Skip to content

Update dependency twig/twig to v3.14.2

Renovate Bot requested to merge renovate/twig-twig-3.x-lockfile into master

This MR contains the following updates:

Package Type Update Change
twig/twig (source) require patch 3.14.0 -> 3.14.2

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

twigphp/Twig (twig/twig)

v3.14.2

Compare Source

  • Fix an infinite recursion in the sandbox code

v3.14.1

Compare Source

  • [BC BREAK] Fix a security issue in the sandbox mode allowing an attacker to call attributes on Array-like objects They are now checked via the property policy
  • Fix a security issue in the sandbox mode allowing an attacker to be able to call toString() under some circumstances on an object even if the __toString() method is not allowed by the security policy

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited by Renovate Bot

Merge request reports