[SECURITY] Update drupal/core-recommended from 10.2.3 to 10.3.6

[violinist-bot]

If you have a high test coverage index, and your tests for this pull request are passing, it should be both safe and recommended to merge this update.

Updated packages

Some times an update also needs new or updated dependencies to be installed. Even if this branch is for updating one dependency, it might contain other installs or updates. All of the updates in this branch can be found here:

• composer/semver: 3.4.3 (updated from 3.4.0)
• doctrine/annotations: 1.14.4 (updated from 1.14.3)
• drupal/core: 10.3.6 (updated from 10.2.3)
• drupal/core-composer-scaffold: 10.3.6 (updated from 10.2.3)
• drupal/core-project-message: 10.3.6 (updated from 10.2.3)
• drupal/core-recommended: 10.3.6 (updated from 10.2.3)
• guzzlehttp/guzzle: 7.8.2 (updated from 7.8.1)
• guzzlehttp/promises: 2.0.3 (updated from 2.0.2)
• guzzlehttp/psr7: 2.6.3 (updated from 2.6.2)
• masterminds/html5: 2.9.0 (updated from 2.8.1)
• mck89/peast: v1.16.3 (updated from v1.15.4)
• pear/archive_tar: 1.5.0 (updated from 1.4.14)
• pear/pear-core-minimal: v1.10.15 (updated from v1.10.14)
• psr/http-factory: 1.1.0 (updated from 1.0.2)
• psr/log: 3.0.2 (updated from 3.0.0)
• sebastian/diff: 4.0.6 (updated from 4.0.5)
• symfony/console: v6.4.12 (updated from v6.4.3)
• symfony/dependency-injection: v6.4.12 (updated from v6.4.3)
• symfony/deprecation-contracts: v3.5.0 (updated from v3.4.0)
• symfony/error-handler: v6.4.10 (updated from v6.4.3)
• symfony/event-dispatcher: v6.4.8 (updated from v6.4.3)
• symfony/event-dispatcher-contracts: v3.5.0 (updated from v3.4.0)
• symfony/filesystem: v6.4.12 (updated from v6.4.3)
• symfony/finder: v6.4.11 (updated from v6.4.0)
• symfony/http-foundation: v6.4.12 (updated from v6.4.3)
• symfony/http-kernel: v6.4.12 (updated from v6.4.3)
• symfony/mailer: v6.4.12 (updated from v6.4.3)
• symfony/mime: v6.4.12 (updated from v6.4.3)
• symfony/polyfill-ctype: v1.29.0 (updated from v1.28.0)
• symfony/polyfill-iconv: v1.29.0 (updated from v1.28.0)
• symfony/polyfill-intl-grapheme: v1.29.0 (updated from v1.28.0)
• symfony/polyfill-intl-idn: v1.29.0 (updated from v1.28.0)
• symfony/polyfill-intl-normalizer: v1.29.0 (updated from v1.28.0)
• symfony/polyfill-mbstring: v1.29.0 (updated from v1.28.0)
• symfony/polyfill-php72: v1.31.0 (updated from v1.29.0)
• symfony/polyfill-php80: v1.31.0 (updated from v1.29.0)
• symfony/polyfill-php81: v1.31.0 (updated from v1.29.0)
• symfony/polyfill-php83: v1.29.0 (updated from v1.28.0)
• symfony/process: v6.4.12 (updated from v6.4.3)
• symfony/psr-http-message-bridge: v6.4.11 (updated from v6.4.3)
• symfony/routing: v6.4.12 (updated from v6.4.3)
• symfony/serializer: v6.4.12 (updated from v6.4.3)
• symfony/service-contracts: v3.5.0 (updated from v3.4.1)
• symfony/string: v6.4.12 (updated from v6.4.3)
• symfony/translation-contracts: v3.5.0 (updated from v3.4.1)
• symfony/validator: v6.4.12 (updated from v6.4.3)
• symfony/var-dumper: v6.4.11 (updated from v6.4.3)
• symfony/var-exporter: v6.4.9 (updated from v6.4.3)
• symfony/yaml: v6.4.12 (updated from v6.4.3)
• twig/twig: v3.14.0 (updated from v3.8.0)

Release notes

Here are the release notes for all versions released between your current running version, and the version this PR updates the package to.

List of release notes

• Release notes for tag 10.3.6
• Release notes for tag 10.3.5
• Release notes for tag 10.3.4
• Release notes for tag 10.3.3
• Release notes for tag 10.3.2
• Release notes for tag 10.3.1
• Release notes for tag 10.3.0-rc1
• Release notes for tag 10.3.0-beta1
• Release notes for tag 10.2.3
• Release notes for tag 10.2.2
• Release notes for tag 10.2.1
• Release notes for tag 10.2.0
• Release notes for tag 10.2.0-rc1
• Release notes for tag 10.2.0-beta1
• Release notes for tag 10.2.0-alpha1

Changed files

Here is a list of changed files between the version you use, and the version this pull request updates to:

List of changed files

  composer.json

Changelog

Here is a list of changes between the version you use, and the version this pull request updates to:

• 5ddec63 Drupal 10.3.6
• 359dd0e Back to dev.
• 055a27d Drupal 10.3.5
• 8f9fb7b Back to dev.
• 7986385 Drupal 10.3.4
• 01ef17e Issue #3473195 by longwave, catch, jurgenhaas, naveenvalecha, quietone: twig/twig has a possible sandbox bypass <v3.14.0
• 48ec4a9 Back to dev.
• b143dba Drupal 10.3.3
• 8b540c6 Back to dev.
• 18b7288 Drupal 10.3.2
• e186023 Back to dev.
• a5183f2 Drupal 10.3.1
• 8530981 Back to dev.
• b933931 Drupal 10.3.0
• 34e7ee1 Issue #3454556 by xjm: Require Composer 2.7.7
• a339382 Back to dev.
• 0dd6dec Drupal 10.3.0-rc1
• 902fcd4 Back to dev.
• 2bd4e96 Drupal 10.3.0-beta1
• 80e6da7 Issue #3447204 by longwave, quietone: Update Composer dependencies for 10.3.0-beta1
• 00ee439 Issue #3439521 by pradhumanjain2311, quietone, smustgrave: Update composer dependencies for Drupal 10.3
• 6c4415d Issue #3441331 by andypost, longwave, alexpott, Spokje, xjm: Update to Twig 3.9
• bda36ae Issue #3428052 by Spokje, mondrake: Bump phpstan/phpstan and mglaman/phpstan-drupal to latest
• 90f129c Drupal 10.3.x-dev
• 0c41ce5 Issue #3405696 by longwave, Spokje, andypost, quietone, smustgrave, mondrake: Update composer dependencies for Drupal 10.2.0
• b3d5c5e Issue #3405704 by Spokje, longwave: symfony/psr-http-message-bridge major version bump
• ca6e213 Issue #3404694 by Spokje, longwave, mglaman, andypost: Update dependencies for Drupal 10.2
• f87dbd1 Issue #3401901 by Spokje, smustgrave, longwave: Update composer dependencies for Drupal 10.2 beta
• b863e81 Issue #3401200 by quietone: Update composer dependencies for Drupal 10.2 beta
• 9656162 Issue #3395586 by andy-blum, deviantintegral, longwave, catch: Add Symfony's Filesystem and Finder components to core
• 64ebac4 Issue #3393151 by Spokje, quietone: Update composer dependencies for Drupal 10.2
• f4c9ff8 Issue #3392616 by Spokje, longwave: Update to Symfony 6.4
• c600542 Issue #3165762 followup by longwave, smustgrave, Spokje: Move symfony/mailer dependency from drupal/drupal to drupal/core

Working with this branch

If you find you need to update the codebase to be able to merge this branch (for example update some tests or rebuild some assets), please note that violinist will force push to this branch to keep it up to date. This means you should not work on this branch directly, since you might lose your work. Read more about branches created by violinist.io here.

---

This is an automated pull request from Violinist: Continuously and automatically monitor and update your composer dependencies. Have ideas on how to improve this message? All violinist messages are open-source, and can be improved here.

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)

• composer.lock is excluded by !**/*.lock

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.