[Security] Bump twig/twig from 2.6.2 to 2.7.3

[dependabot-preview[bot]]

Bumps twig/twig from 2.6.2 to 2.7.3. This update includes security fixes.

Vulnerabilities fixed

*Sourced from [The PHP Security Advisories Database](https://github.com/FriendsOfPHP/security-advisories/blob/master/twig/twig/2019-03-12.yaml).* > **Sandbox Information Disclosure** > > Affected versions: <1.38.0; >=2.0.0, <2.7.0

Changelog

*Sourced from [twig/twig's changelog](https://github.com/twigphp/Twig/blob/2.x/CHANGELOG).* > * 2.7.3 (2019-XX-XX) > > * n/a > > * 2.7.3 (2019-03-21) > > * fixed the spaceless filter so that it behaves like the spaceless tag > * fixed BC break on Environment::resolveTemplate() > * allowed Traversable objects to be used in the "with" tag > * allowed Traversable objects to be used in the "with" tag > * allowed Traversable objects to be used in the "with" argument of the "include" and "embed" tags > > * 2.7.2 (2019-03-12) > > * added TemplateWrapper::getTemplateName() > > * 2.7.1 (2019-03-12) > > * fixed class aliases > > * 2.7.0 (2019-03-12) > > * fixed sandbox security issue (under some circumstances, calling the > __toString() method on an object was possible even if not allowed by the > security policy) > * fixed batch filter clobbers array keys when fill parameter is used > * added preserveKeys support for the batch filter > * fixed "embed" support when used from "template_from_string" > * deprecated passing a Twig\Template to Twig\Environment::load()/Twig\Environment::resolveTemplate() > * added the possibility to pass a TemplateWrapper to Twig\Environment::load() > * marked Twig\Environment::getTemplateClass() as internal (implementation detail) > * improved the performance of the sandbox > * deprecated the spaceless tag > * added a spaceless filter > * added max value to the "random" function > * deprecated Twig\Extension\InitRuntimeInterface > * deprecated Twig\Loader\ExistsLoaderInterface > * deprecated PSR-0 classes in favor of namespaced ones > * made namespace classes the default classes (PSR-0 ones are aliases now) > * added Twig\Loader\ChainLoader::getLoaders() > * removed duplicated directory separator in FilesystemLoader > * deprecated the "base_template_class" option on Twig\Environment > * deprecated the Twig\Environment::getBaseTemplateClass() and > Twig\Environment::setBaseTemplateClass() methods > * changed internal code to use the namespaced classes as much as possible > * deprecated Twig_Parser::isReservedMacroName()

Commits

- [`52b9a5b`](https://github.com/twigphp/Twig/commit/52b9a5bd41c8c53a1d784f90ca25e33bf558a6b3) prepared the 2.7.3 release - [`f32fb00`](https://github.com/twigphp/Twig/commit/f32fb00c933cfd6863b71d81473c1b4ff1066869) Merge branch '1.x' into 2.x - [`deab8a7`](https://github.com/twigphp/Twig/commit/deab8a7745c1bcfb1ae4b846fbe6a39a36afcb4f) bumped version to 1.38.4-DEV - [`5df0ef0`](https://github.com/twigphp/Twig/commit/5df0ef0ca2d08a6f087384c7f31530fb84889f28) prepared the 1.38.3 release - [`072214b`](https://github.com/twigphp/Twig/commit/072214b6e31fe7847424f43de5e8c0727511b2ab) updated CHANGELOG - [`60687e8`](https://github.com/twigphp/Twig/commit/60687e80510d423311ffac5bf1fc19f0b0d93b50) Merge branch '1.x' into 2.x - [`01f3973`](https://github.com/twigphp/Twig/commit/01f39731dafedf3899b85976d87fe1a6b7f911bc) feature [#2909](https://github-redirect.dependabot.com/twigphp/Twig/issues/2909) Allow Traversable objects to be used in the with keyword of the... - [`068306f`](https://github.com/twigphp/Twig/commit/068306feb91b654ce90c0a1bd06e611e706762ef) Allow Traversable objects to be used in the with keyword of the include and e... - [`1ea78e2`](https://github.com/twigphp/Twig/commit/1ea78e2893e96fad0884ba1a6ad5ca6320f6a66c) Merge branch '1.x' into 2.x - [`6cd3a72`](https://github.com/twigphp/Twig/commit/6cd3a72f265080d48b7f5dcadbae9e763e78d304) fixed phpunit configuration - Additional commits viewable in [compare view](https://github.com/twigphp/Twig/compare/v2.6.2...v2.7.3)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.

[dependabot-preview[bot]]

Superseded by #39.