From 0fad24912422914681c7d2c22e55ff4dc8afbe43 Mon Sep 17 00:00:00 2001 From: Eric Espie Date: Mon, 26 Dec 2022 09:42:56 +0100 Subject: [PATCH] =?UTF-8?q?N=C2=B05564=20-=20:arrow=5Fup:=20twig=20bump?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- composer.lock | 12 +++--- lib/composer/InstalledVersions.php | 13 ------- lib/composer/installed.json | 14 +++---- lib/composer/installed.php | 10 ++--- lib/twig/twig/.gitattributes | 6 +-- .../twig/.github/workflows/documentation.yml | 39 ++++++++++--------- lib/twig/twig/.gitignore | 2 + lib/twig/twig/CHANGELOG | 4 ++ lib/twig/twig/src/Environment.php | 6 +-- lib/twig/twig/src/Loader/FilesystemLoader.php | 4 +- 10 files changed, 52 insertions(+), 58 deletions(-) diff --git a/composer.lock b/composer.lock index 31399cd97..74e34788d 100644 --- a/composer.lock +++ b/composer.lock @@ -4974,16 +4974,16 @@ }, { "name": "twig/twig", - "version": "v3.4.2", + "version": "v3.4.3", "source": { "type": "git", "url": "https://github.com/twigphp/Twig.git", - "reference": "e07cdd3d430cd7e453c31b36eb5ad6c0c5e43077" + "reference": "c38fd6b0b7f370c198db91ffd02e23b517426b58" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/twigphp/Twig/zipball/e07cdd3d430cd7e453c31b36eb5ad6c0c5e43077", - "reference": "e07cdd3d430cd7e453c31b36eb5ad6c0c5e43077", + "url": "https://api.github.com/repos/twigphp/Twig/zipball/c38fd6b0b7f370c198db91ffd02e23b517426b58", + "reference": "c38fd6b0b7f370c198db91ffd02e23b517426b58", "shasum": "" }, "require": { @@ -5034,7 +5034,7 @@ ], "support": { "issues": "https://github.com/twigphp/Twig/issues", - "source": "https://github.com/twigphp/Twig/tree/v3.4.2" + "source": "https://github.com/twigphp/Twig/tree/v3.4.3" }, "funding": [ { @@ -5046,7 +5046,7 @@ "type": "tidelift" } ], - "time": "2022-08-12T06:47:24+00:00" + "time": "2022-09-28T08:42:51+00:00" }, { "name": "webmozart/assert", diff --git a/lib/composer/InstalledVersions.php b/lib/composer/InstalledVersions.php index d50e0c9fc..7c5502ca4 100644 --- a/lib/composer/InstalledVersions.php +++ b/lib/composer/InstalledVersions.php @@ -24,21 +24,8 @@ use Composer\Semver\VersionParser; */ class InstalledVersions { - /** - * @var mixed[]|null - * @psalm-var array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array}|array{}|null - */ private static $installed; - - /** - * @var bool|null - */ private static $canGetVendors; - - /** - * @var array[] - * @psalm-var array}> - */ private static $installedByVendor = array(); /** diff --git a/lib/composer/installed.json b/lib/composer/installed.json index d7e143a1f..21ac16c4c 100644 --- a/lib/composer/installed.json +++ b/lib/composer/installed.json @@ -5311,17 +5311,17 @@ }, { "name": "twig/twig", - "version": "v3.4.2", - "version_normalized": "3.4.2.0", + "version": "v3.4.3", + "version_normalized": "3.4.3.0", "source": { "type": "git", "url": "https://github.com/twigphp/Twig.git", - "reference": "e07cdd3d430cd7e453c31b36eb5ad6c0c5e43077" + "reference": "c38fd6b0b7f370c198db91ffd02e23b517426b58" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/twigphp/Twig/zipball/e07cdd3d430cd7e453c31b36eb5ad6c0c5e43077", - "reference": "e07cdd3d430cd7e453c31b36eb5ad6c0c5e43077", + "url": "https://api.github.com/repos/twigphp/Twig/zipball/c38fd6b0b7f370c198db91ffd02e23b517426b58", + "reference": "c38fd6b0b7f370c198db91ffd02e23b517426b58", "shasum": "" }, "require": { @@ -5333,7 +5333,7 @@ "psr/container": "^1.0", "symfony/phpunit-bridge": "^4.4.9|^5.0.9|^6.0" }, - "time": "2022-08-12T06:47:24+00:00", + "time": "2022-09-28T08:42:51+00:00", "type": "library", "extra": { "branch-alias": { @@ -5374,7 +5374,7 @@ ], "support": { "issues": "https://github.com/twigphp/Twig/issues", - "source": "https://github.com/twigphp/Twig/tree/v3.4.2" + "source": "https://github.com/twigphp/Twig/tree/v3.4.3" }, "funding": [ { diff --git a/lib/composer/installed.php b/lib/composer/installed.php index 3b6d4406b..ea28b0295 100644 --- a/lib/composer/installed.php +++ b/lib/composer/installed.php @@ -5,7 +5,7 @@ 'type' => 'project', 'install_path' => __DIR__ . '/../../', 'aliases' => array(), - 'reference' => '64d9eef7c926f98aa1aabe61294397be308dd885', + 'reference' => '1cac1890774b4defa212a142f88348f2f8743f4c', 'name' => 'combodo/itop', 'dev' => true, ), @@ -25,7 +25,7 @@ 'type' => 'project', 'install_path' => __DIR__ . '/../../', 'aliases' => array(), - 'reference' => '64d9eef7c926f98aa1aabe61294397be308dd885', + 'reference' => '1cac1890774b4defa212a142f88348f2f8743f4c', 'dev_requirement' => false, ), 'combodo/tcpdf' => array( @@ -717,12 +717,12 @@ 'dev_requirement' => false, ), 'twig/twig' => array( - 'pretty_version' => 'v3.4.2', - 'version' => '3.4.2.0', + 'pretty_version' => 'v3.4.3', + 'version' => '3.4.3.0', 'type' => 'library', 'install_path' => __DIR__ . '/../twig/twig', 'aliases' => array(), - 'reference' => 'e07cdd3d430cd7e453c31b36eb5ad6c0c5e43077', + 'reference' => 'c38fd6b0b7f370c198db91ffd02e23b517426b58', 'dev_requirement' => false, ), 'webmozart/assert' => array( diff --git a/lib/twig/twig/.gitattributes b/lib/twig/twig/.gitattributes index 1ce832b52..06bc36713 100644 --- a/lib/twig/twig/.gitattributes +++ b/lib/twig/twig/.gitattributes @@ -1,4 +1,4 @@ -/doc/** export-ignore -/extra/** export-ignore -/tests export-ignore +/doc/ export-ignore +/extra/ export-ignore +/tests/ export-ignore /phpunit.xml.dist export-ignore diff --git a/lib/twig/twig/.github/workflows/documentation.yml b/lib/twig/twig/.github/workflows/documentation.yml index e6a2270f5..ee83b5887 100644 --- a/lib/twig/twig/.github/workflows/documentation.yml +++ b/lib/twig/twig/.github/workflows/documentation.yml @@ -4,6 +4,7 @@ on: pull_request: push: branches: + - '2.x' - '3.x' permissions: @@ -19,32 +20,32 @@ jobs: - name: "Checkout code" uses: actions/checkout@v2 - - name: "Set up Python 3.7" - uses: actions/setup-python@v1 + - name: "Set-up PHP" + uses: shivammathur/setup-php@v2 with: - python-version: '3.7' # Semantic version range syntax or exact version of a Python version + php-version: 8.1 + coverage: none + tools: "composer:v2" - - name: "Display Python version" - run: python -c "import sys; print(sys.version)" + - name: Get composer cache directory + id: composercache + working-directory: doc/_build + run: echo "::set-output name=dir::$(composer config cache-files-dir)" - - name: "Install Sphinx dependencies" - run: sudo apt-get install python-dev build-essential - - - name: "Cache pip" + - name: Cache dependencies uses: actions/cache@v2 with: - path: ~/.cache/pip - key: ${{ runner.os }}-pip-${{ hashFiles('_build/.requirements.txt') }} - restore-keys: | - ${{ runner.os }}-pip- + path: ${{ steps.composercache.outputs.dir }} + key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} + restore-keys: ${{ runner.os }}-composer- - - name: "Install Sphinx + requirements via pip" - working-directory: "doc" - run: pip install -r _build/.requirements.txt + - name: "Install dependencies" + working-directory: doc/_build + run: composer install --prefer-dist --no-progress - - name: "Build documentation" - working-directory: "doc" - run: make -C _build SPHINXOPTS="-nqW -j auto" html + - name: "Build the docs" + working-directory: doc/_build + run: php build.php --disable-cache doctor-rst: name: "DOCtor-RST" diff --git a/lib/twig/twig/.gitignore b/lib/twig/twig/.gitignore index cd52aeace..b197246ba 100644 --- a/lib/twig/twig/.gitignore +++ b/lib/twig/twig/.gitignore @@ -1,3 +1,5 @@ +/doc/_build/vendor +/doc/_build/output /composer.lock /phpunit.xml /vendor diff --git a/lib/twig/twig/CHANGELOG b/lib/twig/twig/CHANGELOG index 2ee8723d3..379387644 100644 --- a/lib/twig/twig/CHANGELOG +++ b/lib/twig/twig/CHANGELOG @@ -1,3 +1,7 @@ +# 3.4.3 (2022-09-28) + + * Fix a security issue on filesystem loader (possibility to load a template outside a configured directory) + # 3.4.2 (2022-08-12) * Allow inherited magic method to still run with calling class diff --git a/lib/twig/twig/src/Environment.php b/lib/twig/twig/src/Environment.php index 39c659b4f..85aaab916 100644 --- a/lib/twig/twig/src/Environment.php +++ b/lib/twig/twig/src/Environment.php @@ -38,11 +38,11 @@ use Twig\TokenParser\TokenParserInterface; */ class Environment { - public const VERSION = '3.4.2'; - public const VERSION_ID = 30402; + public const VERSION = '3.4.3'; + public const VERSION_ID = 30403; public const MAJOR_VERSION = 3; public const MINOR_VERSION = 4; - public const RELEASE_VERSION = 2; + public const RELEASE_VERSION = 3; public const EXTRA_VERSION = ''; private $charset; diff --git a/lib/twig/twig/src/Loader/FilesystemLoader.php b/lib/twig/twig/src/Loader/FilesystemLoader.php index 859a898c5..62267a11c 100644 --- a/lib/twig/twig/src/Loader/FilesystemLoader.php +++ b/lib/twig/twig/src/Loader/FilesystemLoader.php @@ -183,9 +183,9 @@ class FilesystemLoader implements LoaderInterface } try { - $this->validateName($name); - list($namespace, $shortname) = $this->parseName($name); + + $this->validateName($shortname); } catch (LoaderError $e) { if (!$throw) { return null;