codecov[bot]
commented
5 years ago Codecov Report
Merging #21 into master will not change coverage. The diff coverage is
n/a.
@@ Coverage Diff @@
## master #21 +/- ##
=========================================
Coverage 77.97% 77.97%
Complexity 265 265
=========================================
Files 48 48
Lines 772 772
=========================================
Hits 602 602
Misses 170 170Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact),ø = not affected,? = missing dataPowered by Codecov. Last update 146a15b...d7788d7. Read the comment docs.
dependabot-preview[bot]
Bumps twig/twig from 2.6.0 to 2.7.0. This update includes security fixes.
Vulnerabilities fixed
*Sourced from [The PHP Security Advisories Database](https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/2019-03-12.yaml).* > **Sandbox Information Disclosure** > > Affected versions: <1.38.0; >=2.0.0, <2.7.0 *Sourced from [The Sonatype OSS Index](https://ossindex.sonatype.org/vuln/9a6a3a82-2b5a-4c53-b3ff-6929954f6aa7).* > **[CVE-2001-1348] TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database ...** > TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter. > > Affected versions: <= 2.0.0-beta3, >= 2.0.0-beta1; <= 2.0.3, >= 2.0.0; <= 2.1.1, >= 2.1.0; <= 2.2.3, >= 2.2.0; <= 2.3.2, >= 2.3.0; = 2.4.0; <= 2.5.1, >= 2.5.0; <= 2.6.1, >= 2.6.0Changelog
*Sourced from [twig/twig's changelog](https://github.com/twigphp/Twig/blob/2.x/CHANGELOG).* > * 2.7.0 (2019-03-12) > > * fixed sandbox security issue (under some circumstances, calling the > __toString() method on an object was possible even if not allowed by the > security policy) > * fixed batch filter clobbers array keys when fill parameter is used > * added preserveKeys support for the batch filter > * fixed "embed" support when used from "template_from_string" > * deprecated passing a Twig\Template to Twig\Environment::load()/Twig\Environment::resolveTemplate() > * added the possibility to pass a TemplateWrapper to Twig\Environment::load() > * marked Twig\Environment::getTemplateClass() as internal (implementation detail) > * improved the performance of the sandbox > * deprecated the spaceless tag > * added a spaceless filter > * added max value to the "random" function > * deprecated Twig\Extension\InitRuntimeInterface > * deprecated Twig\Loader\ExistsLoaderInterface > * deprecated PSR-0 classes in favor of namespaced ones > * made namespace classes the default classes (PSR-0 ones are aliases now) > * added Twig\Loader\ChainLoader::getLoaders() > * removed duplicated directory separator in FilesystemLoader > * deprecated the "base_template_class" option on Twig\Environment > * deprecated the Twig\Environment::getBaseTemplateClass() and > Twig\Environment::setBaseTemplateClass() methods > * changed internal code to use the namespaced classes as much as possible > * deprecated Twig_Parser::isReservedMacroName() > > * 2.6.2 (2019-01-14) > > * fixed regression (key exists check for non ArrayObject objects) > > * 2.6.1 (2019-01-14) > > * fixed ArrayObject access with a null value > * fixed embedded templates starting with a BOM > * fixed using a Twig_TemplateWrapper instance as an argument to extends > * fixed error location when calling an undefined block > * deprecated passing a string as a source on Twig_Error > * switched generated code to use the PHP short array notation > * fixed float representation in compiled templates > * added a second argument to the join filter (last separator configuration)Commits
- [`57bd838`](https://github.com/twigphp/Twig/commit/57bd838bb7a9368ecf8b19bbe9788090502d1615) prepared the 2.7.0 release - [`ad7d274`](https://github.com/twigphp/Twig/commit/ad7d27425dffc763644de93da2262f69478c691b) Merge branch '1.x' into 2.x - [`0f3af98`](https://github.com/twigphp/Twig/commit/0f3af98ef6e71929ad67fb6e5f3ad65777c1c4c5) security [#2885](https://github-redirect.dependabot.com/twigphp/Twig/issues/2885) Fix security issue in the sandbox (fabpot) - [`34cccc7`](https://github.com/twigphp/Twig/commit/34cccc77f077bccb546d5471d9f7d34541d21037) Merge branch '1.x' into 2.x - [`5e1a361`](https://github.com/twigphp/Twig/commit/5e1a3615bceaa913babe38a116b7ca1a40598f44) removed one usage of Template vs TemplateWrapper - [`eac5422`](https://github.com/twigphp/Twig/commit/eac5422956e1dcca89a3669a03a3ff32f0502077) fixed security issue in the sandbox - [`0e583c9`](https://github.com/twigphp/Twig/commit/0e583c9ee1c5cbd6f1c3e0b28447fa85b3428eb7) updated CHANGELOG - [`a73bcb4`](https://github.com/twigphp/Twig/commit/a73bcb4afe4393d4be9c7c424bdef42e19e78668) Merge branch '1.x' into 2.x - [`7e30569`](https://github.com/twigphp/Twig/commit/7e305693b0bb212082fd19df808a949d8b0ed72d) bug [#2884](https://github-redirect.dependabot.com/twigphp/Twig/issues/2884) Fix "batch filter clobbers array keys when fill parameter is used "... - [`750cb23`](https://github.com/twigphp/Twig/commit/750cb237421a2210b677c8ae1f23096ce407714b) fixed batch filter clobbers array keys when fill parameter is used - Additional commits viewable in [compare view](https://github.com/twigphp/Twig/compare/v2.6.0...v2.7.0)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.