diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml deleted file mode 100644 index d21bea1..0000000 --- a/.github/workflows/build.yaml +++ /dev/null @@ -1,79 +0,0 @@ -name: Release Builds - -on: - release: - types: [published] - -permissions: {} - -jobs: - build: - permissions: - contents: write # for release creation (svenstaro/upload-release-action) - - if: "!github.event.release.prerelease" - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: Extract Tag - run: echo "PACKAGE_VERSION=${{ github.ref }}" >> $GITHUB_ENV - - - name: Setup PHP - uses: shivammathur/setup-php@v2 - with: - php-version: 7.3 - extensions: opcache, gd - tools: composer:v2 - coverage: none - env: - COMPOSER_TOKEN: ${{ secrets.GLOBAL_TOKEN }} - - - name: Install Dependencies - run: | - sudo apt-get -y update -qq < /dev/null > /dev/null - sudo apt-get -y install -qq git zip < /dev/null > /dev/null - - - name: Retrieval of Builder Scripts - run: | - # Real Grav URL - curl --silent -H "Authorization: token ${{ secrets.GLOBAL_TOKEN }}" -H "Accept: application/vnd.github.v3.raw" ${{ secrets.BUILD_SCRIPT_URL }} --output build-grav.sh - - # Development Local URL - # curl ${{ secrets.BUILD_SCRIPT_URL }} --output build-grav.sh - - - name: Grav Builder - run: | - bash ./build-grav.sh - - - name: Upload packages to release - uses: svenstaro/upload-release-action@v2 - with: - repo_token: ${{ secrets.GITHUB_TOKEN }} - tag: ${{ env.PACKAGE_VERSION }} - file: ./grav-dist/*.zip - overwrite: true - file_glob: true - - slack: - permissions: - actions: read # to list jobs for workflow run (technote-space/workflow-conclusion-action) - - name: Slack - needs: build - runs-on: ubuntu-latest - if: always() - steps: - - uses: technote-space/workflow-conclusion-action@v2 - - uses: 8398a7/action-slack@v3 - with: - status: failure - fields: repo,message,author,action - icon_emoji: ':octocat:' - author_name: 'Github Action Build' - text: '🚚 Automated Build Failure' - env: - GITHUB_TOKEN: ${{ secrets.GLOBAL_TOKEN }} - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - if: env.WORKFLOW_CONCLUSION == 'failure' diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml deleted file mode 100644 index 57101de..0000000 --- a/.github/workflows/tests.yaml +++ /dev/null @@ -1,76 +0,0 @@ -name: PHP Tests - -on: - push: - branches: [ develop ] - pull_request: - branches: [ develop ] - -permissions: - contents: read # to fetch code (actions/checkout) - -jobs: - - unit-tests: - - runs-on: ${{ matrix.os }} - - strategy: - matrix: - php: [8.3, 8.2, 8.1, 8.0, 7.4, 7.3] - os: [ubuntu-latest] - - steps: - - uses: actions/checkout@v2 - - - name: Setup PHP - uses: shivammathur/setup-php@v2 - with: - php-version: ${{ matrix.php }} - extensions: opcache, gd - tools: composer:v2 - coverage: none - env: - COMPOSER_TOKEN: ${{ secrets.GITHUB_TOKEN }} - -# - name: Update composer -# run: composer update -# -# - name: Validate composer.json and composer.lock -# run: composer validate - - - name: Get composer cache directory - id: composer-cache - run: echo "::set-output name=dir::$(composer config cache-files-dir)" - - - name: Cache dependencies - uses: actions/cache@v2 - with: - path: ${{ steps.composer-cache.outputs.dir }} - key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} - restore-keys: ${{ runner.os }}-composer- - - - name: Install dependencies - run: composer install --prefer-dist --no-progress - - - name: Run test suite - run: vendor/bin/codecept run - -# slack: -# name: Slack -# needs: unit-tests -# runs-on: ubuntu-latest -# if: always() -# steps: -# - uses: technote-space/workflow-conclusion-action@v2 -# - uses: 8398a7/action-slack@v3 -# with: -# status: failure -# fields: repo,message,author,action -# icon_emoji: ':octocat:' -# author_name: 'Github Action Tests' -# text: '💥 Automated Test Failure' -# env: -# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} -# SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} -# if: env.WORKFLOW_CONCLUSION == 'failure' diff --git a/.github/workflows/trigger-skeletons.yml b/.github/workflows/trigger-skeletons.yml deleted file mode 100644 index b42b963..0000000 --- a/.github/workflows/trigger-skeletons.yml +++ /dev/null @@ -1,48 +0,0 @@ -name: Trigger Skeletons Build - -on: - workflow_dispatch: - inputs: - version: - description: 'Which Grav release to use' - required: true - default: 'latest' - admin: - description: 'Create also a package with Admin' - required: true - default: true - -permissions: - contents: read # to fetch code (actions/checkout) - -jobs: - build: - runs-on: ubuntu-latest - env: - WORKFLOW: "build-skeleton.yml" - AUTH: ":${{secrets.GLOBAL_TOKEN}}" - steps: - - uses: actions/checkout@v2 - - name: Make it rain ☔️ - run: | - SKELETONS=`curl -s "${{secrets.SKELETONS_JSON_LIST}}"` - echo "$SKELETONS" | jq -cr '.[]' | while read SKELETON; do - KEY=$(echo "$SKELETON" | jq -cr 'keys[0]') - VERSION=$(echo "$SKELETON" | jq -cr '.[]') - URL="https://api.github.com/repos/${KEY}/actions/workflows/${WORKFLOW}/dispatches" - - curl -X POST \ - -u "${AUTH}" \ - -H "Accept: application/vnd.github.everest-preview+json" \ - -H "Content-Type: application/json" \ - -sS \ - ${URL} \ - --data '{ "ref": "develop", - "inputs": { - "tag": "'"$VERSION"'", - "version": "'"$INPUT_VERSION"'", - "admin": "'"$INPUT_ADMIN"'" - } - }' > /dev/null - echo "Dispatched Worfklow for ${KEY}@$VERSION" - done diff --git a/CHANGELOG.md b/CHANGELOG.md index 4994d6a..2989e72 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,29 @@ +# v1.7.46 +## 05/15/2024 + +1. [](#improved) + * Better handling of external protocols in `Utils::url()` such as `mailto:`, `tel:`, etc. + * Handle `GRAV_ROOT` or `GRAV_WEBROOT` when `/` [#3667](https://github.com/getgrav/grav/pull/3667) +1. [](#bugfix) + * Fixes for multi-lang taxonomy when reinitializing the languages (e.g. LangSwitcher plugin) + * Ensure the full filepath is checked for invalid filename in `MediaUploadTrait::checkFileMetadata()` + * Fixed a bug in the `on_events` REGEX pattern of `Security::detectXss()` as it was not matching correctly. + * Fixed an issue where `read_file()` Twig function could be used nefariously in content [#GHSA-f8v5-jmfh-pr69](https://github.com/getgrav/grav/security/advisories/GHSA-f8v5-jmfh-pr69) + +# v1.7.45 +## 03/18/2024 + +1. [](#new) + * Added new Image trait for `decoding` attribute [#3796](https://github.com/getgrav/grav/pull/3796) +1. [](#bugfix) + * Fixed some multibyte issues in Inflector class [#732](https://github.com/getgrav/grav/issues/732) + * Fallback to page modified date if Page date provided is invalid and can't be parsed [getgrav/grav-plugin-admin#2394](https://github.com/getgrav/grav-plugin-admin/issues/2394) + * Fixed a path traversal vulnerability with file uploads [#GHSA-m7hx-hw6h-mqmc](https://github.com/getgrav/grav/security/advisories/GHSA-m7hx-hw6h-mqmc) + * Fixed a security issue with insecure Twig functions be processed [#GHSA-2m7x-c7px-hp58](https://github.com/getgrav/grav/security/advisories/GHSA-2m7x-c7px-hp58) [#GHSA-r6vw-8v8r-pmp4](https://github.com/getgrav/grav/security/advisories/GHSA-r6vw-8v8r-pmp4) [#GHSA-qfv4-q44r-g7rv](https://github.com/getgrav/grav/security/advisories/GHSA-qfv4-q44r-g7rv) [#GHSA-c9gp-64c4-2rrh](https://github.com/getgrav/grav/security/advisories/GHSA-c9gp-64c4-2rrh) +1. [](#improved) + * Updated composer packages + * Updated `bin/composer.phar` to latest `2.7.2` + # v1.7.44 ## 01/05/2024 @@ -103,6 +129,7 @@ 1. [](#improved) * Removed outdated `xcache` setting [#3615](https://github.com/getgrav/grav/pull/3615) * Updated `robots.txt` [#3625](https://github.com/getgrav/grav/pull/3625) + * Handle the situation when GRAV_ROOT or GRAV_WEBROOT are `/` [#3625](https://github.com/getgrav/grav/pull/3667) 1. [](#bugfix) * Fixed `force_ssl` redirect in case of undefined hostname [#3702](https://github.com/getgrav/grav/pull/3702) * Fixed an issue with duplicate identical page paths diff --git a/SECURITY.md b/SECURITY.md index ffe8f79..e8d4a16 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -7,22 +7,31 @@ We are focusing our security updates on the following versions | Version | Supported | | ------- | ------------------ | | 1.7.x | :white_check_mark: | -| 1.6.x | :warning: | +| 1.6.x | :x: | | < 1.6 | :x: | +## :pushpin: Note on Security Severity + +> NOTE: Please use the following guidlines when selecting a **Severity**. Submitted advisories that are marked **High** or **Critical** that don't meet the guidelines below will be cliosed. + +* **CRITICAL** - no account required, can modify content, or run malicious code or nefarious activity without any access. +* **HIGH** - publisher level account able to run malicious code or nefarious activity, or other high level security things. +* **MODERATE** - admin level account able to run malicious code or do nefarious things. other moderate security things. +* **LOW** - super admin level account able to run malicious code or do nefarious things. other minor security things. + ## :warning: Versions Versions with :warning: will be supported for security issues, however you won't be able to update to them, you will need to manually update through the [`direct-install` command](https://learn.getgrav.org/17/admin-panel/tools). If you cannot update to the latest stable version available because, for example, your server does not meet the minimum PHP requirements, you can manually install a previous version by downloading the package from our Releases directory (https://github.com/getgrav/grav/releases). -## Reporting a Vulnerability +## :pencil: Reporting a Vulnerability Please contact security@getgrav.org with a detailed explanation of the security issue found. If it appears to be a legitimate issues, please submit an **advisory via GitHub Security**: https://github.com/getgrav/grav/security/advisories ->> NOTE: Please do not use 3rd party security issue reporting services, we like to keep everything in the GitHub ecosystem for easier manageability. +> NOTE: Please do not use 3rd party security issue reporting services, we like to keep everything in the GitHub ecosystem for easier manageability. -## Bug Bounties +## :bug: Bug Bounties We do greatly appreciate your efforts to improve Grav, but unfortunately because we are a small open source project, we **do not have the resources to offer bounties** for security issues found. diff --git a/bin/composer.phar b/bin/composer.phar index 4723b1b..e6ba7bb 100755 Binary files a/bin/composer.phar and b/bin/composer.phar differ diff --git a/composer.lock b/composer.lock index ec1a3d8..71bc0a8 100644 --- a/composer.lock +++ b/composer.lock @@ -8,28 +8,28 @@ "packages": [ { "name": "composer/ca-bundle", - "version": "1.4.0", + "version": "1.5.0", "source": { "type": "git", "url": "https://github.com/composer/ca-bundle.git", - "reference": "b66d11b7479109ab547f9405b97205640b17d385" + "reference": "0c5ccfcfea312b5c5a190a21ac5cef93f74baf99" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/composer/ca-bundle/zipball/b66d11b7479109ab547f9405b97205640b17d385", - "reference": "b66d11b7479109ab547f9405b97205640b17d385", + "url": "https://api.github.com/repos/composer/ca-bundle/zipball/0c5ccfcfea312b5c5a190a21ac5cef93f74baf99", + "reference": "0c5ccfcfea312b5c5a190a21ac5cef93f74baf99", "shasum": "" }, "require": { "ext-openssl": "*", "ext-pcre": "*", - "php": "^5.3.2 || ^7.0 || ^8.0" + "php": "^7.2 || ^8.0" }, "require-dev": { - "phpstan/phpstan": "^0.12.55", + "phpstan/phpstan": "^1.10", "psr/log": "^1.0", "symfony/phpunit-bridge": "^4.2 || ^5", - "symfony/process": "^2.5 || ^3.0 || ^4.0 || ^5.0 || ^6.0 || ^7.0" + "symfony/process": "^4.0 || ^5.0 || ^6.0 || ^7.0" }, "type": "library", "extra": { @@ -64,7 +64,7 @@ "support": { "irc": "irc://irc.freenode.org/composer", "issues": "https://github.com/composer/ca-bundle/issues", - "source": "https://github.com/composer/ca-bundle/tree/1.4.0" + "source": "https://github.com/composer/ca-bundle/tree/1.5.0" }, "funding": [ { @@ -80,7 +80,7 @@ "type": "tidelift" } ], - "time": "2023-12-18T12:05:55+00:00" + "time": "2024-03-15T14:00:32+00:00" }, { "name": "composer/semver", @@ -333,16 +333,16 @@ }, { "name": "doctrine/deprecations", - "version": "1.1.2", + "version": "1.1.3", "source": { "type": "git", "url": "https://github.com/doctrine/deprecations.git", - "reference": "4f2d4f2836e7ec4e7a8625e75c6aa916004db931" + "reference": "dfbaa3c2d2e9a9df1118213f3b8b0c597bb99fab" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/doctrine/deprecations/zipball/4f2d4f2836e7ec4e7a8625e75c6aa916004db931", - "reference": "4f2d4f2836e7ec4e7a8625e75c6aa916004db931", + "url": "https://api.github.com/repos/doctrine/deprecations/zipball/dfbaa3c2d2e9a9df1118213f3b8b0c597bb99fab", + "reference": "dfbaa3c2d2e9a9df1118213f3b8b0c597bb99fab", "shasum": "" }, "require": { @@ -374,9 +374,9 @@ "homepage": "https://www.doctrine-project.org/", "support": { "issues": "https://github.com/doctrine/deprecations/issues", - "source": "https://github.com/doctrine/deprecations/tree/1.1.2" + "source": "https://github.com/doctrine/deprecations/tree/1.1.3" }, - "time": "2023-09-27T20:04:15+00:00" + "time": "2024-01-30T19:34:25+00:00" }, { "name": "donatj/phpuseragentparser", @@ -889,22 +889,29 @@ }, { "name": "itsgoingd/clockwork", - "version": "v5.1.12", + "version": "v5.2.0", "source": { "type": "git", "url": "https://github.com/itsgoingd/clockwork.git", - "reference": "c9dbdbb1f0efd19bb80f1080ef63f1b9b1bc3b1b" + "reference": "df52c7c4d8d60443ea1d14bcf9b182d4eaaeec26" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/itsgoingd/clockwork/zipball/c9dbdbb1f0efd19bb80f1080ef63f1b9b1bc3b1b", - "reference": "c9dbdbb1f0efd19bb80f1080ef63f1b9b1bc3b1b", + "url": "https://api.github.com/repos/itsgoingd/clockwork/zipball/df52c7c4d8d60443ea1d14bcf9b182d4eaaeec26", + "reference": "df52c7c4d8d60443ea1d14bcf9b182d4eaaeec26", "shasum": "" }, "require": { "ext-json": "*", "php": ">=5.6" }, + "suggest": { + "ext-pdo": "Needed in order to use a SQL database for metadata storage", + "ext-pdo_mysql": "Needed in order to use MySQL for metadata storage", + "ext-pdo_postgres": "Needed in order to use Postgres for metadata storage", + "ext-pdo_sqlite": "Needed in order to use a SQLite for metadata storage", + "ext-redis": "Needed in order to use Redis for metadata storage" + }, "type": "library", "extra": { "laravel": { @@ -945,7 +952,7 @@ ], "support": { "issues": "https://github.com/itsgoingd/clockwork/issues", - "source": "https://github.com/itsgoingd/clockwork/tree/v5.1.12" + "source": "https://github.com/itsgoingd/clockwork/tree/v5.2.0" }, "funding": [ { @@ -953,7 +960,7 @@ "type": "github" } ], - "time": "2022-12-13T00:04:12+00:00" + "time": "2024-02-20T22:36:44+00:00" }, { "name": "league/climate", @@ -1022,16 +1029,16 @@ }, { "name": "matthiasmullie/minify", - "version": "1.3.71", + "version": "1.3.73", "source": { "type": "git", "url": "https://github.com/matthiasmullie/minify.git", - "reference": "ae42a47d7fecc1fbb7277b2f2d84c37a33edc3b1" + "reference": "cb7a9297b4ab070909cefade30ee95054d4ae87a" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/matthiasmullie/minify/zipball/ae42a47d7fecc1fbb7277b2f2d84c37a33edc3b1", - "reference": "ae42a47d7fecc1fbb7277b2f2d84c37a33edc3b1", + "url": "https://api.github.com/repos/matthiasmullie/minify/zipball/cb7a9297b4ab070909cefade30ee95054d4ae87a", + "reference": "cb7a9297b4ab070909cefade30ee95054d4ae87a", "shasum": "" }, "require": { @@ -1081,7 +1088,7 @@ ], "support": { "issues": "https://github.com/matthiasmullie/minify/issues", - "source": "https://github.com/matthiasmullie/minify/tree/1.3.71" + "source": "https://github.com/matthiasmullie/minify/tree/1.3.73" }, "funding": [ { @@ -1089,7 +1096,7 @@ "type": "github" } ], - "time": "2023-04-25T20:33:03+00:00" + "time": "2024-03-15T10:27:10+00:00" }, { "name": "matthiasmullie/path-converter", @@ -1146,22 +1153,22 @@ }, { "name": "maximebf/debugbar", - "version": "v1.19.1", + "version": "v1.21.3", "source": { "type": "git", "url": "https://github.com/maximebf/php-debugbar.git", - "reference": "03dd40a1826f4d585ef93ef83afa2a9874a00523" + "reference": "0b407703b08ea0cf6ebc61e267cc96ff7000911b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/maximebf/php-debugbar/zipball/03dd40a1826f4d585ef93ef83afa2a9874a00523", - "reference": "03dd40a1826f4d585ef93ef83afa2a9874a00523", + "url": "https://api.github.com/repos/maximebf/php-debugbar/zipball/0b407703b08ea0cf6ebc61e267cc96ff7000911b", + "reference": "0b407703b08ea0cf6ebc61e267cc96ff7000911b", "shasum": "" }, "require": { "php": "^7.1|^8", "psr/log": "^1|^2|^3", - "symfony/var-dumper": "^4|^5|^6" + "symfony/var-dumper": "^4|^5|^6|^7" }, "require-dev": { "phpunit/phpunit": ">=7.5.20 <10.0", @@ -1175,7 +1182,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "1.18-dev" + "dev-master": "1.21-dev" } }, "autoload": { @@ -1206,9 +1213,9 @@ ], "support": { "issues": "https://github.com/maximebf/php-debugbar/issues", - "source": "https://github.com/maximebf/php-debugbar/tree/v1.19.1" + "source": "https://github.com/maximebf/php-debugbar/tree/v1.21.3" }, - "time": "2023-10-12T08:10:52+00:00" + "time": "2024-03-12T14:23:07+00:00" }, { "name": "miljar/php-exif", @@ -2569,16 +2576,16 @@ }, { "name": "symfony/polyfill-ctype", - "version": "v1.28.0", + "version": "v1.29.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-ctype.git", - "reference": "ea208ce43cbb04af6867b4fdddb1bdbf84cc28cb" + "reference": "ef4d7e442ca910c4764bce785146269b30cb5fc4" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/ea208ce43cbb04af6867b4fdddb1bdbf84cc28cb", - "reference": "ea208ce43cbb04af6867b4fdddb1bdbf84cc28cb", + "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/ef4d7e442ca910c4764bce785146269b30cb5fc4", + "reference": "ef4d7e442ca910c4764bce785146269b30cb5fc4", "shasum": "" }, "require": { @@ -2592,9 +2599,6 @@ }, "type": "library", "extra": { - "branch-alias": { - "dev-main": "1.28-dev" - }, "thanks": { "name": "symfony/polyfill", "url": "https://github.com/symfony/polyfill" @@ -2631,7 +2635,7 @@ "portable" ], "support": { - "source": "https://github.com/symfony/polyfill-ctype/tree/v1.28.0" + "source": "https://github.com/symfony/polyfill-ctype/tree/v1.29.0" }, "funding": [ { @@ -2647,20 +2651,20 @@ "type": "tidelift" } ], - "time": "2023-01-26T09:26:14+00:00" + "time": "2024-01-29T20:11:03+00:00" }, { "name": "symfony/polyfill-iconv", - "version": "v1.28.0", + "version": "v1.29.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-iconv.git", - "reference": "6de50471469b8c9afc38164452ab2b6170ee71c1" + "reference": "cd4226d140ecd3d0f13d32ed0a4a095ffe871d2f" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-iconv/zipball/6de50471469b8c9afc38164452ab2b6170ee71c1", - "reference": "6de50471469b8c9afc38164452ab2b6170ee71c1", + "url": "https://api.github.com/repos/symfony/polyfill-iconv/zipball/cd4226d140ecd3d0f13d32ed0a4a095ffe871d2f", + "reference": "cd4226d140ecd3d0f13d32ed0a4a095ffe871d2f", "shasum": "" }, "require": { @@ -2674,9 +2678,6 @@ }, "type": "library", "extra": { - "branch-alias": { - "dev-main": "1.28-dev" - }, "thanks": { "name": "symfony/polyfill", "url": "https://github.com/symfony/polyfill" @@ -2714,7 +2715,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-iconv/tree/v1.28.0" + "source": "https://github.com/symfony/polyfill-iconv/tree/v1.29.0" }, "funding": [ { @@ -2730,20 +2731,20 @@ "type": "tidelift" } ], - "time": "2023-01-26T09:26:14+00:00" + "time": "2024-01-29T20:11:03+00:00" }, { "name": "symfony/polyfill-mbstring", - "version": "v1.28.0", + "version": "v1.29.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-mbstring.git", - "reference": "42292d99c55abe617799667f454222c54c60e229" + "reference": "9773676c8a1bb1f8d4340a62efe641cf76eda7ec" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/42292d99c55abe617799667f454222c54c60e229", - "reference": "42292d99c55abe617799667f454222c54c60e229", + "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/9773676c8a1bb1f8d4340a62efe641cf76eda7ec", + "reference": "9773676c8a1bb1f8d4340a62efe641cf76eda7ec", "shasum": "" }, "require": { @@ -2757,9 +2758,6 @@ }, "type": "library", "extra": { - "branch-alias": { - "dev-main": "1.28-dev" - }, "thanks": { "name": "symfony/polyfill", "url": "https://github.com/symfony/polyfill" @@ -2797,7 +2795,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.28.0" + "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.29.0" }, "funding": [ { @@ -2813,20 +2811,20 @@ "type": "tidelift" } ], - "time": "2023-07-28T09:04:16+00:00" + "time": "2024-01-29T20:11:03+00:00" }, { "name": "symfony/polyfill-php74", - "version": "v1.28.0", + "version": "v1.29.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-php74.git", - "reference": "8b755b41a155c89f1af29cc33305538499fa05ea" + "reference": "da301202eb63b838aed1e62134e2302f826ca600" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php74/zipball/8b755b41a155c89f1af29cc33305538499fa05ea", - "reference": "8b755b41a155c89f1af29cc33305538499fa05ea", + "url": "https://api.github.com/repos/symfony/polyfill-php74/zipball/da301202eb63b838aed1e62134e2302f826ca600", + "reference": "da301202eb63b838aed1e62134e2302f826ca600", "shasum": "" }, "require": { @@ -2834,9 +2832,6 @@ }, "type": "library", "extra": { - "branch-alias": { - "dev-main": "1.28-dev" - }, "thanks": { "name": "symfony/polyfill", "url": "https://github.com/symfony/polyfill" @@ -2877,7 +2872,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-php74/tree/v1.28.0" + "source": "https://github.com/symfony/polyfill-php74/tree/v1.29.0" }, "funding": [ { @@ -2893,20 +2888,20 @@ "type": "tidelift" } ], - "time": "2023-01-26T09:26:14+00:00" + "time": "2024-01-29T20:11:03+00:00" }, { "name": "symfony/polyfill-php80", - "version": "v1.28.0", + "version": "v1.29.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-php80.git", - "reference": "6caa57379c4aec19c0a12a38b59b26487dcfe4b5" + "reference": "87b68208d5c1188808dd7839ee1e6c8ec3b02f1b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/6caa57379c4aec19c0a12a38b59b26487dcfe4b5", - "reference": "6caa57379c4aec19c0a12a38b59b26487dcfe4b5", + "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/87b68208d5c1188808dd7839ee1e6c8ec3b02f1b", + "reference": "87b68208d5c1188808dd7839ee1e6c8ec3b02f1b", "shasum": "" }, "require": { @@ -2914,9 +2909,6 @@ }, "type": "library", "extra": { - "branch-alias": { - "dev-main": "1.28-dev" - }, "thanks": { "name": "symfony/polyfill", "url": "https://github.com/symfony/polyfill" @@ -2960,7 +2952,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-php80/tree/v1.28.0" + "source": "https://github.com/symfony/polyfill-php80/tree/v1.29.0" }, "funding": [ { @@ -2976,20 +2968,20 @@ "type": "tidelift" } ], - "time": "2023-01-26T09:26:14+00:00" + "time": "2024-01-29T20:11:03+00:00" }, { "name": "symfony/polyfill-php81", - "version": "v1.28.0", + "version": "v1.29.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-php81.git", - "reference": "7581cd600fa9fd681b797d00b02f068e2f13263b" + "reference": "c565ad1e63f30e7477fc40738343c62b40bc672d" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/7581cd600fa9fd681b797d00b02f068e2f13263b", - "reference": "7581cd600fa9fd681b797d00b02f068e2f13263b", + "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/c565ad1e63f30e7477fc40738343c62b40bc672d", + "reference": "c565ad1e63f30e7477fc40738343c62b40bc672d", "shasum": "" }, "require": { @@ -2997,9 +2989,6 @@ }, "type": "library", "extra": { - "branch-alias": { - "dev-main": "1.28-dev" - }, "thanks": { "name": "symfony/polyfill", "url": "https://github.com/symfony/polyfill" @@ -3039,7 +3028,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-php81/tree/v1.28.0" + "source": "https://github.com/symfony/polyfill-php81/tree/v1.29.0" }, "funding": [ { @@ -3055,7 +3044,7 @@ "type": "tidelift" } ], - "time": "2023-01-26T09:26:14+00:00" + "time": "2024-01-29T20:11:03+00:00" }, { "name": "symfony/process", @@ -4282,21 +4271,21 @@ }, { "name": "nikic/php-parser", - "version": "v4.18.0", + "version": "v4.19.1", "source": { "type": "git", "url": "https://github.com/nikic/PHP-Parser.git", - "reference": "1bcbb2179f97633e98bbbc87044ee2611c7d7999" + "reference": "4e1b88d21c69391150ace211e9eaf05810858d0b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/1bcbb2179f97633e98bbbc87044ee2611c7d7999", - "reference": "1bcbb2179f97633e98bbbc87044ee2611c7d7999", + "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/4e1b88d21c69391150ace211e9eaf05810858d0b", + "reference": "4e1b88d21c69391150ace211e9eaf05810858d0b", "shasum": "" }, "require": { "ext-tokenizer": "*", - "php": ">=7.0" + "php": ">=7.1" }, "require-dev": { "ircmaxell/php-yacc": "^0.0.7", @@ -4332,26 +4321,27 @@ ], "support": { "issues": "https://github.com/nikic/PHP-Parser/issues", - "source": "https://github.com/nikic/PHP-Parser/tree/v4.18.0" + "source": "https://github.com/nikic/PHP-Parser/tree/v4.19.1" }, - "time": "2023-12-10T21:03:43+00:00" + "time": "2024-03-17T08:10:35+00:00" }, { "name": "phar-io/manifest", - "version": "2.0.3", + "version": "2.0.4", "source": { "type": "git", "url": "https://github.com/phar-io/manifest.git", - "reference": "97803eca37d319dfa7826cc2437fc020857acb53" + "reference": "54750ef60c58e43759730615a392c31c80e23176" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phar-io/manifest/zipball/97803eca37d319dfa7826cc2437fc020857acb53", - "reference": "97803eca37d319dfa7826cc2437fc020857acb53", + "url": "https://api.github.com/repos/phar-io/manifest/zipball/54750ef60c58e43759730615a392c31c80e23176", + "reference": "54750ef60c58e43759730615a392c31c80e23176", "shasum": "" }, "require": { "ext-dom": "*", + "ext-libxml": "*", "ext-phar": "*", "ext-xmlwriter": "*", "phar-io/version": "^3.0.1", @@ -4392,9 +4382,15 @@ "description": "Component for reading phar.io manifest information from a PHP Archive (PHAR)", "support": { "issues": "https://github.com/phar-io/manifest/issues", - "source": "https://github.com/phar-io/manifest/tree/2.0.3" + "source": "https://github.com/phar-io/manifest/tree/2.0.4" }, - "time": "2021-07-20T11:28:43+00:00" + "funding": [ + { + "url": "https://github.com/theseer", + "type": "github" + } + ], + "time": "2024-03-03T12:33:53+00:00" }, { "name": "phar-io/version", @@ -4449,16 +4445,16 @@ }, { "name": "phpstan/phpstan", - "version": "1.10.52", + "version": "1.10.63", "source": { "type": "git", "url": "https://github.com/phpstan/phpstan.git", - "reference": "0cd0c330081d4f1e1d630701fe4f342c3b659685" + "reference": "ad12836d9ca227301f5fb9960979574ed8628339" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpstan/phpstan/zipball/0cd0c330081d4f1e1d630701fe4f342c3b659685", - "reference": "0cd0c330081d4f1e1d630701fe4f342c3b659685", + "url": "https://api.github.com/repos/phpstan/phpstan/zipball/ad12836d9ca227301f5fb9960979574ed8628339", + "reference": "ad12836d9ca227301f5fb9960979574ed8628339", "shasum": "" }, "require": { @@ -4507,7 +4503,7 @@ "type": "tidelift" } ], - "time": "2024-01-05T09:51:32+00:00" + "time": "2024-03-18T16:53:53+00:00" }, { "name": "phpstan/phpstan-deprecation-rules", @@ -4559,16 +4555,16 @@ }, { "name": "phpunit/php-code-coverage", - "version": "9.2.30", + "version": "9.2.31", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/php-code-coverage.git", - "reference": "ca2bd87d2f9215904682a9cb9bb37dda98e76089" + "reference": "48c34b5d8d983006bd2adc2d0de92963b9155965" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/ca2bd87d2f9215904682a9cb9bb37dda98e76089", - "reference": "ca2bd87d2f9215904682a9cb9bb37dda98e76089", + "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/48c34b5d8d983006bd2adc2d0de92963b9155965", + "reference": "48c34b5d8d983006bd2adc2d0de92963b9155965", "shasum": "" }, "require": { @@ -4625,7 +4621,7 @@ "support": { "issues": "https://github.com/sebastianbergmann/php-code-coverage/issues", "security": "https://github.com/sebastianbergmann/php-code-coverage/security/policy", - "source": "https://github.com/sebastianbergmann/php-code-coverage/tree/9.2.30" + "source": "https://github.com/sebastianbergmann/php-code-coverage/tree/9.2.31" }, "funding": [ { @@ -4633,7 +4629,7 @@ "type": "github" } ], - "time": "2023-12-22T06:47:57+00:00" + "time": "2024-03-02T06:37:42+00:00" }, { "name": "phpunit/php-file-iterator", @@ -4878,16 +4874,16 @@ }, { "name": "phpunit/phpunit", - "version": "9.6.15", + "version": "9.6.17", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/phpunit.git", - "reference": "05017b80304e0eb3f31d90194a563fd53a6021f1" + "reference": "1a156980d78a6666721b7e8e8502fe210b587fcd" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/05017b80304e0eb3f31d90194a563fd53a6021f1", - "reference": "05017b80304e0eb3f31d90194a563fd53a6021f1", + "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/1a156980d78a6666721b7e8e8502fe210b587fcd", + "reference": "1a156980d78a6666721b7e8e8502fe210b587fcd", "shasum": "" }, "require": { @@ -4961,7 +4957,7 @@ "support": { "issues": "https://github.com/sebastianbergmann/phpunit/issues", "security": "https://github.com/sebastianbergmann/phpunit/security/policy", - "source": "https://github.com/sebastianbergmann/phpunit/tree/9.6.15" + "source": "https://github.com/sebastianbergmann/phpunit/tree/9.6.17" }, "funding": [ { @@ -4977,7 +4973,7 @@ "type": "tidelift" } ], - "time": "2023-12-01T16:55:19+00:00" + "time": "2024-02-23T13:14:51+00:00" }, { "name": "psr/http-client", @@ -5033,16 +5029,16 @@ }, { "name": "sebastian/cli-parser", - "version": "1.0.1", + "version": "1.0.2", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/cli-parser.git", - "reference": "442e7c7e687e42adc03470c7b668bc4b2402c0b2" + "reference": "2b56bea83a09de3ac06bb18b92f068e60cc6f50b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/cli-parser/zipball/442e7c7e687e42adc03470c7b668bc4b2402c0b2", - "reference": "442e7c7e687e42adc03470c7b668bc4b2402c0b2", + "url": "https://api.github.com/repos/sebastianbergmann/cli-parser/zipball/2b56bea83a09de3ac06bb18b92f068e60cc6f50b", + "reference": "2b56bea83a09de3ac06bb18b92f068e60cc6f50b", "shasum": "" }, "require": { @@ -5077,7 +5073,7 @@ "homepage": "https://github.com/sebastianbergmann/cli-parser", "support": { "issues": "https://github.com/sebastianbergmann/cli-parser/issues", - "source": "https://github.com/sebastianbergmann/cli-parser/tree/1.0.1" + "source": "https://github.com/sebastianbergmann/cli-parser/tree/1.0.2" }, "funding": [ { @@ -5085,7 +5081,7 @@ "type": "github" } ], - "time": "2020-09-28T06:08:49+00:00" + "time": "2024-03-02T06:27:43+00:00" }, { "name": "sebastian/code-unit", @@ -5331,16 +5327,16 @@ }, { "name": "sebastian/diff", - "version": "4.0.5", + "version": "4.0.6", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/diff.git", - "reference": "74be17022044ebaaecfdf0c5cd504fc9cd5a7131" + "reference": "ba01945089c3a293b01ba9badc29ad55b106b0bc" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/74be17022044ebaaecfdf0c5cd504fc9cd5a7131", - "reference": "74be17022044ebaaecfdf0c5cd504fc9cd5a7131", + "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/ba01945089c3a293b01ba9badc29ad55b106b0bc", + "reference": "ba01945089c3a293b01ba9badc29ad55b106b0bc", "shasum": "" }, "require": { @@ -5385,7 +5381,7 @@ ], "support": { "issues": "https://github.com/sebastianbergmann/diff/issues", - "source": "https://github.com/sebastianbergmann/diff/tree/4.0.5" + "source": "https://github.com/sebastianbergmann/diff/tree/4.0.6" }, "funding": [ { @@ -5393,7 +5389,7 @@ "type": "github" } ], - "time": "2023-05-07T05:35:17+00:00" + "time": "2024-03-02T06:30:58+00:00" }, { "name": "sebastian/environment", @@ -5460,16 +5456,16 @@ }, { "name": "sebastian/exporter", - "version": "4.0.5", + "version": "4.0.6", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/exporter.git", - "reference": "ac230ed27f0f98f597c8a2b6eb7ac563af5e5b9d" + "reference": "78c00df8f170e02473b682df15bfcdacc3d32d72" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/exporter/zipball/ac230ed27f0f98f597c8a2b6eb7ac563af5e5b9d", - "reference": "ac230ed27f0f98f597c8a2b6eb7ac563af5e5b9d", + "url": "https://api.github.com/repos/sebastianbergmann/exporter/zipball/78c00df8f170e02473b682df15bfcdacc3d32d72", + "reference": "78c00df8f170e02473b682df15bfcdacc3d32d72", "shasum": "" }, "require": { @@ -5525,7 +5521,7 @@ ], "support": { "issues": "https://github.com/sebastianbergmann/exporter/issues", - "source": "https://github.com/sebastianbergmann/exporter/tree/4.0.5" + "source": "https://github.com/sebastianbergmann/exporter/tree/4.0.6" }, "funding": [ { @@ -5533,20 +5529,20 @@ "type": "github" } ], - "time": "2022-09-14T06:03:37+00:00" + "time": "2024-03-02T06:33:00+00:00" }, { "name": "sebastian/global-state", - "version": "5.0.6", + "version": "5.0.7", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/global-state.git", - "reference": "bde739e7565280bda77be70044ac1047bc007e34" + "reference": "bca7df1f32ee6fe93b4d4a9abbf69e13a4ada2c9" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/global-state/zipball/bde739e7565280bda77be70044ac1047bc007e34", - "reference": "bde739e7565280bda77be70044ac1047bc007e34", + "url": "https://api.github.com/repos/sebastianbergmann/global-state/zipball/bca7df1f32ee6fe93b4d4a9abbf69e13a4ada2c9", + "reference": "bca7df1f32ee6fe93b4d4a9abbf69e13a4ada2c9", "shasum": "" }, "require": { @@ -5589,7 +5585,7 @@ ], "support": { "issues": "https://github.com/sebastianbergmann/global-state/issues", - "source": "https://github.com/sebastianbergmann/global-state/tree/5.0.6" + "source": "https://github.com/sebastianbergmann/global-state/tree/5.0.7" }, "funding": [ { @@ -5597,7 +5593,7 @@ "type": "github" } ], - "time": "2023-08-02T09:26:13+00:00" + "time": "2024-03-02T06:35:11+00:00" }, { "name": "sebastian/lines-of-code", @@ -5833,16 +5829,16 @@ }, { "name": "sebastian/resource-operations", - "version": "3.0.3", + "version": "3.0.4", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/resource-operations.git", - "reference": "0f4443cb3a1d92ce809899753bc0d5d5a8dd19a8" + "reference": "05d5692a7993ecccd56a03e40cd7e5b09b1d404e" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/resource-operations/zipball/0f4443cb3a1d92ce809899753bc0d5d5a8dd19a8", - "reference": "0f4443cb3a1d92ce809899753bc0d5d5a8dd19a8", + "url": "https://api.github.com/repos/sebastianbergmann/resource-operations/zipball/05d5692a7993ecccd56a03e40cd7e5b09b1d404e", + "reference": "05d5692a7993ecccd56a03e40cd7e5b09b1d404e", "shasum": "" }, "require": { @@ -5854,7 +5850,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "3.0-dev" + "dev-main": "3.0-dev" } }, "autoload": { @@ -5875,8 +5871,7 @@ "description": "Provides a list of PHP built-in functions that operate on resources", "homepage": "https://www.github.com/sebastianbergmann/resource-operations", "support": { - "issues": "https://github.com/sebastianbergmann/resource-operations/issues", - "source": "https://github.com/sebastianbergmann/resource-operations/tree/3.0.3" + "source": "https://github.com/sebastianbergmann/resource-operations/tree/3.0.4" }, "funding": [ { @@ -5884,7 +5879,7 @@ "type": "github" } ], - "time": "2020-09-28T06:45:17+00:00" + "time": "2024-03-14T16:00:52+00:00" }, { "name": "sebastian/type", @@ -5997,16 +5992,16 @@ }, { "name": "symfony/browser-kit", - "version": "v5.4.31", + "version": "v5.4.35", "source": { "type": "git", "url": "https://github.com/symfony/browser-kit.git", - "reference": "0ed1f634a36606f2065eec221b3975e05016cbbe" + "reference": "2f6f979b579ed1c051465c3c2fb81daf5bb4a002" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/browser-kit/zipball/0ed1f634a36606f2065eec221b3975e05016cbbe", - "reference": "0ed1f634a36606f2065eec221b3975e05016cbbe", + "url": "https://api.github.com/repos/symfony/browser-kit/zipball/2f6f979b579ed1c051465c3c2fb81daf5bb4a002", + "reference": "2f6f979b579ed1c051465c3c2fb81daf5bb4a002", "shasum": "" }, "require": { @@ -6049,7 +6044,7 @@ "description": "Simulates the behavior of a web browser, allowing you to make requests, click on links and submit forms programmatically", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/browser-kit/tree/v5.4.31" + "source": "https://github.com/symfony/browser-kit/tree/v5.4.35" }, "funding": [ { @@ -6065,20 +6060,20 @@ "type": "tidelift" } ], - "time": "2023-10-31T07:58:33+00:00" + "time": "2024-01-23T13:51:25+00:00" }, { "name": "symfony/css-selector", - "version": "v5.4.26", + "version": "v5.4.35", "source": { "type": "git", "url": "https://github.com/symfony/css-selector.git", - "reference": "0ad3f7e9a1ab492c5b4214cf22a9dc55dcf8600a" + "reference": "9e615d367e2bed41f633abb383948c96a2dbbfae" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/css-selector/zipball/0ad3f7e9a1ab492c5b4214cf22a9dc55dcf8600a", - "reference": "0ad3f7e9a1ab492c5b4214cf22a9dc55dcf8600a", + "url": "https://api.github.com/repos/symfony/css-selector/zipball/9e615d367e2bed41f633abb383948c96a2dbbfae", + "reference": "9e615d367e2bed41f633abb383948c96a2dbbfae", "shasum": "" }, "require": { @@ -6115,7 +6110,7 @@ "description": "Converts CSS selectors to XPath expressions", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/css-selector/tree/v5.4.26" + "source": "https://github.com/symfony/css-selector/tree/v5.4.35" }, "funding": [ { @@ -6131,7 +6126,7 @@ "type": "tidelift" } ], - "time": "2023-07-07T06:10:25+00:00" + "time": "2024-01-23T13:51:25+00:00" }, { "name": "symfony/deprecation-contracts", @@ -6202,16 +6197,16 @@ }, { "name": "symfony/dom-crawler", - "version": "v5.4.32", + "version": "v5.4.35", "source": { "type": "git", "url": "https://github.com/symfony/dom-crawler.git", - "reference": "728f1fc136252a626ba5a69c02bd66a3697ff201" + "reference": "e3b4806f88abf106a411847a78619a542e71de29" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/dom-crawler/zipball/728f1fc136252a626ba5a69c02bd66a3697ff201", - "reference": "728f1fc136252a626ba5a69c02bd66a3697ff201", + "url": "https://api.github.com/repos/symfony/dom-crawler/zipball/e3b4806f88abf106a411847a78619a542e71de29", + "reference": "e3b4806f88abf106a411847a78619a542e71de29", "shasum": "" }, "require": { @@ -6257,7 +6252,7 @@ "description": "Eases DOM navigation for HTML and XML documents", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/dom-crawler/tree/v5.4.32" + "source": "https://github.com/symfony/dom-crawler/tree/v5.4.35" }, "funding": [ { @@ -6273,20 +6268,20 @@ "type": "tidelift" } ], - "time": "2023-11-17T20:43:48+00:00" + "time": "2024-01-23T13:51:25+00:00" }, { "name": "symfony/finder", - "version": "v5.4.27", + "version": "v5.4.35", "source": { "type": "git", "url": "https://github.com/symfony/finder.git", - "reference": "ff4bce3c33451e7ec778070e45bd23f74214cd5d" + "reference": "abe6d6f77d9465fed3cd2d029b29d03b56b56435" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/finder/zipball/ff4bce3c33451e7ec778070e45bd23f74214cd5d", - "reference": "ff4bce3c33451e7ec778070e45bd23f74214cd5d", + "url": "https://api.github.com/repos/symfony/finder/zipball/abe6d6f77d9465fed3cd2d029b29d03b56b56435", + "reference": "abe6d6f77d9465fed3cd2d029b29d03b56b56435", "shasum": "" }, "require": { @@ -6320,7 +6315,7 @@ "description": "Finds files and directories via an intuitive fluent interface", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/finder/tree/v5.4.27" + "source": "https://github.com/symfony/finder/tree/v5.4.35" }, "funding": [ { @@ -6336,20 +6331,20 @@ "type": "tidelift" } ], - "time": "2023-07-31T08:02:31+00:00" + "time": "2024-01-23T13:51:25+00:00" }, { "name": "theseer/tokenizer", - "version": "1.2.2", + "version": "1.2.3", "source": { "type": "git", "url": "https://github.com/theseer/tokenizer.git", - "reference": "b2ad5003ca10d4ee50a12da31de12a5774ba6b96" + "reference": "737eda637ed5e28c3413cb1ebe8bb52cbf1ca7a2" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/theseer/tokenizer/zipball/b2ad5003ca10d4ee50a12da31de12a5774ba6b96", - "reference": "b2ad5003ca10d4ee50a12da31de12a5774ba6b96", + "url": "https://api.github.com/repos/theseer/tokenizer/zipball/737eda637ed5e28c3413cb1ebe8bb52cbf1ca7a2", + "reference": "737eda637ed5e28c3413cb1ebe8bb52cbf1ca7a2", "shasum": "" }, "require": { @@ -6378,7 +6373,7 @@ "description": "A small library for converting tokenized PHP source code into XML and potentially other formats", "support": { "issues": "https://github.com/theseer/tokenizer/issues", - "source": "https://github.com/theseer/tokenizer/tree/1.2.2" + "source": "https://github.com/theseer/tokenizer/tree/1.2.3" }, "funding": [ { @@ -6386,7 +6381,7 @@ "type": "github" } ], - "time": "2023-11-20T00:12:19+00:00" + "time": "2024-03-03T12:36:25+00:00" } ], "aliases": [], diff --git a/system/blueprints/config/system.yaml b/system/blueprints/config/system.yaml index 1fb67d1..b0ad371 100644 --- a/system/blueprints/config/system.yaml +++ b/system/blueprints/config/system.yaml @@ -1300,6 +1300,17 @@ form: auto: Auto lazy: Lazy eager: Eager + + images.defaults.decoding: + type: select + size: small + label: PLUGIN_ADMIN.IMAGES_DECODING + help: PLUGIN_ADMIN.IMAGES_DECODING_HELP + highlight: auto + options: + auto: Auto + sync: Sync + async: Async images.seofriendly: type: toggle diff --git a/system/config/system.yaml b/system/config/system.yaml index 8bcc280..3495c44 100644 --- a/system/config/system.yaml +++ b/system/config/system.yaml @@ -168,6 +168,7 @@ images: retina_scale: 1 # scale to adjust auto-sizes for better handling of HiDPI resolutions defaults: loading: auto # Let browser pick [auto|lazy|eager] + decoding: auto # Let browser pick [auto|sync|async] watermark: image: 'system://images/watermark.png' # Path to a watermark image position_y: 'center' # top|center|bottom diff --git a/system/defines.php b/system/defines.php index deb7f73..f090bde 100644 --- a/system/defines.php +++ b/system/defines.php @@ -9,7 +9,7 @@ // Some standard defines define('GRAV', true); -define('GRAV_VERSION', '1.7.44'); +define('GRAV_VERSION', '1.7.46'); define('GRAV_SCHEMA', '1.7.0_2020-11-20_1'); define('GRAV_TESTING', false); @@ -26,12 +26,12 @@ if (!defined('DS')) { // Absolute path to Grav root. This is where Grav is installed into. if (!defined('GRAV_ROOT')) { $path = rtrim(str_replace(DIRECTORY_SEPARATOR, DS, getenv('GRAV_ROOT') ?: getcwd()), DS); - define('GRAV_ROOT', $path); + define('GRAV_ROOT', $path ?: DS); } // Absolute path to Grav webroot. This is the path where your site is located in. if (!defined('GRAV_WEBROOT')) { $path = rtrim(getenv('GRAV_WEBROOT') ?: GRAV_ROOT, DS); - define('GRAV_WEBROOT', $path); + define('GRAV_WEBROOT', $path ?: DS); } // Relative path to user folder. This path needs to be located under GRAV_WEBROOT. if (!defined('GRAV_USER_PATH')) { diff --git a/system/languages/sr.yaml b/system/languages/sr.yaml index 3368bdf..498d182 100644 --- a/system/languages/sr.yaml +++ b/system/languages/sr.yaml @@ -104,6 +104,7 @@ GRAV: VALIDATION_FAIL: 'Провера неуспела:' INVALID_INPUT: 'Неисправан унос у' MISSING_REQUIRED_FIELD: 'Недостаје обавезн поље:' + XSS_ISSUES: "Потенцијална грешка у XSS-у детектована у пољу '%s' " MONTHS_OF_THE_YEAR: - 'Јануар' - 'Фебруар' @@ -125,6 +126,8 @@ GRAV: - 'Петак' - 'Субота' - 'Недеља' + YES: "Да" + NO: "Не" CRON: EVERY: сваки EVERY_HOUR: сваки сат diff --git a/system/src/Grav/Common/Backup/Backups.php b/system/src/Grav/Common/Backup/Backups.php index 5114634..dd2cf37 100644 --- a/system/src/Grav/Common/Backup/Backups.php +++ b/system/src/Grav/Common/Backup/Backups.php @@ -218,7 +218,7 @@ class Backups if ($locator->isStream($backup_root)) { $backup_root = $locator->findResource($backup_root); } else { - $backup_root = rtrim(GRAV_ROOT . $backup_root, '/'); + $backup_root = rtrim(GRAV_ROOT . $backup_root, DS) ?: DS; } if (!$backup_root || !file_exists($backup_root)) { diff --git a/system/src/Grav/Common/Inflector.php b/system/src/Grav/Common/Inflector.php index ed64951..284b8dd 100644 --- a/system/src/Grav/Common/Inflector.php +++ b/system/src/Grav/Common/Inflector.php @@ -161,9 +161,15 @@ class Inflector */ public static function titleize($word, $uppercase = '') { - $uppercase = $uppercase === 'first' ? 'ucfirst' : 'ucwords'; + $humanize_underscorize = static::humanize(static::underscorize($word)); + + if ($uppercase === 'first') { + $firstLetter = mb_strtoupper(mb_substr($humanize_underscorize, 0, 1, "UTF-8"), "UTF-8"); + return $firstLetter . mb_substr($humanize_underscorize, 1, mb_strlen($humanize_underscorize, "UTF-8"), "UTF-8"); + } else { + return mb_convert_case($humanize_underscorize, MB_CASE_TITLE, 'UTF-8'); + } - return $uppercase(static::humanize(static::underscorize($word))); } /** @@ -180,7 +186,7 @@ class Inflector */ public static function camelize($word) { - return str_replace(' ', '', ucwords(preg_replace('/[^A-Z^a-z^0-9]+/', ' ', $word))); + return str_replace(' ', '', ucwords(preg_replace('/[^\p{L}^0-9]+/', ' ', $word))); } /** @@ -198,7 +204,7 @@ class Inflector { $regex1 = preg_replace('/([A-Z]+)([A-Z][a-z])/', '\1_\2', $word); $regex2 = preg_replace('/([a-zd])([A-Z])/', '\1_\2', $regex1); - $regex3 = preg_replace('/[^A-Z^a-z^0-9]+/', '_', $regex2); + $regex3 = preg_replace('/[^\p{L}^0-9]+/u', '_', $regex2); return strtolower($regex3); } @@ -219,7 +225,7 @@ class Inflector $regex1 = preg_replace('/([A-Z]+)([A-Z][a-z])/', '\1-\2', $word); $regex2 = preg_replace('/([a-z])([A-Z])/', '\1-\2', $regex1); $regex3 = preg_replace('/([0-9])([A-Z])/', '\1-\2', $regex2); - $regex4 = preg_replace('/[^A-Z^a-z^0-9]+/', '-', $regex3); + $regex4 = preg_replace('/[^\p{L}^0-9]+/', '-', $regex3); $regex4 = trim($regex4, '-'); diff --git a/system/src/Grav/Common/Media/Traits/ImageDecodingTrait.php b/system/src/Grav/Common/Media/Traits/ImageDecodingTrait.php new file mode 100644 index 0000000..7ea01e9 --- /dev/null +++ b/system/src/Grav/Common/Media/Traits/ImageDecodingTrait.php @@ -0,0 +1,40 @@ +get('system.images.defaults.decoding', 'auto'); + } + + // Validate the provided value (similar to loading) + if ($value !== null && $value !== 'auto') { + $this->attributes['decoding'] = $value; + } + + return $this; + } + +} \ No newline at end of file diff --git a/system/src/Grav/Common/Media/Traits/MediaUploadTrait.php b/system/src/Grav/Common/Media/Traits/MediaUploadTrait.php index 36becdf..2b1c3bb 100644 --- a/system/src/Grav/Common/Media/Traits/MediaUploadTrait.php +++ b/system/src/Grav/Common/Media/Traits/MediaUploadTrait.php @@ -156,7 +156,7 @@ trait MediaUploadTrait $filepath = $folder . $filename; // Check if the filename is allowed. - if (!Utils::checkFilename($filename)) { + if (!Utils::checkFilename($filepath)) { throw new RuntimeException( sprintf($this->translate('PLUGIN_ADMIN.FILEUPLOAD_UNABLE_TO_UPLOAD'), $filepath, $this->translate('PLUGIN_ADMIN.BAD_FILENAME')) ); diff --git a/system/src/Grav/Common/Page/Medium/ImageMedium.php b/system/src/Grav/Common/Page/Medium/ImageMedium.php index 30e369b..4de211b 100644 --- a/system/src/Grav/Common/Page/Medium/ImageMedium.php +++ b/system/src/Grav/Common/Page/Medium/ImageMedium.php @@ -15,6 +15,7 @@ use Grav\Common\Media\Interfaces\ImageManipulateInterface; use Grav\Common\Media\Interfaces\ImageMediaInterface; use Grav\Common\Media\Interfaces\MediaLinkInterface; use Grav\Common\Media\Traits\ImageLoadingTrait; +use Grav\Common\Media\Traits\ImageDecodingTrait; use Grav\Common\Media\Traits\ImageMediaTrait; use Grav\Common\Utils; use Gregwar\Image\Image; @@ -30,6 +31,7 @@ class ImageMedium extends Medium implements ImageMediaInterface, ImageManipulate { use ImageMediaTrait; use ImageLoadingTrait; + use ImageDecodingTrait; /** * @var mixed|string diff --git a/system/src/Grav/Common/Security.php b/system/src/Grav/Common/Security.php index 55bcde5..6fabf4e 100644 --- a/system/src/Grav/Common/Security.php +++ b/system/src/Grav/Common/Security.php @@ -225,7 +225,7 @@ class Security // Set the patterns we'll test against $patterns = [ // Match any attribute starting with "on" or xmlns - 'on_events' => '#(<[^>]+[[a-z\x00-\x20\"\'\/])([\s\/]on|\sxmlns)[a-z].*=>?#iUu', + 'on_events' => '#(<[^>]+[a-z\x00-\x20\"\'\/])(on[a-z]+|xmlns)\s*=[\s|\'\"].*[\s|\'\"]>#iUu', // Match javascript:, livescript:, vbscript:, mocha:, feed: and data: protocols 'invalid_protocols' => '#(' . implode('|', array_map('preg_quote', $invalid_protocols, ['#'])) . ')(:|\&\#58)\S.*?#iUu', @@ -263,4 +263,25 @@ class Security 'invalid_protocols' => array_map('trim', $config->get('security.xss_invalid_protocols')), ]; } + + public static function cleanDangerousTwig(string $string): string + { + if ($string === '') { + return $string; + } + + $bad_twig = [ + 'twig_array_map', + 'twig_array_filter', + 'call_user_func', + 'registerUndefinedFunctionCallback', + 'undefined_functions', + 'twig.getFunction', + 'core.setEscaper', + 'twig.safe_functions', + 'read_file', + ]; + $string = preg_replace('/(({{\s*|{%\s*)[^}]*?(' . implode('|', $bad_twig) . ')[^}]*?(\s*}}|\s*%}))/i', '{# $1 #}', $string); + return $string; + } } diff --git a/system/src/Grav/Common/Taxonomy.php b/system/src/Grav/Common/Taxonomy.php index d9cb930..3ce2173 100644 --- a/system/src/Grav/Common/Taxonomy.php +++ b/system/src/Grav/Common/Taxonomy.php @@ -10,6 +10,7 @@ namespace Grav\Common; use Grav\Common\Config\Config; +use Grav\Common\Language\Language; use Grav\Common\Page\Collection; use Grav\Common\Page\Interfaces\PageInterface; use function is_string; @@ -37,6 +38,8 @@ class Taxonomy protected $taxonomy_map; /** @var Grav */ protected $grav; + /** @var Language */ + protected $language; /** * Constructor that resets the map @@ -45,8 +48,9 @@ class Taxonomy */ public function __construct(Grav $grav) { - $this->taxonomy_map = []; $this->grav = $grav; + $this->language = $grav['language']; + $this->taxonomy_map[$this->language->getLanguage()] = []; } /** @@ -107,7 +111,8 @@ class Taxonomy if (!empty($key)) { $taxonomy .= $key; } - $this->taxonomy_map[$taxonomy][(string) $value][$page->path()] = ['slug' => $page->slug()]; + $active = $this->language->getLanguage(); + $this->taxonomy_map[$active][$taxonomy][(string) $value][$page->path()] = ['slug' => $page->slug()]; } } @@ -123,14 +128,11 @@ class Taxonomy { $matches = []; $results = []; + $active = $this->language->getLanguage(); foreach ((array)$taxonomies as $taxonomy => $items) { foreach ((array)$items as $item) { - if (isset($this->taxonomy_map[$taxonomy][$item])) { - $matches[] = $this->taxonomy_map[$taxonomy][$item]; - } else { - $matches[] = []; - } + $matches[] = $this->taxonomy_map[$active][$taxonomy][$item] ?? []; } } @@ -156,11 +158,13 @@ class Taxonomy */ public function taxonomy($var = null) { + $active = $this->language->getLanguage(); + if ($var) { - $this->taxonomy_map = $var; + $this->taxonomy_map[$active] = $var; } - return $this->taxonomy_map; + return $this->taxonomy_map[$active] ?? []; } /** @@ -171,6 +175,7 @@ class Taxonomy */ public function getTaxonomyItemKeys($taxonomy) { - return isset($this->taxonomy_map[$taxonomy]) ? array_keys($this->taxonomy_map[$taxonomy]) : []; + $active = $this->language->getLanguage(); + return isset($this->taxonomy_map[$active][$taxonomy]) ? array_keys($this->taxonomy_map[$active][$taxonomy]) : []; } } diff --git a/system/src/Grav/Common/Twig/Twig.php b/system/src/Grav/Common/Twig/Twig.php index 14f33f0..6e50916 100644 --- a/system/src/Grav/Common/Twig/Twig.php +++ b/system/src/Grav/Common/Twig/Twig.php @@ -16,6 +16,7 @@ use Grav\Common\Language\Language; use Grav\Common\Language\LanguageCodes; use Grav\Common\Page\Interfaces\PageInterface; use Grav\Common\Page\Pages; +use Grav\Common\Security; use Grav\Common\Twig\Exception\TwigException; use Grav\Common\Twig\Extension\FilesystemExtension; use Grav\Common\Twig\Extension\GravExtension; @@ -319,6 +320,7 @@ class Twig public function processPage(PageInterface $item, $content = null) { $content = $content ?? $item->content(); + $content = Security::cleanDangerousTwig($content); // override the twig header vars for local resolution $this->grav->fireEvent('onTwigPageVariables', new Event(['page' => $item])); @@ -392,6 +394,8 @@ class Twig $this->grav->fireEvent('onTwigStringVariables'); $vars += $this->twig_vars; + $string = Security::cleanDangerousTwig($string); + $name = '@Var:' . $string; $this->setTemplate($name, $string); @@ -418,7 +422,7 @@ class Twig try { $grav = $this->grav; - // set the page now its been processed + // set the page now it's been processed $grav->fireEvent('onTwigSiteVariables'); /** @var Pages $pages */ @@ -427,13 +431,15 @@ class Twig /** @var PageInterface $page */ $page = $grav['page']; + $content = Security::cleanDangerousTwig($page->content()); + $twig_vars = $this->twig_vars; $twig_vars['theme'] = $grav['config']->get('theme'); $twig_vars['pages'] = $pages->root(); $twig_vars['page'] = $page; $twig_vars['header'] = $page->header(); $twig_vars['media'] = $page->media(); - $twig_vars['content'] = $page->content(); + $twig_vars['content'] = $content; // determine if params are set, if so disable twig cache $params = $grav['uri']->params(null, true); @@ -568,4 +574,5 @@ class Twig $this->autoescape = (bool) $state; } + } diff --git a/system/src/Grav/Common/Uri.php b/system/src/Grav/Common/Uri.php index 9d3ef5b..2d43860 100644 --- a/system/src/Grav/Common/Uri.php +++ b/system/src/Grav/Common/Uri.php @@ -206,7 +206,7 @@ class Uri $uri = $language->setActiveFromUri($uri); // split the URL and params (and make sure that the path isn't seen as domain) - $bits = parse_url('http://domain.com' . $uri); + $bits = static::parseUrl('http://domain.com' . $uri); //process fragment if (isset($bits['fragment'])) { @@ -265,6 +265,7 @@ class Uri return $this->paths; } + /** * Return route to the current URI. By default route doesn't include base path. * @@ -742,7 +743,7 @@ class Uri */ public static function isExternal($url) { - return (0 === strpos($url, 'http://') || 0 === strpos($url, 'https://') || 0 === strpos($url, '//')); + return (0 === strpos($url, 'http://') || 0 === strpos($url, 'https://') || 0 === strpos($url, '//') || 0 === strpos($url, 'mailto:') || 0 === strpos($url, 'tel:') || 0 === strpos($url, 'ftp://') || 0 === strpos($url, 'ftps://') || 0 === strpos($url, 'news:') || 0 === strpos($url, 'irc:') || 0 === strpos($url, 'gopher:') || 0 === strpos($url, 'nntp:') || 0 === strpos($url, 'feed:') || 0 === strpos($url, 'cvs:') || 0 === strpos($url, 'ssh:') || 0 === strpos($url, 'git:') || 0 === strpos($url, 'svn:') || 0 === strpos($url, 'hg:')); } /** @@ -954,9 +955,7 @@ class Uri $grav = Grav::instance(); // Remove extra slash from streams, parse_url() doesn't like it. - if ($pos = strpos($url, ':///')) { - $url = substr_replace($url, '://', $pos, 4); - } + $url = preg_replace('/([^:])(\/{2,})/', '$1/', $url); $encodedUrl = preg_replace_callback( '%[^:/@?&=#]+%usD', diff --git a/system/src/Grav/Common/Utils.php b/system/src/Grav/Common/Utils.php index a0fb949..a518ec1 100644 --- a/system/src/Grav/Common/Utils.php +++ b/system/src/Grav/Common/Utils.php @@ -989,6 +989,8 @@ abstract class Utils || strtr($filename, "\t\v\n\r\0\\/", '_______') !== $filename // Filename should not start or end with dot or space. || trim($filename, '. ') !== $filename + // Filename should not contain path traversal + || str_replace('..', '', $filename) !== $filename // File extension should not be part of configured dangerous extensions || in_array($extension, $dangerous_extensions) ); @@ -1330,7 +1332,11 @@ abstract class Utils if ($dateformat) { $datetime = DateTime::createFromFormat($dateformat, $date); } else { - $datetime = new DateTime($date); + try { + $datetime = new DateTime($date); + } catch (Exception $e) { + $datetime = false; + } } // fallback to strtotime() if DateTime approach failed diff --git a/system/src/Twig/DeferredExtension/DeferredBlockNode.php b/system/src/Twig/DeferredExtension/DeferredBlockNode.php old mode 100755 new mode 100644 diff --git a/system/src/Twig/DeferredExtension/DeferredNode.php b/system/src/Twig/DeferredExtension/DeferredNode.php old mode 100755 new mode 100644 diff --git a/user/config/system.yaml b/user/config/system.yaml index 28f6c0c..16b3d56 100644 --- a/user/config/system.yaml +++ b/user/config/system.yaml @@ -160,7 +160,7 @@ log: tag: grav debugger: enabled: false - provider: clockwork + provider: debugbar censored: false shutdown: close_connection: true @@ -178,6 +178,7 @@ images: retina_scale: '1' defaults: loading: auto + decoding: auto watermark: image: 'system://images/watermark.png' position_y: center @@ -189,7 +190,7 @@ media: unsupported_inline_types: null allowed_fallback_types: null auto_metadata_exif: false - upload_limit: 2097152 + upload_limit: 2147483648 session: enabled: true initialize: true diff --git a/user/themes/ateliers-55/templates/default.html.twig b/user/themes/ateliers-55/templates/default.html.twig index d540aa1..58d1776 100644 --- a/user/themes/ateliers-55/templates/default.html.twig +++ b/user/themes/ateliers-55/templates/default.html.twig @@ -8,13 +8,14 @@
{% if page.parent.title == "Articles" %}
- {% if not page.isFirst %} - {{ page.nextSibling.title }} Article suivant + {{ dump(page.parent.collection.prevSibling(page.path)) }} + {% if not page.parent.collection.isFirst(page.path) %} + Article suivant {% else %}
{% endif %} - {% if not page.isLast %} - {{ page.prevSibling.title }} Article précédent + {% if not page.parent.collection.isLast(page.path) %} + Article précédent {% endif %}
{% endif %} diff --git a/user/themes/ateliers-55/templates/partials/about.html.twig b/user/themes/ateliers-55/templates/partials/about.html.twig index e8acf21..dec7fb0 100644 --- a/user/themes/ateliers-55/templates/partials/about.html.twig +++ b/user/themes/ateliers-55/templates/partials/about.html.twig @@ -3,7 +3,7 @@ {{ page.find('/a-propos').summary|raw }}
- {{ page.find('/a-propos').content|slice(page.summary|length, page.content|length)|markdown(false) }} + {{ page.find('/a-propos').content|slice(page.find('/a-propos').summary|length, page.find('/a-propos').content|length)|markdown(false) }}
diff --git a/user/themes/ateliers-55/templates/partials/articles-list.html.twig b/user/themes/ateliers-55/templates/partials/articles-list.html.twig index 611a51c..1782053 100644 --- a/user/themes/ateliers-55/templates/partials/articles-list.html.twig +++ b/user/themes/ateliers-55/templates/partials/articles-list.html.twig @@ -1,5 +1,5 @@
- {% for article in page.find('/articles').children.published.order('date', 'desc') %} + {% for article in page.find('/articles').collection %}