Merge branch '7.2' into 7.3

* 7.2:
  Revert "bug symfony#58937 [FrameworkBundle] Don't auto-register form/csrf when the corresponding components are not installed (nicolas-grekas)"
  Fix merge
  fix: ignore missing directory in isVendor()
  [OptionsResolver] Allow Union/Intersection Types in Resolved Closures
  Issue symfony#58821: [DependencyInjection] Support interfaces in ContainerBuilder::getReflectionClass().
  Dynamically fix compatibility with doctrine/data-fixtures v2
  [HttpKernel] Ensure HttpCache::getTraceKey() does not throw exception
  don't call EntityManager::initializeObject() with scalar values
  [FrameworkBundle] Don't auto-register form/csrf when the corresponding components are not installed
  make RelayProxyTrait compatible with relay extension 0.9.0
  [Validator] review italian translations
  Update PR template

Author: nicolas-grekas

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,6 +1,6 @@
 | Q             | A
 | ------------- | ---
-| Branch?       | 7.2 for features / 5.4, 6.4, and 7.1 for bug fixes <!-- see below -->
+| Branch?       | 7.3 for features / 5.4, 6.4, 7.1, and 7.2 for bug fixes <!-- see below -->
 | Bug fix?      | yes/no
 | New feature?  | yes/no <!-- please update src/**/CHANGELOG.md files -->
 | Deprecations? | yes/no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->

.github/expected-missing-return-types.diff

@@ -1,5 +1,5 @@
 # Run these steps to update this file:
-sed -i 's/ *"\*\*\/Tests\/",\?//' composer.json
+sed -i 's/ *"\*\*\/Tests\/",//' composer.json
 composer u -o
 SYMFONY_PATCH_TYPE_DECLARATIONS='force=2&php=8.1' php .github/patch-types.php
 head=$(sed '/^diff /Q' .github/expected-missing-return-types.diff)

src/Symfony/Bridge/Doctrine/Tests/Security/RememberMe/DoctrineTokenProviderPostgresTest.php

@@ -21,7 +21,7 @@ public static function setUpBeforeClass(): void
         }
     }
 
-    protected function bootstrapProvider()
+    protected function bootstrapProvider(): DoctrineTokenProvider
     {
         $config = class_exists(ORMSetup::class) ? ORMSetup::createConfiguration(true) : new Configuration();
         if (class_exists(DefaultSchemaManagerFactory::class)) {

src/Symfony/Bridge/Doctrine/Tests/Security/RememberMe/DoctrineTokenProviderTest.php

@@ -117,7 +117,7 @@ public function testVerifyOutdatedTokenAfterParallelRequestFailsAfter60Seconds()
         $this->assertFalse($provider->verifyToken($token, $oldValue));
     }
 
-    private function bootstrapProvider(): DoctrineTokenProvider
+    protected function bootstrapProvider(): DoctrineTokenProvider
     {
         $config = ORMSetup::createConfiguration(true);
         $config->setSchemaManagerFactory(new DefaultSchemaManagerFactory());

src/Symfony/Bridge/Doctrine/Validator/Constraints/UniqueEntityValidator.php

@@ -105,7 +105,7 @@ public function validate(mixed $value, Constraint $constraint): void
 
             $criteria[$fieldName] = $fieldValue;
 
-            if (null !== $criteria[$fieldName] && $class->hasAssociation($fieldName)) {
+            if (\is_object($criteria[$fieldName]) && $class->hasAssociation($fieldName)) {
                 /* Ensure the Proxy is initialized before using reflection to
                  * read its identifiers. This is necessary because the wrapped
                  * getter methods in the Proxy are being bypassed.

src/Symfony/Bridge/Doctrine/composer.json

@@ -44,7 +44,7 @@
         "symfony/validator": "^6.4|^7.0",
         "symfony/var-dumper": "^6.4|^7.0",
         "doctrine/collections": "^1.8|^2.0",
-        "doctrine/data-fixtures": "^1.1",
+        "doctrine/data-fixtures": "^1.1|^2",
         "doctrine/dbal": "^3.6|^4",
         "doctrine/orm": "^2.15|^3",
         "psr/log": "^1|^2|^3"

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php

@@ -211,7 +211,7 @@ private function addCsrfSection(ArrayNodeDefinition $rootNode): void
                     ->addDefaultsIfNotSet()
                     ->fixXmlConfig('stateless_token_id')
                     ->children()
-                        // defaults to framework.csrf_protection.stateless_token_ids || framework.session.enabled && !class_exists(FullStack::class) && interface_exists(CsrfTokenManagerInterface::class)
+                        // defaults to (framework.csrf_protection.stateless_token_ids || framework.session.enabled) && !class_exists(FullStack::class) && interface_exists(CsrfTokenManagerInterface::class)
                         ->scalarNode('enabled')->defaultNull()->end()
                         ->arrayNode('stateless_token_ids')
                             ->scalarPrototype()->end()

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php

@@ -466,9 +466,9 @@ public function load(array $configs, ContainerBuilder $container): void
             $container->removeDefinition('test.session.listener');
         }
 
-        // csrf depends on session being registered
+        // csrf depends on session or stateless token ids being registered
         if (null === $config['csrf_protection']['enabled']) {
-            $this->writeConfigEnabled('csrf_protection', $config['csrf_protection']['stateless_token_ids'] || $this->readConfigEnabled('session', $container, $config['session']) && !class_exists(FullStack::class) && ContainerBuilder::willBeAvailable('symfony/security-csrf', CsrfTokenManagerInterface::class, ['symfony/framework-bundle']), $config['csrf_protection']);
+            $this->writeConfigEnabled('csrf_protection', ($config['csrf_protection']['stateless_token_ids'] || $this->readConfigEnabled('session', $container, $config['session'])) && !class_exists(FullStack::class) && ContainerBuilder::willBeAvailable('symfony/security-csrf', CsrfTokenManagerInterface::class, ['symfony/framework-bundle']), $config['csrf_protection']);
         }
         $this->registerSecurityCsrfConfiguration($config['csrf_protection'], $container, $loader);
 

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/form_csrf_disabled.xml

@@ -12,7 +12,7 @@
         <framework:annotations enabled="false"/>
         <framework:php-errors log="true" />
         <framework:csrf-protection enabled="false"/>
-        <framework:form enabled="true">
+        <framework:form>
             <framework:csrf-protection enabled="true"/>
         </framework:form>
     </framework:config>

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/form_no_csrf.xml

@@ -9,7 +9,7 @@
     <framework:config http-method-override="false" handle-all-throwables="true">
         <framework:annotations enabled="false" />
         <framework:php-errors log="true" />
-        <framework:form enabled="true">
+        <framework:form>
             <framework:csrf-protection enabled="false" />
         </framework:form>
     </framework:config>