build(deps): bump symfony/dependency-injection from 7.1.3 to 7.4.9

[dependabot]

Bumps symfony/dependency-injection from 7.1.3 to 7.4.9.

Release notes

Sourced from symfony/dependency-injection's releases.

v7.4.9

Changelog (symfony/dependency-injection@v7.4.8...v7.4.9)

• bug #64090 Reject circular references through a factory builder's setup (@​nicolas-grekas)
• bug #64006 Fix hidden dependency on symfony/config in PhpDumper (@​GromNaN)
• bug #63980 Log every build parameter removed during compilation (@​ousamabenyounes)
• bug #63951 Fix autowiring nullable intersection types (@​HypeMC)
• bug #63922 Fix excludeSelf not applied when using AutowireLocator (@​GromNaN)
• bug #63876 Fix instanceof autoconfiguration for anonymous classes (@​jlabedo)

v7.4.8

Changelog (symfony/dependency-injection@v7.4.7...v7.4.8)

• bug #63812 Fix tagged_iterator/tagged_locator in array PHP config (@​javiereguiluz)
• bug #63823 Fix rejecting inline services in parameters section (@​nicolas-grekas)

v7.4.7

Changelog (symfony/dependency-injection@v7.4.6...v7.4.7)

• bug #63508 Handle Stringable for string-typed arguments in CheckTypeDeclarationsPass (@​yoeunes)
• bug #63506 Fix TypeError when using a custom container base class with typed $parameterBag (@​nicolas-grekas)

v7.4.6

Changelog (symfony/dependency-injection@v7.4.5...v7.4.6)

• bug #63473 Fix PriorityTaggedServiceTrait not discovering # on decorated services (@​lacatoire)
• bug #63462 Fix phpstan false-positive about config/reference.php (@​nicolas-grekas)
• bug #63379 Prevent false unused-env errors for abstract definitions removed at compile time (@​nicolas-grekas)
• bug #63307 Fix stale binding lookup in ResolveBindingsPass error message (@​yoeunes)
• bug #57561 Fix ignore invalid_reference behavior param for the some services (@​Nguyen26052004)
• bug #63234 Fix parsing Target attributes on properties and on controllers (@​nicolas-grekas)

v7.4.5

Changelog (symfony/dependency-injection@v7.4.4...v7.4.5)

• bug #63213 Fix lazy proxy type resolution for decorated services (@​nicolas-grekas)

v7.4.4

Changelog (symfony/dependency-injection@v7.4.3...v7.4.4)

• bug #63160 Fix alias chain inversion when deprecated alias points to decorated service (amateescu)
• bug #62920 Allow ParamConfigurator in ParametersConfig (@​jack-worman)

v7.4.3

Changelog (symfony/dependency-injection@v7.4.2...v7.4.3)

• bug symfony/symfony#62843 [DependencyInjection] Fix referencing build-time array parameters (@​nicolas-grekas)
• bug symfony/symfony#62755 [DependencyInjection] Fix #[AutowireCallable] sometimes incorrectly inlined (@​HypeMC)
• bug symfony/symfony#62715 [DependencyInjection] Fix sharing services used only by tagged iterators (@​nicolas-grekas)

... (truncated)

Changelog

Sourced from symfony/dependency-injection's changelog.

CHANGELOG

8.1

• Support autowiring env vars as closures or Stringable when using #[Autowire(env: 'FOO')]
• Add EnvClosureArgument and !env_closure YAML tag to inject env vars as closures or Stringable arguments
• Add AddBehaviorDescribingTagsPass to allow bundles to extend the list of behavior-describing tags
• Add Kernel and Bundle infrastructure in the Kernel\ subnamespace
• Add $extensions parameter to MergeExtensionConfigurationPass to ensure registered extensions are implicitly loaded
• Add support for using service stacks as decorators, including decorates_tag
• Add support for decorating all services with a specific tag using the container.tag_decorator resource tag or #[AsTagDecorator]
• Add support for SOURCE_DATE_EPOCH environment variable
• Deprecate configuring options alias, parent, synthetic, file, arguments, properties, configurator or calls when using from_callable
• Deprecate default index/priority methods when defining tagged locators/iterators; use the #[AsTaggedItem] attribute instead
• Allow environment variables with . in them
• Add argument exclude to ContainerConfigurator::import()
• Add target parameter to #[AsAlias] to create target-specific autowiring aliases
• Deprecate named autowiring alias that don't use #[Target]
• Allow passing a Definition instance to Definition::setFactory() and Definition::setConfigurator(), its __invoke() method will be called

8.0

• Remove support for using $this or the loader's internal scope from PHP config files; use the $loader variable instead
• Remove ExtensionInterface::getXsdValidationBasePath() and getNamespace() without alternatives, the XML configuration format is no longer supported
• Add argument $throwOnAbstract to ContainerBuilder::findTaggedResourceIds()
• Registering a service without a class when its id is a non-existing FQCN throws an error
• Remove #[TaggedIterator] and #[TaggedLocator] attributes, replaced by #[AutowireLocator] and #[AutowireIterator]
• Remove ContainerBuilder::getAutoconfiguredAttributes(), replaced by ContainerBuilder::getAttributeAutoconfigurators()
• Remove !tagged tag, use !tagged_iterator instead
• Add argument $target to ContainerBuilder::registerAliasForArgument()
• Remove support for the XML configuration format
• Remove the fluent PHP format for semantic configuration, instantiate builders inline with the config array as argument and return them instead

7.4

• [BC BREAK] Throw when using $this or its internal scope from PHP config files; use the $loader variable instead
• Allow adding resource tags using any config format
• Allow #[AsAlias] to be extended
• Parse attributes found on abstract classes for resource definitions
• Add argument $target to ContainerBuilder::registerAliasForArgument()
• Deprecate registering a service without a class when its id is a non-existing FQCN
• Allow multiple #[AsDecorator] attributes
• Handle declaring services using PHP arrays that follow the same shape as corresponding yaml files
• Add AppReference to help writing PHP configs using yaml-like array-shapes
• Deprecate XML configuration format, use YAML or PHP instead
• Deprecate ExtensionInterface::getXsdValidationBasePath() and getNamespace()

... (truncated)

Commits

• 27cd9f9 Merge branch '6.4' into 7.4
• 4f66d60 [DependencyInjection] Reject circular references through a factory builder's ...
• 40b7c10 minor #64004 [7.4] Remove usages of named arguments in tests (chalasr)
• 621c5e0 [7.4] Remove usages of named arguments in tests
• 6fc5e85 Merge branch '6.4' into 7.4
• e709fb3 bug #64006 [DependencyInjection] Fix hidden dependency on symfony/config in P...
• 4fc7627 [DependencyInjection] Fix hidden dependency on symfony/config in PhpDumper
• 61a8cc1 Merge branch '6.4' into 7.4
• 3c09a77 [DependencyInjection] Log every build parameter removed during compilation
• cc8db49 Update XSD references in phpunit.xml.dist files
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity

Metric	Results
Complexity	0

View in Codacy

AI Reviewer: first review requested successfully. AI can make mistakes. Always validate suggestions.

_{TIP This summary will be updated as you push new changes.}

[codacy-production]

Pull Request Overview

This PR updates symfony/dependency-injection to v7.4.9. While the primary dependency remains within the v7.x branch, the transitive dependency symfony/var-exporter has been bumped to v8.0.9.

This update introduces a critical breaking change: symfony/var-exporter v8.0.9 requires PHP 8.4 or higher. This will cause deployment or runtime failures if your environment is running PHP 8.2 or 8.3. This requirement should prevent merging unless the infrastructure is already updated to PHP 8.4.

About this PR

• The upgrade of symfony/var-exporter to v8.0.9 introduces a hard requirement for PHP 8.4. This major version bump for a dependency is not highlighted in the PR description and constitutes a breaking change for projects on older PHP runtimes.

Test suggestions

• Verify dependency resolution and lock file integrity via composer install.
• Verify application boots and the DI container compiles successfully.
• Confirm compatibility with PHP 8.2 and 8.3, as symfony/var-exporter now requires PHP 8.4.

Prompt proposal for missing tests

Consider implementing these tests if applicable:
1. Verify dependency resolution and lock file integrity via `composer install`.
2. Verify application boots and the DI container compiles successfully.
3. Confirm compatibility with PHP 8.2 and 8.3, as `symfony/var-exporter` now requires PHP 8.4.

_{TIP Improve review quality by adding custom instructions
TIP How was this review? Give us feedback}

[codacy-production]

_{🔴 HIGH RISK}

The update to symfony/var-exporter v8.0.9 (line 956) raises the minimum PHP requirement to 8.4. This is a breaking change for projects supporting PHP 8.2 or 8.3.

If you do not intend to upgrade the infrastructure to PHP 8.4 immediately, you should restrict the platform PHP version in your composer.json to prevent the installation of v8 components:

1. Update composer.json to set the platform PHP version (e.g., "php": "8.2.0") in the config section.
2. Run composer update to reconcile composer.lock with a compatible version (v7.x) of symfony/var-exporter.