Bump smarty/smarty from 3.1.36 to 4.1.0

dependabot[bot] commented 2 years ago

Bumps smarty/smarty from 3.1.36 to 4.1.0.

Release notes

Sourced from smarty/smarty's releases.

v4.1.0

Added support for PHP 8.1.

What's Changed

PHP 8.1 compatibility (without IntlDateFormatter) by @thirsch in smarty-php/smarty#713

Updating PHP 8.0 to 8.1 in the docs. by @thirsch in smarty-php/smarty#717

Full Changelog: https://github.com/smarty-php/smarty/compare/v4.0.4...v4.1.0

v4.0.4

What's Changed

Support multiple operators in math equations by @caugner in smarty-php/smarty#708

Full Changelog: https://github.com/smarty-php/smarty/compare/v4.0.3...v4.0.4

v4.0.3

What's Changed

Prevent evasion of the static_classes security policy. This addresses CVE-2021-21408

Full Changelog: https://github.com/smarty-php/smarty/compare/v4.0.2...v4.0.3

v4.0.2

Prevent arbitrary PHP code execution through maliciously crafted expression for the math function. This addresses CVE-2021-29454

Full Changelog: https://github.com/smarty-php/smarty/compare/v4.0.1...v4.0.2

v4.0.1

What's Changed

Rewrote the mailto function to not use eval when encoding with javascript

Feature/add docs by @wisskid in smarty-php/smarty#689

Fix for php 8.0 by @pandarek in smarty-php/smarty#687

Fix a typo by @marclaporte in smarty-php/smarty#690

New Contributors

@pandarek made their first contribution in smarty-php/smarty#687

@marclaporte made their first contribution in smarty-php/smarty#690

Full Changelog: https://github.com/smarty-php/smarty/compare/v4.0.0...v4.0.1

v4.0.0

Jay! Smarty4, with support for PHP8.0 is alive!

v4.0.0-rc.0

Pre-release for Smarty4 support PHP8.0!

v3.1.44

What's Changed

Fixes illegal characters warning in math

... (truncated)

Changelog

Sourced from smarty/smarty's changelog.

[4.1.0] - 2022-02-06

Added

PHP8.1 compatibility #713

[4.0.4] - 2022-01-18

Fixed

Fixed illegal characters bug in math function security check #702

[4.0.3] - 2022-01-10

Security

Prevent evasion of the static_classes security policy. This addresses CVE-2021-21408

[4.0.2] - 2022-01-10

Security

Prevent arbitrary PHP code execution through maliciously crafted expression for the math function. This addresses CVE-2021-29454

[4.0.1] - 2022-01-09

Security

Rewrote the mailto function to not use eval when encoding with javascript

[4.0.0] - 2021-11-25

[4.0.0-rc.0] - 2021-10-13

Added

You can now use $smarty->muteUndefinedOrNullWarnings() to activate convert warnings about undefined or null template vars to notices when running PHP8

Changed

Switch CI from Travis to Github CI

Updated unit tests to avoid skipped and risky test warnings

Removed

Dropped support for PHP7.0 and below, so Smarty now requires PHP >=7.1

Dropped support for php asp tags in templates (removed from php since php7.0)

Dropped deprecated API calls that where only accessible through SmartyBC

Dropped support for {php} and {include_php} tags and embedded PHP in templates. Embedded PHP will now be passed through as is.

Removed all PHP_VERSION_ID and compare_version checks and conditional code blocks that are now no longer required

Dropped deprecated SMARTY_RESOURCE_CHAR_SET and SMARTY_RESOURCE_DATE_FORMAT constants

Dropped deprecated Smarty::muteExpectedErrors and Smarty::unmuteExpectedErrors API methods

Dropped deprecated $smarty->getVariable() method. Use $smarty->getTemplateVars() instead.

$smarty->registerResource() no longer accepts an array of callback functions

[3.1.40] - 2021-10-13

Changed

... (truncated)

Commits

9e0536d Merge branch 'release/4.1.0'
265cf4f version bump
47f95ad Merge pull request #717 from vemaeg/php81-doc
6786623 Activating jit compiler for ubuntu-latest + php 8.1
2d97169 Merge branch 'smarty-php:master' into php81-doc
0f09880 Create getting-started.md
bbcd581 Update README.md
612094d Updated changelog
0ef0dda Merge pull request #713 from vemaeg/php81
cef8951 Add PHP 8.1 tests
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)