Bump symfony/http-foundation from 8.0.4 to 8.1.0

[dependabot]

Bumps symfony/http-foundation from 8.0.4 to 8.1.0.

Release notes

Sourced from symfony/http-foundation's releases.

v8.1.0

Changelog (symfony/http-foundation@v8.1.0-RC1...v8.1.0)

• bug #64389 Migrate configureSchema() to DBAL's editor API (@​nicolas-grekas)

v8.1.0-RC1

Changelog (symfony/http-foundation@v8.1.0-BETA3...v8.1.0-RC1)

• security #cve-2026-48736 Block IPv6 transition forms in IpUtils::PRIVATE_SUBNETS (@​nicolas-grekas)

v8.1.0-BETA3

Changelog (symfony/http-foundation@v8.1.0-BETA1...v8.1.0-BETA3)

• bug #64269 Various fixes and hardenings (@​nicolas-grekas)

v8.1.0-BETA1

No release notes provided.

v8.0.13

Changelog (symfony/http-foundation@v8.0.7...v8.0.13)

• security #cve-2026-48736 Block IPv6 transition forms in IpUtils::PRIVATE_SUBNETS (@​nicolas-grekas)

v8.0.8

Changelog (symfony/http-foundation@v8.0.7...v8.0.8)

• no significant changes

v8.0.7

Changelog (symfony/http-foundation@v8.0.6...v8.0.7)

• bug #63603 Fix session cookie_lifetime not applied in mock session storage (@​nicolas-grekas)

v8.0.6

Changelog (symfony/http-foundation@v8.0.5...v8.0.6)

• bug #63448 Handle empty session data in updateTimestamp() to fix compat with PHP 8.6 (@​nicolas-grekas)
• bug #63319 BinaryFileResponse: always return 206 if Range is valid (@​Jimbolino)
• bug #63262 Reject invalid paths (@​nicolas-grekas)
• bug #54304 When calling UploadedFile::getErrorMessage() to a file which has no error and is uploaded successfully, it should not return an error (@​ArmCyber)
• bug #63230 fix engine declaration on mysql pdo table creations (@​tandev)

v8.0.5

Changelog (symfony/http-foundation@v8.0.4...v8.0.5)

• bug #63137 Fix PdoSessionHandler charset-collation mismatch with the Doctrine DBAL (@​samy-mahmoudi)

Changelog

Sourced from symfony/http-foundation's changelog.

CHANGELOG

8.1

• Add BinaryFileResponse::shouldDeleteFileAfterSend()
• Deprecate setting public properties of Request and Response objects directly; use setters or constructor arguments instead
• Add SessionHasFlashMessage test constraint
• Response::__construct() now accepts a ResponseHeaderBag as its third argument
• ParameterBag::getInt() and ParameterBag::getBoolean() now throw UnexpectedValueException instead of silently returning 0/false when the value cannot be converted

8.0

• Drop HTTP method override support for methods GET, HEAD, CONNECT and TRACE
• Add argument $subtypeFallback to Request::getFormat()
• Remove the following deprecated session options from NativeSessionStorage: referer_check, use_only_cookies, use_trans_sid, sid_length, sid_bits_per_character, trans_sid_hosts, trans_sid_tags
• Trigger PHP warning when using Request::sendHeaders() after headers have already been sent; use a StreamedResponse instead
• Add arguments $v4Bytes and $v6Bytes to IpUtils::anonymize()
• Add argument $partitioned to ResponseHeaderBag::clearCookie()
• Add argument $expiration to UriSigner::sign()
• Remove Request::get(), use properties ->attributes, query or request directly instead
• Remove accepting null $format argument to Request::setFormat()

7.4

• Add #[WithHttpStatus] to define status codes: 404 for SignedUriException and 403 for ExpiredSignedUriException
• Add support for the QUERY HTTP method
• Add support for structured MIME suffix
• Add Request::set/getAllowedHttpMethodOverride() to list which HTTP methods can be overridden
• Deprecate using Request::sendHeaders() after headers have already been sent; use a StreamedResponse instead
• Deprecate method Request::get(), use properties ->attributes, query or request directly instead
• Make Request::createFromGlobals() parse the body of PUT, DELETE, PATCH and QUERY requests
• Deprecate HTTP method override for methods GET, HEAD, CONNECT and TRACE; it will be ignored in Symfony 8.0
• Deprecate accepting null $format argument to Request::setFormat()

7.3

• Add support for iterable of string in StreamedResponse
• Add EventStreamResponse and ServerEvent classes to streamline server event streaming
• Add support for valkey: / valkeys: schemes for sessions
• Request::getPreferredLanguage() now favors a more preferred language above exactly matching a locale
• Allow UriSigner to use a ClockInterface
• Add UriSigner::verify()

7.2

... (truncated)

Commits

• af11474 Add call to backers in README files
• 65674bc Merge branch '8.0' into 8.1
• c748a25 Fix post-merge cleanups for #64389
• b3778d7 Merge branch '7.4' into 8.0
• 29e11e9 Migrate configureSchema() to DBAL's editor API
• 8bbd165 Merge branch '8.0' into 8.1
• 30459bd Merge branch '7.4' into 8.0
• bc354f4 Merge branch '6.4' into 7.4
• 48d76c2 security #cve-2026-48736 [HttpFoundation] Block IPv6 transition forms in IpUt...
• 94b3f81 Merge branch '8.0' into 8.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.