Bump symfony/routing from 7.3.0 to 7.4.13

[dependabot]

Bumps symfony/routing from 7.3.0 to 7.4.13.

Release notes

Sourced from symfony/routing's releases.

v7.4.13

Changelog (symfony/routing@v7.4.12...v7.4.13)

• security #cve-2026-48784 Fix dot-segment encoding for chained "../" and "./" in generated URLs (@​nicolas-grekas)
• bug #64343 Harden __unserialize against __toString trampolines (@​nicolas-grekas)

v7.4.12

Changelog (symfony/routing@v7.4.9...v7.4.12)

• security #cve-2026-45065 Fix regex alternation anchoring in UrlGenerator requirement validation (@​alexandre-daubois)

v7.4.9

Changelog (symfony/routing@v7.4.6...v7.4.9)

• bug #63981 Honor the Request's method in UrlMatcher::matchRequest() (@​ousamabenyounes)

v7.4.8

Changelog (symfony/routing@v7.4.7...v7.4.8)

• no significant changes

v7.4.6

Changelog (symfony/routing@v7.4.5...v7.4.6)

• bug #54236 Fix exclude option being ignored for non-glob and PSR-4 resources (@​NeilPeyssard)
• bug #60662 assign attribute aliases to localized route if applicable (@​alcohol)

v7.4.4

Changelog (symfony/routing@v7.4.3...v7.4.4)

• no significant changes

v7.4.3

Changelog (symfony/routing@v7.4.2...v7.4.3)

• bug symfony/symfony#62791 [Routing] Fix simple parameter mappings in routes (@​nicolas-grekas)
• bug symfony/symfony#62747 [Routing] Do not renumber query parameters with numeric key (@​tillhoerner)

v7.4.0

Changelog (symfony/routing@v7.4.0-RC3...v7.4.0)

• feature symfony/symfony#62469 [Security] Keep SymfonyCasts as backers of the Security components v7.4 🤗 (@​nicolas-grekas)

v7.4.0-RC3

Changelog (symfony/routing@v7.4.0-RC2...v7.4.0-RC3)

• bug symfony/symfony#62459 [Routing] Fix case sensitivity for static host matching in compiled routes (@​yoeunes)
• bug symfony/symfony#62461 [Routing] Fix localized prefix updates breaking aliases (@​yoeunes)
• bug symfony/symfony#62460 [Routing] Fix addNamePrefix breaking aliases to external routes (@​yoeunes)

... (truncated)

Changelog

Sourced from symfony/routing's changelog.

CHANGELOG

8.1

• Add a $trailingSlashOnRoot argument to CollectionConfigurator::prefix() to allow disabling the trailing slash on root routes

8.0

• Remove support for accessing the internal scope of the loader in PHP config files, use only its public API instead
• Providing a non-array _query parameter to UrlGenerator causes an InvalidParameterException
• Remove the protected AttributeClassLoader::$routeAnnotationClass property and the setRouteAnnotationClass() method, use AttributeClassLoader::setRouteAttributeClass() instead
• Remove class aliases in the Annotation namespace, use attributes instead
• Remove getters and setters in attribute classes in favor of public properties
• Remove support for the XML configuration format

7.4

• Add AttributeServicesLoader and RoutingControllerPass to auto-register routes from attributes on services
• Allow query-specific parameters in UrlGenerator using _query
• Add support of multiple env names in the Symfony\Component\Routing\Attribute\Route attribute
• Add argument $parameters to RequestContext's constructor
• Handle declaring routes using PHP arrays that follow the same shape as corresponding yaml files
• Add RoutesReference to help writing PHP configs using yaml-like array-shapes
• Deprecate class aliases in the Annotation namespace, use attributes instead
• Deprecate getters and setters in attribute classes in favor of public properties
• Deprecate accessing the internal scope of the loader in PHP config files, use only its public API instead
• Deprecate XML configuration format, use YAML, PHP or attributes instead

7.3

• Allow aliases and deprecations in #[Route] attribute
• Add the Requirement::MONGODB_ID constant to validate MongoDB ObjectIDs in hexadecimal format

7.2

• Add the Requirement::UID_RFC9562 constant to validate UUIDs in the RFC 9562 format
• Deprecate the AttributeClassLoader::$routeAnnotationClass property

7.1

• Add {foo:bar} syntax to define a mapping between a route parameter and its corresponding request attribute

7.0

... (truncated)

Commits

• 3a16217 Merge branch '6.4' into 7.4
• af04c79 Merge branch '5.4' into 6.4
• e6f3f03 Fix tests and merge resolution after merging 6.4 into 7.4
• 5156fe8 Merge branch '6.4' into 7.4
• be4ce34 [Routing][RateLimiter][Mime][Security] Harden __unserialize against __toStrin...
• f4ca0c5 [Routing] Fix dot-segment encoding for chained "../" and "./" in generated URLs
• 3b04a5e Merge branch '6.4' into 7.4
• 0cd0d2f Merge branch '5.4' into 6.4
• 287771d [7.4] Remove usages of named arguments in tests
• 453501c Merge branch '6.4' into 7.4
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.