Catch potential exception when calling Request::create() in PathBasedBreadcrumbBuilder

The wording seems like maybe a regression was introduced? Think we should have test coverage for the scenario described

Test coverage looks good https://git.drupalcode.org/issue/drupal-3490710/-/jobs/3540197

Committed/pushed to 11.x and cherry-picked back through to 10.3.x, thanks!

This broken HEAD on 10.5.x and 10.4.x with a cheery:

$ vendor/bin/phpunit -c core core/modules/system/tests/src/Unit/Breadcrumbs/PathBasedBreadcrumbBuilderTest.php
PHPUnit 9.6.21 by Sebastian Bergmann and contributors.

Testing Drupal\Tests\system\Unit\Breadcrumbs\PathBasedBreadcrumbBuilderTest
...........                                                       11 / 11 (100%)

Time: 00:00.257, Memory: 12.00 MB

OK (11 tests, 56 assertions)

Remaining direct deprecation notices (2)

  2x: Since symfony/http-foundation 6.3: Calling "Symfony\Component\HttpFoundation\Request::create()" with an invalid URI is deprecated.
    2x in PathBasedBreadcrumbBuilderTest::testBuildWithInvalidPath from Drupal\Tests\system\Unit\Breadcrumbs

Remaining indirect deprecation notices (1)

  1x: Automatic conversion of false to array is deprecated
    1x in PathBasedBreadcrumbBuilderTest::testBuildWithInvalidPath from Drupal\Tests\system\Unit\Breadcrumbs

Unsure why it works on 11.x with Symfony 7.2, where I would expect the deprecation throwing code would be removed, but it does.

As an added weirdness-bonus, the test fails, making the unit-test job fail on GitLab, but the specific error doesn't show up in the report. I can only find it in the raw output of the unit-test job.

But that's probably because it's a deprecation error, not an "actual" error?

Reverted from 10.5.x and 10.4.x

_tips hat_

We need to do that anyway, makes sense to me.

symfony/http-foundation was updated in #3490183: Update Composer dependencies for 10.4.0 so from here I have just committed the fix and test.

Committed and pushed c6143563c31 to 10.5.x and 3116614f706 to 10.4.x. Thanks!

So now there's only a choice between either running an insecure 10.3 application or live with an 10.3 application having the out of memory loop issue?

What is the point of having a security supported core version if you cannot update to secure symfony dependencies?

So now there's only a choice between either running an insecure 10.3 application or live with an 10.3 application having the out of memory loop issue?

What is the point of having a security supported core version if you cannot update to secure symfony dependencies?

My bad. The loop with the out-of-memory was mentioned in #3486972: DefaultExceptionHtmlSubscriber should not clone the request for 400/BadRequestException.

The point more or less remains though. Without this fix in 10.3.x it's a choice between secure dependencies or a pretty broken site.
Granted that out of memory seems to be more of a problem then "just" an exception.

I think we can probably backport this to 10.3.x too.

Seems to have broken HEAD of 11.0.x: https://git.drupalcode.org/project/drupal/-/pipelines/382966/test_report...

Reverted from 11.0.x too.

@mfb we can update, but this was quite a minor security fix (at least for us) whereas the function regressions have been quite serious, and there are multiple contexts where this error can be thrown, so I would personally prefer us to keep fixing these bugs and then only update the constraints if we really need to - individual sites can update with composer update whenever they want.

This was applied to 10.3.x, 10.4.x, 10.5.x, 11.1.x, and 11.x. It was applied to 11.0.x, which is no longer supported, but then reverted.
Therefore restoring the fixed status.