chore(deps): update symfony/security-bundle requirement from ^6.4|^7.0 to ^8.0.8

[dependabot]

Updates the requirements on symfony/security-bundle to permit the latest version.

Release notes

Sourced from symfony/security-bundle's releases.

v8.0.8

Changelog (symfony/security-bundle@v8.0.7...v8.0.8)

• bug #63806 Make the Adapter resettable (@​kira0269, @​nicolas-grekas)
• bug #63722 Fix profiler showing ERROR instead of DENIED (@​audain-dg)

Changelog

Sourced from symfony/security-bundle's changelog.

CHANGELOG

8.1

• Add support for the clientHints, prefetchCache, and prerenderCache ClearSite-Data directives
• Add support for #[AsTaggedItem] attribute to configure voter priority
• Deprecate the security.erase_credentials configuration option and the security.authentication.manager.erase_credentials container parameter, as the eraseCredentials() method was removed in Symfony 8.0

8.0

• Remove the deprecated hide_user_not_found configuration option, use expose_security_errors instead
• Remove the deprecated algorithm and key options from the OIDC token handler configuration, use algorithms and keyset instead
• Remove LazyFirewallContext::__invoke()
• Make ExpressionCacheWarmer class final
• Remove autowiring aliases for RateLimiterFactory; use RateLimiterFactoryInterface instead

7.4

• Add debug:security:role-hierarchy command to dump role hierarchy graphs in the Mermaid.js flowchart format

• Add Security::getAccessDecision() and getAccessDecisionForUser() helpers

• Add options to configure a cache pool and storage service for login throttling rate limiters

• Register alias for argument for password hasher when its key is not a class name:

  With the following configuration:

  security:
    password_hashers:
        recovery_code: auto

  It is possible to inject the recovery_code password hasher in a service:

  public function __construct(
      #[Target('recovery_code')]
      private readonly PasswordHasherInterface $passwordHasher,
  ) {
  }

• Deprecate LazyFirewallContext::__invoke()

7.3

• Add Security::isGrantedForUser() to test user authorization without relying on the session. For example, users not currently logged in, or while processing a message from a message queue
• Add encryption support to OidcTokenHandler (JWE)

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[mpge]

Superseded by #52.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.