N°8017 - Security - dependabot - Symfony's VarDumper vulnerable to un… (#731)

Upgrade all Symfony components to last security fix (~6.4.0)

lib/symfony/console/Helper/Helper.php

@@ -26,7 +26,7 @@ abstract class Helper implements HelperInterface
     /**
      * @return void
      */
-    public function setHelperSet(HelperSet $helperSet = null)
+    public function setHelperSet(?HelperSet $helperSet = null)
     {
         if (1 > \func_num_args()) {
             trigger_deprecation('symfony/console', '6.2', 'Calling "%s()" without any arguments is deprecated, pass null explicitly instead.', __METHOD__);
@@ -48,7 +48,9 @@ abstract class Helper implements HelperInterface
         $string ??= '';
 
         if (preg_match('//u', $string)) {
-            return (new UnicodeString($string))->width(false);
+            $string = preg_replace('/[\p{Cc}\x7F]++/u', '', $string, -1, $count);
+
+            return (new UnicodeString($string))->width(false) + $count;
         }
 
         if (false === $encoding = mb_detect_encoding($string, null, true)) {
@@ -80,7 +82,7 @@ abstract class Helper implements HelperInterface
     /**
      * Returns the subset of a string, using mb_substr if it is available.
      */
-    public static function substr(?string $string, int $from, int $length = null): string
+    public static function substr(?string $string, int $from, ?int $length = null): string
     {
         $string ??= '';