Merge branch '2.6' of github.com:sulu/skeleton into 3.0

 Conflicts:
	composer.json
	config/packages/monolog.yaml
	config/packages/sulu_document_manager.yaml

Author: alexander-schranz

.env

@@ -44,7 +44,7 @@ MAILER_DSN=null://null
 # IMPORTANT: You MUST configure your server version, either here or in config/packages/doctrine.yaml
 #
 # DATABASE_URL="sqlite:///%kernel.project_dir%/var/data_%kernel.environment%.db"
-DATABASE_URL="mysql://root:[email protected]:3306/su_myapp?serverVersion=8.0.32&charset=utf8mb4"
+DATABASE_URL="mysql://root:[email protected]:3306/su_myapp?serverVersion=8.4.7&charset=utf8mb4"
 # DATABASE_URL="mysql://app:[email protected]:3306/app?serverVersion=10.11.2-MariaDB&charset=utf8mb4"
 # DATABASE_URL="postgresql://app:[email protected]:5432/app?serverVersion=16&charset=utf8"
 ###< doctrine/doctrine-bundle ###

.github/workflows/test-application.yaml

@@ -71,7 +71,23 @@ jobs:
                           MAILER_URL: null://localhost
                           SULU_ADMIN_EMAIL:
                           DATABASE_URL: "mysql://root:@127.0.0.1:3306/sulu_test?serverVersion=8.0"
-                          PHP_CS_FIXER_IGNORE_ENV: true # remove when php cs fixer add support for PHP 8.4
+
+                    - php-version: '8.5'
+                      node-version: '24'
+                      npm-version: '11'
+                      mysql-version: '8.4'
+                      create-project: true
+                      create-database: true
+                      checkout-directory: 'project'
+                      working-directory: 'create-project-test'
+                      php-extensions: 'ctype, iconv, mysql, gd'
+                      tools: 'composer:v2'
+                      env:
+                          APP_ENV: test
+                          APP_SECRET: a448d1dfcaa563fce56c2fd9981f662b
+                          MAILER_URL: null://localhost
+                          SULU_ADMIN_EMAIL:
+                          DATABASE_URL: "mysql://root:@127.0.0.1:3306/sulu_test?serverVersion=8.4.7"
 
         services:
             mysql:

assets/admin/index.js

@@ -1,5 +1,5 @@
 // This file should only be changed by the `bin/console sulu:admin:update-build` command:
-// See https://docs.sulu.io/en/latest/upgrades/upgrade-2.x.html
+// See https://docs.sulu.io/en/2.6/upgrades/upgrade-2.x.html
 
 // Sulu Core Bundles
 import {startAdmin} from 'sulu-admin-bundle';

bin/phpunit

@@ -7,19 +7,4 @@ if (!\ini_get('date.timezone')) {
     \ini_set('date.timezone', 'UTC');
 }
 
-if (\is_file(\dirname(__DIR__) . '/vendor/phpunit/phpunit/phpunit')) {
-    if (\PHP_VERSION_ID >= 80000) {
-        require \dirname(__DIR__) . '/vendor/phpunit/phpunit/phpunit';
-    } else {
-        \define('PHPUNIT_COMPOSER_INSTALL', \dirname(__DIR__) . '/vendor/autoload.php');
-        require PHPUNIT_COMPOSER_INSTALL;
-        PHPUnit\TextUI\Command::main();
-    }
-} else {
-    if (!\is_file(\dirname(__DIR__) . '/vendor/symfony/phpunit-bridge/bin/simple-phpunit.php')) {
-        echo "Unable to find the `simple-phpunit.php` script in `vendor/symfony/phpunit-bridge/bin/`.\n";
-        exit(1);
-    }
-
-    require \dirname(__DIR__) . '/vendor/symfony/phpunit-bridge/bin/simple-phpunit.php';
-}
+require dirname(__DIR__).'/vendor/phpunit/phpunit/phpunit';

compose.yaml

@@ -3,8 +3,7 @@ version: '3'
 services:
 ###> doctrine/doctrine-bundle ###
   database:
-    # arm compatible mysql docker image
-    image: mysql/mysql-server:${MYSQL_VERSION:-8.0} # arm and x86/x64 compatible mysql image
+    image: mysql:${MYSQL_VERSION:-8.4}
     environment:
       MYSQL_DATABASE: ${MYSQL_DATABASE:-su_myapp}
       # You should definitely change the password in production

composer.json

@@ -39,16 +39,16 @@
         "scheb/2fa-trusted-device": "^7.3",
         "stof/doctrine-extensions-bundle": "^1.11",
         "sulu/sulu": "3.0.*",
-        "symfony/config": "^7.3",
-        "symfony/dotenv": "^7.3",
+        "symfony/config": "^7.4",
+        "symfony/dotenv": "^7.4",
         "symfony/flex": "^1.17 || ^2.0",
-        "symfony/framework-bundle": "^7.3",
-        "symfony/mailer": "^7.3",
-        "symfony/monolog-bridge": "^7.3",
+        "symfony/framework-bundle": "^7.4",
+        "symfony/mailer": "^7.4",
+        "symfony/monolog-bridge": "^7.4",
         "symfony/monolog-bundle": "^3.4",
-        "symfony/runtime": "^7.3",
-        "symfony/security-bundle": "^7.3",
-        "symfony/twig-bundle": "^7.3"
+        "symfony/runtime": "^7.4",
+        "symfony/security-bundle": "^7.4",
+        "symfony/twig-bundle": "^7.4"
     },
     "require-dev": {
         "cmsig/seal-memory-adapter": "^0.12.2",
@@ -64,12 +64,12 @@
         "phpunit/phpunit": "^11.5 || ^12.1",
         "rector/rector": "^2.0",
         "sulu/sulu-rector": "^2.0",
-        "symfony/browser-kit": "^7.3",
-        "symfony/css-selector": "^7.3",
-        "symfony/debug-bundle": "^7.3",
-        "symfony/error-handler": "^7.3",
+        "symfony/browser-kit": "^7.4",
+        "symfony/css-selector": "^7.4",
+        "symfony/debug-bundle": "^7.4",
+        "symfony/error-handler": "^7.4",
         "symfony/thanks": "^1.2",
-        "symfony/web-profiler-bundle": "^7.3",
+        "symfony/web-profiler-bundle": "^7.4",
         "vincentlanglet/twig-cs-fixer": "^3.0"
     },
     "conflict": {
@@ -200,7 +200,7 @@
     "extra": {
         "symfony": {
             "allow-contrib": true,
-            "require": "7.3.*"
+            "require": "7.4.*"
         }
     }
 }

config/packages/doctrine.yaml

@@ -4,7 +4,7 @@ doctrine:
 
         # IMPORTANT: You MUST configure your server version,
         # either here or in the DATABASE_URL env var (see .env file)
-        #server_version: '8.0.27'
+        #server_version: '8.4.7'
 
         profiling_collect_backtrace: '%kernel.debug%'
         use_savepoints: true

config/packages/monolog.yaml

@@ -10,14 +10,6 @@ when@dev:
                 path: "%kernel.logs_dir%/%kernel.environment%.log"
                 level: debug
                 channels: ["!event"]
-            # uncomment to get logging in your browser
-            # you may have to allow bigger header sizes in your Web server configuration
-            #firephp:
-            #    type: firephp
-            #    level: info
-            #chromephp:
-            #    type: chromephp
-            #    level: info
             console:
                 type: console
                 process_psr_3_messages: false
@@ -45,6 +37,7 @@ when@prod: &prod
                 action_level: error
                 handler: nested
                 excluded_http_codes: [404, 405]
+                channels: ["!deprecation"]
                 buffer_size: 50 # How many messages should be saved? Prevent memory leaks
             nested:
                 type: stream

config/packages/security.yaml

@@ -2,31 +2,20 @@ security:
     access_decision_manager:
         strategy: unanimous
         allow_if_all_abstain: true
+
     # https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
     password_hashers:
         Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
+
     # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
     providers:
         sulu:
             id: sulu_security.user_provider
-    # Easy way to control access for large sections of your site
-    # Note: Only the *first* access control that matches will be used
-    access_control:
-        - { path: ^/admin/reset, roles: PUBLIC_ACCESS }
-        - { path: ^/admin/security/reset, roles: PUBLIC_ACCESS }
-        - { path: ^/admin/login$, roles: PUBLIC_ACCESS }
-        - { path: ^/admin/2fa, roles: PUBLIC_ACCESS }
-        - { path: ^/admin/_wdt, roles: PUBLIC_ACCESS }
-        - { path: ^/admin/_profiler, roles: PUBLIC_ACCESS }
-        - { path: ^/admin/translations, roles: PUBLIC_ACCESS }
-        - { path: ^/admin$, roles: PUBLIC_ACCESS }
-        - { path: ^/admin/$, roles: PUBLIC_ACCESS }
-        - { path: ^/admin/p/, roles: PUBLIC_ACCESS }
-        - { path: ^/admin, roles: ROLE_USER }
 
     firewalls:
         dev:
-            pattern: ^/(_(profiler|wdt)|css|images|js)/
+            # Ensure dev tools and static assets are always allowed
+            pattern: ^/(_profiler|_wdt|assets|build)/
             security: false
         admin:
             pattern: ^/admin(\/|$)
@@ -55,7 +44,7 @@ security:
        #    # For an advanced user management with registration and opt-in emails have a look at the:
        #    # https://github.com/sulu/SuluCommunityBundle
        #    # Also have a look at the user context based caching when you output user role specific data
-       #    # https://docs.sulu.io/en/2.2/cookbook/user-context-caching.html
+       #    # https://docs.sulu.io/en/2.6/cookbook/user-context-caching.html
        #    form_login:
        #        login_path: login
        #        check_path: login
@@ -67,19 +56,31 @@ security:
        #        lifetime: 604800 # 1 week in seconds
        #        path:     /
        #
-       #    # activate different ways to authenticate
+       #    # Activate different ways to authenticate:
        #    # https://symfony.com/doc/current/security.html#the-firewall
        #
        #    # https://symfony.com/doc/current/security/impersonating_user.html
        #    # switch_user: true
 
+    # Note: Only the *first* matching rule is applied
+    access_control:
+        - { path: ^/admin/reset, roles: PUBLIC_ACCESS }
+        - { path: ^/admin/security/reset, roles: PUBLIC_ACCESS }
+        - { path: ^/admin/login$, roles: PUBLIC_ACCESS }
+        - { path: ^/admin/2fa, roles: PUBLIC_ACCESS }
+        - { path: ^/admin/_wdt, roles: PUBLIC_ACCESS }
+        - { path: ^/admin/_profiler, roles: PUBLIC_ACCESS }
+        - { path: ^/admin/translations, roles: PUBLIC_ACCESS }
+        - { path: ^/admin$, roles: PUBLIC_ACCESS }
+        - { path: ^/admin/$, roles: PUBLIC_ACCESS }
+        - { path: ^/admin/p/, roles: PUBLIC_ACCESS }
+        - { path: ^/admin, roles: ROLE_USER }
+
 when@test:
     security:
         password_hashers:
-            # By default, password hashers are resource intensive and take time. This is
-            # important to generate secure password hashes. In tests however, secure hashes
-            # are not important, waste resources and increase test times. The following
-            # reduces the work factor to the lowest possible values.
+            # Password hashers are resource-intensive by design to ensure security.
+            # In tests, it's safe to reduce their cost to improve performance.
             Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
                 algorithm: auto
                 cost: 4 # Lowest possible value for bcrypt

config/packages/sulu_http_cache.yaml

@@ -6,7 +6,7 @@ when@prod: &prod
 
     # Varnish Configuration:
     #
-    # See: https://docs.sulu.io/en/2.0/cookbook/caching-with-varnish.html
+    # See: https://docs.sulu.io/en/2.6/cookbook/caching-with-varnish.html
     # Changes in the public/index.php is needed to disable the symfony http cache and use varnish instead
     #
     #        varnish: