diff --git a/src/Controller/BlogController.php b/src/Controller/BlogController.php
index bd111d932..e3e30aa24 100644
--- a/src/Controller/BlogController.php
+++ b/src/Controller/BlogController.php
@@ -161,10 +161,10 @@ public function search(Request $request, PostRepository $posts): Response
         $results = [];
         foreach ($foundPosts as $post) {
             $results[] = [
-                'title' => htmlspecialchars($post->getTitle()),
+                'title' => htmlspecialchars($post->getTitle(), ENT_COMPAT | ENT_HTML5),
                 'date' => $post->getPublishedAt()->format('M d, Y'),
-                'author' => htmlspecialchars($post->getAuthor()->getFullName()),
-                'summary' => htmlspecialchars($post->getSummary()),
+                'author' => htmlspecialchars($post->getAuthor()->getFullName(), ENT_COMPAT | ENT_HTML5),
+                'summary' => htmlspecialchars($post->getSummary(), ENT_COMPAT | ENT_HTML5),
                 'url' => $this->generateUrl('blog_post', ['slug' => $post->getSlug()]),
             ];
         }
diff --git a/src/DataFixtures/AppFixtures.php b/src/DataFixtures/AppFixtures.php
index 00de4cc5b..e54bbe186 100644
--- a/src/DataFixtures/AppFixtures.php
+++ b/src/DataFixtures/AppFixtures.php
@@ -82,7 +82,7 @@ private function loadPosts(ObjectManager $manager)
                 $comment = new Comment();
                 $comment->setAuthor($this->getReference('john_user'));
                 $comment->setContent($this->getRandomText(random_int(255, 512)));
-                $comment->setPublishedAt(new \DateTime('now + '.($i).'seconds'));
+                $comment->setPublishedAt(new \DateTime('now + '.$i.'seconds'));
 
                 $post->addComment($comment);
             }
diff --git a/src/Entity/Comment.php b/src/Entity/Comment.php
index 20cf16cd2..805384fb8 100644
--- a/src/Entity/Comment.php
+++ b/src/Entity/Comment.php
@@ -126,12 +126,12 @@ public function setAuthor(User $author): void
         $this->author = $author;
     }
 
-    public function getPost(): Post
+    public function getPost(): ?Post
     {
         return $this->post;
     }
 
-    public function setPost(Post $post): void
+    public function setPost(?Post $post): void
     {
         $this->post = $post;
     }
diff --git a/src/Entity/Post.php b/src/Entity/Post.php
index 56cf5b7c6..fe25e4b8b 100644
--- a/src/Entity/Post.php
+++ b/src/Entity/Post.php
@@ -39,7 +39,7 @@ class Post
      *
      * See https://symfony.com/doc/current/best_practices/configuration.html#constants-vs-configuration-options
      */
-    const NUM_ITEMS = 10;
+    public const NUM_ITEMS = 10;
 
     /**
      * @var int
@@ -138,7 +138,7 @@ public function getTitle(): ?string
         return $this->title;
     }
 
-    public function setTitle(string $title): void
+    public function setTitle(?string $title): void
     {
         $this->title = $title;
     }
@@ -148,7 +148,7 @@ public function getSlug(): ?string
         return $this->slug;
     }
 
-    public function setSlug(string $slug): void
+    public function setSlug(?string $slug): void
     {
         $this->slug = $slug;
     }
@@ -158,7 +158,7 @@ public function getContent(): ?string
         return $this->content;
     }
 
-    public function setContent(string $content): void
+    public function setContent(?string $content): void
     {
         $this->content = $content;
     }
@@ -168,7 +168,7 @@ public function getPublishedAt(): \DateTime
         return $this->publishedAt;
     }
 
-    public function setPublishedAt(\DateTime $publishedAt): void
+    public function setPublishedAt(?\DateTime $publishedAt): void
     {
         $this->publishedAt = $publishedAt;
     }
@@ -178,7 +178,7 @@ public function getAuthor(): User
         return $this->author;
     }
 
-    public function setAuthor(User $author): void
+    public function setAuthor(?User $author): void
     {
         $this->author = $author;
     }
@@ -188,7 +188,7 @@ public function getComments(): Collection
         return $this->comments;
     }
 
-    public function addComment(Comment $comment): void
+    public function addComment(?Comment $comment): void
     {
         $comment->setPost($this);
         if (!$this->comments->contains($comment)) {
@@ -207,12 +207,12 @@ public function getSummary(): ?string
         return $this->summary;
     }
 
-    public function setSummary(string $summary): void
+    public function setSummary(?string $summary): void
     {
         $this->summary = $summary;
     }
 
-    public function addTag(Tag ...$tags): void
+    public function addTag(?Tag ...$tags): void
     {
         foreach ($tags as $tag) {
             if (!$this->tags->contains($tag)) {
diff --git a/src/Events.php b/src/Events.php
index 351ceeeb8..4b4489bc0 100644
--- a/src/Events.php
+++ b/src/Events.php
@@ -28,5 +28,5 @@ final class Events
      *
      * @var string
      */
-    const COMMENT_CREATED = 'comment.created';
+    public const COMMENT_CREATED = 'comment.created';
 }
diff --git a/src/Security/PostVoter.php b/src/Security/PostVoter.php
index a43f376cd..cac060062 100644
--- a/src/Security/PostVoter.php
+++ b/src/Security/PostVoter.php
@@ -28,9 +28,9 @@ class PostVoter extends Voter
 {
     // Defining these constants is overkill for this simple application, but for real
     // applications, it's a recommended practice to avoid relying on "magic strings"
-    const SHOW = 'show';
-    const EDIT = 'edit';
-    const DELETE = 'delete';
+    private const SHOW = 'show';
+    private const EDIT = 'edit';
+    private const DELETE = 'delete';
 
     /**
      * {@inheritdoc}
diff --git a/src/Twig/SourceCodeExtension.php b/src/Twig/SourceCodeExtension.php
index 96c943875..40ef75cd3 100644
--- a/src/Twig/SourceCodeExtension.php
+++ b/src/Twig/SourceCodeExtension.php
@@ -117,7 +117,7 @@ private function unindentCode(string $code): string
         $codeLines = explode("\n", $code);
 
         $indentedLines = array_filter($codeLines, function ($lineOfCode) {
-            return '' === $lineOfCode || '    ' === mb_substr($lineOfCode, 0, 4);
+            return '' === $lineOfCode || 0 === mb_strpos($lineOfCode, '    ');
         });
 
         if (count($indentedLines) === count($codeLines)) {
diff --git a/tests/Command/AddUserCommandTest.php b/tests/Command/AddUserCommandTest.php
index d39758f18..558d32fd6 100644
--- a/tests/Command/AddUserCommandTest.php
+++ b/tests/Command/AddUserCommandTest.php
@@ -46,7 +46,7 @@ protected function setUp()
      * This test provides all the arguments required by the command, so the
      * command runs non-interactively and it won't ask for any argument.
      */
-    public function testCreateUserNonInteractive($isAdmin)
+    public function testCreateUserNonInteractive(bool $isAdmin)
     {
         $input = $this->userData;
         if ($isAdmin) {
@@ -65,7 +65,7 @@ public function testCreateUserNonInteractive($isAdmin)
      * arguments.
      * See https://symfony.com/doc/current/components/console/helpers/questionhelper.html#testing-a-command-that-expects-input
      */
-    public function testCreateUserInteractive($isAdmin)
+    public function testCreateUserInteractive(bool $isAdmin)
     {
         $this->executeCommand(
         // these are the arguments (only 1 is passed, the rest are missing)
@@ -92,7 +92,7 @@ public function isAdminDataProvider()
      * This helper method checks that the user was correctly created and saved
      * in the database.
      */
-    private function assertUserCreated($isAdmin)
+    private function assertUserCreated(bool $isAdmin)
     {
         $container = self::$kernel->getContainer();
 
diff --git a/tests/Controller/Admin/BlogControllerTest.php b/tests/Controller/Admin/BlogControllerTest.php
index 23235d463..4d2d9490b 100644
--- a/tests/Controller/Admin/BlogControllerTest.php
+++ b/tests/Controller/Admin/BlogControllerTest.php
@@ -35,7 +35,7 @@ class BlogControllerTest extends WebTestCase
     /**
      * @dataProvider getUrlsForRegularUsers
      */
-    public function testAccessDeniedForRegularUsers($httpMethod, $url)
+    public function testAccessDeniedForRegularUsers(string $httpMethod, string $url)
     {
         $client = static::createClient([], [
             'PHP_AUTH_USER' => 'john_user',
diff --git a/tests/Controller/DefaultControllerTest.php b/tests/Controller/DefaultControllerTest.php
index 5d38572cc..639a1808c 100644
--- a/tests/Controller/DefaultControllerTest.php
+++ b/tests/Controller/DefaultControllerTest.php
@@ -34,7 +34,7 @@ class DefaultControllerTest extends WebTestCase
      *
      * @dataProvider getPublicUrls
      */
-    public function testPublicUrls($url)
+    public function testPublicUrls(string $url)
     {
         $client = static::createClient();
         $client->request('GET', $url);
@@ -70,7 +70,7 @@ public function testPublicBlogPost()
      *
      * @dataProvider getSecureUrls
      */
-    public function testSecureUrls($url)
+    public function testSecureUrls(string $url)
     {
         $client = static::createClient();
         $client->request('GET', $url);
diff --git a/tests/Utils/SluggerTest.php b/tests/Utils/SluggerTest.php
index 359f53a1e..34ca28925 100644
--- a/tests/Utils/SluggerTest.php
+++ b/tests/Utils/SluggerTest.php
@@ -29,7 +29,7 @@ class SluggerTest extends TestCase
     /**
      * @dataProvider getSlugs
      */
-    public function testSlugify($string, $slug)
+    public function testSlugify(string $string, string $slug)
     {
         $this->assertSame($slug, Slugger::slugify($string));
     }