From e5cf8550eefd77c0d48d9cba7bdeda375a64a620 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <mail@jan-boehmer.de>
Date: Sun, 13 Jul 2025 12:11:50 +0200
Subject: [PATCH 01/15] Updated apache pack recipe

---
 public/.htaccess | 2 +-
 symfony.lock     | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/public/.htaccess b/public/.htaccess
index bfaab5de..a13baeee 100644
--- a/public/.htaccess
+++ b/public/.htaccess
@@ -86,7 +86,7 @@ DirectoryIndex index.php
     # - use Apache >= 2.3.9 and replace all L flags by END flags and remove the
     #   following RewriteCond (best solution)
     RewriteCond %{ENV:REDIRECT_STATUS} =""
-    RewriteRule ^index\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
+    RewriteRule ^index\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=308,L]
 
     # If the requested filename exists, simply serve it.
     # We only want to let Apache serve files and not directories.
diff --git a/symfony.lock b/symfony.lock
index 3afd638e..fe61ed14 100644
--- a/symfony.lock
+++ b/symfony.lock
@@ -389,10 +389,10 @@
             "repo": "github.com/symfony/recipes-contrib",
             "branch": "main",
             "version": "1.0",
-            "ref": "0f18b4decdf5695d692c1d0dfd65516a07a6adf1"
+            "ref": "5d454ec6cc4c700ed3d963f3803e1d427d9669fb"
         },
         "files": [
-            "./public/.htaccess"
+            "public/.htaccess"
         ]
     },
     "symfony/asset": {

From 9a3794bc83de8940f486d58abfe90a6b07e6c469 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <mail@jan-boehmer.de>
Date: Sun, 13 Jul 2025 12:12:25 +0200
Subject: [PATCH 02/15] Updated uid recipe

---
 config/packages/uid.yaml |  4 ----
 symfony.lock             | 10 ++++------
 2 files changed, 4 insertions(+), 10 deletions(-)
 delete mode 100644 config/packages/uid.yaml

diff --git a/config/packages/uid.yaml b/config/packages/uid.yaml
deleted file mode 100644
index 01520944..00000000
--- a/config/packages/uid.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-framework:
-    uid:
-        default_uuid_version: 7
-        time_based_uuid_version: 7
diff --git a/symfony.lock b/symfony.lock
index fe61ed14..62f9c411 100644
--- a/symfony.lock
+++ b/symfony.lock
@@ -707,16 +707,14 @@
         ]
     },
     "symfony/uid": {
-        "version": "6.2",
+        "version": "7.3",
         "recipe": {
             "repo": "github.com/symfony/recipes",
             "branch": "main",
-            "version": "6.2",
-            "ref": "d294ad4add3e15d7eb1bae0221588ca89b38e558"
+            "version": "7.0",
+            "ref": "0df5844274d871b37fc3816c57a768ffc60a43a5"
         },
-        "files": [
-            "./config/packages/uid.yaml"
-        ]
+        "files": []
     },
     "symfony/ux-translator": {
         "version": "2.9",

From 53889c78133309fef674d682fcde97e08cfaf398 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <mail@jan-boehmer.de>
Date: Sun, 13 Jul 2025 12:13:10 +0200
Subject: [PATCH 03/15] Updated recipe for property_info

---
 config/packages/property_info.yaml |  3 +++
 symfony.lock                       | 11 ++++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)
 create mode 100644 config/packages/property_info.yaml

diff --git a/config/packages/property_info.yaml b/config/packages/property_info.yaml
new file mode 100644
index 00000000..dd31b9da
--- /dev/null
+++ b/config/packages/property_info.yaml
@@ -0,0 +1,3 @@
+framework:
+    property_info:
+        with_constructor_extractor: true
diff --git a/symfony.lock b/symfony.lock
index 62f9c411..2c3f6b17 100644
--- a/symfony.lock
+++ b/symfony.lock
@@ -608,7 +608,16 @@
         "version": "v4.2.3"
     },
     "symfony/property-info": {
-        "version": "v4.2.3"
+        "version": "7.3",
+        "recipe": {
+            "repo": "github.com/symfony/recipes",
+            "branch": "main",
+            "version": "7.3",
+            "ref": "dae70df71978ae9226ae915ffd5fad817f5ca1f7"
+        },
+        "files": [
+            "./config/packages/property_info.yaml"
+        ]
     },
     "symfony/routing": {
         "version": "6.2",

From 4e1bd486e8de9ca7648c3b74a074ae685ea35db6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <mail@jan-boehmer.de>
Date: Sun, 13 Jul 2025 16:28:15 +0200
Subject: [PATCH 04/15] Updated mailer recipe

---
 symfony.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/symfony.lock b/symfony.lock
index 2c3f6b17..44053dc7 100644
--- a/symfony.lock
+++ b/symfony.lock
@@ -521,15 +521,15 @@
         "version": "v4.2.3"
     },
     "symfony/mailer": {
-        "version": "6.4",
+        "version": "7.3",
         "recipe": {
             "repo": "github.com/symfony/recipes",
             "branch": "main",
             "version": "4.3",
-            "ref": "df66ee1f226c46f01e85c29c2f7acce0596ba35a"
+            "ref": "09051cfde49476e3c12cd3a0e44289ace1c75a4f"
         },
         "files": [
-            "./config/packages/mailer.yaml"
+            "config/packages/mailer.yaml"
         ]
     },
     "symfony/maker-bundle": {

From 1933234ed422bf89b5ad71094ffb791f692251d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <mail@jan-boehmer.de>
Date: Sun, 13 Jul 2025 16:29:27 +0200
Subject: [PATCH 05/15] Updated symfony form recipe

---
 config/packages/csrf.yaml | 11 +++++++++++
 symfony.lock              | 11 ++++++++++-
 2 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 config/packages/csrf.yaml

diff --git a/config/packages/csrf.yaml b/config/packages/csrf.yaml
new file mode 100644
index 00000000..40d40405
--- /dev/null
+++ b/config/packages/csrf.yaml
@@ -0,0 +1,11 @@
+# Enable stateless CSRF protection for forms and logins/logouts
+framework:
+    form:
+        csrf_protection:
+            token_id: submit
+
+    csrf_protection:
+        stateless_token_ids:
+            - submit
+            - authenticate
+            - logout
diff --git a/symfony.lock b/symfony.lock
index 44053dc7..744a4fbe 100644
--- a/symfony.lock
+++ b/symfony.lock
@@ -484,7 +484,16 @@
         ]
     },
     "symfony/form": {
-        "version": "v4.2.3"
+        "version": "7.3",
+        "recipe": {
+            "repo": "github.com/symfony/recipes",
+            "branch": "main",
+            "version": "7.2",
+            "ref": "7d86a6723f4a623f59e2bf966b6aad2fc461d36b"
+        },
+        "files": [
+            "./config/packages/csrf.yaml"
+        ]
     },
     "symfony/framework-bundle": {
         "version": "6.4",

From 2819b457faf8b3af1a5dee4c0458c71b6719104b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <mail@jan-boehmer.de>
Date: Sun, 13 Jul 2025 16:30:11 +0200
Subject: [PATCH 06/15] Updated validator recipe

---
 config/packages/validator.yaml | 2 --
 symfony.lock                   | 8 ++++----
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/config/packages/validator.yaml b/config/packages/validator.yaml
index 0201281d..dd47a6ad 100644
--- a/config/packages/validator.yaml
+++ b/config/packages/validator.yaml
@@ -1,7 +1,5 @@
 framework:
     validation:
-        email_validation_mode: html5
-
         # Enables validator auto-mapping support.
         # For instance, basic validation constraints will be inferred from Doctrine's metadata.
         #auto_mapping:
diff --git a/symfony.lock b/symfony.lock
index 744a4fbe..df2f4d82 100644
--- a/symfony.lock
+++ b/symfony.lock
@@ -753,12 +753,12 @@
         "version": "v2.16.0"
     },
     "symfony/validator": {
-        "version": "5.4",
+        "version": "7.3",
         "recipe": {
             "repo": "github.com/symfony/recipes",
-            "branch": "master",
-            "version": "5.3",
-            "ref": "c32cfd98f714894c4f128bb99aa2530c1227603c"
+            "branch": "main",
+            "version": "7.0",
+            "ref": "8c1c4e28d26a124b0bb273f537ca8ce443472bfd"
         },
         "files": [
             "config/packages/validator.yaml"

From daec5aa4b1b2e5242278f934bcee0cf381405486 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <mail@jan-boehmer.de>
Date: Sun, 13 Jul 2025 16:31:25 +0200
Subject: [PATCH 07/15] Updated web-profiler-bundle recipe

---
 config/packages/web_profiler.yaml | 10 +++-------
 config/routes/web_profiler.yaml   |  4 ++--
 symfony.lock                      |  6 +++---
 3 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/config/packages/web_profiler.yaml b/config/packages/web_profiler.yaml
index b9461110..0eac3c98 100644
--- a/config/packages/web_profiler.yaml
+++ b/config/packages/web_profiler.yaml
@@ -1,17 +1,13 @@
 when@dev:
     web_profiler:
         toolbar: true
-        intercept_redirects: false
 
     framework:
         profiler:
-            only_exceptions: false
             collect_serializer_data: true
 
 when@test:
-    web_profiler:
-        toolbar: false
-        intercept_redirects: false
-
     framework:
-        profiler: { collect: false }
+        profiler:
+            collect: false
+            collect_serializer_data: true
diff --git a/config/routes/web_profiler.yaml b/config/routes/web_profiler.yaml
index 8d85319f..b3b7b4b0 100644
--- a/config/routes/web_profiler.yaml
+++ b/config/routes/web_profiler.yaml
@@ -1,8 +1,8 @@
 when@dev:
     web_profiler_wdt:
-        resource: '@WebProfilerBundle/Resources/config/routing/wdt.xml'
+        resource: '@WebProfilerBundle/Resources/config/routing/wdt.php'
         prefix: /_wdt
 
     web_profiler_profiler:
-        resource: '@WebProfilerBundle/Resources/config/routing/profiler.xml'
+        resource: '@WebProfilerBundle/Resources/config/routing/profiler.php'
         prefix: /_profiler
diff --git a/symfony.lock b/symfony.lock
index df2f4d82..0c991d53 100644
--- a/symfony.lock
+++ b/symfony.lock
@@ -774,12 +774,12 @@
         "version": "v4.2.3"
     },
     "symfony/web-profiler-bundle": {
-        "version": "6.3",
+        "version": "7.3",
         "recipe": {
             "repo": "github.com/symfony/recipes",
             "branch": "main",
-            "version": "6.1",
-            "ref": "e42b3f0177df239add25373083a564e5ead4e13a"
+            "version": "7.3",
+            "ref": "a363460c1b0b4a4d0242f2ce1a843ca0f6ac9026"
         },
         "files": [
             "config/packages/web_profiler.yaml",

From a58fcd94dd5111cb7c3f8fcb1fc5106aa4fdd226 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <mail@jan-boehmer.de>
Date: Sun, 13 Jul 2025 16:32:22 +0200
Subject: [PATCH 08/15] Updated translation recipe

---
 symfony.lock | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/symfony.lock b/symfony.lock
index 0c991d53..334baf4c 100644
--- a/symfony.lock
+++ b/symfony.lock
@@ -693,16 +693,16 @@
         "version": "v5.1.0"
     },
     "symfony/translation": {
-        "version": "6.4",
+        "version": "7.3",
         "recipe": {
             "repo": "github.com/symfony/recipes",
             "branch": "main",
             "version": "6.3",
-            "ref": "e28e27f53663cc34f0be2837aba18e3a1bef8e7b"
+            "ref": "620a1b84865ceb2ba304c8f8bf2a185fbf32a843"
         },
         "files": [
-            "./config/packages/translation.yaml",
-            "./translations/.gitignore"
+            "config/packages/translation.yaml",
+            "translations/.gitignore"
         ]
     },
     "symfony/translation-contracts": {

From 6137065b4e04ccb5c25d54373f07f213e02f4ced Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <mail@jan-boehmer.de>
Date: Sun, 13 Jul 2025 16:40:14 +0200
Subject: [PATCH 09/15] Updated framework-bundle recipe

---
 .editorconfig                  | 17 +++++++++++++++++
 .env                           |  8 +++++---
 .env.dev                       |  4 ++++
 config/packages/framework.yaml |  5 -----
 config/routes/framework.yaml   |  2 +-
 config/services.yaml           |  4 ----
 symfony.lock                   |  7 ++++---
 7 files changed, 31 insertions(+), 16 deletions(-)
 create mode 100644 .editorconfig

diff --git a/.editorconfig b/.editorconfig
new file mode 100644
index 00000000..66990769
--- /dev/null
+++ b/.editorconfig
@@ -0,0 +1,17 @@
+# editorconfig.org
+
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 4
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[{compose.yaml,compose.*.yaml}]
+indent_size = 2
+
+[*.md]
+trim_trailing_whitespace = false
diff --git a/.env b/.env
index a95b46fb..5f97c6d5 100644
--- a/.env
+++ b/.env
@@ -133,9 +133,6 @@ REDIRECT_TO_HTTPS=0
 # When this is empty the content of config/banner.md is used as banner
 BANNER=""
 
-APP_ENV=prod
-APP_SECRET=a03498528f5a5fc089273ec9ae5b2849
-
 # Set this to zero, if you want to disable the year 2038 bug check on 32-bit systems (it will cause errors with current 32-bit PHP versions)
 DISABLE_YEAR2038_BUG_CHECK=0
 
@@ -153,3 +150,8 @@ LOCK_DSN=flock
 ###> nelmio/cors-bundle ###
 CORS_ALLOW_ORIGIN='^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$'
 ###< nelmio/cors-bundle ###
+
+###> symfony/framework-bundle ###
+APP_ENV=prod
+APP_SECRET=
+###< symfony/framework-bundle ###
diff --git a/.env.dev b/.env.dev
index e69de29b..53b05877 100644
--- a/.env.dev
+++ b/.env.dev
@@ -0,0 +1,4 @@
+
+###> symfony/framework-bundle ###
+APP_SECRET=318b5d659e07a0b3f96d9b3a83b254ca
+###< symfony/framework-bundle ###
diff --git a/config/packages/framework.yaml b/config/packages/framework.yaml
index 279c51f5..9445f1c0 100644
--- a/config/packages/framework.yaml
+++ b/config/packages/framework.yaml
@@ -1,9 +1,6 @@
 # see https://symfony.com/doc/current/reference/configuration/framework.html
 framework:
     secret: '%env(APP_SECRET)%'
-    csrf_protection: true
-    annotations: false
-    handle_all_throwables: true
 
     # We set this header by ourselves, so we can disable it here
     disallow_search_engine_index: false
@@ -30,8 +27,6 @@ framework:
 
     #esi: true
     #fragments: true
-    php_errors:
-        log: true
 
 when@test:
     framework:
diff --git a/config/routes/framework.yaml b/config/routes/framework.yaml
index 0fc74bba..bc1feace 100644
--- a/config/routes/framework.yaml
+++ b/config/routes/framework.yaml
@@ -1,4 +1,4 @@
 when@dev:
     _errors:
-        resource: '@FrameworkBundle/Resources/config/routing/errors.xml'
+        resource: '@FrameworkBundle/Resources/config/routing/errors.php'
         prefix: /_error
diff --git a/config/services.yaml b/config/services.yaml
index 6133dce7..17611cea 100644
--- a/config/services.yaml
+++ b/config/services.yaml
@@ -29,10 +29,6 @@ services:
     # this creates a service per class whose id is the fully-qualified class name
     App\:
         resource: '../src/'
-        exclude:
-            - '../src/DependencyInjection/'
-            - '../src/Entity/'
-            - '../src/Kernel.php'
 
     # controllers are imported separately to make sure services can be injected
     # as action arguments even if you don't extend any base controller class
diff --git a/symfony.lock b/symfony.lock
index 334baf4c..f6063621 100644
--- a/symfony.lock
+++ b/symfony.lock
@@ -496,14 +496,15 @@
         ]
     },
     "symfony/framework-bundle": {
-        "version": "6.4",
+        "version": "7.3",
         "recipe": {
             "repo": "github.com/symfony/recipes",
             "branch": "main",
-            "version": "6.4",
-            "ref": "a91c965766ad3ff2ae15981801643330eb42b6a5"
+            "version": "7.3",
+            "ref": "5a1497d539f691b96afd45ae397ce5fe30beb4b9"
         },
         "files": [
+            ".editorconfig",
             "config/packages/cache.yaml",
             "config/packages/framework.yaml",
             "config/preload.php",

From d3c3fedac2cf9966e11827faa9bc8abc95ad6af0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <mail@jan-boehmer.de>
Date: Sun, 13 Jul 2025 16:40:56 +0200
Subject: [PATCH 10/15] Updated routing recipe

---
 config/packages/routing.yaml | 2 --
 symfony.lock                 | 6 +++---
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/config/packages/routing.yaml b/config/packages/routing.yaml
index df5d98d2..0f34f872 100644
--- a/config/packages/routing.yaml
+++ b/config/packages/routing.yaml
@@ -1,7 +1,5 @@
 framework:
     router:
-        utf8: true
-
         # Configure how to generate URLs in non-HTTP contexts, such as CLI commands.
         # See https://symfony.com/doc/current/routing.html#generating-urls-in-commands
         default_uri: '%env(DEFAULT_URI)%'
diff --git a/symfony.lock b/symfony.lock
index f6063621..e99668a2 100644
--- a/symfony.lock
+++ b/symfony.lock
@@ -630,12 +630,12 @@
         ]
     },
     "symfony/routing": {
-        "version": "6.2",
+        "version": "7.3",
         "recipe": {
             "repo": "github.com/symfony/recipes",
             "branch": "main",
-            "version": "6.2",
-            "ref": "e0a11b4ccb8c9e70b574ff5ad3dfdcd41dec5aa6"
+            "version": "7.0",
+            "ref": "21b72649d5622d8f7da329ffb5afb232a023619d"
         },
         "files": [
             "config/packages/routing.yaml",

From 0bc6d9986bc0b512e7dcae6fcb51554d512963c8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <mail@jan-boehmer.de>
Date: Sun, 13 Jul 2025 16:44:10 +0200
Subject: [PATCH 11/15] Updated stimulus-bundle

---
 .../controllers/csrf_protection_controller.js | 79 +++++++++++++++++++
 symfony.lock                                  | 13 +--
 2 files changed, 86 insertions(+), 6 deletions(-)
 create mode 100644 assets/controllers/csrf_protection_controller.js

diff --git a/assets/controllers/csrf_protection_controller.js b/assets/controllers/csrf_protection_controller.js
new file mode 100644
index 00000000..c722f024
--- /dev/null
+++ b/assets/controllers/csrf_protection_controller.js
@@ -0,0 +1,79 @@
+const nameCheck = /^[-_a-zA-Z0-9]{4,22}$/;
+const tokenCheck = /^[-_/+a-zA-Z0-9]{24,}$/;
+
+// Generate and double-submit a CSRF token in a form field and a cookie, as defined by Symfony's SameOriginCsrfTokenManager
+document.addEventListener('submit', function (event) {
+    generateCsrfToken(event.target);
+}, true);
+
+// When @hotwired/turbo handles form submissions, send the CSRF token in a header in addition to a cookie
+// The `framework.csrf_protection.check_header` config option needs to be enabled for the header to be checked
+document.addEventListener('turbo:submit-start', function (event) {
+    const h = generateCsrfHeaders(event.detail.formSubmission.formElement);
+    Object.keys(h).map(function (k) {
+        event.detail.formSubmission.fetchRequest.headers[k] = h[k];
+    });
+});
+
+// When @hotwired/turbo handles form submissions, remove the CSRF cookie once a form has been submitted
+document.addEventListener('turbo:submit-end', function (event) {
+    removeCsrfToken(event.detail.formSubmission.formElement);
+});
+
+export function generateCsrfToken (formElement) {
+    const csrfField = formElement.querySelector('input[data-controller="csrf-protection"], input[name="_csrf_token"]');
+
+    if (!csrfField) {
+        return;
+    }
+
+    let csrfCookie = csrfField.getAttribute('data-csrf-protection-cookie-value');
+    let csrfToken = csrfField.value;
+
+    if (!csrfCookie && nameCheck.test(csrfToken)) {
+        csrfField.setAttribute('data-csrf-protection-cookie-value', csrfCookie = csrfToken);
+        csrfField.defaultValue = csrfToken = btoa(String.fromCharCode.apply(null, (window.crypto || window.msCrypto).getRandomValues(new Uint8Array(18))));
+        csrfField.dispatchEvent(new Event('change', { bubbles: true }));
+    }
+
+    if (csrfCookie && tokenCheck.test(csrfToken)) {
+        const cookie = csrfCookie + '_' + csrfToken + '=' + csrfCookie + '; path=/; samesite=strict';
+        document.cookie = window.location.protocol === 'https:' ? '__Host-' + cookie + '; secure' : cookie;
+    }
+}
+
+export function generateCsrfHeaders (formElement) {
+    const headers = {};
+    const csrfField = formElement.querySelector('input[data-controller="csrf-protection"], input[name="_csrf_token"]');
+
+    if (!csrfField) {
+        return headers;
+    }
+
+    const csrfCookie = csrfField.getAttribute('data-csrf-protection-cookie-value');
+
+    if (tokenCheck.test(csrfField.value) && nameCheck.test(csrfCookie)) {
+        headers[csrfCookie] = csrfField.value;
+    }
+
+    return headers;
+}
+
+export function removeCsrfToken (formElement) {
+    const csrfField = formElement.querySelector('input[data-controller="csrf-protection"], input[name="_csrf_token"]');
+
+    if (!csrfField) {
+        return;
+    }
+
+    const csrfCookie = csrfField.getAttribute('data-csrf-protection-cookie-value');
+
+    if (tokenCheck.test(csrfField.value) && nameCheck.test(csrfCookie)) {
+        const cookie = csrfCookie + '_' + csrfField.value + '=0; path=/; samesite=strict; max-age=0';
+
+        document.cookie = window.location.protocol === 'https:' ? '__Host-' + cookie + '; secure' : cookie;
+    }
+}
+
+/* stimulusFetch: 'lazy' */
+export default 'csrf-protection-controller';
diff --git a/symfony.lock b/symfony.lock
index e99668a2..7f377a3f 100644
--- a/symfony.lock
+++ b/symfony.lock
@@ -674,17 +674,18 @@
         "version": "v1.1.5"
     },
     "symfony/stimulus-bundle": {
-        "version": "2.16",
+        "version": "2.27",
         "recipe": {
             "repo": "github.com/symfony/recipes",
             "branch": "main",
-            "version": "2.13",
-            "ref": "6acd9ff4f7fd5626d2962109bd4ebab351d43c43"
+            "version": "2.20",
+            "ref": "e058471c5502e549c1404ebdd510099107bb5549"
         },
         "files": [
-            "./assets/bootstrap.js",
-            "./assets/controllers.json",
-            "./assets/controllers/hello_controller.js"
+            "assets/bootstrap.js",
+            "assets/controllers.json",
+            "assets/controllers/csrf_protection_controller.js",
+            "assets/controllers/hello_controller.js"
         ]
     },
     "symfony/stopwatch": {

From 50f4c01e99eaa1f7b11c93f064767e2000223a45 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <mail@jan-boehmer.de>
Date: Sun, 13 Jul 2025 16:46:41 +0200
Subject: [PATCH 12/15] Updated ux-turbo recipe

---
 config/packages/csrf.yaml | 1 +
 symfony.lock              | 8 +++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/config/packages/csrf.yaml b/config/packages/csrf.yaml
index 40d40405..01db6267 100644
--- a/config/packages/csrf.yaml
+++ b/config/packages/csrf.yaml
@@ -5,6 +5,7 @@ framework:
             token_id: submit
 
     csrf_protection:
+        check_header: true
         stateless_token_ids:
             - submit
             - authenticate
diff --git a/symfony.lock b/symfony.lock
index 7f377a3f..5bb50dc6 100644
--- a/symfony.lock
+++ b/symfony.lock
@@ -752,7 +752,13 @@
         ]
     },
     "symfony/ux-turbo": {
-        "version": "v2.16.0"
+        "version": "2.27",
+        "recipe": {
+            "repo": "github.com/symfony/recipes",
+            "branch": "main",
+            "version": "2.20",
+            "ref": "e4b951d7de760751e170c6d2e3b565cf9ed5182f"
+        }
     },
     "symfony/validator": {
         "version": "7.3",

From 7d96b2a6112848390ef68061b8abb6a443e993d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <mail@jan-boehmer.de>
Date: Sun, 13 Jul 2025 16:51:10 +0200
Subject: [PATCH 13/15] Updated webpack-encore recipe

---
 symfony.lock      | 4 ++--
 webpack.config.js | 7 +++++--
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/symfony.lock b/symfony.lock
index 5bb50dc6..0c089f85 100644
--- a/symfony.lock
+++ b/symfony.lock
@@ -795,12 +795,12 @@
         ]
     },
     "symfony/webpack-encore-bundle": {
-        "version": "2.1",
+        "version": "2.2",
         "recipe": {
             "repo": "github.com/symfony/recipes",
             "branch": "main",
             "version": "2.0",
-            "ref": "082d754b3bd54b3fc669f278f1eea955cfd23cf5"
+            "ref": "9ef5412a4a2a8415aca3a3f2b4edd3866aab9a19"
         },
         "files": [
             "assets/app.js",
diff --git a/webpack.config.js b/webpack.config.js
index 43e04997..05f9514e 100644
--- a/webpack.config.js
+++ b/webpack.config.js
@@ -86,7 +86,10 @@ Encore
      * https://symfony.com/doc/current/frontend.html#adding-more-features
      */
     .cleanupOutputBeforeBuild()
-    .enableBuildNotifications()
+
+    // Displays build status system notifications to the user
+    // .enableBuildNotifications()
+
     .enableSourceMaps(!Encore.isProduction())
     // enables hashed filenames (e.g. app.abc123.css)
     //.enableVersioning(Encore.isProduction())
@@ -102,7 +105,7 @@ Encore
     // enables and configure @babel/preset-env polyfills
     .configureBabelPresetEnv((config) => {
         config.useBuiltIns = 'usage';
-        config.corejs = '3.23';
+        config.corejs = '3.38';
     })
     // enables Sass/SCSS support
     //.enableSassLoader()

From a3db52b184e8935934627b57187c53e9037a0d4b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <mail@jan-boehmer.de>
Date: Sun, 13 Jul 2025 16:52:26 +0200
Subject: [PATCH 14/15] Updated api-platform recipe

---
 symfony.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/symfony.lock b/symfony.lock
index 0c089f85..031b23fc 100644
--- a/symfony.lock
+++ b/symfony.lock
@@ -1,11 +1,11 @@
 {
     "api-platform/core": {
-        "version": "3.2",
+        "version": "3.4",
         "recipe": {
             "repo": "github.com/symfony/recipes",
             "branch": "main",
-            "version": "3.2",
-            "ref": "696d44adc3c0d4f5d25a2f1c4f3700dd8a5c6db9"
+            "version": "3.3",
+            "ref": "74b45ac570c57eb1fbe56c984091a9ff87e18bab"
         },
         "files": [
             "config/packages/api_platform.yaml",

From db810445fbbfed0428f30f87c93cb146199a2a7a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <mail@jan-boehmer.de>
Date: Sun, 13 Jul 2025 16:53:41 +0200
Subject: [PATCH 15/15] Updated phpunit recipe

---
 symfony.lock        | 8 ++++----
 tests/bootstrap.php | 5 ++---
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/symfony.lock b/symfony.lock
index 031b23fc..b975106c 100644
--- a/symfony.lock
+++ b/symfony.lock
@@ -314,12 +314,12 @@
             "repo": "github.com/symfony/recipes",
             "branch": "main",
             "version": "9.6",
-            "ref": "7364a21d87e658eb363c5020c072ecfdc12e2326"
+            "ref": "6a9341aa97d441627f8bd424ae85dc04c944f8b4"
         },
         "files": [
-            "./.env.test",
-            "./phpunit.xml.dist",
-            "./tests/bootstrap.php"
+            ".env.test",
+            "phpunit.xml.dist",
+            "tests/bootstrap.php"
         ]
     },
     "psr/cache": {
diff --git a/tests/bootstrap.php b/tests/bootstrap.php
index ecec14bf..fa3d3e7c 100644
--- a/tests/bootstrap.php
+++ b/tests/bootstrap.php
@@ -4,9 +4,8 @@ declare(strict_types=1);
 
 use Symfony\Component\Dotenv\Dotenv;
 require dirname(__DIR__).'/vendor/autoload.php';
-if (file_exists(dirname(__DIR__).'/config/bootstrap.php')) {
-    require dirname(__DIR__).'/config/bootstrap.php';
-} elseif (method_exists(Dotenv::class, 'bootEnv')) {
+
+if (method_exists(Dotenv::class, 'bootEnv')) {
     (new Dotenv())->bootEnv(dirname(__DIR__).'/.env');
 }
 if ($_SERVER['APP_DEBUG']) {