This change updates the main TYPO3 code base
vendor/ directory to lock to latest packages
from our main dependencies, ready for the next
v12.x release, so the "non-composer mode"
has various updated dependencies shipped.

Used commands:
  composer update "symfony/*" "doctrine/*" "psr/*" "firebase/php-jwt" "bacon/bacon-qr-code" -W

Resolves: #99831
Releases: main, 11.5
Change-Id: If208b89062dab7dac98b140fe6e16a545bf9226f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77703


Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>

Since the recent release of PHPUnit 9.6 some new deprecations were added
which signal breaking changes for version 10. As deprecations are
causing our tests to fail, they need to be addressed immediately.

Method `expectErrorMessage` replaced with `expectExceptionMessage`.
Method `getMockClass` replaced with `createMock` and a subsequent
get_class call.
Move test with deprecations to UnitDeprecated and remove expectation.

Also update phpunit/phpunit and dependencies to latest version:
> composer req --dev phpunit/phpunit:^9.6.1 -W

Resolves: #99817
Releases: main, 11.5
Change-Id: I6d01ccca398a8ff5db735a35b19061b711c843cc
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77693


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The new version finds some more potential problems.

> composer req --dev phpstan/phpstan:^1.9.12
> ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #99573
Releases: main, 11.5
Change-Id: Ieee3a5881a854946cb180965e4f182b27ea05aaf
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77420


Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Some bug fixes reduce list of false positives.

> composer req --dev phpstan/phpstan:^1.9.5
> composer req --dev phpstan/phpstan-phpunit:^1.3.3
> ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #99448
Releases: main, 11.5
Change-Id: Ibc7cc259d6fd5520365ccb25652a21f4488e9597
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77246


Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The new version finds some more potential problems.

> composer req --dev phpstan/phpstan:^1.9.4
> composer req --dev phpstan/phpstan-phpunit:^1.3.2
> ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Change-Id: Iae41030660fc24f8e5d83546cb9e22835517a719
Resolves: #99389
Releases: main, 11.5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77212


Tested-by: Benni Mack <benni@typo3.org>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Benni Mack <benni@typo3.org>

PHPStan 1.9.3 finds another potential problem and brings
some performance improvements.

Run commands:

> composer req --dev phpstan/phpstan:^1.9.3
> composer req --dev phpstan/phpstan-phpunit:^1.3.1
> ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #99356
Releases: main, 11.5
Change-Id: I9d1429949379cc35518fad6750d6d063827623ed
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77124


Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>

see https://github.com/TYPO3/html-sanitizer/releases/tag/v2.1.1

composer req typo3/html-sanitizer:^2.1.1
composer req typo3/html-sanitizer:^2.1.1 \
  -d typo3/sysext/core --no-update

Resolves: #99351
Releases: main, 11.5, 10.4
Change-Id: I25a17ce13a8f90cdd07a7cc51e515dff3b6bb03b
Security-Bulletin: TYPO3-CORE-SA-2022-017
Security-References: CVE-2022-23499
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77094


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

see https://github.com/TYPO3/html-sanitizer/releases/tag/v2.1.0

composer req typo3/html-sanitizer:^2.1.0
composer req typo3/html-sanitizer:^2.1.0 \
  -d typo3/sysext/core --no-update

To use custom output rules, the Behavior object must be known in
the Sanitizer, see https://github.com/TYPO3/html-sanitizer/pull/98

Resolves: #99271
Releases: main, 11.5, 10.4
Change-Id: I160f8b49284566afde87d07dde7a4fb69e3174c9
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76920


Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>

Used commands:

  composer req -W \
    -d typo3/sysext/core --no-update \
    guzzlehttp/guzzle:^7.5.0 \
    guzzlehttp/psr7:^2.4.3

  composer req -W \
    -d typo3/sysext/install --no-update \
    guzzlehttp/promises:^1.5.2

  composer req -W \
    guzzlehttp/guzzle:^7.5.0 \
    guzzlehttp/promises:^1.5.2 \
    guzzlehttp/psr7:^2.4.3

Resolves: #99242
Releases: main, 11.5
Change-Id: Iec5f53533860f3811127b1a4463e7a4a7fd70877
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76879


Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Stefan Bürk <stefan@buerk.tech>

doctrine/dbal 2.x version has reached EOL, which means that
there will be no new version in this version range. Sadly,
doctrine/dbal triggers a deprecation warning in PHP8.2 which
will not be fixed upstream.

Raising that dependency is out of the scope for TYPO3 v11. This
issue is mitigated by adding the well-known composer dependency
`cweagans/composer-patches` as dev dependency. Additionally, a
corresponding composer patch targeting the PHP8.2 variable
interpolation deprecation warning is applied in CI for testing
purpose.

UpgradeCest acceptance tests is adjusted to execute some steps
only for appropriate dbms/drivers, as they are not targeting the
newer versions.

This change:
* Adds composer patcher `cweagans/composer-patches`
* Adds composer patch for doctrine/dbal variable
  interpolation issue in postgres platform class
* re-arranging pre-merge and nightly tests
* Ensures to execute some acceptance and functional
  tests against MariaDB 10.6 (LTS)
* Adds a little workaround (ignore-platform-reqs)
  for composer install min and max with PHP8.2 in
  `Build/Scripts/runTests.sh` and docker-compose.yml

Used command(s):

> composer2-74 config --no-plugins --no-interaction \
    allow-plugins.cweagans/composer-patches true
> composer2-74 config --no-plugins --no-interaction \
    extra.composer-exit-on-patch-failure true
> composer2-74 config --no-plugins --no-interaction \
    extra.patches-file "Build/patches/patches.json"
> composer2-74 require --dev \
    "cweagans/composer-patches":"^1.7.1"

Resolves: #99173
Releases: 11.5
Change-Id: If7abd9e66c409c5417343658fe789ee38b35f082
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76011


Reviewed-by: Nikita Hovratov <nikita.h@live.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Nikita Hovratov <nikita.h@live.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Stefan Bürk <stefan@buerk.tech>

This update makes a warning more specific.

Run commands:

> composer req --dev phpstan/phpstan:^1.9.2
> ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #99045
Releases: main, 11.5
Change-Id: I4c5af9d69e0e5b8f4b0d78efd4caa4ed79aed795
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76498


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

This update finds new problems and gets rid of
some false positives.

Run commands:

> composer req --dev phpstan/phpstan:^1.9.0
> ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Blog article about the new release:
https://phpstan.org/blog/phpstan-1-9-0-with-phpdoc-asserts-list-type

Resolves: #98986
Releases: main, 11.5
Change-Id: I15516853c3a1bac80b80466fe4bae8a0f150ba68
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76397


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

composer req --dev phpstan/phpstan-phpunit:^1.2.2
Resolves: #98943
Releases: main, 11.5

Change-Id: Iee2f421546a7be58ada993aa5c331bb914500aad
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76331


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

> composer req --dev friendsofphp/php-cs-fixer:^3.12.0
> Build/Scripts/runTests.sh -s cgl -p 8.1

Resolves: #98938
Releases: main, 11.5
Change-Id: I42b247fa4ea51ef20e29fef855c12af1b756d558
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76303


Tested-by: core-ci <typo3@b13.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>

Also update the PHPUnit PHPStan configuration.

This update gets rid of some false positives.

Run commands:

> composer req --dev phpstan/phpstan:^1.8.11
> composer req --dev phpstan/phpstan-phpunit:^1.1.3
> ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #98913
Releases: main, 11.5
Change-Id: Ifc374d02a2ad343bd6be9a61b2075deb019b98f7
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76257


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

This update gets rid of some false positives.

Run commands:

> composer req --dev phpstan/phpstan:^1.8.9
> ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #98610
Releases: main, 11.5
Change-Id: I65425faaf3c9b0f08bacb6fa56e60b97ca905ed1
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76116


Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>

This update finds new problems and gets rid of some
false positives.

Run commands:

> composer req --dev phpstan/phpstan:^1.8.8
> ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #98541
Releases: main, 11.5
Change-Id: Idff8e6f7f9baa700a79ec0e823aee14f0fb63efb
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/76013


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

This update finds new problems and gets rid of some
false positives.

Run commands:

> composer req --dev phpstan/phpstan:^1.8.7
> ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #98524
Releases: main, 11.5
Change-Id: Idbb8e62aac0b480eb0590e483968741f2b58916d
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75985


Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Stefan Bürk <stefan@buerk.tech>

This avoids abandoned php-cs-fixer/diff

> composer req --dev friendsofphp/php-cs-fixer:^3.11.0
> Build/Scripts/runTests.sh -s cgl -p 7.4

Change-Id: I84704208cc891916e5354c0900dc4bac4e771380
Resolves: #98522
Releases: main, 11.5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75980


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

see https://github.com/TYPO3/html-sanitizer/releases/tag/v2.0.16

composer req masterminds/html5:^2.7.6 typo3/html-sanitizer:^2.0.16
composer req masterminds/html5:^2.7.6 typo3/html-sanitizer:^2.0.16 \
  -d typo3/sysext/core --no-update

Resolves: #98340
Releases: main, 11.5, 10.4
Change-Id: I254ea25410e01f7610b0c4ef8b83441ab216f1ca
Security-Bulletin: TYPO3-CORE-SA-2022-011
Security-References: CVE-2022-36020
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75714


Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

To avoid divergent code-style results among other Git branches,
package friendsofphp/php-cs-fixer is upgraded to version 3.9.5.

Resolves: #98331
Releases: 11.5
Change-Id: I9cac87b225b816dc5c4a943ef4a90827a164496c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75691


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

PHPStan fails with composer max installation due
changes in the detection. Raising the version to
corresponding version leads to abnormal performance
decrease. Thus not an option we can use.

This change pins phpstan to a fixed version to avoid
failing nightlies until the performance issue in the
PHPStan tool has been fixed.

See: https://github.com/phpstan/phpstan/issues/7903

Used commands:

> composer req --dev "phpstan/phpstan":"1.8.2"

Resolves: #98253
Releases: main, 11.5
Change-Id: I38a31b87c36b9ae4c5915422dd3f09a6fca38b57
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75601


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

This patch raises "typo3/class-alias-loader" which
contains some bugfixes.

Used commands:

> composer req "typo3/class-alias-loader":"^1.1.4" \
  --no-update -d typo3/sysext/core
> composer req "typo3/class-alias-loader":"^1.1.4"

Resolves: #98102
Releases: main, 11.5
Change-Id: I772a40dd9676afc7721e819077f05662ce2c6bd7
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75397


Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Benni Mack <benni@typo3.org>

Raising from 2.7.1 brings:
* A couple of bug fixes, especially ternary should
  work much better when cached
* Basic PHP 8.2 support
* A couple of minor additions and more relaxed
  handling. Some of these will materialize in v12
  with upcoming patches

> composer req typo3fluid/fluid:^2.7.2
> composer req typo3fluid/fluid:^2.7.2 -d typo3/sysext/fluid --no-update
> composer req typo3fluid/fluid:^2.7.2 -d typo3/sysext/adminpanel --no-update
> composer req typo3fluid/fluid:^2.7.2 -d typo3/sysext/redirects --no-update
> composer req typo3fluid/fluid:^2.7.2 -d typo3/sysext/core --no-update
> Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #98048
Releases: main, 11.5
Change-Id: Ibc94b02823913347465245201442277f048c5c0b
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75327


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Benni Mack <benni@typo3.org>

Brings PHP 8.2 fixes.

> composer u mikey179/vfsstream
> composer req --dev typo3/testing-framework:^6.16.6

Change-Id: I4761948bd8827ab4638f280d5b69403d300afcb1
Resolves: #98026
Releases: main, 11.5, 10.4
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75293


Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>

These raises fix the bulk of PHP 8.2 unit test
fails.

We need to make webmozart/assert:^1.11.0 explicit
to pin it as minimum version for PHP 8.2
composer update --prefer-lowest in nightlies.

We don't strictly need the phpunit raise, but
pick it as casual dev update along the way.

$ composer require --dev phpunit/phpunit:^9.5.21
$ composer require --dev webmozart/assert:^1.11.0

Resolves: #97967
Releases: master, 11.5
Change-Id: I5c79a8577c5eb836566cb5c00bb6b63aa1b7ea1f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75242


Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>

PHPStan 1.8.1 removes some warnings.

Used commands:

> composer req --dev phpstan/phpstan:^1.8.1
> ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #97959
Releases: main, 11.5
Change-Id: Ifaaf37add767f98d16b3e847447a2882c3c77ee8
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75209


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

Patch level raise of a monorepo --dev dependency
as yet another raise to unblock psr/container:^2.

$ composer req --dev bnf/phpstan-psr-container:^1.0.1

Change-Id: I73da5737bfbad6dfb739f5f56732d5d283e3e372
Resolves: #97958
Releases: main, 11.5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75207


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

This patch raises egulias/email-validator to min version of
3.2.1, which incorporates latest changes. This also contains
a fix to avoid the usage of PHP8.2 deprecated methods, namely
`utf8_encode()` and `utf8_decode()`.

Used commands:

> composer req egulias/email-validator:"^3.2.1"
> composer req egulias/email-validator:"^3.2.1" \
    -d typo3/sysext/core --no-update

Resolves: #97879
Releases: main, 11.5
Change-Id: Ia985dd3171ec988201022052d036b00e765c2654
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75078


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Used commands:
> composer req --dev phpstan/phpstan:^1.8.0
> ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #97823
Releases: main, 11.5
Change-Id: Ia124e34cf81c55915c2815cdff71bdde6aabe972
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75018


Tested-by: core-ci <typo3@b13.com>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

The maintainers of the package guzzlehttp/guzzle released a new version
7.4.5 that fixes two security issues:

* CURLOPT_HTTPAUTH option not cleared on change of origin [1]
* Change in port should be considered a change in origin [2]

Executed commands:

    composer require \
        guzzlehttp/guzzle:^7.4.5 \
        -W
    composer require \
        -d typo3/sysext/core \
        guzzlehttp/guzzle:^7.4.5 \
        --no-update

[1] https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r
[2] https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699

Resolves: #97802
Releases: main, 11.5, 10.4
Change-Id: Ia49f75f8ed078beb43ba42f89efdd8e68ee146c5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74972


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>

The package guzzlehttp/guzzle has been updated to version 7.4.4
and 6.5.7 which both fix the security issues [1] and [2]. Since
TYPO3 is not affected by the issues by default, this is handled
as a public bugfix.

3rd party extensions may however be affected by the vulnerabilities
if `Authorization` or `Cookie` headers are used.

Executed commands:

    composer require \
        guzzlehttp/guzzle:^7.4.4 \
        -W
    composer require \
        -d typo3/sysext/core \
        guzzlehttp/guzzle:^7.4.4 \
        --no-update

[1] https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q
[2] https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9

Resolves: #97759
Releases: main, 11.5, 10.4
Change-Id: I6ed48f2b03e5e0ca82a9aa493499a5eaf65b184c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74878


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

composer req --dev composer/composer:^2.2.12

Resolves: #97722
Releases: main, 11.5
Change-Id: I526de4c62b5f9bc03230a8794cd42082e9f00560
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74801


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>

Used commands:

> composer req --dev phpstan/phpstan:^1.7.3
> ./Build/Scripts/runTests.sh -s clean
> ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #97706
Releases: main, 11.5
Change-Id: Ida82935064ad4ff5c2858d9a5a6696befd52e512
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74789


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

The package guzzlehttp/guzzle has been updated to 7.4.3 and 6.5.6
respectively, both fixing a security vulnerability related to
cross-domain cookie leakage [1]. Since TYPO3 is not affected by
this issue by default, this is handled as a public bugfix.

However, 3rd party code (e.g. thru extensions) may be affected by this
issue, as long `'cookies' => true` is used in requests done by Guzzle.

Executed commands:

    composer require \
        guzzlehttp/guzzle:^7.4.3 \
        -W
    composer require \
        -d typo3/sysext/core \
        guzzlehttp/guzzle:^7.4.3 \
        --no-update

[1] https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3

Resolves: #97694
Releases: main, 11.5, 10.4
Change-Id: I39071c917c7ed26392f66b0ea2f774ecbceead9f
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74751


Tested-by: core-ci <typo3@b13.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>

Update testing-framework to incorporate latest changes.

Some phpstan-baseline ignore-patterns are added and will
be addressed with dedicated patches.

This change is a manual backport of #97677.

Used commands:

> composer req typo3/testing-framework:^6.16.5 --dev
> Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #97679
Related: #97677
Releases: 11.5
Change-Id: I4decfc4ceb9bacc59e81669443dd4a06ed1b0a72
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74724


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

The new version finds some new possible bugs and
removes some incorrect ones.

Used commands:

> composer req --dev phpstan/phpstan:^1.7.0
> Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #97678
Releases: main, 11.5
Change-Id: I0359ab80b0a6afc907f76bee328fb32c1e0655b7
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74723


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Raise phpstan to include latest phpstan bugfixes.
See: https://github.com/phpstan/phpstan/releases/tag/1.6.9

Used commands:

> composer req phpstan/phpstan:^1.6.9 --dev
> Build/Scripts/runTests.sh -s clean ; \
  Build/Scripts/runTests.sh -s phpstanGenerateBaseline

Resolves: #97668
Releases: main, 11.5
Change-Id: I61298c1696b14a6e89ddc98043de13acb127c6a0
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74720


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>

Brings a multibyte fix when dealing with word-based
diffs, which is our default usage.

composer req lolli42/finediff:^1.0.1

Resolves: #97611
Releases: main, 11.5, 10.4
Change-Id: I601842ed75917f9a6d438191273e602238d3edda
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74606


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>

A series of minor TF fixes, nothing fancy.

composer req --dev typo3/testing-framework:^6.16.4

Change-Id: I3b8fcec5d16398ba0b1b88379c3dc54b129252d3
Resolves: #97600
Releases: 11.5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/74592


Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>