build(deps): bump symfony/polyfill-mbstring from 1.30.0 to 1.37.0

[dependabot]

Bumps symfony/polyfill-mbstring from 1.30.0 to 1.37.0.

Release notes

Sourced from symfony/polyfill-mbstring's releases.

v1.37.0

Changelog (symfony/polyfill-mbstring@v1.36.0...v1.37.0)

• no significant changes

v1.36.0

Changelog (symfony/polyfill-mbstring@v1.35.0...v1.36.0)

• no significant changes

v1.35.0

Changelog (symfony/polyfill-mbstring@v1.34.0...v1.35.0)

• no significant changes

v1.34.0

Changelog (symfony/polyfill-mbstring@v1.33.0...v1.34.0)

• bug #501 mbstring polyfills must not raise value errors in PHP 7 (@​derrabus)

Commits

• 6a21eb9 mbstring polyfills must not raise value errors in PHP 7
• f03734f CS fixes
• 6d857f4 minor #508 Require iconv for mbstring (jaapio)
• 01072b6 Require iconv for mbstring
• 6c1cb6e mbstring: Fix mb_rtrim() for UTF-8 text
• 2369cb9 Give testing some love
• 85181ba Bump to PHP 7.2, stick to phpunit 8.5
• 2bf2520 fix function signature tests
• 8740a07 Improve mb_*trim polyfills
• 74b87a0 Mb trim functions
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity

Metric	Results
Complexity	0

View in Codacy

AI Reviewer: first review requested successfully. AI can make mistakes. Always validate suggestions.

_{TIP This summary will be updated as you push new changes.}

[codacy-production]

Pull Request Overview

While this dependency update provides bug fixes and new functionality, it introduces significant environment requirements that must be verified before merging. Specifically, the minimum PHP version is raised to 7.2, and the ext-iconv extension is now mandatory.

Additionally, there is a metadata anomaly regarding a future timestamp ('2026-04-10') in the lock file and unnecessary diff noise due to the use of Composer 2.9.0. Although Codacy indicates the PR is up to standards, these environment-level risks should be addressed to prevent CI or deployment failures.

About this PR

• The upgrade increases the minimum PHP version requirement from 7.1 to 7.2 and adds a new mandatory requirement for 'ext-iconv'. Ensure that all production, staging, and CI environments (including Docker images) are updated to meet these requirements before merging.

Test suggestions

• Verify that the application's runtime and CI environments are running PHP 7.2 or higher.
• Verify that the 'ext-iconv' extension is installed and enabled in the PHP environment.
• Conduct regression tests on application modules that handle multibyte string manipulation (e.g. mb_strlen, mb_convert_encoding).

Prompt proposal for missing tests

Consider implementing these tests if applicable:
1. Verify that the application's runtime and CI environments are running PHP 7.2 or higher.
2. Verify that the 'ext-iconv' extension is installed and enabled in the PHP environment.
3. Conduct regression tests on application modules that handle multibyte string manipulation (e.g. mb_strlen, mb_convert_encoding).

Low confidence findings

• The 'time' metadata in 'composer.lock' for this package is set to a future date (2026-04-10). This is highly unusual and suggests the lock file may have been generated on a system with an incorrect clock.

_{TIP Improve review quality by adding custom instructions
TIP How was this review? Give us feedback}

[codacy-production]

_{🟡 MEDIUM RISK}

This dependency update introduces a mandatory requirement for ext-iconv and bumps the minimum PHP version to 7.2. This is a breaking change for environments without the iconv extension or those still running on PHP 7.1.

[codacy-production]

_{⚪ LOW RISK}

The 'time' field is set to a future date ('2026-04-10'). This metadata anomaly should be verified to ensure the lock file is not corrupted or generated with an incorrect system clock.

[codacy-production]

_{⚪ LOW RISK}

Nitpick: The lock file has been updated using Composer 2.9.0, which changed the internal format of stability-flags and platform from arrays to objects. This creates unnecessary diff noise and potential compatibility issues if the team or CI environment uses an older Composer version.