Bump cakephp/cakephp from 3.4.11 to 3.5.18

[dependabot[bot]]

Bumps cakephp/cakephp from 3.4.11 to 3.5.18.

Release notes

*Sourced from [cakephp/cakephp's releases](https://github.com/cakephp/cakephp/releases).* > ## CakePHP 3.5.18 released > The CakePHP core team is happy to announce the immediate availability of CakePHP > 3.5.18. This release contains a security related fix for [CVE-2019-11458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11458). The vulnerability affects applications that open serialized content from user input. When doing so the ``SmtpTransport`` can be used to overwrite any file the webserver has write access to. We'd like to thank Edgaras Janušauskas for notifying us of this issue and confirming the fix. > > ## CakePHP 3.5.17 released > This release contains security related fixes that address a cross-site-scripting (XSS) vulnerability in the development only 'missing route' and 'duplicate named route' error pages. We recommend that all users of 3.5 update. > > ## CakePHP 3.5.15 released > The CakePHP core team is happy to announce the immediate availability of CakePHP 3.5.15. This is a maintenance release for the 3.5 branch that fixes several community reported issues. > > Bugfixes & New Features > ----------------------- > > You can expect the following changes in 3.5.15. See the [changelog](https://github.com/cakephp/cakephp/compare/3.5.14...3.5.15) for every commit. > > * Improved API documentation. > * ``RequestHandlerComponent`` no longer expands recursive inline XML entities when processing request data. > * PO file context messages can now be multi-line strings. > * ``File::name()`` now handles unicode filenames. > * Improved errors when route classes are missing. > * ExistsIn rule now works as documented when used with ``saveMany()``. > * Postgres schema reflection now handles null default values with casting. > * Swapping the session engine now changes the handler in PHP. > > Contributors to 3.5.15 > ---------------------- > > Thank you to all the contributors that helped make this release happen: > > * ADmad > * Florian Krämer > * Ivan Vorsin > * Joep Roebroek > * José Lorenzo Rodríguez > * Mark Scherer > * Mark Story > * Sohel Rana > * Wouter van Os > * saeideng > * sohelrana820 > > As always, we would like to thank all the contributors that opened issues, created pull requests or updated the documentation. > > ## CakePHP 3.5.14 released > The CakePHP core team is happy to announce the immediate availability of CakePHP 3.5.14. This is a maintenance release for the 3.5 branch that fixes several community reported issues. > > Bugfixes & New Features > ----------------------- > > You can expect the following changes in 3.5.14. See the [changelog](https://github.com/cakephp/cakephp/compare/3.5.13...3.5.14) for every commit. > ... (truncated)

Commits

- [`46ead51`](https://github.com/cakephp/cakephp/commit/46ead510e101a6c89e18eeb2504fcdd48fdf039e) Update version number to 3.5.18 - [`81412fb`](https://github.com/cakephp/cakephp/commit/81412fbe2cb88a304dbeeece1955bc0aec98edb1) Fix side-effect in destructor - [`7727f12`](https://github.com/cakephp/cakephp/commit/7727f122bac708a6b5883472bb3b22aad1e68e3b) Update version number to 3.5.17 - [`961b0e6`](https://github.com/cakephp/cakephp/commit/961b0e6cd713ce20c56c340f424495fbd99656b2) Add missing HTML encoding to templates. - [`da27675`](https://github.com/cakephp/cakephp/commit/da27675395d1dbb6cd8ef122d228c52033f272c2) Update version number to 3.5.16 - [`dd937a0`](https://github.com/cakephp/cakephp/commit/dd937a0db4ea897ee2c8d9a93197505679f7a476) Make CSRF token comparisions time constant. - [`d4e2693`](https://github.com/cakephp/cakephp/commit/d4e2693f033392333577478b61af757927b2f9c7) Update version number to 3.5.15 - [`c3827c0`](https://github.com/cakephp/cakephp/commit/c3827c040d0a7e649fcf3781070c1f36bd4dfc8a) Merge pull request [#11923](https://github-redirect.dependabot.com/cakephp/cakephp/issues/11923) from Wouter0100/implement/multi-line-po - [`d132220`](https://github.com/cakephp/cakephp/commit/d13222046518eeacc3b64b781ba507497a215bb2) Fixed typos in po test file and fixed test failing - [`f23042e`](https://github.com/cakephp/cakephp/commit/f23042e811072e3743a767210e1dc067bed3f0d4) Merge pull request [#11925](https://github-redirect.dependabot.com/cakephp/cakephp/issues/11925) from cakephp/issue-11895 - Additional commits viewable in [compare view](https://github.com/cakephp/cakephp/compare/3.4.11...3.5.18)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/sophimail/webadmin/network/alerts).

[dependabot[bot]]

Superseded by #11.