Merge branch '6.4' into 7.0

* 6.4:
  [WebProfilerBundle][TwigBundle] Add conflicts with 7.0
  Check whether secrets are empty and mark them all as sensitive
  [HttpKernel] Add `ControllerResolver::allowControllers()` to define which callables are legit controllers when the `_check_controller_is_allowed` request attribute is set

Author: nicolas-grekas

Transport/Smtp/Auth/CramMd5Authenticator.php

@@ -11,6 +11,7 @@
 
 namespace Symfony\Component\Mailer\Transport\Smtp\Auth;
 
+use Symfony\Component\Mailer\Exception\InvalidArgumentException;
 use Symfony\Component\Mailer\Transport\Smtp\EsmtpTransport;
 
 /**
@@ -41,6 +42,10 @@ public function authenticate(EsmtpTransport $client): void
      */
     private function getResponse(#[\SensitiveParameter] string $secret, string $challenge): string
     {
+        if (!$secret) {
+            throw new InvalidArgumentException('A non-empty secret is required.');
+        }
+
         if (\strlen($secret) > 64) {
             $secret = pack('H32', md5($secret));
         }