chore(deps): [security] bump symfony/http-kernel from 2.6.4 to 2.8.51 in /tests/apps/php

[dependabot-preview]

Bumps symfony/http-kernel from 2.6.4 to 2.8.51. This update includes security fixes.

Vulnerabilities fixed

Sourced from The PHP Security Advisories Database.

Esi Code Injection

Affected versions: >=2.0.0, <2.1.0; >=2.1.0, <2.2.0; >=2.2.0, <2.3.0; >=2.3.0, <2.3.27; >=2.4.0, <2.5.0; >=2.5.0, <2.5.11; >=2.6.0, <2.6.6

Sourced from The PHP Security Advisories Database.

CVE-2015-4050: ESI unauthorized access

Affected versions: >=2.3.19, <2.3.29; >=2.4.9, <2.5.0; >=2.5.4, <2.5.12; >=2.6.0, <2.6.8

Changelog

Sourced from symfony/http-kernel's changelog.

CHANGELOG

5.0.0

• removed support for getting the container from a non-booted kernel
• removed the first and second constructor argument of ConfigDataCollector
• removed ConfigDataCollector::getApplicationName()
• removed ConfigDataCollector::getApplicationVersion()
• removed support for Symfony\Component\Templating\EngineInterface in HIncludeFragmentRenderer, use a Twig\Environment only
• removed TranslatorListener in favor of LocaleAwareListener
• removed getRootDir() and getName() from Kernel and KernelInterface
• removed FilterControllerArgumentsEvent, use ControllerArgumentsEvent instead
• removed FilterControllerEvent, use ControllerEvent instead
• removed FilterResponseEvent, use ResponseEvent instead
• removed GetResponseEvent, use RequestEvent instead
• removed GetResponseForControllerResultEvent, use ViewEvent instead
• removed GetResponseForExceptionEvent, use ExceptionEvent instead
• removed PostResponseEvent, use TerminateEvent instead
• removed SaveSessionListener in favor of AbstractSessionListener
• removed Client, use HttpKernelBrowser instead
• added method getProjectDir() to KernelInterface
• removed methods serialize and unserialize from DataCollector, store the serialized state in the data property instead
• made ProfilerStorageInterface internal
• removed the second and third argument of KernelInterface::locateResource
• removed the second and third argument of FileLocator::__construct
• removed loading resources from %kernel.root_dir%/Resources and %kernel.root_dir% as
  fallback directories.

4.4.0

• The DebugHandlersListener class has been marked as final
• Added new Bundle directory convention consistent with standard skeletons
• Deprecated the second and third argument of KernelInterface::locateResource
• Deprecated the second and third argument of FileLocator::__construct
• Deprecated loading resources from %kernel.root_dir%/Resources and %kernel.root_dir% as
  fallback directories. Resources like service definitions are usually loaded relative to the
  current directory or with a glob pattern. The fallback directories have never been advocated
  so you likely do not use those in any app based on the SF Standard or Flex edition.
• Marked all dispatched event classes as @final
• Added ErrorController to enable the preview and error rendering mechanism
• Getting the container from a non-booted kernel is deprecated.

4.3.0

• renamed Client to HttpKernelBrowser
• KernelInterface doesn't extend Serializable anymore

... (truncated)

Commits

• a01e2b4 bumped version
• b835924 fixed version
• 0fc8ce0 updated VERSION for 2.8.50
• 3df0207 bumped version
• be18ff9 updated VERSION for 2.8.48
• 491046e [cs] correct invalid @​param types
• df2df80 Bump phpunit XSD version to 5.2
• 31717d4 bumped Symfony version to 2.8.48
• 10b941c updated VERSION for 2.8.47
• fd1c5a8 Fix ini_get() for boolean values
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)