Major version upgrade from v4. Unblocks phpunit 11.
Adapt various Build/ scripts and the extension scanner.

> composer req nikic/php-parser:^5.0.1
> composer req nikic/php-parser:^5.0.1 -d typo3/sysext/install --no-update

Change-Id: I6fb3f874a4d8af951a74a8287afe798e29bbe3a2
Resolves: #103206
Releases: main
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/83139


Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>

Unblocks phpunit 11, backport to v12 to keep
php-cs-fixer in sync.

> composer req --dev friendsofphp/php-cs-fixer:^3.50

Resolves: #103200
Releases: main, 12.4
Change-Id: I1ab390c816caf3eabba00e8404d00fe2c9009fd8
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/83133


Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>

Due to a typo, #103193 downgraded the minimum required
phpstan/phpstan-phpunit version.

Executed command:

    composer require --dev \
      phpstan/phpstan-phpunit:^1.3.16

Resolves: #103194
Related: #103193
Releases: main, 12.4
Change-Id: Ied12668b57b500a42bdb9f901952094cd48bd1b0
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/83122


Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>

The new version changes the format of a warning.

Executed commands:

    composer require --dev \
        phpstan/phpstan:^1.10.59 \
        phpstan/phpdoc-parser:^1.26.0 \
        phpstan/phpstan-phpunit:^1.2.16
    ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #103193
Releases: main, 12.4
Change-Id: I36a6b4f98e03b73dbf076d84ce1ea900c26fcfb2
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/83120


Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Benjamin Franzke <ben@bnf.dev>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Benjamin Franzke <ben@bnf.dev>

A new PHPStan version has been released,
which is pulled in automatically in the
composerInstallMax nightly test.

The higher version allows to remove a
ignore pattern from the baseline and
a superfluous key unset is detected.

This change raises the PHPStan version,
removes the superfluous `unset()` and
regenerates the baseline to remove the
invalid ignore pattern.

Used command(s):

> Build/Scripts/runTests.sh -s composer \
    -- require --dev "phpstan/phpstan":"^1.10.58"
> Build/Scripts/runTests.sh \
    -s phpstanGenerateBaseline

Resolves: #103105
Releases: main, 13.0, 12.4
Change-Id: I689079eaac7f9461084e6a71ff08ef716cf551e4
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/82932


Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Benjamin Franzke <ben@bnf.dev>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Benjamin Franzke <ben@bnf.dev>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Stefan Bürk <stefan@buerk.tech>

This finediff minor raise alignes supported
PHP versions >=8.2 with core, symfony, phpunit v11.

Releases: main
Resolves: #103066
Change-Id: I7af5103daf65a57ca865fa3236803df9368894bc
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/82825


Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Doctrine DBAL released the stable version for
the next major version, v4.0.0. [1]

This change upgrades to the stable version
and ends the usage of the release candidate
as intermediate solution.

Stability workaround for the distribution
test composer.json is removed.

> \
  composer req --no-update --no-install \
    -d typo3/sysext/redirects \
    "doctrine/dbal":"^4.0" ; \
  composer req --no-update --no-install \
    -d typo3/sysext/core \
    "doctrine/dbal":"^4.0" ; \
  composer req --no-update --no-install \
    -d typo3/sysext/install \
    "doctrine/dbal":"^4.0" ; \
  composer req -W \
    "doctrine/dbal":"^4.0"

> COMPOSER=composer.dist.json composer rem --no-update \
    -d Build/composer "doctrine/dbal"

[1] https://github.com/doctrine/dbal/releases/tag/4.0.0

Resolves: #103029
Related: #102875
Releases: main
Change-Id: I36986769273822473a6ee9133af19c0c253b64e8
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/82776


Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Oliver Wand <wand@itaw.de>

TYPO3 uses a composer package [1] to import
locales along with translations and a custom
script has been added to create and update
included translation files.

This change updates the language files with
the last updates and requires the package
with the current highest version as minimum.

Used command(s):

> composer req --dev \
    "sokil/php-isocodes-db-i18n":"^4.0.19"

> php Build/Scripts/updateIsoDatabase.php

[1] sokil/php-isocodes-db-i18n

Resolves: #103027
Related: #100659
Releases: main, 12.4
Change-Id: I2839113ed3894cec58b41c85abd59039cab00725
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/82773


Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Kevin Appelt <kevin.appelt@icloud.com>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Kevin Appelt <kevin.appelt@icloud.com>

Change-Id: I6ac434754d0963e4d1d4cdf7f7536cc9d717c0ca
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/82714


Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>

Fluid 2.10.0 introduced a regression concerning the handling of
local and global variables, which was fixed with 2.10.1.

Executed command:
composer req typo3fluid/fluid:^2.10.1

Resolves: #102984
Releases: main
Change-Id: Ica56338d520b3a10d12bb94e2fb8e4d41ee5cef8
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/82698


Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>

Doctrine DBAL has been upgraded to the next
major version using the development version
as a intermediate solution. Recently, the
second release candidate has been released.

This change upgraded to that candidate now.
Adding the release candidate to a project
root composer.json is still needed as a
workaround - or lowering the minimum stability.

Used command(s):

> \
  composer req --no-update --no-install \
    -d typo3/sysext/redirects \
    "doctrine/dbal":"4.0.0-RC2@rc" ; \
  composer req --no-update --no-install \
    -d typo3/sysext/core \
    "doctrine/dbal":"4.0.0-RC2@rc" ; \
  composer req --no-update --no-install \
    -d typo3/sysext/install \
    "doctrine/dbal":"4.0.0-RC2@rc" ; \
  composer req -W \
    "doctrine/dbal":"4.0.0-RC2@rc" ; \
  COMPOSER=composer.dist.json composer req --no-update \
    -d Build/composer \
    "doctrine/dbal":"4.0.0-RC2@rc"

Resolves: #102959
Releated: #102875
Releases: main

Change-Id: Ia4c4c39234c68d6382fd6bebcc359eac6a8ab51e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/82674


Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The install tool has just a few dependencies to
ext:extensionmanager. Most notably, it ships the
AbstractDownloadExtensionUpdate upgrade wizard,
which is used when core extracts stuff to dedicated
extensions that are removed from monorepo.

The v12 upgrade wizard for 'fe_login_mode' uses this.

These upgrade wizards are tailored for non-composer-mode
only, just like the extensionmanager, which essentially
does nothing in composer mode.

To loosen the dependency from ext:install to
ext:extensionmanager, the patch moves the abstract, a
model class for this case, plus the fe_login_mode
implementation to ext:extensionmanager.

Class aliases are established, so a casual deprecation
is enough in this case. A few extensions rely on the
class, typically those that try to extend the upgrade
range of core by forward porting wizards older than
two major core versions. Those shoud continue to work
with v13, and will have to adapt the class namespace
of the abstract with v14 latest.

Moving the fe_login_mode wizard around does not make the
wizard show up again in case the wizard has been marked
'done' during v12 upgrade already, since usually the
according DB field does not exist anymore. We don't need
special handling for this case.

Resolves: #102943
Releases: main
Change-Id: Idb5e6c90900ffad7f9c3c383fff58a05c6728aa9
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/82659


Tested-by: Andreas Kienast <a.fernandez@scripting-base.de>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Nikita Hovratov <nikita.h@live.de>
Reviewed-by: Andreas Kienast <a.fernandez@scripting-base.de>
Reviewed-by: Nikita Hovratov <nikita.h@live.de>

This change updates phpstan and related
libraries to available maximum versions.

The new version finds two `array_filter`
usages with wrong typeing, which is fixed
along the way.

Used command(s):

> composer require --dev \
    "phpstan/phpstan":"^1.10.57" \
    "phpstan/phpdoc-parser":"^1.25.0" \
    "phpstan/phpstan-phpunit":"^1.3.15"

> Build/Scripts/runTests.sh -s phpstan

Resolves: #102920
Releases: main, 12.4
Change-Id: Iab6a0a079ff745b5bdbedf9b15a3bf9c7f83c171
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/82640


Tested-by: Andreas Kienast <a.fernandez@scripting-base.de>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Andreas Kienast <a.fernandez@scripting-base.de>

TYPO3 v13 requires Doctrine DBAL 4 and will be subsequently updated.

Doctrine DBAL 4 is shipping with a few breaking changes, where
most breaking stuff is coped and handled by the TYPO3 core and placed
in internal API implementation and wrappings. However, minor breaking
things on extended and provided API's are included and requires proper
adoption by extensions.

* [1] `AbstractPlatform::getName()` has been removed and `instance of`
  checks are required to be used instead. TYPO3 adopted this removal
  in the extended platform classes and does not provide a b/c for it.

* [2] Doctrine DBAL dropped support for older RDBMS version, aligned
  the Platform class extend chain and removed not-supported version
  for PostgreSQL and MariaDB. TYPO3 extended platform implementation
  are aligned and platform replacement in the replacement driver
  middleware modified.

* [3] Doctrine DBAL switched the casing (renaming) of some
  of the Platform classes, where the new casing has already been
  used for the extended classes. Due to the fact that aliased
  `use` import statement has been used, adjusting these casing
  is minimized to these places.

* [4] `Connection::lastInsertId()` no longer accepts a sequence
  name. TYPO3 core `Connection::getLastInsertId()` implementation
  is aligned to match this and core usages has been replaced with
  a pre-patch except one oversight which is done now.

* [5] Doctrine DBAL introducing replacement methods for the removed
  methods `QueryBuilder::resetQueryParam()` and `resetQueryParams()`,
  which are replaced at required places. Methods are removed on TYPO3
  QueryBuilder to be aligned with Doctrine DBAL.

* [6] Doctrine DBAL made QueryBuilder's state internal and therefore
  removed the QueryBuilder methods `getQueryParts()`, `getQueryPart()`,
  `getType()` and `getState()` along with the public class constants.
  Methods are removed from the TYPO3 QueryBuilder to align here with
  Doctrine DBAL. TYPO3 requires access to this internal state, mainly
  for the Extbase ORM handling and the ContentObjectRenderer. This is
  solved by introducing a internal `ConcreteQueryBuilder` ensuring a
  state duplication and adding internal marked public getter to the
  outer TYPO3 QueryBuilder.

* [7] Doctrine DBAL removed schema compare APIs not taking the
  DB connection into account and suggest to use connection aware
  comparator instead. `TYPO3\CMS\Install\Database\PermissionsCheck`
  is modified to respect this change.

* [8] Doctrine DBAL removed table renaming by using the `TableDiff`
  object and not creating corresponding DDL statements anymore. To
  compensate for this, the already extended `TableDiff` object get
  the `new name` information reintroduced, and the renaming SQL DDL
  is directly created at the required place in `ConnectionMigrator`.

* [9] Deprecated `SchemaDiff::toSql()` and `toSaveSql()` are replaced
  with `AbstractPlatform::getAlterSchemaSQL()`.

* [10] TYPO3 SchemaMigrator, ConnectionMigrator and Comparator are
  modified to cope with some modifications in Doctrine DBAL 4.
  This leads to the requirement that additional normalisation from the
  MySQL variant (ext_tables.sql) towards the target platform. SQLite
  autoincrement normalization is moved from SchemaMigrator into the
  connection migrator and additional MySQL/MariaDB, generic identifier
  and PostgreSQL normalization is added to cope with this fact.

* [11] Due to dropped PostgreSQL 9.6 support Doctrine DBAL switched
  from `SERIAL` to `GENERATED IDENTITY COLUMN` as virtual autoincrement
  handling still using sequence tables under the hood. The implemented
  schema change created by Doctrine DBAL will not migrate the sequence
  relation correctly and leads to really bad issues. The suggested and
  documented way is to create and use a procedure to migrate this. This
  is not suitable for the TYPO3 way of doing the database changes, and
  the `ConnectionMigrator` is modified to create the update statements
  taken from the procedure and replacing the normal alter statements.
  Due to the lack of a good entry point to combine data migration with
  required DDL changes, this has been implemented as a hackish merged
  statement for the meanwhile.

* \TYPO3\CMS\Core\Database\Platform\PlatformSaveAlterSchemaSQLTrait is
  removed as "not used anymore" and already mitigated.

The required work on the database analyser involved classes revealed
badly, that a complete overhaul and restructuring of the code in this
area is mandatory but exceeds the scope if this change. Multiple todo
comments have been added to make this clear and will be done later. This
is possible because the code in this area is considerable internal versus
the need to make the breaking change until the dot-zero sprint release.

Used command(s):

> \
  composer req --no-update --no-install \
    -d typo3/sysext/redirects \
    "doctrine/dbal":"4.0.x-dev@dev" ; \
  composer req --no-update --no-install \
    -d typo3/sysext/core \
    "doctrine/dbal":"4.0.x-dev@dev" ; \
  composer req --no-update --no-install \
    -d typo3/sysext/install \
    "doctrine/dbal":"4.0.x-dev@dev" ; \
  composer req -W \
    "doctrine/dbal":"4.0.x-dev@dev" ; \
  COMPOSER=composer.dist.json composer req --no-update \
    -d Build/composer \
    "doctrine/dbal":"4.0.x-dev@dev"

>  Build/Scripts/runTests.sh -s phpstanGenerateBaseline

[1]  https://github.com/doctrine/dbal/blob/4.0.x/UPGRADE.md#bc-break-doctrinedbaldrivergetname-removed
     https://github.com/doctrine/dbal/blob/4.0.x/UPGRADE.md#bc-break-removed-support-for-postgresql-93-and-older
[2]  https://github.com/doctrine/dbal/blob/4.0.x/UPGRADE.md#bc-break-removed-support-for-mariadb-100-and-older
     https://github.com/doctrine/dbal/blob/4.0.x/UPGRADE.md#bc-break-removed-support-for-mysql-56-and-older
[3]  https://github.com/doctrine/dbal/blob/4.0.x/UPGRADE.md#bc-break-renamed-sqlite-platform-classes
[4]  https://github.com/doctrine/dbal/blob/4.0.x/UPGRADE.md#removed-support-for-connectionlastinsertidname
[5]  https://github.com/doctrine/dbal/blob/4.0.x/UPGRADE.md#deprecated-reset-methods-from-querybuilder
[6]  https://github.com/doctrine/dbal/blob/4.0.x/UPGRADE.md#deprecated-getting-query-parts-from-querybuilder
     https://github.com/doctrine/dbal/blob/4.0.x/UPGRADE.md#deprecated-querybuilder-methods-and-constants
[7]  https://github.com/doctrine/dbal/blob/4.0.x/UPGRADE.md#bc-break-removed-schema-comparison-apis-that-dont-account-for-the-current-database-connection-and-the-database-platform
[8]  https://github.com/doctrine/dbal/blob/3.7.x/UPGRADE.md#deprecated-renaming-tables-via-tablediff-and-abstractplatformaltertable
[9]  https://github.com/doctrine/dbal/blob/4.0.x/UPGRADE.md#deprecated-schemadifftosql-and-schemadifftosavesql
[10] https://github.com/doctrine/dbal/blob/4.0.x/UPGRADE.md#bc-break-changes-in-handling-string-and-binary-columns
[11] https://github.com/doctrine/dbal/blob/4.0.x/UPGRADE.md#bc-break-auto-increment-columns-on-postgresql-are-implemented-as-identity-not-serial
     https://github.com/doctrine/dbal/blob/4.0.x/docs/en/how-to/postgresql-identity-migration.rst

Resolves: #102875
Related: #102589
Related: #102402
Releases: main
Change-Id: I547928b5ebba55e574d3a992e864784d8f594653
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77709


Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Benni Mack <benni@typo3.org>

Doctrine DBAL 3.7.0 introduced a performance issue [1]
which has been already fixed by the Doctrine Team [2].

This change updates the `doctrine/dbal` composer constraint
to ensure that this performance issue is gone.

Note:   The monorepo composer.lock already containted the
        3.7.2 bugfis release, therefore this has not been
        detected in casual core development. This update
        is to mitigate the performance issue at all costs
        for TYPO3 users.

As a sideeffect, this should put `composerInstallMin`
nightly function tests on speed again.

Used command(s):

> composer require --no-update --no-install \
    -d typo3/sysext/redirects \
    "doctrine/dbal":"^3.7.2" ; \
  composer require --no-update --no-install \
    -d typo3/sysext/core \
    "doctrine/dbal":"^3.7.2" ; \
  composer require --no-update --no-install \
    -d typo3/sysext/install \
    "doctrine/dbal":"^3.7.2" ; \
  composer require --no-update \
    "doctrine/dbal":"^3.7.2" ; \
  composer update --lock

[1] https://github.com/contao/contao/issues/6409
[2] https://github.com/doctrine/dbal/pull/6202

Resolves: #102830
Releases: main, 12.4
Change-Id: If8b09f9556f11cc0fda4690f81343fc6c5d5e476
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/82448


Tested-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Garvin Hicking <gh@faktor-e.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Garvin Hicking <gh@faktor-e.de>
Tested-by: Stefan Bürk <stefan@buerk.tech>

TYPO3 v13 requires Symfony 7,
which will be subsequently updated
until Symfony 7.4 (LTS)

Symfony 7 requires PHP 8.2, and
will have support until November 2028
whereas Symfony 6 will "only" have
support until November 2026.

Used commands:

composer req --dev -W \
 "symfony/translation:^7.0" \
 "composer/composer:^2.6.5"

composer req -W \
 "symfony/config:^7.0" \
 "symfony/console:^7.0" \
 "symfony/dependency-injection:^7.0" \
 "symfony/doctrine-messenger:^7.0" \
 "symfony/expression-language:^7.0" \
 "symfony/filesystem:^7.0" \
 "symfony/finder:^7.0" \
 "symfony/http-foundation:^7.0" \
 "symfony/mailer:^7.0" \
 "symfony/messenger:^7.0" \
 "symfony/mime:^7.0" \
 "symfony/options-resolver:^7.0" \
 "symfony/property-access:^7.0" \
 "symfony/property-info:^7.0" \
 "symfony/rate-limiter:^7.0" \
 "symfony/routing:^7.0" \
 "symfony/uid:^7.0" \
 "symfony/var-dumper:^7.0" \
 "symfony/yaml:^7.0"

Resolves: #102786
Releases: main
Change-Id: I93adeadd9a711352c7a916fe83e42f2bb9c69f5d
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/82273


Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>

TYPO3 v13 will require PHP 8.2 as minimum
PHP version to be used.

Used commands:
> composer config platform.php 8.2.0
> composer req "php:^8.2" --no-update
> composer update --lock

Resolves: #102779
Releases: main
Change-Id: I4765cd4421ad3d6311f8e2a2411e15725ca45de8
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/82371


Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Benjamin Franzke <ben@bnf.dev>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Benjamin Franzke <ben@bnf.dev>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Stefan Bürk <stefan@buerk.tech>

New phpstan find some questionable null fallback occurences, that are
not obvious. Add a baseline for now.

> composer req --dev phpstan/phpstan:^1.10.51
> ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #102756
Releases: main, 12.4
Change-Id: I3eef057d4fd04fe92f813bad7e1873718f6da765
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/82352


Reviewed-by: Thomas Hohn <tho@gyldendal.dk>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Thomas Hohn <tho@gyldendal.dk>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>

This change enables symfony 7 in
addition to symfony 6 in TYPO3.

Symfony7 requires PHP 8.2, thus
is not installed by default for the
time being, as this change is also
allowed for TYPO3 v12 support when
running with PHP 8.2 and composer.

Used commands:

composer req -W \
 "symfony/config:^6.4 || ^7.0" \
 "symfony/console:^6.4 || ^7.0" \
 "symfony/dependency-injection:^6.4 || ^7.0" \
 "symfony/doctrine-messenger:^6.4 || ^7.0" \
 "symfony/expression-language:^6.4 || ^7.0" \
 "symfony/filesystem:^6.4 || ^7.0" \
 "symfony/finder:^6.4 || ^7.0" \
 "symfony/http-foundation:^6.4 || ^7.0" \
 "symfony/mailer:^6.4 || ^7.0" \
 "symfony/messenger:^6.4 || ^7.0" \
 "symfony/mime:^6.4 || ^7.0" \
 "symfony/options-resolver:^6.4 || ^7.0" \
 "symfony/property-access:^6.4 || ^7.0" \
 "symfony/property-info:^6.4 || ^7.0" \
 "symfony/rate-limiter:^6.4 || ^7.0" \
 "symfony/routing:^6.4 || ^7.0" \
 "symfony/uid:^6.4 || ^7.0" \
 "symfony/var-dumper:^6.4 || ^7.0" \
 "symfony/yaml:^6.4 || ^7.0"

 composer req --dev -W \
 "codeception/codeception:^5.0.13" \
 "codeception/module-filesystem:^3.0.1" \
 "friendsofphp/php-cs-fixer:^3.46" \
 "symfony/translation:^6.4 || ^7.0"

Resolves: #102746
Releases: main, 12.4
Change-Id: I6bbbfb0bc6e26c00fba0010234b5c8b698cf0a81
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/82304


Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>

TYPO3 uses a composer package [1] to import
locales along with translations and a custom
script has been added to create and update
included translation files.

This change updates the language files with
the last updates and requires the package
with the current highest version as minimum.

Used command(s):

> composer req --dev \
    "sokil/php-isocodes-db-i18n":"^4.0.18"

> Build/Scripts/runTests.sh \
    -s checkIsoDatabase \
    -p 8.1

[1] sokil/php-isocodes-db-i18n

Resolves: #102747
Releases: main, 12.4
Change-Id: I4d6603484c4fca213c66f0df0feff13bc1011b29
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/82306


Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>

PHPUnit has changed the behavior of the error handler in
several ways, for example introducing a PHP attribute to
disable the PHPUnit error handler for tests dealing with
`error_get_last()` [1], throwing an exception and stopping
the script execution on `E_*_ERROR` or clearing the error
result [2] - which breaks the ability to use the native
`error_get_last()` method to test custom error handler
implementation.

Something which TYPO3 needs to do for the provided custom
error handler.

An additional change [3] to check and restore error handlers
with levels has been reverted due to issues in the Laravel
world.

This change modifies the related test to use the introduced
PHP attribute `#[WithoutErrorHandler]` and raises PHPUnit.

Note: PHPUnit does not recognize the `@test` doc-block
      annotation if the `#[WithoutErrorHandler]` attribute
      is used. Therefore, the attribute counterparts for
      `@test` and `@dataProvider` has been added on top
      and not exclusively for now, albeit looking weird
      and fishy. This needs to be addressed in a more
      generic way in a dedicated change.

Used command(s):

> composer update typo3/testing-framework
> composer require --dev "phpunit/phpunit":"^10.5.5"

[1] https://github.com/sebastianbergmann/phpunit/pull/5430
[2] https://github.com/sebastianbergmann/phpunit/pull/5592
[3] https://github.com/sebastianbergmann/phpunit/pull/5619

Resolves: #102724
Releases: main, 12.4
Change-Id: I77f750ef2eba53b5f8caa51651f36321ae5d1224
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/82282


Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Simon Schaufelberger <simonschaufi+typo3@gmail.com>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Simon Schaufelberger <simonschaufi+typo3@gmail.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>

New phpstan find a fishy but not trivial to resolve
inheritance return type definition. Add to baseline
for now.

> composer req --dev phpstan/phpstan:^1.10.48
> ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #102637
Releases: main, 12.4
Change-Id: I2bbb5211c4a2622ab717a3c4dd0f68d18d2e17d8
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/82156


Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>

This introduces a new PHP attribute `AsController`,
which serves as a drop-in replacement for the former
introduced `Controller` attribute (#99055), which is
now deprecated.

This is done to unify the naming of our attributes.

The old `Controller` attribute is still working using
class alias mapping.

For upwards compatibility, the #[AsController] attribute
will be backported to v12 with a more slim variant of
this patch.

Resolves: #102631
Related: #99055
Releases: main, 12.4
Change-Id: Ib0ff0d08660a89c4a5c6c14a327542ec89095743
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/82151


Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Jochen Roth <rothjochen@gmail.com>
Reviewed-by: Jochen Roth <rothjochen@gmail.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

This bugfix enables the possibility to access _LOCAL_LANG
values from TypoScript properly again via Extbase's
LocalizationUtility, and thus for <f:translate> ViewHelpers
as well again.

This is what has changed under-the-hood:

The TranslateViewHelper is now only a thin layer
to Extbase's LocalizationUtility (as before), and only
checks if a current request or Locale/languageKey is
given, if a locale can be resolved. Everything else
is then dispatched to the LocalizationUtility.

<f:translate> is very clean now and has almost no further
responsibility than to call LocalizationUtility::translate

Instead of adding further LocalizationUtility magic,
overriding of TypoScript is now enabled for any kind
of plugin which hands in $extensionName. This is achieved
by building proper Locale objects from the request which
are then used to build the respective LanguageService.

As it turned out after the 12.4.0 release, the "Locales"
class is indeed the factory for creating a Locale, which
is decoupled from the actual LanguageService (= label magic),
the Locales factory receives a few create methods to make
life easier for usage, which both f:translate AND
LocalizationUtility receive, making their parts much smaller.

Further work will disolve the usage of the Configuration
Manager of Extbase, but this won't happen in v12 anymore.

Resolves: #100759
Releases: main, 12.4
Change-Id: Ifcad2ec590746e96066a96f314500bd50e9b4695
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80732


Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Benni Mack <benni@typo3.org>

TYPO3 uses a composer package [1] to import
locales along with translations and a custom
script has been added to create and update
included translation files.

This change updates the language files with
the last updates and requires the package
with the current highest version as minimum.

Used command(s):

> composer req --dev \
    "sokil/php-isocodes-db-i18n":"^4.0.17"

> Build/Scripts/runTests.sh \
    -s checkIsoDatabase \
    -p 8.1

[1] sokil/php-isocodes-db-i18n

Resolves: #102596
Releases: main, 12.4
Change-Id: I21a9e5d5215e0146d3f87aeee3b833979ba05f07
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/82079


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Benni Mack <benni@typo3.org>

Also fix one unneeded null coalescing operator usage,
which was discovered with this release.

> composer require --dev phpstan/phpstan:^1.10.47

Resolves: #102584
Releases: main, 12.4
Change-Id: I19876bfe33fcf05166df7e0d92696c2368b29490
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/82067


Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Benjamin Franzke <ben@bnf.dev>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benjamin Franzke <ben@bnf.dev>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: core-ci <typo3@b13.com>

This commit updates all Symfony components to version 6.4, as 6.3 ran
out of support. Symfony 6.4 also marks an LTS release.
Please see the upgrade document at [1].

Executed command:

    composer require \
        symfony/config:^6.4 \
        symfony/console:^6.4 \
        symfony/dependency-injection:^6.4 \
        symfony/doctrine-messenger:^6.4 \
        symfony/expression-language:^6.4 \
        symfony/filesystem:^6.4 \
        symfony/finder:^6.4 \
        symfony/http-foundation:^6.4 \
        symfony/mailer:^6.4 \
        symfony/messenger:^6.4 \
        symfony/mime:^6.4 \
        symfony/options-resolver:^6.4 \
        symfony/property-access:^6.4 \
        symfony/property-info:^6.4 \
        symfony/rate-limiter:^6.4 \
        symfony/routing:^6.4 \
        symfony/uid:^6.4 \
        symfony/var-dumper:^6.4 \
        symfony/yaml:^6.4 \
        -W

    composer require --dev \
        symfony/translation:^6.4 \
        -W

[1]: https://github.com/symfony/symfony/blob/6.4/UPGRADE-6.4.md

Resolves: #102552
Releases: main, 12.4
Change-Id: I01f8fcedff74eac49a6901651b36584272f93b82
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/82032


Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Andreas Kienast <a.fernandez@scripting-base.de>
Reviewed-by: Andreas Kienast <a.fernandez@scripting-base.de>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Benni Mack <benni@typo3.org>

The new version fixes a false positive, adds a second
warning for a problem that already is logged in the baseline,
and sadly introduces one new false positive.

> composer req --dev phpstan/phpstan:^1.10.46
> composer req --dev phpstan/phpstan-phpunit:^1.3.15
> ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #102544
Releases: main, 12.4
Change-Id: I79e3854458f1061b4943d0b3fab78b1a7502b13f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/81998


Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Simon Schaufelberger <simonschaufi+typo3@gmail.com>
Tested-by: Simon Schaufelberger <simonschaufi+typo3@gmail.com>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: core-ci <typo3@b13.com>

Standalone fluid 2.10 comes with a series of
features that will streamline and simplify
EXT:fluid for core v13. We'll leverage this with
upcoming patches.

> composer req typo3fluid/fluid:^2.10.0

Resolves: #102537
Releases: main
Change-Id: I963dfd8304c4e39a0ddba8312139171eb14391da
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/81984


Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>

> composer require --dev phpstan/phpstan:^1.10.45
> Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #102536
Releases: main, 12.4
Change-Id: Ie529eba3c951d20bf4d0b6f2b838d329ac771805
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/81981


Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

This patch merges the "t3editor" extension into EXT:backend. The
overall benefit is a globally available syntax highlighting at various
places, without the need to have an extra extension installed.

Another benefit it the removal of installation checks of EXT:t3editor
and fallbacks if the "soft requirement" is not fulfilled, reducing
soft-cross-dependencies.

Resolves: #102440
Releases: main
Change-Id: I76301c9cff08f61a5721fa34f4e3e950687b67b0
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/81799


Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Stefan Bürk <stefan@buerk.tech>

See https://github.com/TYPO3/html-sanitizer/releases/tag/v2.1.4

composer req typo3/html-sanitizer:^2.1.4
composer req typo3/html-sanitizer:^2.1.4 \
   -d typo3/sysext/core --no-update

Resolves: #102169
Releases: main, 12.4, 11.5
Change-Id: I76edb7ff0dc66d3308d5c0875c2db56ca02addd7
Security-Bulletin: TYPO3-CORE-SA-2023-007
Security-References: CVE-2023-47125
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/81737


Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>

Symfony's AsCommand attribute encodes `hidden = true` into
a trailing `|` for the name attribute. Drop that for our
command list and mark the command as hidden in the command
registry.

Resolves: #102292
Related: #101567
Releases: main, 12.4
Change-Id: I6415e3f5525764aab336bab20432c032e0665632
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/81617


Tested-by: Chris Müller <typo3@krue.ml>
Reviewed-by: Garvin Hicking <gh@faktor-e.de>
Tested-by: Garvin Hicking <gh@faktor-e.de>
Reviewed-by: Benjamin Franzke <ben@bnf.dev>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Benjamin Franzke <ben@bnf.dev>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Chris Müller <typo3@krue.ml>

This commit updates `phpstan/phpstan` to the latest version and fixes
one issue within `RedisSessionBackend` where the Redis API claims to
return a `\Redis` object when calling `->del()`. This indicates a usage
of multi mode, where the delete state cannot get determined.
Also, multi mode is not supported by our session backend, therefore we
handle this case as "not successful" now.

Executed command:

    composer require --dev phpstan/phpstan:^1.10.41 -W

Resolves: #102320
Releases: main, 12.4
Change-Id: I6f4edb746c6e23d92d5147cc7c711d8da0309f0f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/81690


Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Andreas Kienast <a.fernandez@scripting-base.de>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Andreas Kienast <a.fernandez@scripting-base.de>
Tested-by: Benjamin Franzke <ben@bnf.dev>
Reviewed-by: Benjamin Franzke <ben@bnf.dev>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Benni Mack <benni@typo3.org>

> composer update --lock
> Build/Scripts/runTests.sh -s buildJavascript
> Build/Scripts/runTests.sh -s buildCss

Resolves: #102235
Releases: main
Change-Id: I02edf44492e742cebaed8900b9cdfc006389820d
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/81511


Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benjamin Franzke <ben@bnf.dev>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Benjamin Franzke <ben@bnf.dev>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>

This commit updates `phpstan/phpstan` to the latest version and fixes
one quirk in our code in order to make our nightly test runs happy
again.

Executed command:

    composer require --dev phpstan/phpstan:^1.10.40 -W

Resolves: #102294
Releases: main, 12.4
Change-Id: I22b691fbdab5a17cf1328b7613d9c97a98eae861
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/81632


Tested-by: Andreas Kienast <a.fernandez@scripting-base.de>
Reviewed-by: Andreas Kienast <a.fernandez@scripting-base.de>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Benjamin Franzke <ben@bnf.dev>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Benjamin Franzke <ben@bnf.dev>
Tested-by: Oliver Hader <oliver.hader@typo3.org>

Minor CGL streamlinings from latest php-cs-fixer.

> composer req --dev friendsofphp/php-cs-fixer:^3.37.1
> Build/Scripts/runTests.sh -s cgl

Resolves: #102285
Releases: main, 12.4, 11.5
Change-Id: I0cc1fe3c0f81f62a49df00d62d57ef3c593c57df
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/81609


Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Benjamin Franzke <ben@bnf.dev>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Benjamin Franzke <ben@bnf.dev>

It's time to update to latest changes of php-cs-fixer
to align with current community rules. This brings a
rather huge series of changes, main changes due to
single_line_empty_body rule which now formats empty
class and method body curly braces into a single line,
plus changes from function_declaration rule which tends
to avoid more whitespaces.

The change has a slight impact on phpstan, we
regenerate baseline.

To reduce backport headaches, this change is backported
to v12 and v11.

> composer req --dev friendsofphp/php-cs-fixer:^3.35.1
> Build/Scripts/runTests.sh -s cgl
> Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #102236
Releases: main, 12.4, 11.5
Change-Id: Iea45b10667951672b2194033216c49f580799f55
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/81512


Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Jasmina Ließmann <minapokhalo+typo3@gmail.com>
Reviewed-by: Jasmina Ließmann <minapokhalo+typo3@gmail.com>

An `instanceof Type` on `Type|null` is unneeded and is to be replaced by
a null-check (or modern alternatives like optional chaning or the null
coalescing operator) in order to avoid narrowing code branches
unnecessarily. We call them "pseudo" uncertain checks there is no need
to express uncertainty regarding the type in a condition where native
type declarations define a specific type *or* null:

  It is `null` or `!null`.

Definition of a pseudo uncertain instanceof check:

  `$foo instanceof Bar` is fully equivalent to `$foo !== null`,
    when `$foo` is defined (via native PHP types) to be `Bar|null`.
   ⇒ `instanceof` expresses pseudo uncertainty regarding the type.

From what we have seen in previous gerrit discussions, there were two
reasons why instanceof was preferred over null checks although being
unneeded:

1) Cognitive load for an instanceof check is perceived to be lower in
   contrast to negated null (not null) conditions
2) Preparatory safe-guard against type of $foo being changed at sometime
   later

1) Cognitive load is a subjective term and the opinions actually differ
   a lot. Some developers prefer narrowing instanceof conditions because
   they claim the desired type for a certain code branch.
   Some others say that's a clear signal for code that needs refactoring
   and perceive a high cognitive load because they do not understand why
   the type is unnecessarily checked if it can only be null or not null.
   Lets call that: "reverse cognitive load".
   That means, this argument basically boils down to
   "congitive load" (for the good "then" case: inner code block) vs
   "reverse cognitive load" (for the bad "else" case: outer code block)
   ⇒ Due to being subjective "cognitive load" is not a good argument to
     base a decision upon.

2) The second argument is that an instanceof ensures a method that is to
   be called actually exists and doesn't lead to an error – that is a
   "preparatory safe-guard".
   This is true and works, but doesn't "answer" the question,
   what happens if the object is not an instance of the desired type
   (but not null).
   While preparatory safe-guards against the type of variable being
   changed sometime later was probably a pretty good idea for code that
   is not statically analyzed and had no native type declarations, but
   such checks effectively preclude that the type must/should never
   change (which might not be true!) and has no chance of actually
   detecting when that case (type change/extension) ever happens.
   All advantages offered by pseudo uncertain instanceof checks are
   accomplished with static code analysis as well, but with the added
   downside that an `instanceof` hardcodes our human static code
   analysis result, instead of letting the static analyzer do the job.

   To explain that:
   If the type of the variable under test is actually widened (like a
   union type, or change to a base class), it will never be
   automatically detected that there is an instanceof condition that
   restricts the type too narrowly. It will always be valid code from
   static code analysis perspective.

   In comparison to that, static analysis on null-checked variables will
   report invalid method calls or assignments not allowed by the
   (natively defined) types and will notify in case a type change
   requires the code to be adapted.
   We gain the advantage that the code will not be forgotten to
   be updated to a new type.

   That means !== null combined with static code analysis has the same
   level of being a safeguard against the bad cases, while instanceof
   silently transforms new "good"-cases into bugs, where !== null is a
   transparent and secure passthrough.

   Actually to make an uncertain instanceof robust, an elseif branch
   would be needed to be somehow notified about new good-cases without
   silently ignoring them:

   if ($foo instanceof Foo) {
       …
   } elseif ($foo !== null) {
       throw new MustNeverHappenException(…);
   }

In other words an unneeded pseudo uncertain instanceof check is
basically like a switch construct without a default case.
Just to be explicit: Of course, instanceof is fine to be used
when multiples types are to be expected and handled in different code
branches.

That means pseudo uncertain instanceof usage instead of null-checks is
an antipattern for the following reasons:

 * It narrow code branches for the sake of less cognitive load
   * The cognitive load appears to be lower, but actually future-bad
     cases are overseen and are never auto-detectable in future – while
     null-checks will resolve to static analysis errors in case the
     input type is *ever* widened (which uncertain `instanceof` checks
     try to prepare for, but actually introduce future-bugs because of
     missing `else` cases)
 * It embraces deep nesting instead of early returns via null-checks
 * It embraces conditions over newer and more elegant PHP techniques
   like optional chaing
 * Tries to "help" the developer by explicitly anotating the
   current type of the variable under test
   ⇒ This is a clear sign of code smell, that needs to refactored into
      smaller chunks and methods and type autocompletion/information
      can be provided by IDEs when using proper types (which this change
      is about) anyway
 * Has zero advantages over static code analysis

Resolves: #102140
Releases: main, 12.4
Change-Id: I10de41e9744a814c9e24255573b5a5eaf6fb8b0f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/80859


Tested-by: Andreas Kienast <a.fernandez@scripting-base.de>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Benjamin Franzke <ben@bnf.dev>
Reviewed-by: Benjamin Franzke <ben@bnf.dev>
Reviewed-by: Andreas Kienast <a.fernandez@scripting-base.de>
Reviewed-by: Nikita Hovratov <nikita.h@live.de>

Recent release for doctrine/dbal containes a
php docblock change which helps phpstan to
proper determine types.

This change upgrades the doctrine/dbal package
and removes a now superflous entry from the
phpstan baseline.

Used command(s):

> composer req --no-update \
    -d typo3/sysext/core \
    "doctrine/dbal":"^3.7.1" \
  && composer req --no-update \
    -d typo3/sysext/redirects \
    "doctrine/dbal":"^3.7.1" \
  && composer req --no-update \
    -d typo3/sysext/install \
    "doctrine/dbal":"^3.7.1" \
  && composer req \
    "doctrine/dbal":"^3.7.1"

> Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #102133
Releases: main, 12.4
Change-Id: Iaeba882e0584442c6caac71d3dd1e33ac0a56ef1
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/81394


Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Benjamin Franzke <ben@bnf.dev>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Benjamin Franzke <ben@bnf.dev>