The config is heavily streamlined and for instance does
*not* ignore tests anymore, which actually finds a ton
of misuses and bugs within tests and classes.

Resolves: #96675
Releases: main, 11.5
Change-Id: I0e7ff7aa796e59a2c5eedde0b673f741f8b87dea
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73198


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The current version of PHP Parser we're using doesn't support
all the new PHP 8.1 syntax yet.  So update it.

Used commands:
composer req "nikic/php-parser":"^4.13.2"
composer req "nikic/php-parser":"^4.13.2" \
  -d typo3/sysext/core --no-update
composer req "nikic/php-parser":"^4.13.2" \
  -d typo3/sysext/install --no-update

Resolves: #96612
Releases: main, 11.5
Change-Id: Ifb4afebccef0b2e7e6d28e597a85813d06bcb5d4
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73137


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

This change enables raises Symfony's minimum
version to 5.4.0 as this is a LTS version.

Resolves: #96171
Releases: main, 11.5
Change-Id: Ia2acbe0bca60e0dbdb96cb2fe2e82a63f9575554
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72836


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The dev dependency friendsofphp/php-cs-fixer now
has a minimum requirement to 3.4, which comes
with PHP8.1 support.

This allows TYPO3 to run PHP-CS Fixer with
PHP 8.1 in the CI pipeline.

Testing configuration is not adjusted with this
patch, but allows using corresponding runTests.sh
testsuites cgl and cglGit:

Build/Scripts/runTests.sh -p 8.1 -s cglGit -n
Build/Scripts/runTests.sh -p 8.1 -s cgl -n

Used command:

composer req friendsofphp/php-cs-fixer:^3.4 --dev

Resolves: #96398
Releases: main, 11.5
Change-Id: I6a4eaec0294829afcdf84b7b32303eaafbaa72bb
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72718


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>

HMENU special="directory" and special="updated" did not
use PageRepository directly, which led to duplicate
entries with workspaces.

This change does not use "$cObj->exec_..." anymore
and fixes all problems.

composer req --dev typo3/testing-framework:^6.15.2

Resolves: #96226
Releases: main, 11.5
Change-Id: I595ac05981d03246eb7671c9ae072f499bff5188
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72684


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>

Allow composer installers ^4.0 and also enforce some constraints
that could be violated with the new installers.

1. Do not allow duplicate extension keys

Multiple packages could define the same extension key.
When all extensions are then installed in vendor folder, there won't
be any conflicts on the file system, so an exception is now thrown
to make people aware of this misconfiguration.

2. Throw an exception if extensions of type typo3-cms-extension do
   not define an extension key

Actually this exception is thrown in the installers package, but the
artifact builder must propagate this exception to ensure it
reaches the users.

composer req typo3/cms-composer-installers:"^2.0 || ^3.0 || ^4.0"
composer req typo3/cms-composer-installers:"^2.0 || ^3.0 || ^4.0" \
 --no-update -d typo3/sysext/core/

Resolves: #96276
Releases: main, 11.5
Change-Id: Ib76e829f09dbf095fb01031389e301c6e7742103
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72570


Tested-by: core-ci <typo3@b13.com>
Tested-by: Simon Gilli <typo3@gilbertsoft.org>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Helmut Hummel <typo3@helhum.io>
Reviewed-by: Simon Gilli <typo3@gilbertsoft.org>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Helmut Hummel <typo3@helhum.io>

The testing-framework simplified database snapshotting.
Calling static initializeDatabaseSnapshot() and
tearDownAfterClass() are on longer needed.

composer req --dev typo3/testing-framework:^6.15.1

Change-Id: I0921d8c0c99d2dc677a607a0ba3eecbb1bf39763
Resolves: #96264
Releases: main, 11.5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72530


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Aligns styleguide to recent JS CSP header changes.

composer req --dev typo3/cms-styleguide:~11.5.3

Change-Id: Ia6f8bfe4346264af0cbe5588110633d6be419112
Resolves: #96168
Releases: 11.5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72407


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

To avoid introducing new components that rely on inline JavaScript,
Content-Security-Policy HTTP headers for the TYPO3 backend are enabled
when executing automated tests.

Resolves: #95898
Releases: main, 11.5
Change-Id: I2bbc1ce055d066381cd53449d1b37fd2cafe0168
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72385


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Brings a couple of backports from main branch that
help with keeping tests compatible with core v12
a bit longer to avoid backport conflicts in this
area for a while.

composer req --dev typo3/testing-framework:^6.15.0

Change-Id: Idb991896d05f478bfcde4e99bd1037e5040c72b5
Resolves: #96109
Releases: 11.5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72331


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Brings a patch for extension testing, so they
don't inherit the composer flag for test instances
anymore.

composer req --dev typo3/testing-framework:^6.14.0

Change-Id: Ic0490cc888d08596cd7babfa7bd0247a885e29b9
Resolves: #95988
Releases: master
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72183


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Brings especially a series of core v11 relevant
PHP 8.1 bug fixes.

composer req typo3fluid/fluid:^2.7.1
composer req typo3fluid/fluid:^2.7.1 -d typo3/sysext/core/ --no-update
composer req typo3fluid/fluid:^2.7.1 -d typo3/sysext/adminpanel/ --no-update
composer req typo3fluid/fluid:^2.7.1 -d typo3/sysext/fluid/ --no-update
composer req typo3fluid/fluid:^2.7.1 -d typo3/sysext/redirects/ --no-update

Resolves: #95980
Releases: master
Change-Id: I5aae8fa275d80b2322bb526a8b6a1856194ec786
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72178


Reviewed-by: Mathias Brodala <mbrodala@pagemachine.de>
Reviewed-by: Jochen <rothjochen@gmail.com>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Jochen <rothjochen@gmail.com>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>