[Security] Bump symfony/cache from 4.1.2 to 4.2.7

[dependabot-preview]

Bumps symfony/cache from 4.1.2 to 4.2.7. This update includes security fixes.

Vulnerabilities fixed

Sourced from The PHP Security Advisories Database.

CVE-2019-10912: Prevent destructors with side-effects from being unserialized

Affected versions: >=3.2.0, <3.2.0; >=3.2.0, <3.3.0; >=3.3.0, <3.4.0; >=3.4.0, <3.4.26; >=4.0.0, <4.1.0; >=4.1.0, <4.1.12; >=4.2.0, <4.2.7

Changelog

Sourced from symfony/cache's changelog.

CHANGELOG

4.3.0

• removed psr/simple-cache dependency, run composer require psr/simple-cache if you need it
• deprecated all PSR-16 adapters, use Psr16Cache or Symfony\Contracts\Cache\CacheInterface implementations instead
• deprecated SimpleCacheAdapter, use Psr16Adapter instead

4.2.0

• added support for connecting to Redis clusters via DSN
• added support for configuring multiple Memcached servers via DSN
• added MarshallerInterface and DefaultMarshaller to allow changing the serializer and provide one that automatically uses igbinary when available
• implemented CacheInterface, which provides stampede protection via probabilistic early expiration and should become the preferred way to use a cache
• added sub-second expiry accuracy for backends that support it
• added support for phpredis 4 compression and tcp_keepalive options
• added automatic table creation when using Doctrine DBAL with PDO-based backends
• throw LogicException when CacheItem::tag() is called on an item coming from a non tag-aware pool
• deprecated CacheItem::getPreviousTags(), use CacheItem::getMetadata() instead
• deprecated the AbstractAdapter::unserialize() and AbstractCache::unserialize() methods
• added CacheCollectorPass (originally in FrameworkBundle)
• added CachePoolClearerPass (originally in FrameworkBundle)
• added CachePoolPass (originally in FrameworkBundle)
• added CachePoolPrunerPass (originally in FrameworkBundle)

3.4.0

• added using options from Memcached DSN
• added PruneableInterface so PSR-6 or PSR-16 cache implementations can declare support for manual stale cache pruning
• added prune logic to FilesystemTrait, PhpFilesTrait, PdoTrait, TagAwareAdapter and ChainTrait
• now FilesystemAdapter, PhpFilesAdapter, FilesystemCache, PhpFilesCache, PdoAdapter, PdoCache, ChainAdapter, and
  ChainCache implement PruneableInterface and support manual stale cache pruning

3.3.0

• added CacheItem::getPreviousTags() to get bound tags coming from the pool storage if any
• added PSR-16 "Simple Cache" implementations for all existing PSR-6 adapters
• added Psr6Cache and SimpleCacheAdapter for bidirectional interoperability between PSR-6 and PSR-16
• added MemcachedAdapter (PSR-6) and MemcachedCache (PSR-16)
• added TraceableAdapter (PSR-6) and TraceableCache (PSR-16)

3.2.0

• added TagAwareAdapter for tags-based invalidation

... (truncated)

Commits

• 9e64db9 Merge branch '3.4' into 4.2
• 380b839 security #cve-2019-10912 [Cache][PHPUnit Bridge] Prevent destructors with sid...
• 1660734 Merge branch '3.4' into 4.2
• 437673d bug #30918 [Cache] fix using ProxyAdapter inside TagAwareAdapter (dmaicher)
• 798a3a6 [Cache] fix using ProxyAdapter inside TagAwareAdapter
• 5b62d77 Prevent destructors with side-effects from being unserialized
• 3172c1e Merge branch '3.4' into 4.2
• 669270d SCA: minor code tweaks
• 3c4b9b8 Ensure key exists before checking array value
• de749e4 [Cache] fix LockRegistry
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

[dependabot-preview]

Superseded by #67.