search

opensolutions / ViMbAdmin

Virtual Mailbox Administration
http://www.vimbadmin.net/
GNU General Public License v3.0
485 stars 101 forks source link

Bump smarty/smarty from 3.1.44 to 4.2.1 #291

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 2 years ago

Bumps smarty/smarty from 3.1.44 to 4.2.1.

Release notes

Sourced from smarty/smarty's releases.

v4.2.1

If you use the {mailto} plugin in your templates, please check if you are escaping the address value explicitly like this {mailto address=$htmladdress|escape}. This could cause problems through double escaping.

What's Changed

Security

  • Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks #454

Fixed

  • Fixed PHP8.1 deprecation errors in modifiers (upper, explode, number_format and replace) #755 and #788
  • Fixed PHP8.1 deprecation errors in capitalize modifier #789
  • Fixed use of rand() without a parameter in math function #794
  • Fixed unselected year/month/day not working in html_select_date #395

New Contributors

Full Changelog: https://github.com/smarty-php/smarty/compare/v4.2.0...v4.2.1

v4.2.0

What's Changed

New Contributors

Full Changelog: https://github.com/smarty-php/smarty/compare/v4.1.1...v4.2.0

v4.1.1

Security

  • Prevent PHP injection through malicious block name or include file name. This addresses CVE-2022-29221

Fixed

  • Exclude docs and demo from export and composer #751
  • PHP 8.1 deprecation notices in demo/plugins/cacheresource.pdo.php #706
  • PHP 8.1 deprecation notices in truncate modifier #699
  • Math equation max(x, y) didn't work anymore #721
  • Fix PHP 8.1 deprecated warning when calling rtrim #743
  • PHP 8.1: fix deprecation in escape modifier #727

v4.1.0

Added support for PHP 8.1.

... (truncated)

Changelog

Sourced from smarty/smarty's changelog.

[4.2.1] - 2022-09-14

Security

  • Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks #454

Fixed

  • Fixed PHP8.1 deprecation errors in modifiers (upper, explode, number_format and replace) #755 and #788
  • Fixed PHP8.1 deprecation errors in capitalize modifier #789
  • Fixed use of rand() without a parameter in math function #794
  • Fixed unselected year/month/day not working in html_select_date #395

[4.2.0] - 2022-08-01

Fixed

  • Fixed problems with smarty_mb_str_replace #549
  • Fixed second parameter of unescape modifier not working #777

Changed

  • Updated HTML of the debug template #599

[4.1.1] - 2022-05-17

Security

  • Prevent PHP injection through malicious block name or include file name. This addresses CVE-2022-29221

Fixed

  • Exclude docs and demo from export and composer #751
  • PHP 8.1 deprecation notices in demo/plugins/cacheresource.pdo.php #706
  • PHP 8.1 deprecation notices in truncate modifier #699
  • Math equation max(x, y) didn't work anymore #721
  • Fix PHP 8.1 deprecated warning when calling rtrim #743
  • PHP 8.1: fix deprecation in escape modifier #727

[4.1.0] - 2022-02-06

Added

  • PHP8.1 compatibility #713

[4.0.4] - 2022-01-18

Fixed

  • Fixed illegal characters bug in math function security check #702

[4.0.3] - 2022-01-10

Security

  • Prevent evasion of the static_classes security policy. This addresses CVE-2021-21408

[4.0.2] - 2022-01-10

... (truncated)

Commits
  • ffa2b81 Merge branch 'release/4.2.1'
  • c693d81 version bump
  • 813c83f Fixed unselected year/month/day not working in html_select_date
  • 55ea25d Applied appropriate javascript and html escaping in mailto plugin to counter ...
  • d304d34 Fixed PHP8.1 deprecation errors in capitalize modifier
  • 7494818 prevent double CI workflows in PRs
  • 50d5890 Exclude unit test files from git export
  • 6872e78 Utility script for running unit tests on all PHP versions locally
  • 5479e33 Fixed use of rand() without a parameter in math function (#795)
  • f8f97b4 Fixed PHP8.1 deprecation errors in upper modifier #788
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/opensolutions/ViMbAdmin/network/alerts).
dependabot[bot] commented 1 year ago

Looks like smarty/smarty is up-to-date now, so this is no longer needed.