[Security] Bump symfony/cache from 4.1.2 to 4.3.2

[dependabot-preview]

Bumps symfony/cache from 4.1.2 to 4.3.2. This update includes security fixes.

Vulnerabilities fixed

Sourced from The PHP Security Advisories Database.

CVE-2019-10912: Prevent destructors with side-effects from being unserialized

Affected versions: >=3.1.0, <3.2.0; >=3.2.0, <3.3.0; >=3.3.0, <3.4.0; >=3.4.0, <3.4.26; >=4.0.0, <4.1.0; >=4.1.0, <4.1.12; >=4.2.0, <4.2.7

Sourced from The PHP Security Advisories Database.

CVE-2019-10912: Prevent destructors with side-effects from being unserialized

Affected versions: >=3.2.0, <3.2.0; >=3.2.0, <3.3.0; >=3.3.0, <3.4.0; >=3.4.0, <3.4.26; >=4.0.0, <4.1.0; >=4.1.0, <4.1.12; >=4.2.0, <4.2.7

Changelog

Sourced from symfony/cache's changelog.

CHANGELOG

5.0.0

• removed all PSR-16 implementations in the Simple namespace
• removed SimpleCacheAdapter
• removed AbstractAdapter::unserialize()
• removed CacheItem::getPreviousTags()

4.4.0

• added support for connecting to Redis Sentinel clusters

4.3.0

• removed psr/simple-cache dependency, run composer require psr/simple-cache if you need it
• deprecated all PSR-16 adapters, use Psr16Cache or Symfony\Contracts\Cache\CacheInterface implementations instead
• deprecated SimpleCacheAdapter, use Psr16Adapter instead

4.2.0

• added support for connecting to Redis clusters via DSN
• added support for configuring multiple Memcached servers via DSN
• added MarshallerInterface and DefaultMarshaller to allow changing the serializer and provide one that automatically uses igbinary when available
• implemented CacheInterface, which provides stampede protection via probabilistic early expiration and should become the preferred way to use a cache
• added sub-second expiry accuracy for backends that support it
• added support for phpredis 4 compression and tcp_keepalive options
• added automatic table creation when using Doctrine DBAL with PDO-based backends
• throw LogicException when CacheItem::tag() is called on an item coming from a non tag-aware pool
• deprecated CacheItem::getPreviousTags(), use CacheItem::getMetadata() instead
• deprecated the AbstractAdapter::unserialize() and AbstractCache::unserialize() methods
• added CacheCollectorPass (originally in FrameworkBundle)
• added CachePoolClearerPass (originally in FrameworkBundle)
• added CachePoolPass (originally in FrameworkBundle)
• added CachePoolPrunerPass (originally in FrameworkBundle)

3.4.0

• added using options from Memcached DSN
• added PruneableInterface so PSR-6 or PSR-16 cache implementations can declare support for manual stale cache pruning
• added prune logic to FilesystemTrait, PhpFilesTrait, PdoTrait, TagAwareAdapter and ChainTrait
• now FilesystemAdapter, PhpFilesAdapter, FilesystemCache, PhpFilesCache, PdoAdapter, PdoCache, ChainAdapter, and
  ChainCache implement PruneableInterface and support manual stale cache pruning

... (truncated)

Commits

• 4acf343 fixed CS
• a1bd3cc Merge branch '4.2' into 4.3
• 02de00b Merge branch '3.4' into 4.2
• 8c6e162 [Cache] replace getNsSeparator by NS_SEPARATOR on AbstractTrait
• b71f045 [Cache] fix versioning with SimpleCacheAdapter
• a3623f6 Merge branch '3.4' into 4.2
• 717c286 SimpleCacheAdapter fails to cache any item if a namespace is used
• ca952a6 fixed CS
• 1a161ee Merge branch '4.2' into 4.3
• 84fc8dc fixed CS
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.