3 security updates
GHSA-jrgf-vfw2-hj26 CMS Editor code execution
GHSA-hj6w-xrv3-wjj9 Widget instances allows a hacker to inject an executable file on the server
GHSA-99m6-r53j-4hh2 Layout XML RCE Vulnerability
More Changes:
#1246 Adds support for "SameSite" cookie property
#1356 Fixed return type of Mage_Adminhtml_Block_System_Config_Form::_canShowField
#1275 Add start & stop commands to ddev setup in readme
#1273 Update static-code-analyses.yml
#1206 Reduced multiple dispatch events in login form.
#1140 Github Action Labeler Bot
#1337 Allow rewrite of Mage_Core_Model_File_Validator_Image
#1086 Allow debug in admin
#1378 Declare two variables
#1330 Allow min pass length to 5 during login
#1373 Removed 2 unneeded function calls. Local var is already there.
#1390 Fix class name and filename for case sensitive filesystems
#1336 Fix getId() on bool when primary billing address is null
#1370 Fixed adminhtml boxes.css fieldset-wide for note.
#1168 New event "adminhtml_sales_order_create_save_before" when editing an order.
#1393 Fixes PHP7.4 deprecated nested ternary operators
#1403 TypeError: round(): Argument #1 ($num) must be of type int|float