Fixed Cross site scripting vulnerability in Javascript escaping. This addresses CVE-2023-28447.
Fixed
$smarty->muteUndefinedOrNullWarnings() now also mutes PHP7 notices for undefined array indexes #736
$smarty->muteUndefinedOrNullWarnings() now treats undefined vars and array access of a null or false variables
equivalent across all supported PHP versions
$smarty->muteUndefinedOrNullWarnings() now allows dereferencing of non-objects across all supported PHP versions #831
PHP 8.1 deprecation warnings on null strings in modifiers #834
Fixed Cross site scripting vulnerability in Javascript escaping. This addresses CVE-2023-28447.
Fixed
$smarty->muteUndefinedOrNullWarnings() now also mutes PHP7 notices for undefined array indexes #736
$smarty->muteUndefinedOrNullWarnings() now treats undefined vars and array access of a null or false variables
equivalent across all supported PHP versions
$smarty->muteUndefinedOrNullWarnings() now allows dereferencing of non-objects across all supported PHP versions #831
PHP 8.1 deprecation warnings on null strings in modifiers #834
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/TheRosettaFoundation/SOLAS-Match/network/alerts).
Bumps smarty/smarty from 4.2.1 to 4.3.1.
Release notes
Sourced from smarty/smarty's releases.
Changelog
Sourced from smarty/smarty's changelog.
Commits
e28cb09
Merge branch 'release/4.3.1'fe7817c
version bump6856624
Merge branch 'js_escape_security_fix'71d1135
Add changelog5512d64
Upgrade actions/checkout and actions/cache (#870)2038890
Changeloge751655
Implement fix and tests3d2a8dc
Update SECURITY.md with correct version info.2764816
Add missing dirs801d186
CompileCheck test and extra note on how it works in docsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/TheRosettaFoundation/SOLAS-Match/network/alerts).