Security fixes to master branch

[joelpittet]

Description

Added roave/security-advisories and updated the following packages with security issues:

• laravel/passport
• codeception/codeception
• laravel/framework
• enshrined/svg-sanitize

Which yielded the following changes

  - Upgrading enshrined/svg-sanitize (0.13.3 => 0.15.4)
  - Upgrading doctrine/lexer (1.2.1 => 1.2.3)
  - Upgrading laravel/framework (v6.20.29 => v6.20.44)
  - Upgrading league/commonmark (1.6.4 => 1.6.7)
  - Upgrading monolog/monolog (2.2.0 => 2.4.0)
  - Upgrading opis/closure (3.6.2 => 3.6.3)
  - Upgrading paragonie/random_compat (v9.99.99 => v9.99.100)
  - Upgrading phpoption/phpoption (1.7.5 => 1.8.1)
  - Upgrading ramsey/uuid (3.9.3 => 3.9.6)
  - Upgrading swiftmailer/swiftmailer (v6.2.7 => v6.3.0)
  - Upgrading symfony/console (v4.4.25 => v4.4.40)
  - Upgrading symfony/debug (v4.4.25 => v4.4.37)
  - Upgrading symfony/deprecation-contracts (v2.4.0 => v2.5.0)
  - Upgrading symfony/error-handler (v4.4.25 => v4.4.40)
  - Upgrading symfony/event-dispatcher (v4.4.25 => v4.4.37)
  - Upgrading symfony/event-dispatcher-contracts (v1.1.9 => v1.1.11)
  - Upgrading symfony/finder (v4.4.25 => v4.4.37)
  - Upgrading symfony/http-client-contracts (v2.4.0 => v2.5.0)
  - Upgrading symfony/http-foundation (v4.4.25 => v4.4.39)
  - Upgrading symfony/http-kernel (v4.4.25 => v4.4.40)
  - Upgrading symfony/mime (v5.3.2 => v5.4.7)
  - Upgrading symfony/polyfill-ctype (v1.23.0 => v1.25.0)
  - Upgrading symfony/polyfill-iconv (v1.23.0 => v1.25.0)
  - Upgrading symfony/polyfill-intl-idn (v1.23.0 => v1.25.0)
  - Upgrading symfony/polyfill-intl-normalizer (v1.23.0 => v1.25.0)
  - Upgrading symfony/polyfill-mbstring (v1.23.0 => v1.25.0)
  - Upgrading symfony/polyfill-php72 (v1.23.0 => v1.25.0)
  - Upgrading symfony/polyfill-php73 (v1.23.0 => v1.25.0)
  - Upgrading symfony/polyfill-php80 (v1.23.0 => v1.25.0)
  - Upgrading symfony/process (v4.4.25 => v4.4.40)
  - Upgrading symfony/routing (v4.4.25 => v4.4.37)
  - Upgrading symfony/service-contracts (v2.4.0 => v2.5.0)
  - Upgrading symfony/translation-contracts (v2.4.0 => v2.5.0)
  - Upgrading symfony/var-dumper (v4.4.25 => v4.4.39)
  - Upgrading tightenco/collect (v8.34.0 => 8.78.0)
  - Upgrading tijsverkoyen/css-to-inline-styles (2.2.3 => 2.2.4)
  - Upgrading vlucas/phpdotenv (v3.6.8 => v3.6.10)
  - Upgrading behat/gherkin (v4.8.0 => v4.9.0)
  - Upgrading codeception/codeception (4.1.21 => 4.1.31)
  - Upgrading guzzlehttp/psr7 (1.8.2 => 1.8.5)
  - Upgrading phpunit/php-file-iterator (2.0.3 => 2.0.5)
  - Upgrading sebastian/exporter (3.1.3 => 3.1.4)
  - Upgrading symfony/yaml (v5.3.2 => v5.3.14)
  - Upgrading theseer/tokenizer (1.2.0 => 1.2.1)
  - Upgrading firebase/php-jwt (v5.4.0 => v5.5.1)
  - Upgrading lcobucci/jwt (3.4.5 => 3.4.6)
  - Upgrading league/oauth2-server (8.3.1 => 8.3.3)
  - Upgrading nyholm/psr7 (1.4.0 => 1.5.0)
  - Upgrading phpseclib/phpseclib (2.0.32 => 2.0.37)
  - Upgrading symfony/psr-http-message-bridge (v2.1.0 => v2.1.2)
  - Installing roave/security-advisories (dev-latest 4b07ae1)

Type of change

Security

How Has This Been Tested?

Untested

Checklist:

• I have read the Contributing documentation available here: https://snipe-it.readme.io/docs/contributing-overview
• I have formatted this PR according to the project guidelines: https://snipe-it.readme.io/docs/contributing-overview#pull-request-guidelines
• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[joelpittet]

Thanks for committing this @snipe, I added roave/security-advisories to this (which I ommitted from #10897) sorry for the scope creep... LMK if you would like me to PR the addition of that package to the develop branch or remove it from this branch?

[snipe]

We were using roave/security-advisories at one point, but IIRC we had to remove it for some reason a little while back. (I think it was preventing an update because of a dependency security issue that because of our implementation wasn't actually vulnerable in Snipe-IT, but god knows if I can remember now.)

[joelpittet]

It can be added to both branches with those changes now committed, LMK if you'd like me to add it or remove it.

[snipe]

@joelpittet This type of issue is why we removed it, I think. #10932