Bump the php-prod group across 1 directory with 7 updates

[dependabot]

Bumps the php-prod group with 6 updates in the / directory:

Package	From	To
doctrine/doctrine-bundle	2.18.1	2.18.2
doctrine/orm	3.5.8	3.6.1
nelmio/security-bundle	3.6.0	3.8.0
pagerfanta/pagerfanta	4.7.2	4.8.0
twig/extra-bundle	3.22.2	3.23.0
twig/intl-extra	3.22.1	3.23.0

Updates doctrine/doctrine-bundle from 2.18.1 to 2.18.2

Release notes

Sourced from doctrine/doctrine-bundle's releases.

2.18.2

Release Notes for 2.18.2

2.18.x bugfix release (patch)

2.18.2

• Total issues resolved: 0
• Total pull requests resolved: 9
• Total contributors: 4

Bugfixes

• 2171: Detect bundles containing only MappedSuperclass annotations thanks to @​jtattevin

Documentation

• 2173: Document command remapping thanks to @​greg0ire

CI

• 2168: Bump actions/upload-artifact from 5 to 6 thanks to @​dependabot[bot]
• 2167: Bump actions/download-artifact from 6 to 7 thanks to @​dependabot[bot]
• 2149: Bump doctrine/.github/.github/workflows/composer-lint.yml from 12.2.0 to 13.1.0 thanks to @​dependabot[bot]
• 2148: Bump doctrine/.github/.github/workflows/release-on-milestone-closed.yml from 13.0.0 to 13.1.0 thanks to @​dependabot[bot]
• 2146: Bump doctrine/.github/.github/workflows/phpstan.yml from 13.0.0 to 13.1.0 thanks to @​dependabot[bot]
• 2145: Bump doctrine/.github/.github/workflows/documentation.yml from 13.0.0 to 13.1.0 thanks to @​dependabot[bot]
• 2142: chore: show parameters in name of CI jobs thanks to @​alexislefebvre

Commits

• 0ff098b Merge pull request #2173 from greg0ire/document-command-remapping
• c8980d0 Document command remapping
• ff26443 Detect bundle containing only MappedSuperclass annotations (#2171)
• 0cf3392 Merge pull request #2167 from doctrine/dependabot/github_actions/2.18.x/actio...
• 4b3d951 Merge pull request #2168 from doctrine/dependabot/github_actions/2.18.x/actio...
• f7b4bdc Bump actions/upload-artifact from 5 to 6
• b5eb5bc Bump actions/download-artifact from 6 to 7
• b105485 Bump actions/checkout from 5 to 6
• 68c9ab8 Bump doctrine/.github/.github/workflows/coding-standards.yml
• 203bfdd Merge pull request #2142 from alexislefebvre/chore-show-parameters-in-name-of...
• Additional commits viewable in compare view

Updates doctrine/orm from 3.5.8 to 3.6.1

Release notes

Sourced from doctrine/orm's releases.

3.6.1

Release Notes for 3.6.1

3.6.x bugfix release (patch)

3.6.1

• Total issues resolved: 0
• Total pull requests resolved: 5
• Total contributors: 4

Bugfixes

• 12335: Avoid lazy object initialization when initializing read-only property thanks to @​greg0ire
• 12275: FIX: Handle int-backed enums for values stored as string values in MySQL ENUM columns thanks to @​TheBreaken

Documentation

• 12329: Fix result cache examples in docs thanks to @​HypeMC
• 12328: Fix docs regarding query hints thanks to @​HypeMC
• 12060: Update doc dql-custom-walkers.rst with an output walker to interpolate parameters into SQL thanks to @​n0099

3.6.0

Release Notes for 3.6.0

Feature release (minor)

3.6.0

• Total issues resolved: 0
• Total pull requests resolved: 21
• Total contributors: 13

New Feature

• 12268: Add hints to QueryBuilder thanks to @​pmaasz
• 12165: Add commands for inspecting configured listeners thanks to @​HypeMC
• 12071: Add JSON format option for orm:mapping:describe command output thanks to @​stlgaits
• 12065: Use enum values from enumType in DiscriminatorColumn and check DiscriminatorMap values against it thanks to @​whataboutpereira

Deprecation

• 12279: Deprecate string default expressions thanks to @​greg0ire
• 12273: Deprecate FieldMapping::$default thanks to @​greg0ire
• 12126: Deprecate specifying nullable on primary key columns thanks to @​greg0ire
• 12051: Stop using QueryBuilder::getRootAlias() thanks to @​greg0ire

Improvement

... (truncated)

Commits

• 2148940 Merge pull request #12335 from greg0ire/gh-12166
• d353809 Merge pull request #12337 from greg0ire/3.6.x
• 0c1bf14 Merge remote-tracking branch 'origin/2.20.x' into 3.6.x
• 3b8c23c Merge pull request #12336 from greg0ire/dmwydo
• 60d4ea6 Stop mocking EventManager
• e923bbc Avoid lazy object initialization when initializing read-only property
• 8cbd34c Merge pull request #12060 from n0099/patch-1
• 8bdefef Handle int-backed enums for values stored as string values in MySQL ENUM colu...
• 0f8730a Merge pull request #12331 from greg0ire/a-the
• 62477b5 Update branch metadata (#12327)
• Additional commits viewable in compare view

Updates nelmio/security-bundle from 3.6.0 to 3.8.0

Release notes

Sourced from nelmio/security-bundle's releases.

v3.8.0

What's Changed

• Add Cross-Origin Policy feature with configurable headers (COEP, COOP, CORP) by @​Spomky in nelmio/NelmioSecurityBundle#372

Full Changelog: nelmio/NelmioSecurityBundle@v3.7.0...v3.8.0

v3.7.0

What's Changed

• Added support for Symfony 8 nelmio/NelmioSecurityBundle#386
• Update development dependencies to latest versions nelmio/NelmioSecurityBundle#388
• Fixed many docs issues (#376 #375 #383 #382 #384)

Full Changelog: nelmio/NelmioSecurityBundle@v3.6.0...v3.7.0

Commits

• 2fafee1 Merge pull request #372 from Spomky/features/cross-origin-policy
• 63da27e Add Cross-Origin Policy feature with configurable headers (COEP, COOP, CORP)
• 9389ec2 Merge pull request #388 from Spomky/deps-update
• a0eac15 chore(ci): Add Symfony 8.5 to the continuous integration matrix
• d702968 chore(deps): Update PHPStan and PHPUnit versions in composer.json
• a1f20ea Merge pull request #386 from damienalexandre/symfony8
• ee3d9f1 fix(ci): Bump Symfony 7 to 7.3 minimum
• f42af6e feat(upgrade): Bump allowed Symfony version to 8
• 6c03803 Merge pull request #384 from de-es/patch-1
• e9741af Fix Permissions Policy docs
• Additional commits viewable in compare view

Updates pagerfanta/pagerfanta from 4.7.2 to 4.8.0

Changelog

Sourced from pagerfanta/pagerfanta's changelog.

4.8.0 (2026-01-22)

• Add support for doctrine/collections 3.x

Commits

• 72881e6 Fix selectable adapter tests
• cc9f93e Fix tests
• f8e6483 Update GHA
• d25f34e Add support for doctrine/collections 3.x
• 1a18358 Rector
• 55352dc Update fixer config, tweak comments
• 71c616c Bump dev tools
• 3043e9d Add PHP 8.5 build, fix bypass config, allow Symfony 8 for dev
• 91249e4 Update 5.x requirement
• See full diff in compare view

Updates twig/extra-bundle from 3.22.2 to 3.23.0

Commits

• 7a27e78 minor #4718 Add .gitignore & .gitattributes to all .gitattributes (jmsche)
• 8f6488a Add .gitignore & .gitattributes to all .gitattributes
• See full diff in compare view

Updates twig/intl-extra from 3.22.1 to 3.23.0

Commits

• 32f15a3 Add null-safe operator
• d79645e Fix intl-extra tests
• c5da148 Add .gitignore & .gitattributes to all .gitattributes
• See full diff in compare view

Updates twig/twig from 3.22.2 to 3.23.0

Changelog

Sourced from twig/twig's changelog.

3.23.0 (2026-01-23)

• Add = assignment operator (allows to set variables in expression or to replace the short-form of the set tag)
• Add sequence, mapping, and object destructuring
• Add ?. null-safe operator
• Add === and !== operators (equivalent to the same as and not same as tests)
• Fix opcache preload warning for unlinked anonymous class
• Fix spread operator behavior

Commits

• a64dc5d Prepare the release
• b0c42a9 Update CHANGELOG
• b609ae9 feature #4744 Add support for object and mapping destructuring (fabpot)
• 8a0f8ac Add support for object and mapping destructuring
• 76c404e Rename classes
• d784400 feature #4742 Assignment operator array destructuring (fabpot)
• bb99af3 Assignment operator array destructuring
• dfeb162 Fix doc notes
• 85ccfb1 Fix doc notes
• be1797d feature #4735 Add the = assignment operator (fabpot)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions