From 754e580d0d0256295db8e97b1f4fc5c94c2999ae Mon Sep 17 00:00:00 2001
From: SonataCI <thomas+ci@sonata-project.org>
Date: Tue, 11 Feb 2020 02:12:18 +0000
Subject: [PATCH 1/4] DevKit updates

---
 .github/workflows/documentation.yaml | 53 ++++++++++++++++++++++++++++
 .github/workflows/lint.yaml          | 14 --------
 .travis.yml                          |  2 --
 .travis/check_relevant_docs.sh       |  6 ----
 .travis/install_docs.sh              |  4 ---
 5 files changed, 53 insertions(+), 26 deletions(-)
 create mode 100644 .github/workflows/documentation.yaml
 delete mode 100644 .github/workflows/lint.yaml
 delete mode 100755 .travis/check_relevant_docs.sh
 delete mode 100755 .travis/install_docs.sh

diff --git a/.github/workflows/documentation.yaml b/.github/workflows/documentation.yaml
new file mode 100644
index 000000000..64b848cbf
--- /dev/null
+++ b/.github/workflows/documentation.yaml
@@ -0,0 +1,53 @@
+on:
+    push:
+        paths:
+            - 'docs/**'
+
+    pull_request:
+        paths:
+            - 'docs/**'
+
+name: Documentation
+
+jobs:
+    build:
+        name: Build
+
+        runs-on: ubuntu-latest
+
+        steps:
+            - name: "Checkout"
+              uses: actions/checkout@v2
+
+            - name: "Set up Python 3.7"
+              uses: actions/setup-python@v1
+              with:
+                  python-version: '3.7' # Semantic version range syntax or exact version of a Python version
+
+            - name: "Display Python version"
+              run: python -c "import sys; print(sys.version)"
+
+            - name: "Install Sphinx dependencies"
+              run: sudo apt-get install python-dev build-essential
+
+            - name: "Install custom requirements via pip"
+              run: pip install -r docs/requirements.txt
+
+            - name: "Build documentation"
+              run: make docs
+
+    doctor-rst:
+        name: DOCtor-RST
+
+        runs-on: ubuntu-latest
+
+        steps:
+            - name: "Checkout"
+              uses: actions/checkout@master
+
+            - name: "Run DOCtor-RST"
+              uses: docker://oskarstark/doctor-rst
+              with:
+                  args: --short
+              env:
+                  DOCS_DIR: 'docs/'
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
deleted file mode 100644
index a441c78f1..000000000
--- a/.github/workflows/lint.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-on: [push, pull_request]
-name: Lint
-jobs:
-    doctor-rst:
-        name: DOCtor-RST
-        runs-on: ubuntu-latest
-        steps:
-            - uses: actions/checkout@master
-            - name: DOCtor-RST
-              uses: docker://oskarstark/doctor-rst
-              with:
-                  args: --short
-              env:
-                  DOCS_DIR: 'docs/'
diff --git a/.travis.yml b/.travis.yml
index 828540a1a..f3c804488 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -38,8 +38,6 @@ env:
 matrix:
   fast_finish: true
   include:
-    - php: '7.3'
-      env: TARGET=docs
     - php: '7.3'
       env: TARGET=lint
     - php: '7.2'
diff --git a/.travis/check_relevant_docs.sh b/.travis/check_relevant_docs.sh
deleted file mode 100755
index 9e618c4e2..000000000
--- a/.travis/check_relevant_docs.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/usr/bin/env bash
-set -ev
-
-RELEVANT_FILES=$(git diff --name-only HEAD upstream/${TRAVIS_BRANCH} -- '*.rst')
-
-if [[ -z ${RELEVANT_FILES} ]]; then echo -n 'KO'; exit 0; fi;
diff --git a/.travis/install_docs.sh b/.travis/install_docs.sh
deleted file mode 100755
index a5522d971..000000000
--- a/.travis/install_docs.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/usr/bin/env sh
-set -ev
-
-pip install -r docs/requirements.txt --user

From 23292b1fe8305ccbfa8326788e0f559f23acc407 Mon Sep 17 00:00:00 2001
From: Oskar Stark <oskarstark@googlemail.com>
Date: Tue, 11 Feb 2020 13:00:44 +0100
Subject: [PATCH 2/4] Fix CVE-2019-10910

---
 composer.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/composer.json b/composer.json
index e4a47b543..9ea9f397b 100644
--- a/composer.json
+++ b/composer.json
@@ -37,7 +37,7 @@
         "sonata-project/user-bundle": "^4.0",
         "symfony/config": "^3.4 || ^4.0",
         "symfony/console": "^3.4 || ^4.0",
-        "symfony/dependency-injection": "^3.4 || ^4.0",
+        "symfony/dependency-injection": "^3.4.26 || ^4.1.12",
         "symfony/doctrine-bridge": "^3.4 || ^4.0",
         "symfony/event-dispatcher": "^3.4 || ^4.0",
         "symfony/filesystem": "^3.4 || ^4.0",

From 8312dad5bca3fb847294c921773f7fe01c5dc8f6 Mon Sep 17 00:00:00 2001
From: Oskar Stark <oskarstark@googlemail.com>
Date: Tue, 11 Feb 2020 12:59:44 +0100
Subject: [PATCH 3/4] Fix CVE-2019-18888 & CVE-2019-10913

---
 composer.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/composer.json b/composer.json
index 9ea9f397b..55a5f4c40 100644
--- a/composer.json
+++ b/composer.json
@@ -43,7 +43,7 @@
         "symfony/filesystem": "^3.4 || ^4.0",
         "symfony/form": "^3.4 || ^4.0",
         "symfony/framework-bundle": "^3.4 || ^4.0",
-        "symfony/http-foundation": "^3.4 || ^4.0",
+        "symfony/http-foundation": "^3.4.35 || ^4.2.12",
         "symfony/http-kernel": "^3.4 || ^4.0",
         "symfony/intl": "^3.4 || ^4.0",
         "symfony/options-resolver": "^3.4 || ^4.0",

From f9b5c0dba4ef84abd23603fd8f7b900009e93e00 Mon Sep 17 00:00:00 2001
From: Oskar Stark <oskarstark@googlemail.com>
Date: Tue, 11 Feb 2020 14:14:52 +0100
Subject: [PATCH 4/4] Fix CVE-2019-10909 (#647)

---
 composer.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/composer.json b/composer.json
index 55a5f4c40..b4d461c8d 100644
--- a/composer.json
+++ b/composer.json
@@ -42,7 +42,7 @@
         "symfony/event-dispatcher": "^3.4 || ^4.0",
         "symfony/filesystem": "^3.4 || ^4.0",
         "symfony/form": "^3.4 || ^4.0",
-        "symfony/framework-bundle": "^3.4 || ^4.0",
+        "symfony/framework-bundle": "^3.4.26 || ^4.1.12",
         "symfony/http-foundation": "^3.4.35 || ^4.2.12",
         "symfony/http-kernel": "^3.4 || ^4.0",
         "symfony/intl": "^3.4 || ^4.0",