Bump symfony/security-core from 5.4.19 to 5.4.21

[dependabot]

Bumps symfony/security-core from 5.4.19 to 5.4.21.

Release notes

Sourced from symfony/security-core's releases.

v5.4.21

Changelog (symfony/security-core@v5.4.20...v5.4.21)

• bug #49368 Make data providers for abstract test cases static (OskarStark, alexandre-daubois)

Changelog

Sourced from symfony/security-core's changelog.

5.4.21

• [BC BREAK] AccessDecisionStrategyTestCase::provideStrategyTests() is now static

5.4

• Add a CacheableVoterInterface for voters that vote only on identified attributes and subjects
• Deprecate AuthenticationEvents::AUTHENTICATION_FAILURE, use the LoginFailureEvent instead
• Deprecate AnonymousToken, as the related authenticator was deprecated in 5.3
• Deprecate Token::getCredentials(), tokens should no longer contain credentials (as they represent authenticated sessions)
• Deprecate returning string|\Stringable from Token::getUser() (it must return a UserInterface)
• Deprecate AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY and AuthenticatedVoter::IS_ANONYMOUS, use AuthenticatedVoter::IS_AUTHENTICATED_FULLY or AuthenticatedVoter::IS_AUTHENTICATED instead.
• Deprecate AuthenticationTrustResolverInterface::isAnonymous() and the is_anonymous() expression function as anonymous no longer exists in version 6, use the isFullFledged() or the new isAuthenticated() instead if you want to check if the request is (fully) authenticated.
• Deprecate the $authenticationManager argument of the AuthorizationChecker constructor
• Deprecate setting the $alwaysAuthenticate argument to true and not setting the $exceptionOnNoToken argument to false of AuthorizationChecker
• Deprecate methods TokenInterface::isAuthenticated() and setAuthenticated, return null from "getUser()" instead when a token is not authenticated
• Add AccessDecisionStrategyInterface to allow custom access decision strategies
• Add access decision strategies AffirmativeStrategy, ConsensusStrategy, PriorityStrategy, UnanimousStrategy
• Deprecate passing the strategy as string to AccessDecisionManager, pass an instance of AccessDecisionStrategyInterface instead
• Flag AccessDecisionManager as @final

5.3

The CHANGELOG for version 5.3 and earlier can be found at https://github.com/symfony/symfony/blob/5.3/src/Symfony/Component/Security/CHANGELOG.md

Commits

• aeb3330 [Translation][Mailer] Convert $this calls to static ones in data providers
• 052d946 [BC Break] Make data providers for abstract test cases static
• 0287287 CS fix
• 4112393 Migrate to static data providers using rector/rector
• 36b8e84 [Tests] Migrate tests to static data providers
• 4c34262 [Tests] Migrate tests to static data providers
• ec8f7a1 minor #49253 [PHPUnit 10] Use TestCase suffix for abstract tests in `/Tests...
• e709251 minor #49088 Update license years (last time) (fabpot)
• dd5972d minor #48988 [Tests] New iteration of removing $this occurrences in future ...
• fa092a3 Update license years (last time)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)