Bump the php-prod group across 1 directory with 8 updates

[dependabot]

Bumps the php-prod group with 7 updates in the / directory:

Package	From	To
doctrine/doctrine-bundle	2.18.1	2.18.2
doctrine/orm	3.5.8	3.6.3
jms/translation-bundle	2.6.0	2.7.0
nelmio/security-bundle	3.6.0	3.9.0
pagerfanta/pagerfanta	4.7.2	4.8.0
twig/extra-bundle	3.22.2	3.24.0
twig/intl-extra	3.22.1	3.24.0

Updates doctrine/doctrine-bundle from 2.18.1 to 2.18.2

Release notes

Sourced from doctrine/doctrine-bundle's releases.

2.18.2

Release Notes for 2.18.2

2.18.x bugfix release (patch)

2.18.2

• Total issues resolved: 0
• Total pull requests resolved: 9
• Total contributors: 4

Bugfixes

• 2171: Detect bundles containing only MappedSuperclass annotations thanks to @​jtattevin

Documentation

• 2173: Document command remapping thanks to @​greg0ire

CI

• 2168: Bump actions/upload-artifact from 5 to 6 thanks to @​dependabot[bot]
• 2167: Bump actions/download-artifact from 6 to 7 thanks to @​dependabot[bot]
• 2149: Bump doctrine/.github/.github/workflows/composer-lint.yml from 12.2.0 to 13.1.0 thanks to @​dependabot[bot]
• 2148: Bump doctrine/.github/.github/workflows/release-on-milestone-closed.yml from 13.0.0 to 13.1.0 thanks to @​dependabot[bot]
• 2146: Bump doctrine/.github/.github/workflows/phpstan.yml from 13.0.0 to 13.1.0 thanks to @​dependabot[bot]
• 2145: Bump doctrine/.github/.github/workflows/documentation.yml from 13.0.0 to 13.1.0 thanks to @​dependabot[bot]
• 2142: chore: show parameters in name of CI jobs thanks to @​alexislefebvre

Commits

• 0ff098b Merge pull request #2173 from greg0ire/document-command-remapping
• c8980d0 Document command remapping
• ff26443 Detect bundle containing only MappedSuperclass annotations (#2171)
• 0cf3392 Merge pull request #2167 from doctrine/dependabot/github_actions/2.18.x/actio...
• 4b3d951 Merge pull request #2168 from doctrine/dependabot/github_actions/2.18.x/actio...
• f7b4bdc Bump actions/upload-artifact from 5 to 6
• b5eb5bc Bump actions/download-artifact from 6 to 7
• b105485 Bump actions/checkout from 5 to 6
• 68c9ab8 Bump doctrine/.github/.github/workflows/coding-standards.yml
• 203bfdd Merge pull request #2142 from alexislefebvre/chore-show-parameters-in-name-of...
• Additional commits viewable in compare view

Updates doctrine/orm from 3.5.8 to 3.6.3

Release notes

Sourced from doctrine/orm's releases.

3.6.3

Release Notes for 3.6.3

3.6.x bugfix release (patch)

3.6.3

• Total issues resolved: 0
• Total pull requests resolved: 1
• Total contributors: 1

CI

• 12413: Group Doctrine workflow updates together thanks to @​greg0ire

This release also contains changes from https://github.com/doctrine/orm/releases/tag/2.20.10

3.6.2

Release Notes for 3.6.2

3.6.x bugfix release (patch)

3.6.2

• Total issues resolved: 0
• Total pull requests resolved: 2
• Total contributors: 2

Bugfix

• [12366: fix: update index to be serialized in __sleep()](doctrine/orm#12366) thanks to @​vvaswani

Improvement

• 12343: Update phpstan-dbal2 to phpstan-dbal3 in .gitattributes thanks to @​sasezaki

3.6.1

Release Notes for 3.6.1

3.6.x bugfix release (patch)

3.6.1

• Total issues resolved: 0
• Total pull requests resolved: 5
• Total contributors: 4

Bugfixes

• 12335: Avoid lazy object initialization when initializing read-only property thanks to @​greg0ire

... (truncated)

Commits

• e88cd59 Merge pull request #12423 from greg0ire/3.6.x
• 88a8f75 Merge remote-tracking branch 'origin/2.20.x' into 3.6.x
• 9fe8ce4 Merge pull request #12373 from tomme87/12225-fix-hydration-issue
• a46ff16 Merge pull request #12414 from ahmed-bhs/docs/enum-type-mapping
• 94e60e4 Merge pull request #12419 from greg0ire/backport-12222
• f59cd40 Add ORDER BY clause to SELECT query
• 81558a8 Merge pull request #12418 from doctrine/dependabot/github_actions/2.20.x/code...
• e431ee1 Bump codecov/codecov-action from 5 to 6
• de4ec20 Mention PostgreSQL jsonb as a reason to favor json over simple_array
• df014a7 Update docs/en/reference/basic-mapping.rst
• Additional commits viewable in compare view

Updates jms/translation-bundle from 2.6.0 to 2.7.0

Release notes

Sourced from jms/translation-bundle's releases.

2.7.0

What's Changed

• Fixed Symfony 7.4 incompatibility by @​Steveb-p in schmittjoh/JMSTranslationBundle#623

Full Changelog: schmittjoh/JMSTranslationBundle@2.6.0...2.7.0

Commits

• 826b292 Merge pull request #623 from Steveb-p/fix-symfony-7.4-validator-extractor
• 63e82c7 Enforce PHPStan version 11 to resolve conflict with simple-phpunit
• eea34b2 Updated CI runner
• 08a480b Use interface instead of implementation
• 74143f9 Fixed Symfony 7.4 incompatibility
• 7ae5197 Fixed Symfony 7.4 incompatibility
• See full diff in compare view

Updates nelmio/security-bundle from 3.6.0 to 3.9.0

Release notes

Sourced from nelmio/security-bundle's releases.

v3.9.0

What's Changed

• Added PHPUnit assertions for security headers and update testing documentation by @​Spomky in nelmio/NelmioSecurityBundle#389

Full Changelog: nelmio/NelmioSecurityBundle@v3.8.0...v3.9.0

v3.8.0

What's Changed

• Add Cross-Origin Policy feature with configurable headers (COEP, COOP, CORP) by @​Spomky in nelmio/NelmioSecurityBundle#372

Full Changelog: nelmio/NelmioSecurityBundle@v3.7.0...v3.8.0

v3.7.0

What's Changed

• Added support for Symfony 8 nelmio/NelmioSecurityBundle#386
• Update development dependencies to latest versions nelmio/NelmioSecurityBundle#388
• Fixed many docs issues (#376 #375 #383 #382 #384)

Full Changelog: nelmio/NelmioSecurityBundle@v3.6.0...v3.7.0

Commits

• 86dd4d1 Merge pull request #389 from Spomky/feature/test-assertions
• 0dc7667 feat(tests): Add PHPUnit assertions for security headers and update testing d...
• 2fafee1 Merge pull request #372 from Spomky/features/cross-origin-policy
• 63da27e Add Cross-Origin Policy feature with configurable headers (COEP, COOP, CORP)
• 9389ec2 Merge pull request #388 from Spomky/deps-update
• a0eac15 chore(ci): Add Symfony 8.5 to the continuous integration matrix
• d702968 chore(deps): Update PHPStan and PHPUnit versions in composer.json
• a1f20ea Merge pull request #386 from damienalexandre/symfony8
• ee3d9f1 fix(ci): Bump Symfony 7 to 7.3 minimum
• f42af6e feat(upgrade): Bump allowed Symfony version to 8
• Additional commits viewable in compare view

Updates pagerfanta/pagerfanta from 4.7.2 to 4.8.0

Changelog

Sourced from pagerfanta/pagerfanta's changelog.

4.8.0 (2026-01-22)

• Add support for doctrine/collections 3.x

Commits

• 72881e6 Fix selectable adapter tests
• cc9f93e Fix tests
• f8e6483 Update GHA
• d25f34e Add support for doctrine/collections 3.x
• 1a18358 Rector
• 55352dc Update fixer config, tweak comments
• 71c616c Bump dev tools
• 3043e9d Add PHP 8.5 build, fix bypass config, allow Symfony 8 for dev
• 91249e4 Update 5.x requirement
• See full diff in compare view

Updates twig/extra-bundle from 3.22.2 to 3.24.0

Release notes

Sourced from twig/extra-bundle's releases.

v3.24.0

Changelog (twigphp/twig-extra-bundle@v3.23.0...v3.24.0)

• no significant changes

v3.23.0

No release notes provided.

Commits

• 6a621fc Fix CS
• 7a27e78 minor #4718 Add .gitignore & .gitattributes to all .gitattributes (jmsche)
• 8f6488a Add .gitignore & .gitattributes to all .gitattributes
• See full diff in compare view

Updates twig/intl-extra from 3.22.1 to 3.24.0

Release notes

Sourced from twig/intl-extra's releases.

v3.24.0

Changelog (twigphp/intl-extra@v3.23.0...v3.24.0)

• no significant changes

v3.23.0

No release notes provided.

Commits

• 32f15a3 Add null-safe operator
• d79645e Fix intl-extra tests
• c5da148 Add .gitignore & .gitattributes to all .gitattributes
• See full diff in compare view

Updates twig/twig from 3.22.2 to 3.24.0

Release notes

Sourced from twig/twig's releases.

v3.24.0

Changelog (twigphp/Twig@v3.23.0...v3.24.0)

• feature #3930 Add an html_attr function to make outputting HTML attributes easier (@​mpdude, @​polarbirke)
• bug #4778 Fix null coalescing operator with imported macros (@​fabpot)
• feature #4775 Add getOperatorTokens() to ExpressionParserInterface to separate operator token registration from parser identity (@​fabpot)
• bug #4774 Ensure filters/attributes aren't mistaken for operators (@​brandonkelly)
• feature #4771 Deprecate passing non AbstractExpression nodes to MatchesBinary (@​fabpot)
• feature #4769 Deprecate passing a non-AbstractExpression node to Parser::setParent() (@​fabpot)
• feature #4748 Support short-circuiting in null-safe operator chains (@​HypeMC)
• feature #4743 Add html_attr_relaxed escaping strategy (@​mpdude)
• feature #4759 Add support for renaming variables in object destructuring (@​fabpot)

Changelog

Sourced from twig/twig's changelog.

3.24.0 (2026-03-17)

• Deprecate not implementing the getOperatorTokens() method in ExpressionParserInterface implementations
• Deprecate passing a non-AbstractExpression node to Twig\Node\Expression\Binary\MatchesBinary constructor
• Deprecate passing a non-AbstractExpression node to Parser::setParent()
• Add support for renaming variables in object destructuring ({name: userName} = user)
• Add html_attr_relaxed escaping strategy that preserves :, @, [, and ] for front-end framework attribute names
• Add support for short-circuiting in null-safe operator chains
• Add the html_attr function and html_attr_merge as well as html_attr_type filters

3.23.0 (2026-01-23)

• Add = assignment operator (allows to set variables in expression or to replace the short-form of the set tag)
• Add sequence, mapping, and object destructuring
• Add ?. null-safe operator
• Add === and !== operators (equivalent to the same as and not same as tests)
• Fix opcache preload warning for unlinked anonymous class
• Fix spread operator behavior

Commits

• a6769ae Prepare the 3.24.0 release
• 8abec84 minor #4784 Add two tests for error conditions in #3930 (mpdude)
• 2fcc939 Fix CS
• 25bfb59 Add two tests for error conditions in #3930
• 8b93364 feature #3930 Add an html_attr function to make outputting HTML attributes ...
• 42c12fa Add an html_attr function to make outputting HTML attributes easier
• 9c85915 minor #4779 fix MatchesBinary namespace in changelog (xabbuh)
• 442bcd4 fix MatchesBinary namespace in changelog
• e56cdfd bug #4778 Fix null coalescing operator with imported macros (fabpot)
• faa7e87 feature #4775 Add getOperatorTokens() to ExpressionParserInterface to separat...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions