Bump smarty/smarty from 3.1.36 to 3.1.40

dependabot[bot] commented 2 years ago

Bumps smarty/smarty from 3.1.36 to 3.1.40.

Release notes

Sourced from smarty/smarty's releases.

Release 3.1.40

Improved javascript escaping. And Smarty now logs a warning if an unsupported escape type is used to stop you from accidentally using $var|escape:quote and not actually quoting anything.

Release 3.1.39

Security release, handling two sandbox security issues.

v3.1.38

No release notes provided.

Release 3.1.37

No release notes provided.

Changelog

Sourced from smarty/smarty's changelog.

[3.1.40] - 2021-10-13

Changed

modifier escape now triggers a E_USER_NOTICE when an unsupported escape type is used smarty-php/smarty#649

Security

More advanced javascript escaping to handle https://html.spec.whatwg.org/multipage/scripting.html#restrictions-for-contents-of-script-elements thanks to m-haritonov

[3.1.39] - 2021-02-17

Security

Prevent access to $smarty.template_object in sandbox mode. This addresses CVE-2021-26119.

Fixed code injection vulnerability by using illegal function names in {function name='blah'}{/function}. This addresses CVE-2021-26120.

[3.1.38] - 2021-01-08

Fixed

Smarty::SMARTY_VERSION wasn't updated smarty-php/smarty#628

[3.1.37] - 2021-01-07

Changed

Changed error handlers and handling of undefined constants for php8-compatibility (set $errcontext argument optional) smarty-php/smarty#605

Changed expected error levels in unit tests for php8-compatibility

Travis unit tests now run for all php versions >= 5.3, including php8

Travis runs on Xenial where possible

Fixed

PHP5.3 compatibility fixes

Brought lexer source functionally up-to-date with compiled version

Commits

9d4f830 Merge branch 'release/3.1.40'
7c4354e version bump
770bc4a Merge branch 'm-haritonov-escape'
0ff7ba5 Add changelog
3b0fd82 Merge branch 'escape' of https://github.com/m-haritonov/smarty into m-hariton...
1a68b79 Update README.md (#668)
e3eabe0 Delete uninted file expectException (#664)
4698dd9 Changelog
039043e Update modifier.escape.php (#649)
9cde36e plugins: escape: javascript escaping secure fix
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)