Bump dependencies to align with composer based installs

[mollux]

Q	A
Bug fix? (use the a.b branch)	[x]
New feature/enhancement? (use the a.x branch)	[ ]
Deprecations?	[ ]
BC breaks? (use the c.x branch)	[ ]
Automated tests included?	[ ]
Related user documentation PR URL	mautic/mautic-documentation#...
Related developer documentation PR URL	mautic/developer-documentation#...
Issue(s) addressed	Fixes #...

Description:

The current version of Composer dependencies are locked in the composer.lock file.
There dependencies are used during development en when running the tests.

However, that lock file is not used when installing Mautic via composer, and that makes sense.

This means we need to ensure every on a regular basis that these dependencies are up-to-date.

This PR updates all(*) dependencies to the latest available version, and makes some changes to the tests to ensure they pass successfully.

2 packages have temporarily been locked more strictly, to ensure a version compatible with Mautic is used, as the composer based releases may experience a different outcome:

• the phpoffice/phpspreadsheet is restricted to ^1.15 < 1.28, to ensure the data types of fields stay the same.
  In the tests some data changed from int|float to string, and this needs further investigation.
• doctrine/dbal is restriced to ^3.6.2 < 3.8.0, to ensure we don't need to change a lot of logic as some methods got deprecated.
  • See Deprecate getting query parts from QueryBuilder doctrine/dbal#6179 and Add deprecation layer and upgrade path for QueryBuilder::reset*() methods doctrine/dbal#6193
  • Another change in doctrine/dbal:^3.8.0 is the rework of QueryBuilder::getSQLForSelect(), see
    Enable skipping locked rows in QueryBuilder doctrine/dbal#6191.
    I already started to work on support for 3.8.0 by adding a trait for to easily work with this in the tests, see app/bundles/CoreBundle/Test/Doctrine/MockedConnectionTrait.php.

See the individual commits for more context.
Following table was generated using the ion-bazan/composer-diff Composer plugin, and running following command: composer diff --no-dev -l.

Prod Packages	Operation	Base	Target	Link
aws/aws-sdk-php	Upgraded	3.294.5	3.298.2	Diff
composer/ca-bundle	Upgraded	1.3.7	1.4.0	Diff
composer/composer	Upgraded	2.6.4	2.6.6	Diff
composer/pcre	Upgraded	3.1.0	3.1.1	Diff
composer/spdx-licenses	Upgraded	1.5.7	1.5.8	Diff
doctrine/data-fixtures	Upgraded	1.6.6	1.7.0	Diff
doctrine/dbal	Upgraded	3.6.2	3.7.2	Diff
doctrine/deprecations	Upgraded	1.1.2	1.1.3	Diff
doctrine/doctrine-bundle	Upgraded	2.9.1	2.11.1	Diff
doctrine/doctrine-fixtures-bundle	Upgraded	3.4.4	3.5.1	Diff
doctrine/doctrine-migrations-bundle	Upgraded	3.2.2	3.3.0	Diff
doctrine/inflector	Upgraded	2.0.6	2.0.9	Diff
doctrine/orm	Upgraded	2.15.1	2.18.0	Diff
egulias/email-validator	Upgraded	3.2.5	3.2.6	Diff
exercise/htmlpurifier-bundle	Upgraded	4.1.1	4.1.2	Diff
ezyang/htmlpurifier	Upgraded	v4.14.0	v4.17.0	Diff
friendsofphp/proxy-manager-lts	Upgraded	v1.0.12	v1.0.16	Diff
friendsofsymfony/rest-bundle	Upgraded	3.5.0	3.6.0	Diff
giggsey/libphonenumber-for-php	Upgraded	8.12.56	8.13.29	Diff
giggsey/locale	Upgraded	2.2	2.5	Diff
helios-ag/fm-elfinder-bundle	Upgraded	12.3	12.5	Diff
jms/metadata	Upgraded	2.6.1	2.8.0	Diff
jms/serializer	Upgraded	3.23.0	3.29.1	Diff
jms/serializer-bundle	Upgraded	5.1.0	5.4.0	Diff
joomla/string	Downgraded	2.0.1	1.4.6	Diff
kamermans/guzzle-oauth2-subscriber	Upgraded	v1.0.12	v1.0.13	Diff
knplabs/knp-menu	Upgraded	v3.3.0	v3.4.0	Diff
laminas/laminas-code	Upgraded	4.6.0	4.7.1	Diff
league/flysystem	Upgraded	3.15.1	3.24.0	Diff
league/flysystem-local	Upgraded	3.15.0	3.23.1	Diff
league/mime-type-detection	Upgraded	1.11.0	1.15.0	Diff
lightsaml/sp-bundle	Changed	dev-symfony5 b73d6b9	dev-symfony5 91f36a5	Diff
lightsaml/symfony-bridge	Changed	dev-symfony5 2d84638	dev-symfony5 26f58d3	Diff
litesaml/lightsaml	Upgraded	v4.1.4	v4.1.6	Diff
maennchen/zipstream-php	Upgraded	2.2.1	2.4.0	Diff
markbaker/complex	Upgraded	3.0.1	3.0.2	Diff
markbaker/matrix	Upgraded	3.0.0	3.0.1	Diff
maxmind-db/reader	Upgraded	v1.11.0	v1.11.1	Diff
monolog/monolog	Upgraded	1.27.1	2.9.2	Diff
nikic/php-parser	Upgraded	v4.15.1	v4.18.0	Diff
paragonie/constant_time_encoding	New	-	v2.6.3	Diff
pda/pheanstalk	Upgraded	v4.0.4	v4.0.5	Diff
php-amqplib/php-amqplib	Upgraded	v2.11.0	v3.6.0	Diff
php-amqplib/rabbitmq-bundle	Upgraded	2.5.3	2.14.0	Diff
php-http/httplug	Upgraded	2.3.0	2.4.0	Diff
php-http/promise	Upgraded	1.1.0	1.3.0	Diff
phpoffice/phpspreadsheet	Upgraded	1.24.1	1.27.1	Diff
phpseclib/phpseclib	Upgraded	2.0.38	3.0.35	Diff
phpstan/phpdoc-parser	Upgraded	1.24.2	1.25.0	Diff
ramsey/uuid	Upgraded	4.7.4	4.7.5	Diff
seld/jsonlint	Upgraded	1.10.0	1.10.1	Diff
simshaun/recurr	Upgraded	v5.0.1	v5.0.2	Diff
studio-42/elfinder	Upgraded	2.1.62	2.1.65	Diff
symfony/amqp-messenger	Upgraded	v5.4.22	v5.4.35	Diff
symfony/asset	Upgraded	v5.4.21	v5.4.35	Diff
symfony/cache	Upgraded	v5.4.23	v5.4.35	Diff
symfony/config	Upgraded	v5.4.21	v5.4.35	Diff
symfony/console	Upgraded	v5.4.28	v5.4.35	Diff
symfony/css-selector	Upgraded	v5.4.21	v5.4.35	Diff
symfony/dependency-injection	Upgraded	v5.4.24	v5.4.35	Diff
symfony/deprecation-contracts	Upgraded	v2.5.2	v3.0.2	Diff
symfony/doctrine-bridge	Upgraded	v5.4.22	v5.4.35	Diff
symfony/doctrine-messenger	Upgraded	v5.4.21	v5.4.35	Diff
symfony/dotenv	Upgraded	v5.4.22	v5.4.35	Diff
symfony/error-handler	Upgraded	v5.4.29	v5.4.35	Diff
symfony/event-dispatcher	Upgraded	v5.4.26	v5.4.35	Diff
symfony/expression-language	Upgraded	v5.4.21	v5.4.35	Diff
symfony/filesystem	Upgraded	v5.4.25	v5.4.35	Diff
symfony/finder	Upgraded	v5.4.27	v5.4.35	Diff
symfony/form	Upgraded	v5.4.22	v5.4.35	Diff
symfony/framework-bundle	Upgraded	v5.4.24	v5.4.35	Diff
symfony/http-client	Upgraded	v5.4.22	v5.4.35	Diff
symfony/http-foundation	Upgraded	v5.4.31	v5.4.35	Diff
symfony/http-kernel	Upgraded	v5.4.31	v5.4.35	Diff
symfony/intl	Upgraded	v5.4.22	v5.4.35	Diff
symfony/lock	Upgraded	v5.4.22	v5.4.35	Diff
symfony/mailer	Upgraded	v5.4.22	v5.4.35	Diff
symfony/messenger	Upgraded	v5.4.22	v5.4.35	Diff
symfony/mime	Upgraded	v5.4.26	v5.4.35	Diff
symfony/monolog-bridge	Upgraded	v5.4.22	v5.4.35	Diff
symfony/polyfill-intl-icu	Upgraded	v1.27.0	v1.28.0	Diff
symfony/process	Upgraded	v5.4.28	v5.4.35	Diff
symfony/property-access	Upgraded	v5.4.26	v5.4.35	Diff
symfony/redis-messenger	Upgraded	v5.4.22	v6.0.19	Diff
symfony/routing	Upgraded	v5.4.22	v5.4.35	Diff
symfony/security-bundle	Upgraded	v5.4.22	v5.4.35	Diff
symfony/security-core	Upgraded	v5.4.30	v5.4.35	Diff
symfony/security-csrf	Upgraded	v5.4.21	v5.4.35	Diff
symfony/security-guard	Upgraded	v5.4.22	v5.4.35	Diff
symfony/security-http	Upgraded	v5.4.31	v5.4.35	Diff
symfony/stopwatch	Upgraded	v5.4.21	v5.4.35	Diff
symfony/templating	Upgraded	v5.4.21	v5.4.35	Diff
symfony/translation	Upgraded	v5.4.24	v5.4.35	Diff
symfony/twig-bridge	Upgraded	v5.4.31	v5.4.35	Diff
symfony/twig-bundle	Upgraded	v5.4.21	v5.4.35	Diff
symfony/validator	Upgraded	v5.4.22	v5.4.35	Diff
symfony/var-dumper	Upgraded	v5.4.29	v5.4.35	Diff
symfony/yaml	Upgraded	v5.4.21	v5.4.35	Diff
tightenco/collect	Upgraded	v8.83.23	v8.83.27	Diff
twig/twig	Upgraded	v3.7.1	v3.8.0	Diff
wikimedia/less.php	Upgraded	v4.1.0	v4.1.1	Diff
bjeavons/zxcvbn-php	Removed	1.3.1	-	Diff

Steps to test this PR:

1. Open this PR on Gitpod or pull down for testing locally (see docs on testing PRs here)

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (fdd8ffe) 58.63% compared to head (1981583) 58.62%.

Additional details and impacted files

@@             Coverage Diff              @@
##                5.0   #13311      +/-   ##
============================================
- Coverage     58.63%   58.62%   -0.01%     
  Complexity    32990    32990              
============================================
  Files          2183     2183              
  Lines         98758    98758              
============================================
- Hits          57902    57901       -1     
- Misses        40856    40857       +1     

see 2 files with indirect coverage changes

[mollux]

I ran the mautic/api-library tests, as the jms/serializer package was updated, which may impact the API output.
https://github.com/mautic/api-library/actions/runs/7776166026/job/21202996646
API tests still pass with the updated dependencies.

[mallezie]

Might be i'm a bit too conservative here. But wouldn't working the other way around actually make more sense?
So this means locking (in composer.json) the versions to the one in composer.lock (which are the tested versions).
Then we could update more conscious afterwards from there. (For example in here i would split updates between simple composer updates (passing all tests) and in seperate PRs, updates which needs code changes). That would also make PR's much more easy for code-review.

[mollux]

@mallezie I get your point, and I also thought about this.
That would be a good approach is the release process and governance allows you to release often.
This is unfortunately not the case at this point.
And even then, we would easily slip into the same issues as Drupal encountered (e.g. https://www.drupal.org/project/drupal/issues/3198340).

So for now, I see this as the middle ground, and will propose this to core team:

• for every every patch, minor, and major RC release), we update the dependencies so those get testes via the automated tests and the users tests when reviewing bugfixes and features.
• we review all dependencies and restrict them if they would allow to do major updates (e.g. see the monolog/monolog package above).

[escopecz]

Looks good to me 👍 Thanks for taking care of this!

[mollux]

@mallezie do you agree with my POV on this issue? or do you see any blockers to merge this?

[mallezie]

No blockers to merging this from me. (Did not test anything).
We might think about how to do this in the future without holding this one up.