build(deps): bump symfony/filesystem from 7.1.2 to 7.4.9

[dependabot]

Bumps symfony/filesystem from 7.1.2 to 7.4.9.

Release notes

Sourced from symfony/filesystem's releases.

v7.4.9

Changelog (symfony/filesystem@v7.4.6...v7.4.9)

• bug #63909 Fix Path methods replacing backslashes on UNIX (@​Amoifr)

v7.4.8

Changelog (symfony/filesystem@v7.4.7...v7.4.8)

• no significant changes

v7.4.6

Changelog (symfony/filesystem@v7.4.5...v7.4.6)

• bug #47424 makePathRelative with existing files, remove ending / (Petar Marjanovic)

v7.4.0

Changelog (symfony/filesystem@v7.4.0-RC3...v7.4.0)

• no significant changes

v7.4.0-RC1

Changelog (symfony/filesystem@v7.4.0-BETA2...v7.4.0-RC1)

• bug symfony/symfony#62283 [Filesystem] Unify logic for isAbsolute() in Path (@​yoeunes)

v7.4.0-BETA1

Changelog (symfony/filesystem@v7.3.4...v7.4.0-BETA1)

• no significant changes

v7.3.8

Changelog (symfony/filesystem@v7.3.7...v7.3.8)

• no significant changes

v7.3.6

Changelog (symfony/filesystem@v7.3.5...v7.3.6)

• bug symfony/symfony#62283 [Filesystem] Unify logic for isAbsolute() in Path (@​yoeunes)

v7.3.2

Changelog (symfony/filesystem@v7.3.1...v7.3.2)

• no significant changes

v7.3.0

Changelog (symfony/filesystem@v7.3.0-RC1...v7.3.0)

• no significant changes

... (truncated)

Commits

• dcd8f96 Update XSD references in phpunit.xml.dist files
• d230a8e Merge branch '6.4' into 7.4
• 29f792d More CS fixes
• e66da3e Merge branch '6.4' into 7.4
• 60d2511 CS fixes - native_function_invocation & static_lambda
• 1c54ad0 [Filesystem] Fix Path dealing with schemes
• b42ef66 [Filesystem] Fix merge conflict resolution
• b6c73d5 Merge branch '6.4' into 7.4
• 7309213 [Filesystem] Fix Path::normalize() replacing backslashes on UNIX
• 5dce1cd Add deprecationTrigger ignoreUndefinedTriggers="true" in phpunit.xml.dist files
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity

Metric	Results
Complexity	0

View in Codacy

AI Reviewer: first review requested successfully. AI can make mistakes. Always validate suggestions.

_{TIP This summary will be updated as you push new changes.}

[codacy-production]

Pull Request Overview

This PR updates symfony/filesystem and its associated polyfills. Although the Codacy analysis is up to standards with no new issues, the update introduces potential breaking changes for the infrastructure.

Specifically, the symfony/polyfill-mbstring update requires the ext-iconv PHP extension, which may be missing in minimalist runtime environments. Additionally, the lock file was generated with a significantly newer version of Composer (2.9.0), which could cause compatibility issues with CI/CD pipelines running older versions. These architectural concerns should be validated before merging.

About this PR

• The composer.lock file was updated using a newer Composer version (plugin-api-version 2.9.0 vs 2.6.0). This may cause installation errors in CI environments or production servers that use older Composer binaries. It is recommended to synchronize the Composer version used locally with the one used in the deployment pipeline.

Test suggestions

• Verify application compatibility with symfony/filesystem v7.4.9, particularly regarding Path normalization changes mentioned in release notes.
• Confirm that the runtime environment includes 'ext-iconv', which is now an explicit requirement for symfony/polyfill-mbstring v1.37.0.
• Ensure the PHP version in the target environment satisfies the new >= 7.2 requirement for polyfill packages (though likely satisfied if using Symfony 7).

Prompt proposal for missing tests

Consider implementing these tests if applicable:
1. Verify application compatibility with symfony/filesystem v7.4.9, particularly regarding Path normalization changes mentioned in release notes.
2. Confirm that the runtime environment includes 'ext-iconv', which is now an explicit requirement for symfony/polyfill-mbstring v1.37.0.
3. Ensure the PHP version in the target environment satisfies the new >= 7.2 requirement for polyfill packages (though likely satisfied if using Symfony 7).

_{TIP Improve review quality by adding custom instructions
TIP How was this review? Give us feedback}

[codacy-production]

_{🔴 HIGH RISK}

The update to symfony/polyfill-mbstring v1.37.0 introduces a mandatory requirement for the ext-iconv PHP extension. This will cause installation or runtime failures in environments where the iconv extension is not explicitly installed (e.g., minimalist Docker images). Please verify that all target environments have ext-iconv enabled.