Merge branch 'develop' into MCLOUD-11623

Author: prateek-karanpuria-adobe

composer.json

@@ -2,35 +2,35 @@
     "name": "magento/magento-cloud-patches",
     "description": "Provides critical fixes for Magento 2 Enterprise Edition",
     "type": "magento2-component",
-    "version": "1.0.25",
+    "version": "1.1.2",
     "license": "OSL-3.0",
     "repositories": {
         "repo.magento.com": {
-            "type": "composer",
-            "url": "https://repo.magento.com/"
+          "type": "composer",
+          "url": "https://repo.magento.com/"
         }
     },
     "require": {
-        "php": "^7.2 || ^8.0",
+        "php": "^8.0",
         "ext-json": "*",
-        "composer/composer": "^1.4 || ^2.0",
+        "composer/composer": "^1.9 || ^2.0",
         "composer/semver": "@stable",
+        "monolog/monolog": "^1.25||^2.3||^2.7|| ^3.6",
         "symfony/config": "^3.3||^4.4||^5.0||^6.0",
-        "symfony/console": "^2.6||^4.0||^5.0||^6.0",
+        "symfony/console": "^2.8 || ^4.0 || ^5.1 || ^5.4 || ^6.4",
         "symfony/dependency-injection": "^3.3||^4.3||^5.0||^6.0",
-        "symfony/process": "^2.1||^4.1||^5.0||^6.0",
+        "symfony/process": "^2.1 || ^4.1 || ^5.1 || ^5.4 || ^6.4",
         "symfony/proxy-manager-bridge": "^3.3||^4.3||^5.0||^6.0",
-        "symfony/yaml": "^3.3||^4.0||^5.0||^6.0",
-        "monolog/monolog": "^1.25||^2.3",
+        "symfony/yaml": "^3.3||^4.0||^5.0||^6.0||^7.0",
         "magento/quality-patches": "^1.1.0"
     },
     "require-dev": {
-        "codeception/codeception": "^4.1",
-        "codeception/module-asserts": "^1.2",
-        "codeception/module-db": "^1.0",
-        "codeception/module-phpbrowser": "^1.0",
-        "codeception/module-rest": "^1.2",
-        "consolidation/robo": "^1.2 || ^2.0",
+        "codeception/codeception": "^4.1 || ^5.1",
+        "codeception/module-asserts": "^1.2 || ^3.0",
+        "codeception/module-db": "^1.0 || ^3.0",
+        "codeception/module-phpbrowser": "^1.0 || ^3.0",
+        "codeception/module-rest": "^1.2 || ^3.0",
+        "consolidation/robo": "^1.2 || ^3.0 || ^5.0",
         "phpmd/phpmd": "@stable",
         "phpunit/phpunit": "^8.5 || ^9.5",
         "squizlabs/php_codesniffer": "^3.0"

patches.json

@@ -280,6 +280,18 @@
     },
     "Enhanced Layout Cache Efficiency (memory usage reduced)": {
       ">=2.4.4 <2.4.7": "MCLOUD-11514__enhanced_layout_cache_efficiency__2.4.6-p3.patch"
+    },
+    "Patch for CVE-2024-34102 - CosmicSting": {
+      ">=2.4.4 <2.4.4-p8": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch",
+      ">=2.4.5 <2.4.5-p7": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.5.patch",
+      ">=2.4.6 <2.4.6-p5": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.6.patch",
+      "2.4.7": "MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.7.patch"
+    },
+    "Patch for CVE-2024-34102 - KeyRotation": {
+      ">=2.4.4 <2.4.4-p10": "MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.4.patch",
+      ">=2.4.5 <2.4.5-p9": "MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.5.patch",
+      ">=2.4.6 <2.4.6-p7": "MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.6.patch",
+      ">=2.4.7 <2.4.7-p2": "MCLOUD-12969__Patch_for_CVE_2024_34102_KeyRotation__2.4.7.patch"
     }
   },
   "magento/module-paypal": {
@@ -370,6 +382,9 @@
   "magento/magento2-b2b-base": {
     "Layered navigation filter is present only when product is present on the listing page with enabled Shared catalog": {
       ">=1.1.5 <1.3.1": "MCLOUD-6923__layered_navigation_filter_is_present_only_when_product_is_present_on_the_listing_page_with_enabled_shared_catalog__2.3.5.patch"
+    },
+    "Fields hydration on company account create request": {
+      ">=1.3.3 <1.3.3-p11 || >=1.3.4 <1.3.4-p10 || >=1.3.5 <1.3.5-p8 || >=1.4.2 <1.4.2-p3": "B2B-4051__fields_hydration_company_account_create_request__1.3.3.patch"
     }
   },
   "magento/magento2-ee-base": {
@@ -410,5 +425,10 @@
     "Fix regexp cache tag validation": {
       ">=103.0.6 <103.0.7": "MCLOUD-10226__fix_regexp_cache_tag_validation__2.4.6.patch"
     }
+  },
+  "magento/module-catalog-graph-ql": {
+    "AttributeReader should use Factory for Collection": {
+      ">=100.4.7 <100.4.8": "ACPT-1876__attribute_reader_should_use_factory_for_collection__2.4.7.patch"
+    }
   }
 }

patches/ACPT-1876__attribute_reader_should_use_factory_for_collection__2.4.7.patch

@@ -0,0 +1,75 @@
+From c964bc3248811dc63df6205a1246d383ad4c6e4a Mon Sep 17 00:00:00 2001
+From: Jacob Brown <jacob@gnu.org>
+Date: Wed, 3 Apr 2024 14:07:21 -0500
+Subject: [PATCH] ACPT-1854: AttributeReader should use Factory for Collection
+
+---
+ .../Model/Config/AttributeReader.php           | 18 +++++++++++-------
+ 1 file changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/vendor/magento/module-catalog-graph-ql/Model/Config/AttributeReader.php b/vendor/magento/module-catalog-graph-ql/Model/Config/AttributeReader.php
+index ecd83bf61ef0..05acb97e4bd7 100644
+--- a/vendor/magento/module-catalog-graph-ql/Model/Config/AttributeReader.php
++++ b/vendor/magento/module-catalog-graph-ql/Model/Config/AttributeReader.php
+@@ -9,8 +9,10 @@
+ use Magento\Catalog\Model\Product;
+ use Magento\Catalog\Model\ResourceModel\Eav\Attribute;
+ use Magento\CatalogGraphQl\Model\Resolver\Products\Attributes\Collection;
++use Magento\CatalogGraphQl\Model\Resolver\Products\Attributes\CollectionFactory;
+ use Magento\EavGraphQl\Model\Resolver\Query\Type;
+ use Magento\Framework\App\Config\ScopeConfigInterface;
++use Magento\Framework\App\ObjectManager;
+ use Magento\Framework\Config\ReaderInterface;
+ use Magento\Framework\GraphQl\Exception\GraphQlInputException;
+ use Magento\Framework\GraphQl\Schema\Type\Entity\MapperInterface;
+@@ -36,9 +38,9 @@ class AttributeReader implements ReaderInterface
+     private Type $typeLocator;
+
+     /**
+-     * @var Collection
++     * @var CollectionFactory
+      */
+-    private Collection $collection;
++    private CollectionFactory $collectionFactory;
+ 
+     /**
+      * @var ScopeConfigInterface
+@@ -48,18 +50,21 @@ class AttributeReader implements ReaderInterface
+     /**
+      * @param MapperInterface $mapper
+      * @param Type $typeLocator
+-     * @param Collection $collection
++     * @param Collection $collection @deprecated @see $collectionFactory
+      * @param ScopeConfigInterface $config
++     * @param CollectionFactory|null $collectionFactory
++     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
+      */
+     public function __construct(
+         MapperInterface $mapper,
+         Type $typeLocator,
+         Collection $collection,
+-        ScopeConfigInterface $config
++        ScopeConfigInterface $config,
++        CollectionFactory $collectionFactory = null,
+     ) {
+         $this->mapper = $mapper;
+         $this->typeLocator = $typeLocator;
+-        $this->collection = $collection;
++        $this->collectionFactory = $collectionFactory ?? ObjectManager::getInstance()->get(CollectionFactory::class);
+         $this->config = $config;
+     }
+
+@@ -74,12 +79,11 @@ public function __construct(
+     public function read($scope = null) : array
+     {
+         $config = [];
+-
+         if ($this->config->isSetFlag(self::XML_PATH_INCLUDE_DYNAMIC_ATTRIBUTES, ScopeInterface::SCOPE_STORE)) {
+             $typeNames = $this->mapper->getMappedTypes(Product::ENTITY);
+
+             /** @var Attribute $attribute */
+-            foreach ($this->collection->getAttributes() as $attribute) {
++            foreach ($this->collectionFactory->create()->getAttributes() as $attribute) {
+                 $attributeCode = $attribute->getAttributeCode();
+                 $locatedType = $this->typeLocator->getType($attributeCode, Product::ENTITY) ?: 'String';
+                 $locatedType = TypeProcessor::NORMALIZED_ANY_TYPE === $locatedType ? 'String' : ucfirst($locatedType);

patches/B2B-4051__fields_hydration_company_account_create_request__1.3.3.patch

@@ -0,0 +1,144 @@
+new file mode 100644
+--- /dev/null
++++ b/vendor/magento/module-company/Model/Customer/AccountManagement/CompanyRequestHydrator.php
+@@ -0,0 +1,66 @@
++<?php
++/**
++ * Copyright © Magento, Inc. All rights reserved.
++ * See COPYING.txt for license details.
++ */
++declare(strict_types=1);
++
++namespace Magento\Company\Model\Customer\AccountManagement;
++
++use Magento\Company\Api\Data\CompanyInterface;
++
++/**
++ * Getting company data form request.
++ */
++class CompanyRequestHydrator
++{
++    /**
++     * @var \Magento\Framework\App\Request\Http
++     */
++    private $request;
++    /**
++     * @var array
++     */
++    private $fieldsToSave = [
++        CompanyInterface::NAME,
++        CompanyInterface::LEGAL_NAME,
++        CompanyInterface::COMPANY_EMAIL,
++        CompanyInterface::VAT_TAX_ID,
++        CompanyInterface::RESELLER_ID,
++        CompanyInterface::STREET,
++        CompanyInterface::CITY,
++        CompanyInterface::COUNTRY_ID,
++        CompanyInterface::REGION,
++        CompanyInterface::REGION_ID,
++        CompanyInterface::POSTCODE,
++        CompanyInterface::TELEPHONE,
++        CompanyInterface::JOB_TITLE
++    ];
++
++    /**
++     * @param \Magento\Framework\App\Request\Http $request
++     */
++    public function __construct(
++        \Magento\Framework\App\Request\Http $request,
++    ) {
++        $this->request = $request;
++    }
++
++    /**
++     *  Get and hydrate company data from HTTP request.
++     *
++     * @return array
++     */
++    public function getCompanyDataFromRequest(): array
++    {
++        $result = [];
++        $companyData = $this->request->getPost('company', []);
++        foreach ($this->fieldsToSave as $item) {
++            if (isset($companyData[$item])) {
++                $result[$item] = $companyData[$item];
++            }
++        }
++
++        return $result;
++    }
++}
+--- a/vendor/magento/module-company/Plugin/Customer/Api/AccountManagement.php
++++ b/vendor/magento/module-company/Plugin/Customer/Api/AccountManagement.php
+@@ -11,17 +11,13 @@
+ use Magento\Customer\Api\CustomerRepositoryInterface;
+ use Magento\Company\Api\CompanyManagementInterface;
+ use Magento\Framework\Exception\NoSuchEntityException;
++use Magento\Company\Model\Customer\AccountManagement\CompanyRequestHydrator;
+
+ /**
+  * Plugin for AccountManagement. Processing company data.
+  */
+ class AccountManagement
+ {
+-    /**
+-     * @var \Magento\Framework\App\Request\Http
+-     */
+-    private $request;
+-
+     /**
+      * @var \Magento\Company\Model\Email\Sender
+      */
+@@ -47,30 +43,35 @@
+      */
+     private $customerRepository;
+
++    /**
++     * @var CompanyRequestHydrator
++     */
++    private $companyRequestHydrator;
++
+     /**
+      * AccountManagement constructor
+      *
+-     * @param \Magento\Framework\App\Request\Http $request
+      * @param \Magento\Company\Model\Email\Sender $companyEmailSender
+      * @param \Magento\Backend\Model\UrlInterface $urlBuilder
+      * @param \Magento\Company\Model\Customer\Company $customerCompany
+      * @param CompanyManagementInterface $companyManagement
+      * @param CustomerRepositoryInterface $customerRepository
++     * @param CompanyRequestHydrator $companyRequestHydrator
+      */
+     public function __construct(
+-        \Magento\Framework\App\Request\Http $request,
+         \Magento\Company\Model\Email\Sender $companyEmailSender,
+         \Magento\Backend\Model\UrlInterface $urlBuilder,
+         \Magento\Company\Model\Customer\Company $customerCompany,
+         CompanyManagementInterface $companyManagement,
+-        CustomerRepositoryInterface $customerRepository
++        CustomerRepositoryInterface $customerRepository,
++        CompanyRequestHydrator $companyRequestHydrator
+     ) {
+-        $this->request = $request;
+         $this->companyEmailSender = $companyEmailSender;
+         $this->urlBuilder = $urlBuilder;
+         $this->customerCompany = $customerCompany;
+         $this->companyManagement = $companyManagement;
+         $this->customerRepository = $customerRepository;
++        $this->companyRequestHydrator = $companyRequestHydrator;
+     }
+
+     /**
+@@ -127,11 +128,7 @@
+         \Magento\Customer\Api\AccountManagementInterface $subject,
+         \Magento\Customer\Api\Data\CustomerInterface $result
+     ) {
+-        $companyData = $this->request->getPost('company', []);
+-        if (isset($companyData['status'])) {
+-            unset($companyData['status']);
+-        }
+-
++        $companyData = $this->companyRequestHydrator->getCompanyDataFromRequest();
+         if (is_array($companyData) && !empty($companyData)) {
+             $jobTitle = $companyData['job_title'] ?? null;
+             $companyDataObject = $this->customerCompany->createCompany($result, $companyData, $jobTitle);

patches/MCLOUD-12969__Patch_for_CVE_2024_34102_CosmicSting__2.4.4.patch

@@ -0,0 +1,62 @@
+diff --git a/vendor/magento/theme-frontend-blank/i18n/en_US.csv b/vendor/magento/theme-frontend-blank/i18n/en_US.csv
+index a491a567a37..5e8bef787d2 100644
+--- a/vendor/magento/theme-frontend-blank/i18n/en_US.csv
++++ b/vendor/magento/theme-frontend-blank/i18n/en_US.csv
+@@ -4,3 +4,4 @@ Summary,Summary
+ Menu,Menu
+ Account,Account
+ Settings,Settings
++"Invalid data type","Invalid data type"
+diff --git a/vendor/magento/theme-frontend-luma/i18n/en_US.csv b/vendor/magento/theme-frontend-luma/i18n/en_US.csv
+index 7bf9e0afaf0..00493cc05ba 100644
+--- a/vendor/magento/theme-frontend-luma/i18n/en_US.csv
++++ b/vendor/magento/theme-frontend-luma/i18n/en_US.csv
+@@ -54,3 +54,4 @@ Footer,Footer
+ "Update to your %store_name shipment","Update to your %store_name shipment"
+ "Address Book","Address Book"
+ "Account Information","Account Information"
++"Invalid data type","Invalid data type"
+diff --git a/vendor/magento/framework/Webapi/ServiceInputProcessor.php b/vendor/magento/framework/Webapi/ServiceInputProcessor.php
+index 908a4e70140..cc019845b58 100644
+--- a/vendor/magento/framework/Webapi/ServiceInputProcessor.php
++++ b/vendor/magento/framework/Webapi/ServiceInputProcessor.php
+@@ -153,6 +153,7 @@ class ServiceInputProcessor implements ServicePayloadConverterInterface
+      * @return \Magento\Framework\Reflection\NameFinder
+      *
+      * @deprecated 100.1.0
++     * @see nothing
+      */
+     private function getNameFinder()
+     {
+@@ -261,6 +262,7 @@ class ServiceInputProcessor implements ServicePayloadConverterInterface
+      * @throws \Exception
+      * @throws SerializationException
+      * @SuppressWarnings(PHPMD.CyclomaticComplexity)
++     * @SuppressWarnings(PHPMD.NPathComplexity)
+      */
+     protected function _createFromArray($className, $data)
+     {
+@@ -268,6 +270,12 @@ class ServiceInputProcessor implements ServicePayloadConverterInterface
+         // convert to string directly to avoid situations when $className is object
+         // which implements __toString method like \ReflectionObject
+         $className = (string) $className;
++        if (is_subclass_of($className, \SimpleXMLElement::class)
++            || is_subclass_of($className, \DOMElement::class)) {
++            throw new SerializationException(
++                new Phrase('Invalid data type')
++            );
++        }
+         $class = new ClassReflection($className);
+         if (is_subclass_of($className, self::EXTENSION_ATTRIBUTES_TYPE)) {
+             $className = substr($className, 0, -strlen('Interface'));
+diff --git a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php b/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php
+--- a/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php	(revision 022e64b08a88658667bc2d6b922eada2b7910965)
++++ b/vendor/magento/module-jwt-user-token/Model/SecretBasedJwksFactory.php	(revision 8d2b0c1c6b421cdcd7f62a48a5edc9b0211d92a2)
+@@ -35,6 +35,7 @@
+     public function __construct(DeploymentConfig $deploymentConfig, JwkFactory $jwkFactory)
+     {
+         $this->keys = preg_split('/\s+/s', trim((string)$deploymentConfig->get('crypt/key')));
++        $this->keys = [end($this->keys)];
+         //Making sure keys are large enough.
+         foreach ($this->keys as &$key) {
+             $key = str_pad($key, 2048, '&', STR_PAD_BOTH);