Error 500 instead of 400 for invalid UUID in POST body

[guilliamxavier]

API Platform version(s) affected: 2.6.3, 2.6.4

• Symfony 4.4
• ramsey/uuid 3.9.3

Description
(see title) when using the UuidInterface type declaration for automatic denormalization

How to reproduce
On PHP 7.4

<?php

namespace App\Entity;

use ApiPlatform\Core\Annotation\ApiResource;
use Ramsey\Uuid\UuidInterface;

/** @ApiResource */
class Foo
{
    public int $id = 0;
    public ?UuidInterface $uuid = null;
    public ?\DateTimeInterface $datetime = null;
}

Request: POST /foos with body (Content-Type: application/ld+json):

{"uuid": "foo"}

Expected: 400 Bad Request
Actual: 500 Internal Server Error
(message: "Invalid UUID string: foo")

Possible Solution
In ApiPlatform\Core\Bridge\RamseyUuid\Serializer\UuidDenormalizer, wrap return Uuid::fromString($data); with a try-catch (like in ApiPlatform\Core\Bridge\RamseyUuid\Identifier\Normalizer\UuidNormalizer) and convert the Ramsey\Uuid\Exception\InvalidUuidStringException to an appropriate exception (a subclass of Symfony\Component\Serializer\Exception\ExceptionInterface)?

Additional Context
For this body:

{"datetime": "foo"}

I get a 400 Bad Request, as expected
(message: "DateTimeImmutable::__construct(): Failed to parse time string (foo) at position 0 (f): The timezone could not be found in the database")

[soyuka]

Isn't that related to #2191?

[guilliamxavier]

@soyuka: I don't think so (this has nothing to do with "short UUID"). Rather #3045 (but that was for e.g. GET /foos/foo) and #3473 (but that was for ramsey/uuid ^4.0).

By the way, this issue also exists when using the $uuid as the id, i.e. annotating it with @ApiProperty(identifier=true)

[guilliamxavier]

Fixed in #4200, to be released in 2.6.5