Merge branch '4.4' into 5.3

* 4.4:
  Adding details about new recipes:update command
  php.net callback documentation link changed
  Revert changes related to check:security command

Author: wouterj

.doctor-rst.yaml

@@ -89,7 +89,7 @@ whitelist:
         - '.. versionadded:: 1.11' # MakerBundle
         - '.. versionadded:: 1.3' # MakerBundle
         - '.. versionadded:: 1.8' # MakerBundle
-        - '.. versionadded:: 1.6' # Flex in setup/upgrade_minor.rst
+        - '.. versionadded:: 1.18' # Flex in setup/upgrade_minor.rst
         - '.. versionadded:: 1.0.0' # Encore
         - '0 => 123' # assertion for var_dumper - components/var_dumper.rst
         - '1 => "foo"' # assertion for var_dumper - components/var_dumper.rst

create_framework/templating.rst

@@ -178,5 +178,5 @@ As always, you can decide to stop here and use the framework as is; it's
 probably all you need to create simple websites like those fancy one-page
 `websites`_ and hopefully a few others.
 
-.. _`callbacks`: https://www.php.net/callback#language.types.callback
+.. _`callbacks`: https://www.php.net/manual/en/language.types.callable.php
 .. _`websites`: https://kottke.org/08/02/single-serving-sites

performance.rst

@@ -115,12 +115,12 @@ Symfony generates a file with the list of classes to preload in the
 
     ; php.ini
     opcache.preload=/path/to/project/config/preload.php
-    
+
     ; required for opcache.preload:
     opcache.preload_user=www-data
 
-If this file is missing, run this command to reinstall the Symfony Flex recipe:
-``composer recipes:install symfony/framework-bundle --force -v``.
+If this file is missing, run this command to update the Symfony Flex recipe:
+``composer recipes:update symfony/framework-bundle``.
 
 Use the :ref:`container.preload <dic-tags-container-preload>` and
 :ref:`container.no_preload <dic-tags-container-nopreload>` service tags to define

setup.rst

@@ -233,21 +233,30 @@ require --no-unpack ...`` option to disable unpacking.
 Checking Security Vulnerabilities
 ---------------------------------
 
-A good and recommended security practice is to check from time to time whether your
-project's dependencies contain any known security vulnerabilities. You can leverage the
-`Local PHP Security Checker`_ to do so.
+The ``symfony`` binary created when you `install Symfony CLI`_ provides a command
+to check whether your project's dependencies contain any known security
+vulnerability:
 
-You can also execute this process regularly to be able to
+.. code-block:: terminal
+
+    $ symfony check:security
+
+A good security practice is to execute this command regularly to be able to
 update or replace compromised dependencies as soon as possible. The security
 check is done locally by fetching the public `PHP security advisories database`_,
 so your ``composer.lock`` file is not sent on the network.
 
+The ``check:security`` command terminates with a non-zero exit code if any of
+your dependencies is affected by a known security vulnerability. This way you
+can add it to your project build process and your continuous integration
+workflows to make them fail when there are vulnerabilities.
+
 .. tip::
 
-    The ``check:security`` command terminates with a non-zero exit code if
-    any of your dependencies is affected by a known security vulnerability.
-    This way you can add it to your project build process and your continuous
-    integration workflows to make them fail when there are vulnerabilities.
+    In continuous integration services you can check security vulnerabilities
+    using a different stand-alone project called `Local PHP Security Checker`_.
+    This is the same project used internally by ``check:security`` but much
+    smaller in size than the entire Symfony CLI.
 
 Symfony LTS Versions
 --------------------

setup/_update_recipes.rst.inc

@@ -9,30 +9,25 @@ it's a good idea to keep your files in sync with the recipes.
 Symfony Flex provides several commands to help upgrade your recipes. Be sure to
 commit any unrelated changes you're working on before starting:
 
-.. versionadded:: 1.6
+.. versionadded:: 1.18
 
-    The recipes commands were introduced in Symfony Flex 1.6.
+    The ``recipes:update`` command was introduced in Symfony Flex 1.18.
 
 .. code-block:: terminal
 
+    # choose an outdated recipe to update
+    $ composer recipes:update
+
+    # update a specific recipe
+    $ composer recipes:update symfony/framework-bundle
+
     # see a list of all installed recipes and which have updates available
     $ composer recipes
 
     # see detailed information about a specific recipes
     $ composer recipes symfony/framework-bundle
 
-    # update a specific recipes
-    $ composer recipes:install symfony/framework-bundle --force -v
-
-The tricky part of this process is that the recipe "update" does not perform
-any intelligent "upgrading" of your code. Instead, **the updates process re-installs
-the latest version of the recipe** which means that **your custom code will be
-overridden completely**. After updating a recipe, you need to carefully choose
-which changes you want, and undo the rest.
-
-.. admonition:: Screencast
-    :class: screencast
-
-    For a detailed example, see the `SymfonyCasts Symfony 5 Upgrade Tutorial`_.
-
-.. _`SymfonyCasts Symfony 5 Upgrade Tutorial`: https://symfonycasts.com/screencast/symfony5-upgrade
+The ``recipes:update`` command is smart: it looks at the difference between the
+recipe when you installed it and the latest version. It then creates a patch and
+applies it to your app. If there are any conflicts, you can resolve them like a
+normal ``git`` conflict and commit like normal.