Bumps twig/twig from 2.6.0 to 2.6.2. This update includes security fixes.
Vulnerabilities fixed
*Sourced from [The Sonatype OSS Index](https://ossindex.sonatype.org/vuln/9a6a3a82-2b5a-4c53-b3ff-6929954f6aa7).*
> **[CVE-2001-1348] TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database ...**
> TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter.
>
> Affected versions: <= 2.0.0-beta3, >= 2.0.0-beta1; <= 2.0.3, >= 2.0.0; <= 2.1.1, >= 2.1.0; <= 2.2.3, >= 2.2.0; <= 2.3.2, >= 2.3.0; = 2.4.0; <= 2.5.1, >= 2.5.0; <= 2.6.1, >= 2.6.0
Changelog
*Sourced from [twig/twig's changelog](https://github.com/twigphp/Twig/blob/2.x/CHANGELOG).*
> * 2.6.2 (2019-01-14)
>
> * fixed regression (key exists check for non ArrayObject objects)
>
> * 2.6.1 (2019-01-14)
>
> * fixed ArrayObject access with a null value
> * fixed embedded templates starting with a BOM
> * fixed using a Twig_TemplateWrapper instance as an argument to extends
> * fixed error location when calling an undefined block
> * deprecated passing a string as a source on Twig_Error
> * switched generated code to use the PHP short array notation
> * fixed float representation in compiled templates
> * added a second argument to the join filter (last separator configuration)
Commits
- [`7d7342c`](https://github.com/twigphp/Twig/commit/7d7342c8a4059fefb9b8d07db0cc14007021f9b7) prepared the 2.6.2 release
- [`639b187`](https://github.com/twigphp/Twig/commit/639b18712ce72737caa278731afcf4b59f881781) updated CHANGELOG
- [`09942d1`](https://github.com/twigphp/Twig/commit/09942d107daaf633c8f23c0a2c216d7fc3a934a7) Merge branch '1.x' into 2.x
- [`86acbef`](https://github.com/twigphp/Twig/commit/86acbefe5c5aa474850ddf89c2163ca29f6eebcc) updated CHANGELOG
- [`366a0fd`](https://github.com/twigphp/Twig/commit/366a0fd34d4bf31f42f8d3f0f152cd6da5260e35) bug [#2813](https://github-redirect.dependabot.com/twigphp/Twig/issues/2813) fix key exists check for non ArrayObject objects (xabbuh)
- [`6df989b`](https://github.com/twigphp/Twig/commit/6df989bafe63aa212ddd53117098587fef4951ca) fix key exists check for non ArrayObject objects
- [`0a166d0`](https://github.com/twigphp/Twig/commit/0a166d01e05b5daa7a0f99fad606977a39107133) Merge branch '1.x' into 2.x
- [`361d864`](https://github.com/twigphp/Twig/commit/361d864178ea6abb86722633b6c9bd509a6e9930) fixed logic in TemplateWrapper
- [`5d89657`](https://github.com/twigphp/Twig/commit/5d89657ee929b894a90b2ef43044132eacffa9aa) bumped version to 2.6.2-DEV
- [`a06a6f3`](https://github.com/twigphp/Twig/commit/a06a6f3d14f3691a13fc7e871593117143201d5a) prepared the 2.6.1 release
- Additional commits viewable in [compare view](https://github.com/twigphp/Twig/compare/v2.6.0...v2.6.2)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot.
Bumps twig/twig from 2.6.0 to 2.6.2. This update includes security fixes.
Vulnerabilities fixed
*Sourced from [The Sonatype OSS Index](https://ossindex.sonatype.org/vuln/9a6a3a82-2b5a-4c53-b3ff-6929954f6aa7).* > **[CVE-2001-1348] TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database ...** > TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter. > > Affected versions: <= 2.0.0-beta3, >= 2.0.0-beta1; <= 2.0.3, >= 2.0.0; <= 2.1.1, >= 2.1.0; <= 2.2.3, >= 2.2.0; <= 2.3.2, >= 2.3.0; = 2.4.0; <= 2.5.1, >= 2.5.0; <= 2.6.1, >= 2.6.0Changelog
*Sourced from [twig/twig's changelog](https://github.com/twigphp/Twig/blob/2.x/CHANGELOG).* > * 2.6.2 (2019-01-14) > > * fixed regression (key exists check for non ArrayObject objects) > > * 2.6.1 (2019-01-14) > > * fixed ArrayObject access with a null value > * fixed embedded templates starting with a BOM > * fixed using a Twig_TemplateWrapper instance as an argument to extends > * fixed error location when calling an undefined block > * deprecated passing a string as a source on Twig_Error > * switched generated code to use the PHP short array notation > * fixed float representation in compiled templates > * added a second argument to the join filter (last separator configuration)Commits
- [`7d7342c`](https://github.com/twigphp/Twig/commit/7d7342c8a4059fefb9b8d07db0cc14007021f9b7) prepared the 2.6.2 release - [`639b187`](https://github.com/twigphp/Twig/commit/639b18712ce72737caa278731afcf4b59f881781) updated CHANGELOG - [`09942d1`](https://github.com/twigphp/Twig/commit/09942d107daaf633c8f23c0a2c216d7fc3a934a7) Merge branch '1.x' into 2.x - [`86acbef`](https://github.com/twigphp/Twig/commit/86acbefe5c5aa474850ddf89c2163ca29f6eebcc) updated CHANGELOG - [`366a0fd`](https://github.com/twigphp/Twig/commit/366a0fd34d4bf31f42f8d3f0f152cd6da5260e35) bug [#2813](https://github-redirect.dependabot.com/twigphp/Twig/issues/2813) fix key exists check for non ArrayObject objects (xabbuh) - [`6df989b`](https://github.com/twigphp/Twig/commit/6df989bafe63aa212ddd53117098587fef4951ca) fix key exists check for non ArrayObject objects - [`0a166d0`](https://github.com/twigphp/Twig/commit/0a166d01e05b5daa7a0f99fad606977a39107133) Merge branch '1.x' into 2.x - [`361d864`](https://github.com/twigphp/Twig/commit/361d864178ea6abb86722633b6c9bd509a6e9930) fixed logic in TemplateWrapper - [`5d89657`](https://github.com/twigphp/Twig/commit/5d89657ee929b894a90b2ef43044132eacffa9aa) bumped version to 2.6.2-DEV - [`a06a6f3`](https://github.com/twigphp/Twig/commit/a06a6f3d14f3691a13fc7e871593117143201d5a) prepared the 2.6.1 release - Additional commits viewable in [compare view](https://github.com/twigphp/Twig/compare/v2.6.0...v2.6.2)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.