search

vorburger / opendaylight-bot

Eclipse Public License 1.0
0 stars 2 forks source link

Bump thymeleaf from 3.0.9.RELEASE to 3.0.10.RELEASE #28

Closed dependabot-preview[bot] closed 5 years ago

dependabot-preview[bot] commented 6 years ago

Bumps thymeleaf from 3.0.9.RELEASE to 3.0.10.RELEASE.

Changelog *Sourced from [thymeleaf's changelog](https://github.com/thymeleaf/thymeleaf/blob/3.0-master/ChangeLog.txt).* > 3.0.10 > ====== > - Fixed StackOverflowError when inserting content before first element of model in a model processor. > - Improved restricted expression evaluation mode to forbid output of textual data from context variables inside > JavaScript event handlers in HTML templates. > - Improved HTML event handler attributes (th:on*) in order to allow processing of their values as fragments > of inlined JavaScript (using JAVASCRIPT template mode). > - Improved use of template name abbreviation in logs and exceptions. > - Added "Automatic-Module-Name: thymeleaf" to MANIFEST.MF for Java 9+ JPMS. > - Updated AttoParser dependency to 2.0.5.RELEASE > - Updated Unbescape dependency to 1.1.6.RELEASE > > > 3.0.9 > ===== > - Fixed hit ratio in StandardCache not being correctly computed (always 1 or 0). > - Improve restricted expression evaluation mode to restrict access to some request features > (#request.getParameter(), #request.getParameterValues(), #request.getParameterMap(), #request.getQueryString()). > - Added new scenarios for restricted expression evaluation: th:on*, th:attr, th:src, th:href, default attribute > processor, fragment expressions, link expressions (only for URL bases), inlined output expression in TEXT mode. > > > 3.0.8 > ===== > - Fixed WebEngineContext returning wrong boolean values for ServletContextAttributesMap#isEmpty() and > SessionAttributesMap#isEmpty(). > - Fixed DateFormat implementation being used for Jackson-based serialization of dates not implementing > clone() properly, which could result in thread-safety issues on the underlying SimpleDateFormat instance. > - Fixed JavaScript parser failing on parsing JS regexp or JS template literals that contained unbalanced quotes. > - Improved behaviour when parser-level or prototype-only comment block is not closed at the end of template. An > exception is now thrown. > - Updated SLF4j dependency to 1.7.25. > > > 3.0.7 > ===== > - Fixed JavaScript line comment (//) parsing breaks when EOF comes before \n (script ends in the comment line). > - Improved escaping of attributes in XML template mode: \t, \n and \r now being always escaped in order to prevent > them being normalised into white spaces by XML parsers when reading (which would be according to the spec). > - Improved #numbers.sequence(...) behaviour so that zero-element sequences are now returned when it is not possible > to get from the initial to the final values using the specified step (was returning an error). > - Updated Unbescape dependency to 1.1.5.RELEASE. > > > 3.0.6 > ===== > - Fixed unclosed quote in JavaScript/CSS comments breaking parsing (wrongly considered literal starts). > - Fixed bad parsing of '/content()' selector (AttoParser) in some scenarios, leading to suboptimal execution of > this type of fragment selection. > - Fixed prevent fragments without a signature being called with unnamed parameters. > ... (truncated)
Commits - [`1ed8e00`](https://github.com/thymeleaf/thymeleaf/commit/1ed8e0041b13d41790398402500e1e88bf2f6b30) [maven-release-plugin] prepare release thymeleaf-3.0.10.RELEASE - [`bb2fd0e`](https://github.com/thymeleaf/thymeleaf/commit/bb2fd0e9005f8aab0de0a3f9f3897edea8084b88) Fixed JavaDoc for JDK 11 build - [`6bae7ac`](https://github.com/thymeleaf/thymeleaf/commit/6bae7accac0979176adaededfa3c72084b4ebf99) Updated maven plugins - [`fe8794d`](https://github.com/thymeleaf/thymeleaf/commit/fe8794d61bc52bd8952834a663419ce9b0ad7cea) Updated change log - [`fe44b93`](https://github.com/thymeleaf/thymeleaf/commit/fe44b93e86c11906b9f689f1b8a0e1288a1eb423) Fixes [#707](https://github-redirect.dependabot.com/thymeleaf/thymeleaf/issues/707) - Enable processing of HTML event handler attributes in JAVASCRIPT... - [`b242fd3`](https://github.com/thymeleaf/thymeleaf/commit/b242fd3697314099966bef18dbb37184d2297564) Fixes [#705](https://github-redirect.dependabot.com/thymeleaf/thymeleaf/issues/705) - Restricted mode: Avoid variable expressions returning strings in... - [`fa2a3d9`](https://github.com/thymeleaf/thymeleaf/commit/fa2a3d9829f085ee0632674091bf578b6ec31529) Merge pull request [#694](https://github-redirect.dependabot.com/thymeleaf/thymeleaf/issues/694) from sullis/maven-plugin-upgrade - [`bdcc32c`](https://github.com/thymeleaf/thymeleaf/commit/bdcc32cbf5d60d696a65832212bd52446d05b087) upgrade Maven plugins - [`9a76750`](https://github.com/thymeleaf/thymeleaf/commit/9a767507feaf6a2264b06a161487b1ea1292c5e7) Updated change log - [`f06fccf`](https://github.com/thymeleaf/thymeleaf/commit/f06fccfb767cf1fde3aa92b2723c88ff3a6a2230) Fixes [#680](https://github-redirect.dependabot.com/thymeleaf/thymeleaf/issues/680) - Add a JPMS automatic module name - Additional commits viewable in [compare view](https://github.com/thymeleaf/thymeleaf/compare/thymeleaf-3.0.9.RELEASE...thymeleaf-3.0.10.RELEASE)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.
dependabot-preview[bot] commented 5 years ago

Superseded by #29.