Bump the composer group across 1 directory with 7 updates

[dependabot]

Bumps the composer group with 5 updates in the / directory:

Package	From	To
symfony/security	2.6.7	2.6.13
symfony/form	2.6.7	2.6.12
doctrine/annotations	1.2.4	1.2.7
doctrine/cache	1.4.1	1.5.4
doctrine/common	2.5.0	2.5.3

Updates symfony/security from 2.6.7 to 2.6.13

Commits

• 722b5b4 removed obsolete tests, fixed composer.json
• 6f2d035 do not ship with a custom rng implementation
• 6993b7e migrate session after remember me authentication
• 8dc2616 prevent timing attacks in digest auth listener
• 6a45bf2 fix potential timing attack issue
• cdad268 Merge branch '2.3' into 2.6
• 79b1d65 [Security/Http] Fix test relying on a private property
• 39fae4d [Security] removed useless else condition in SwitchUserListener class.
• 7ab68c8 Merge branch '2.3' into 2.6
• 9aab396 [Security] fix check for empty usernames
• Additional commits viewable in compare view

Updates symfony/form from 2.6.7 to 2.6.12

Commits

• 23394a6 prevent timing attacks in digest auth listener
• ae46979 mitigate CSRF timing attack vulnerability
• 9334d5b Merge branch '2.3' into 2.6
• 10d41a4 [Form] updated exception message of ButtonBuilder::setRequestHandler()
• f4e4d50 Merge branch '2.3' into 2.6
• 2820629 Remove excess whitespace
• 1e1e187 Merge branch '2.3' into 2.6
• b0379d8 fix CS
• 31fe199 Merge branch '2.3' into 2.6
• dfacc33 Update DateTimeToArrayTransformer.php
• Additional commits viewable in compare view

Updates doctrine/annotations from 1.2.4 to 1.2.7

Release notes

Sourced from doctrine/annotations's releases.

v1.2.6

Revert a small change from v1.2.5 that removed a check for the wrong reasons, nothing major but better now.

v1.2.5

Total issues resolved: 1

• Make AnnotationReader PHP7 compatible by fixing code that checks for removed ini variable.

Commits

• f25c8aa [DCOM-293] Fix security misconfiguration vulnerability that can allow local a...
• f4a9170 Revert "Fix broken merge on Zend Opcache check."
• 6eeadf5 Fix broken merge on Zend Opcache check.
• 735b6c5 Merge pull request #59 from mpalourdio/opcache.load_comments
• 0a706d3 Move classes with reserved keywords in a separate file and skip test for php 7
• 10a0a9d Use PHP_VERSION_ID, and not PHP_VERSION
• 0ab9972 Add PHP7 to the build matrix
• 0eae200 opcache.load_comments has been removed from PHP 7
• c8927ad Merge pull request #57 from stof/patch-1
• ae5fbc0 Switch to the docker-based infrastructure on Travis
• See full diff in compare view

Updates doctrine/cache from 1.4.1 to 1.5.4

Release notes

Sourced from doctrine/cache's releases.

v1.5.4

Total issues resolved: 1

• 127: Path length of 259 is also not possible due to php bug

v1.5.3

Total issues resolved: 5

• 113: Perform various tests on windows and this correction solved the problem
• 121: FileCache.php bug at line 140 in protected function getFilename
• [122: Hotfix - #113 testing/correcting hashing for windows file path length limitations](doctrine/cache#122)
• 124: Filenames are too long for windows
• 125: Fix FileCache on Windows

v1.5.2

Total issues resolved: 3

• 105: Fix fetch multiple with false
• [107: fix file cache naming under windows surpassing MAX_PATH](doctrine/cache#107)
• 108: Avoid MongoCursorException with MongoCache

v1.5.1

Total issues resolved: 1

• 104: fetchMultiple problems with null and falsey values

v1.5.0

Total issues resolved: 9

• 87: [enhancement] Predis cache improvement
• 91: No need to save the default namespace version
• 92: travis: use container based build, PHP 7 added
• 94: fix file naming based on cache key
• 97: unify bool(ean) and add multi get support for wincache
• 98: add travis cache and fix apcu installation
• 99: Update LICENSE
• 100: composer: use PSR-4 autoload
• 101: Additional tests added

v1.4.4

Total issues resolved: 1

• 104: fetchMultiple problems with null and falsey values

v1.4.3

Total issues resolved: 3

• 90: Fix CacheProvider::fetchMultiple if keys array is empty
• 91: No need to save the default namespace version

... (truncated)

Commits

• 47cdc76 Releasing 1.5.4
• 7a9326b Merge pull request #128 from doctrine/hotfix/Use Symfony Serializer  rvanlaak/SettingsBundle#127-fix-windows-php-bug-path-le...
• f84dfe5 Add rigorous functional test for windows path length limit handling
• 4b82214 Refactor path length & generation test in FileCacheTest
• bf4899c Path length of 259 is also not possible due to php bug
• 32bf046 Bumping to development release 1.5.4-DEV
• 6ecaf07 Releasing 1.5.3
• 492479e Merge pull request #126 from doctrine/hotfix/Fix second param of "entity" driven get method rvanlaak/SettingsBundle#113-testing-windows-file-path-l...
• 3197628 Installation of APCu should happen manually, as 4.x should be used when deali...
• 85667d3 Fix use of [] array initializer in backported test
• Additional commits viewable in compare view

Updates doctrine/common from 2.5.0 to 2.5.3

Release notes

Sourced from doctrine/common's releases.

v2.5.3

Total issues resolved: 1

• 367: Fix how namespace matching happens in SymfonyFileLocator

v2.5.2

Release Notes - Doctrine Common - Version 2.5.2

Bug-fixes

• DCOM-299 #383 Silence chmod() warnings
• DCOM-301 #384 Fixed bug with getAllClassNames() in subdirectories
• DCOM-303 #387 Fixed fatal error in AbstractManagerRegistry

Improvement

• DCOM-289 #373 composer: bump to PHPUnit 4.7

Commits

• 10f1f19 2.5.3 release
• e8768f6 Merge branch 'hotfix/#367-correct-symfony-file-locator-namespace-matching-2.5...
• f70bfdd Add tests for Symfony file locator
• 3e7dceb Fix how namespace matching happens in SymfonyFileLocator
• 11b994b Bumping development version to 2.5.3-DEV
• 311001f Release 2.5.2
• cce91bc Merge tag 'v2.5.1' into 2.5
• 53b9649 Merge branch 'hotfix/#384-correct-directory-to-namespace-conversion-in-file-l...
• 486407c #384 - hardening comparisons to get rid of silly OS-specific sorting problems
• 16d94cc #384 - hardening comparisons to get rid of silly OS-specific sorting problems
• Additional commits viewable in compare view

Updates symfony/http-foundation from 2.6.7 to 2.6.13

Commits

• e8fd1b7 Merge branch '2.3' into 2.6
• fd2a759 bug #15249 [HttpFoundation] [PSR-7] Allow to use resources as content body an...
• 6eed3f5 [HttpFoundation] [PSR-7] Allow to use resources as content body and to return...
• d5adda8 [HttpFoundation] Fix Response::closeOutputBuffers() for HHVM 3.3
• 6f2de25 [HttpFoundation] Behaviour change in PHP7 for substr
• b2a6fad Merge branch '2.3' into 2.6
• d9a9d95 [HttpFoundation] Reload the session after regenerating its id
• 1b15d69 [HttpFoundation] Add a test case to confirm a bug in session migration
• 023606d [2.6] Static Code Analysis for Components and Bundles
• 40569a0 minor #15204 CS fixes for 2.3 (keradus)
• Additional commits viewable in compare view

Updates symfony/http-kernel from 2.6.7 to 2.6.13

Commits

• cdd991d updated VERSION for 2.6.13
• 498866a bumped Symfony version to 2.6.12
• a3f0ed7 updated VERSION for 2.6.11
• 8a9c3d3 minor #15317 [2.6] Static Code Analysis for Components (kalessil)
• 5c23682 [2.6] Static Code Analysis for Components
• ba68a75 [HttpKernel] Fix lowest dep
• 2817487 bumped Symfony version to 2.6.11
• 52c99b6 updated VERSION for 2.6.10
• 8078f58 Merge branch '2.3' into 2.6
• b8f99b1 fix CS
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.