search

sabre-io / Baikal

Baïkal is a Calendar+Contacts server
https://sabre.io/baikal/
GNU General Public License v3.0
2.42k stars 281 forks source link

Update twig/twig requirement from ~3.8.0 to ~3.9.3 #1261

Closed dependabot[bot] closed 1 month ago

dependabot[bot] commented 2 months ago

Updates the requirements on twig/twig to permit the latest version.

Changelog

Sourced from twig/twig's changelog.

3.9.3 (2024-04-18)

  • Add missing twig_escape_filter_is_safe deprecated function
  • Fix yield usage with CaptureNode
  • Add missing unwrap call when using a TemplateWrapper instance internally
  • Ensure Lexer is initialized early on

3.9.2 (2024-04-17)

  • Fix usage of display_end hook

3.9.1 (2024-04-17)

  • Fix missing $blocks variable in CaptureNode

3.9.0 (2024-04-16)

  • Add support for PHP 8.4
  • Deprecate AbstractNodeVisitor
  • Deprecate passing Template to Environment::resolveTemplate(), Environment::load(), and Template::loadTemplate()
  • Add a new "yield" mode for output generation; Node implementations that use "echo" or "print" should use "yield" instead; all Node implementations should be flagged with #[YieldReady] once they've been made ready for "yield"; the "use_yield" Environment option can be turned on when all nodes have been made #[YieldReady]; "yield" will be the only strategy supported in the next major version
  • Add return type for Symfony 7 compatibility
  • Fix premature loop exit in Security Policy lookup of allowed methods/properties
  • Deprecate all internal extension functions in favor of methods on the extension classes
  • Mark all extension functions as @​internal
  • Add SourcePolicyInterface to selectively enable the Sandbox based on a template's Source
  • Throw a proper Twig exception when using cycle on an empty array

3.8.0 (2023-11-21)

  • Catch errors thrown during template rendering
  • Fix IntlExtension::formatDateTime use of date formatter prototype
  • Fix premature loop exit in Security Policy lookup of allowed methods/properties
  • Remove NumberFormatter::TYPE_CURRENCY (deprecated in PHP 8.3)
  • Restore return type annotations
  • Allow Symfony 7 packages to be installed
  • Deprecate twig_test_iterable function. Use the native is_iterable instead.

3.7.1 (2023-08-28)

  • Fix some phpdocs

3.7.0 (2023-07-26)

  • Add support for the ...spread operator on arrays and hashes

... (truncated)

Commits
  • a842d75 Prepare the 3.9.3 release
  • cb307d7 Update CHANGELOG
  • 117b502 bug #4037 fix: #4033 add missing unwrap call on TemplateWrapper instance (TLG...
  • 89d6acf bug #4038 Ensure Lexer:: is always initialized (danut007ro)
  • 5a79652 Ensure Lexer:: is always initialized
  • 15f5966 bug #4036 change extended DI extension class (xabbuh)
  • be6dbbc bug #4035 fix: #4029 CaptureNode iterator_to_array preserveKeys false (TLG-Gi...
  • 6c63152 fix: #4033 add missing unwrap call when a TemplateWrapper instance can be pre...
  • b61a422 change extended DI extension class
  • f7121a2 fix: #4029 when use_yield is true CaptureNode use iterator_to_array preserveK...
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
ByteHamster commented 2 months ago

Hmm. I'm not a fan of updating dependencies just for the sake of updating them. Between two releases, we then need to update and test the dependencies a dozen times even though we only release one version in the end.

phil-davis commented 2 months ago

OK, leave this dependabot PR until you are thinking of doing a release.

dependabot[bot] commented 1 month ago

Superseded by #1268.