Add Spanish inflector support for the plural and singular filters in the String extension
Deprecate TempNameExpression in favor of LocalVariable
Deprecate NameExpression in favor of ContextVariable
Deprecate AssignNameExpression in favor of AssignContextVariable
Remove MacroAutoImportNodeVisitor
Deprecate MethodCallExpression in favor of MacroReferenceExpression
Fix support for the "is defined" test on _self.xxx (auto-imported) macros
Fix support for the "is defined" test on inherited macros
Add named arguments support for the dot operator arguments (foo.bar(some: arg))
Add named arguments support for macros
Add a new guard tag that allows to test if some Twig callables are available at compilation time
Allow arrow functions everywhere
Deprecate passing a string or an array to Twig callable arguments accepting arrow functions (pass a \Closure)
Add support for triggering deprecations for future operator precedence changes
Deprecate using the not unary operator in an expression with *, /, //, or % without using explicit parentheses to clarify precedence
Deprecate using the ?? binary operator without explicit parentheses
Deprecate using the ~ binary operator in an expression with + or - without using parentheses to clarify precedence
Deprecate not passing AbstractExpression args to most constructor arguments for classes extending AbstractExpression
Fix power expressions with a negative number in parenthesis ((-1) ** 2)
Deprecate instantiating Node directly. Use EmptyNode or Nodes instead.
Add support for inline comments
Add support for accessing class constants with the dot operator
Add Profile::getStartTime() and Profile::getEndTime()
Fix "ignore missing" when used on an "embed" tag
Fix the possibility to override an aliased block (via use)
Add template cache hot reload
Allow Twig callable argument names to be free-form (snake-case or camelCase) independently of the PHP callable signature
They were automatically converted to snake-cased before
Deprecate the attribute function; use the . notation and wrap the name with parenthesis instead
Add support for argument unpackaging
Add JSON support for the file extension escaping strategy
Support Markup instances (and any other \Stringable) as dynamic mapping keys
Deprecate the sandbox tag
Improve the way one can deprecate a Twig callable (use deprecation_info instead of the other callable options)
Add the enum function
Add support for logical xor operator
3.14.2 (2024-11-07)
Fix an infinite recursion in the sandbox code
3.14.1 (2024-11-06)
[BC BREAK] Fix a security issue in the sandbox mode allowing an attacker to call attributes on Array-like objects
They are now checked via the property policy
Fix a security issue in the sandbox mode allowing an attacker to be able to call toString()
under some circumstances on an object even if the __toString() method is not allowed by the security policy
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps twig/twig from 3.14.0 to 3.15.0.
Changelog
Sourced from twig/twig's changelog.
Commits
2d5b396Prepare the 3.15.0 release41a7988Simplify code065a45fFix CHANGELOGc5d0d59minor #4446 Improve YieldReady support docs (fabpot)9d9c9d8Improve YieldReady support docs0ca3815minor #4444 Fix some typos inhtml_cvadocs (jdreesen)151b05bFix some typos inhtml_cvadocs5b380e5minor #4435 Fix wrong type for cycle position (ruudk)8f1ae67minor #4421 Add type for join method (ruudk)0232d38minor #4425 Rely on reflection to access null properties (nicolas-grekas)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show