From 4ba90e144a6660876053124951cff90223156c1a Mon Sep 17 00:00:00 2001
From: Christian Flothmann <christian.flothmann@open.de>
Date: Sun, 16 Nov 2025 13:39:58 +0100
Subject: [PATCH 1/3] do not implement __serialize() for users without
 passwords

---
 src/Security/UserClassBuilder.php                     |  2 +-
 .../fixtures/expected/UserEntityWithoutPassword.php   | 11 -----------
 .../fixtures/expected/UserModelWithoutPassword.php    | 11 -----------
 3 files changed, 1 insertion(+), 23 deletions(-)

diff --git a/src/Security/UserClassBuilder.php b/src/Security/UserClassBuilder.php
index f9074ef3c..5513ac4c2 100644
--- a/src/Security/UserClassBuilder.php
+++ b/src/Security/UserClassBuilder.php
@@ -38,7 +38,7 @@ public function addUserInterfaceImplementation(ClassSourceManipulator $manipulat
 
         $this->addPasswordImplementation($manipulator, $userClassConfig);
 
-        if (class_exists(IsGrantedContext::class)) {
+        if (class_exists(IsGrantedContext::class) && $userClassConfig->hasPassword()) {
             $this->addSerialize($manipulator);
         }
 
diff --git a/tests/Security/fixtures/expected/UserEntityWithoutPassword.php b/tests/Security/fixtures/expected/UserEntityWithoutPassword.php
index 1f590957f..b38244cd3 100644
--- a/tests/Security/fixtures/expected/UserEntityWithoutPassword.php
+++ b/tests/Security/fixtures/expected/UserEntityWithoutPassword.php
@@ -67,17 +67,6 @@ public function setRoles(array $roles): static
         return $this;
     }
 
-    /**
-     * Ensure the session doesn't contain actual password hashes by CRC32C-hashing them, as supported since Symfony 7.3.
-     */
-    public function __serialize(): array
-    {
-        $data = (array) $this;
-        $data["\0" . self::class . "\0password"] = hash('crc32c', $this->password);
-        
-        return $data;
-    }
-
     #[\Deprecated]
     public function eraseCredentials(): void
     {
diff --git a/tests/Security/fixtures/expected/UserModelWithoutPassword.php b/tests/Security/fixtures/expected/UserModelWithoutPassword.php
index 383445d2e..d68f86320 100644
--- a/tests/Security/fixtures/expected/UserModelWithoutPassword.php
+++ b/tests/Security/fixtures/expected/UserModelWithoutPassword.php
@@ -52,17 +52,6 @@ public function setRoles(array $roles): static
         return $this;
     }
 
-    /**
-     * Ensure the session doesn't contain actual password hashes by CRC32C-hashing them, as supported since Symfony 7.3.
-     */
-    public function __serialize(): array
-    {
-        $data = (array) $this;
-        $data["\0" . self::class . "\0password"] = hash('crc32c', $this->password);
-        
-        return $data;
-    }
-
     #[\Deprecated]
     public function eraseCredentials(): void
     {

From fafd95121cea7dd4f2b315717be0d57c95bba451 Mon Sep 17 00:00:00 2001
From: Christian Flothmann <christian.flothmann@open.de>
Date: Sun, 16 Nov 2025 13:40:17 +0100
Subject: [PATCH 2/3] run tests with Symfony 7.3

---
 .github/workflows/ci-linux.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci-linux.yaml b/.github/workflows/ci-linux.yaml
index 2f0449821..d70e4f917 100644
--- a/.github/workflows/ci-linux.yaml
+++ b/.github/workflows/ci-linux.yaml
@@ -45,7 +45,7 @@ jobs:
                     - '8.3'
                 symfony-version:
                     - '6.4.*'
-                    - '7.2.*'
+                    - '7.3.*'
                 dependency-versions: ['highest']
                 include:
                     # testing lowest PHP+dependencies with lowest Symfony

From d67cf83c2843c860ee3e68946549edcc6e4a949f Mon Sep 17 00:00:00 2001
From: Christian Flothmann <christian.flothmann@open.de>
Date: Sun, 16 Nov 2025 13:40:45 +0100
Subject: [PATCH 3/3] fix the Maker test environment

---
 src/Test/MakerTestEnvironment.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Test/MakerTestEnvironment.php b/src/Test/MakerTestEnvironment.php
index f7af580ff..fec59cdd0 100644
--- a/src/Test/MakerTestEnvironment.php
+++ b/src/Test/MakerTestEnvironment.php
@@ -246,7 +246,7 @@ private function buildFlexSkeleton(): void
         $flexProjectDir = \sprintf('flex_project%s', $targetVersion);
 
         MakerTestProcess::create(
-            \sprintf('composer create-project symfony/skeleton%s %s --prefer-dist --no-progress', $versionString, $flexProjectDir),
+            \sprintf('composer create-project symfony/skeleton%s %s --prefer-dist --no-progress --keep-vcs', $versionString, $flexProjectDir),
             $this->cachePath
         )->run();
 
@@ -260,7 +260,7 @@ private function buildFlexSkeleton(): void
         }
 
         // fetch a few packages needed for testing
-        MakerTestProcess::create('composer require phpunit browser-kit symfony/css-selector --prefer-dist --no-progress --no-suggest', $this->flexPath)
+        MakerTestProcess::create('composer require phpunit:1.1.* browser-kit symfony/css-selector --prefer-dist --no-progress --no-suggest', $this->flexPath)
                         ->run();
 
         if ('\\' !== \DIRECTORY_SEPARATOR) {