[SECURITY] Update drupal/core-recommended from 10.2.4 to 10.4.0

[violinist-bot]

If you have a high test coverage index, and your tests for this pull request are passing, it should be both safe and recommended to merge this update.

Updated packages

Some times an update also needs new or updated dependencies to be installed. Even if this branch is for updating one dependency, it might contain other installs or updates. All of the updates in this branch can be found here:

• symfony/polyfill-php72 v1.31.0 (package was removed)
• doctrine/annotations: 1.14.4 (updated from 1.14.3)
• doctrine/deprecations: 1.1.4 (updated from 1.1.3)
• drupal/core: 10.4.0 (updated from 10.2.4)
• drupal/core-composer-scaffold: 10.4.0 (updated from 10.3.3)
• drupal/core-recommended: 10.4.0 (updated from 10.2.4)
• guzzlehttp/guzzle: 7.9.2 (updated from 7.8.2)
• guzzlehttp/promises: 2.0.4 (updated from 2.0.3)
• guzzlehttp/psr7: 2.7.0 (updated from 2.6.3)
• masterminds/html5: 2.9.0 (updated from 2.8.1)
• mck89/peast: v1.16.3 (updated from v1.15.4)
• nikic/php-parser: v5.3.1 (updated from v5.1.0)
• pear/archive_tar: 1.5.0 (updated from 1.4.14)
• pear/pear-core-minimal: v1.10.16 (updated from v1.10.15)
• psr/http-factory: 1.1.0 (updated from 1.0.2)
• symfony/console: v6.4.15 (updated from v6.4.11)
• symfony/dependency-injection: v6.4.16 (updated from v6.4.11)
• symfony/deprecation-contracts: v3.5.1 (updated from v3.4.0)
• symfony/error-handler: v6.4.14 (updated from v6.4.10)
• symfony/event-dispatcher: v6.4.13 (updated from v6.4.8)
• symfony/event-dispatcher-contracts: v3.5.1 (updated from v3.4.2)
• symfony/filesystem: v6.4.13 (updated from v6.4.9)
• symfony/finder: v6.4.13 (updated from v6.4.11)
• symfony/http-foundation: v6.4.16 (updated from v6.4.10)
• symfony/http-kernel: v6.4.16 (updated from v6.4.10)
• symfony/mailer: v6.4.13 (updated from v6.4.9)
• symfony/mime: v6.4.13 (updated from v6.4.9)
• symfony/polyfill-ctype: v1.31.0 (updated from v1.28.0)
• symfony/polyfill-iconv: v1.31.0 (updated from v1.28.0)
• symfony/polyfill-intl-grapheme: v1.31.0 (updated from v1.28.0)
• symfony/polyfill-intl-idn: v1.31.0 (updated from v1.28.0)
• symfony/polyfill-intl-normalizer: v1.31.0 (updated from v1.28.0)
• symfony/polyfill-mbstring: v1.31.0 (updated from v1.28.0)
• symfony/polyfill-php83: v1.31.0 (updated from v1.28.0)
• symfony/process: v6.4.15 (updated from v6.4.8)
• symfony/psr-http-message-bridge: v6.4.13 (updated from v6.4.10)
• symfony/routing: v6.4.16 (updated from v6.4.10)
• symfony/serializer: v6.4.15 (updated from v6.4.10)
• symfony/service-contracts: v3.5.1 (updated from v3.4.2)
• symfony/string: v6.4.15 (updated from v6.4.11)
• symfony/translation-contracts: v3.5.1 (updated from v3.4.2)
• symfony/validator: v6.4.16 (updated from v6.4.10)
• symfony/var-dumper: v6.4.15 (updated from v6.4.11)
• symfony/var-exporter: v6.4.13 (updated from v6.4.9)
• symfony/yaml: v6.4.13 (updated from v6.4.11)
• twig/twig: v3.16.0 (updated from v3.8.0)
• behat/mink-selenium2-driver v1.7.0 (package was removed)
• instaclick/php-webdriver 1.4.18 (package was removed)
• behat/mink: v1.12.0 (updated from v1.11.0)
• brick/math: 0.12.1 (new package, previously not installed)
• composer/ca-bundle: 1.5.4 (updated from 1.4.1)
• composer/class-map-generator: 1.5.0 (updated from 1.1.0)
• composer/composer: 2.8.4 (updated from 2.7.1)
• composer/pcre: 3.3.2 (updated from 3.1.1)
• composer/xdebug-handler: 3.0.5 (updated from 3.0.3)
• drupal/coder: 8.3.26 (updated from 8.3.23)
• drupal/core-dev: 10.4.0 (updated from 10.2.4)
• google/protobuf: v4.29.2 (updated from v3.25.3)
• justinrainbow/json-schema: 5.3.0 (updated from v5.2.13)
• lullabot/mink-selenium2-driver: v1.7.4 (new package, previously not installed)
• lullabot/php-webdriver: v2.0.6 (new package, previously not installed)
• mglaman/phpstan-drupal: 1.3.2 (updated from 1.2.7)
• mikey179/vfsstream: v1.6.12 (updated from v1.6.11)
• myclabs/deep-copy: 1.12.1 (updated from 1.12.0)
• nyholm/psr7-server: 1.1.0 (new package, previously not installed)
• open-telemetry/api: 1.1.2 (updated from 1.0.3)
• open-telemetry/context: 1.1.0 (updated from 1.0.2)
• open-telemetry/exporter-otlp: 1.1.0 (updated from 1.0.4)
• open-telemetry/gen-otlp-protobuf: 1.2.1 (updated from 1.1.0)
• open-telemetry/sdk: 1.1.2 (updated from 1.0.8)
• open-telemetry/sem-conv: 1.27.1 (updated from 1.24.0)
• php-http/discovery: 1.20.0 (updated from 1.19.2)
• php-http/guzzle7-adapter: 1.1.0 (updated from 1.0.0)
• php-http/httplug: 2.4.1 (updated from 2.4.0)
• php-http/promise: 1.3.1 (updated from 1.3.0)
• phpdocumentor/reflection-docblock: 5.6.1 (updated from 5.4.1)
• phpdocumentor/type-resolver: 1.10.0 (updated from 1.8.2)
• phpspec/prophecy: v1.20.0 (updated from v1.19.0)
• phpspec/prophecy-phpunit: v2.3.0 (updated from v2.2.0)
• phpstan/extension-installer: 1.4.3 (updated from 1.3.1)
• phpstan/phpdoc-parser: 1.33.0 (updated from 1.29.1)
• phpstan/phpstan: 1.12.13 (updated from 1.10.59)
• phpstan/phpstan-deprecation-rules: 1.2.1 (updated from 1.1.4)
• phpstan/phpstan-phpunit: 1.4.2 (updated from 1.3.16)
• phpunit/php-code-coverage: 9.2.32 (updated from 9.2.31)
• phpunit/phpunit: 9.6.22 (updated from 9.6.20)
• ramsey/collection: 2.0.0 (new package, previously not installed)
• ramsey/uuid: 4.7.6 (new package, previously not installed)
• seld/jsonlint: 1.11.0 (updated from 1.10.2)
• sirbrillig/phpcs-variable-analysis: v2.11.21 (updated from v2.11.17)
• slevomat/coding-standard: 8.15.0 (updated from 8.14.1)
• squizlabs/php_codesniffer: 3.11.2 (updated from 3.9.0)
• symfony/browser-kit: v6.4.13 (updated from v6.4.8)
• symfony/css-selector: v6.4.13 (updated from v6.4.8)
• symfony/dom-crawler: v6.4.16 (updated from v6.4.8)
• symfony/lock: v6.4.13 (updated from v6.4.3)
• symfony/phpunit-bridge: v6.4.16 (updated from v6.4.4)
• symfony/polyfill-php82: v1.31.0 (updated from v1.29.0)
• tbachert/spi: v1.0.2 (new package, previously not installed)

Release notes

Here are the release notes for all versions released between your current running version, and the version this PR updates the package to.

List of release notes

• Release notes for tag 10.4.0
• Release notes for tag 10.4.0-rc1
• Release notes for tag 10.4.0-beta1
• Release notes for tag 10.2.4
• Release notes for tag 10.2.3
• Release notes for tag 10.2.2
• Release notes for tag 10.2.1
• Release notes for tag 10.2.0
• Release notes for tag 10.2.0-rc1
• Release notes for tag 10.2.0-beta1
• Release notes for tag 10.2.0-alpha1

Changed files

Here is a list of changed files between the version you use, and the version this pull request updates to:

List of changed files

  composer.json

Changelog

Here is a list of changes between the version you use, and the version this pull request updates to:

• 4c2f518 Drupal 10.4.0
• 289f6c4 Issue #3490183 by spokje, andypost: Update Composer dependencies for 10.4.0
• 3fc4a80 Issue #3488365 by andypost, longwave: Upgrade twig/twig to 3.15.0
• 7a2482d Back to dev.
• c7a8a61 Drupal 10.4.0-rc1
• 23912cb Revert "Issue #3488365 by andypost: Upgrade twig/twig to 3.15.0"
• 1dbe684 Issue #3488365 by andypost: Upgrade twig/twig to 3.15.0
• 8b68255 Issue #3486545 by spokje, andypost: Update Composer dependencies for 10.4.0-beta1
• 8ea2d3f Back to dev.
• fb69dfa Drupal 10.4.0-beta1
• 94ddb1a Issue #3485956 by mradcliffe, jan kellermann, gillesbailleux, raphaelbertrand, cilefen, larowlan: Recursion limit exceeded with Twig v3.14.1 when editing a node or a block
• cd96db5 Issue #3478331 by andypost, smustgrave: Upgrade composer to 2.8.1 for PHP 8.4
• fda00bb Issue #3473195 by longwave, catch, jurgenhaas, naveenvalecha, quietone: twig/twig has a possible sandbox bypass <v3.14.0
• a118fb0 Issue #3467293 by Spokje, longwave: twig/twig 3.11.0 introduces (for Drupal) breaking changes
• 10b8704 Issue #3454556 by xjm: Require Composer 2.7.7
• 047fac2 Issue #3447204 by longwave, quietone: Update Composer dependencies for 10.3.0-beta1
• ce9d855 Drupal 10.4.x-dev
• 00ee439 Issue #3439521 by pradhumanjain2311, quietone, smustgrave: Update composer dependencies for Drupal 10.3
• 6c4415d Issue #3441331 by andypost, longwave, alexpott, Spokje, xjm: Update to Twig 3.9
• bda36ae Issue #3428052 by Spokje, mondrake: Bump phpstan/phpstan and mglaman/phpstan-drupal to latest
• 90f129c Drupal 10.3.x-dev
• 0c41ce5 Issue #3405696 by longwave, Spokje, andypost, quietone, smustgrave, mondrake: Update composer dependencies for Drupal 10.2.0
• b3d5c5e Issue #3405704 by Spokje, longwave: symfony/psr-http-message-bridge major version bump
• ca6e213 Issue #3404694 by Spokje, longwave, mglaman, andypost: Update dependencies for Drupal 10.2
• f87dbd1 Issue #3401901 by Spokje, smustgrave, longwave: Update composer dependencies for Drupal 10.2 beta
• b863e81 Issue #3401200 by quietone: Update composer dependencies for Drupal 10.2 beta
• 9656162 Issue #3395586 by andy-blum, deviantintegral, longwave, catch: Add Symfony's Filesystem and Finder components to core
• 64ebac4 Issue #3393151 by Spokje, quietone: Update composer dependencies for Drupal 10.2
• f4c9ff8 Issue #3392616 by Spokje, longwave: Update to Symfony 6.4
• c600542 Issue #3165762 followup by longwave, smustgrave, Spokje: Move symfony/mailer dependency from drupal/drupal to drupal/core

Working with this branch

If you find you need to update the codebase to be able to merge this branch (for example update some tests or rebuild some assets), please note that violinist will force push to this branch to keep it up to date. This means you should not work on this branch directly, since you might lose your work. Read more about branches created by violinist.io here.

---

This is an automated pull request from Violinist: Continuously and automatically monitor and update your composer dependencies. Have ideas on how to improve this message? All violinist messages are open-source, and can be improved here.