refactor: Resolve HTTP kernel vulnerability (#8)

* fixed: Avoid using symfony/http-kernel < 5.4.20
* docs: Add changelog entry

Author: DannyvdSluijs

CHANGELOG.md

@@ -5,6 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+### Fixed
+- Resolve CVE-2022-24894 [PR#8](https://github.com/JsonMapper/SymfonyBundle/pull/8)
 
 ## [2.2.0] - 2022-01-16
 ### Added

composer.json

@@ -14,9 +14,9 @@
     "require": {
         "json-mapper/json-mapper": "^2.0",
         "php": "^7.2 || ^8.0",
-        "symfony/http-kernel": "^4.4 | ^5.1.5 | ^6.0",
         "symfony/dependency-injection": "^4.4 | ^5.0 | ^6.0",
-        "symfony/config": "^4.4 | ^5.0 | ^6.0"
+        "symfony/config": "^4.4 | ^5.0 | ^6.0",
+        "symfony/http-kernel": "^4.4 | ^5.4.20 | ^6.0"
     },
     "autoload": {
         "psr-4": {

src/DependencyInjection/JsonMapperExtension.php

@@ -5,7 +5,7 @@
 namespace JsonMapper\SymfonyBundle\DependencyInjection;
 
 use Symfony\Component\Config\FileLocator;
-use Symfony\Component\HttpKernel\DependencyInjection\Extension;
+use Symfony\Component\DependencyInjection\Extension\Extension;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Loader\XmlFileLoader;