codecov[bot]
commented
5 years ago Codecov Report
Merging #22 into master will not change coverage. The diff coverage is
n/a.
@@ Coverage Diff @@
## master #22 +/- ##
=========================================
Coverage 77.97% 77.97%
Complexity 265 265
=========================================
Files 48 48
Lines 772 772
=========================================
Hits 602 602
Misses 170 170Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact),ø = not affected,? = missing dataPowered by Codecov. Last update 146a15b...e895611. Read the comment docs.
dependabot-preview[bot]
Bumps twig/twig from 2.6.0 to 2.7.2. This update includes security fixes.
Vulnerabilities fixed
*Sourced from [The PHP Security Advisories Database](https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/2019-03-12.yaml).* > **Sandbox Information Disclosure** > > Affected versions: <1.38.0; >=2.0.0, <2.7.0 *Sourced from [The Sonatype OSS Index](https://ossindex.sonatype.org/vuln/9a6a3a82-2b5a-4c53-b3ff-6929954f6aa7).* > **[CVE-2001-1348] TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database ...** > TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter. > > Affected versions: <= 2.0.0-beta3, >= 2.0.0-beta1; <= 2.0.3, >= 2.0.0; <= 2.1.1, >= 2.1.0; <= 2.2.3, >= 2.2.0; <= 2.3.2, >= 2.3.0; = 2.4.0; <= 2.5.1, >= 2.5.0; <= 2.6.1, >= 2.6.0 *Sourced from [The Sonatype OSS Index](https://ossindex.sonatype.org/vuln/85db744a-db42-4e6d-899e-0de42a806ae6).* > **[CVE-2001-1361] Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to i...** > Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links. > > Affected versions: <= 2.7.1Changelog
*Sourced from [twig/twig's changelog](https://github.com/twigphp/Twig/blob/2.x/CHANGELOG).* > * 2.7.2 (2019-03-12) > > * added TemplateWrapper::getTemplateName() > > * 2.7.1 (2019-03-12) > > * fixed class aliases > > * 2.7.0 (2019-03-12) > > * fixed sandbox security issue (under some circumstances, calling the > __toString() method on an object was possible even if not allowed by the > security policy) > * fixed batch filter clobbers array keys when fill parameter is used > * added preserveKeys support for the batch filter > * fixed "embed" support when used from "template_from_string" > * deprecated passing a Twig\Template to Twig\Environment::load()/Twig\Environment::resolveTemplate() > * added the possibility to pass a TemplateWrapper to Twig\Environment::load() > * marked Twig\Environment::getTemplateClass() as internal (implementation detail) > * improved the performance of the sandbox > * deprecated the spaceless tag > * added a spaceless filter > * added max value to the "random" function > * deprecated Twig\Extension\InitRuntimeInterface > * deprecated Twig\Loader\ExistsLoaderInterface > * deprecated PSR-0 classes in favor of namespaced ones > * made namespace classes the default classes (PSR-0 ones are aliases now) > * added Twig\Loader\ChainLoader::getLoaders() > * removed duplicated directory separator in FilesystemLoader > * deprecated the "base_template_class" option on Twig\Environment > * deprecated the Twig\Environment::getBaseTemplateClass() and > Twig\Environment::setBaseTemplateClass() methods > * changed internal code to use the namespaced classes as much as possible > * deprecated Twig_Parser::isReservedMacroName() > > * 2.6.2 (2019-01-14) > > * fixed regression (key exists check for non ArrayObject objects) > > * 2.6.1 (2019-01-14) > > * fixed ArrayObject access with a null value > * fixed embedded templates starting with a BOM > * fixed using a Twig_TemplateWrapper instance as an argument to extends > * fixed error location when calling an undefined block > * deprecated passing a string as a source on Twig_Error > * switched generated code to use the PHP short array notation > * fixed float representation in compiled templates > * added a second argument to the join filter (last separator configuration)Commits
- [`70c5953`](https://github.com/twigphp/Twig/commit/70c59531da43afe598c66135e39cac39475a2f51) prepared the 2.7.2 release - [`4718c92`](https://github.com/twigphp/Twig/commit/4718c92548d35b034b2adbd9f03e257f8953befb) Merge branch '1.x' into 2.x - [`c0d5991`](https://github.com/twigphp/Twig/commit/c0d5991cf7dc101cd06fe4e0afe05ce064eb3273) feature [#2893](https://github-redirect.dependabot.com/twigphp/Twig/issues/2893) Add TemplateWrapper::getTemplateName() (fabpot) - [`861066e`](https://github.com/twigphp/Twig/commit/861066e50bf636d88b5ad2e6d80efccdc1faa55a) added TemplateWrapper::getTemplateName() - [`b59a77e`](https://github.com/twigphp/Twig/commit/b59a77e8846e098cf7e98f65582a887178df7cc1) bumped version to 2.7.2-DEV - [`c0dd4dc`](https://github.com/twigphp/Twig/commit/c0dd4dc5f44e541c9c0e0506da76aa4f14b41c69) prepared the 2.7.1 release - [`b0d8cd7`](https://github.com/twigphp/Twig/commit/b0d8cd7788393e5ae0156b97d1c0377644d4a56c) bumped version to 1.38.2-DEV - [`88fc6d1`](https://github.com/twigphp/Twig/commit/88fc6d1454141680f7be8c0f6700a49c7c21637c) prepared the 1.38.1 release - [`2e72beb`](https://github.com/twigphp/Twig/commit/2e72beba5a2f99929bbfaf074a0de496bb23aac0) updated CHANGELOG - [`94887ff`](https://github.com/twigphp/Twig/commit/94887ffc158706a5eb1c2ede5847d5b9cca4f185) Merge branch '1.x' into 2.x - Additional commits viewable in [compare view](https://github.com/twigphp/Twig/compare/v2.6.0...v2.7.2)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.