Bump latte/latte from 2.11.6 to 3.0.10 #2443

dependabot · 2023-11-01T01:18:18Z

Bumps latte/latte from 2.11.6 to 3.0.10.

Release notes

Released version 3.0.10

added function hasBlock() #345

Filters::safeUrl() accepts Stringable

implemented mandatory escaping (cannot be disabled using |noescape)

In <script type=unknown> is HTML not escaped

Improved escaping in <script type=text/html>

Escaper: better detection of type in <script> & <style>

FilterExecutor: refactoring, info-aware filter can be dynamic

Filters::strLength() uses mbstring, iconv and then utf8_decode

Released version 3.0.9

improved support for variable tags

Linter: refactoring, added getEngine()

TemplateLexer: rewritten that functions are not generators, exceptions are thrown in parsers

Released version 3.0.8

added support for magic constants __LINE__, __FILE__, __DIR__

added strict parsing mode via Engine::setStrictParsing()

added support for variable tags <{$foo}>

added constant Template::Source

n:tag supports XML

in XML are tag names case sensitive

content in </foo ...> is not allowed (BC break)

TemplateLexer is driven from parser

TemplateParserHtml: HTML attribute name can be PrintNode or string (BC break)

TokenStream::throwUnexpectedException() reports only single token

Released version 3.0.7

smarter way to work with HTML attributes (possible BC break)

allow {exitIf} in {define} (#334)

Engine::enablePhpLinter() allows to lint generated PHP templates

ForeachNode, TagParser: added native parser for foreach-variables #342

TagParser: support dynamic class constant fetch in PHP 8.3

Expression nodes: added some validators

ArrayNode, TagParser: distinguish between array() and list() via $kind

ArrayNode::fromArguments() rewritten to PrintContext::argumentsAsArray() (BC break)

forbidden variable $GLOBALS

Released version 3.0.6

allowed trailing comma in {var} and {parameters}

unquoted strings can contain .

TemplateParserHtml: correctly catches non-valid tag content #329

TagParser: correct concatenation precedence

NameNode: updated list of keywords, enumerated magic constants

Node: getIterator() is abstract (BC break)

... (truncated)

Commits

794f252 Released version 3.0.10
57ed322 latte-lint: shows information about strict/debug modes
779be3f implemented mandatory escaping (cannot be disabled using |noescape)
5978635 In <script type=unknown> is HTML not escaped
bb1b25f Improved escaping in <script type=text/html>
687aaca Escaper: added new state HtmlRawText
98ce669 Escaper: better detection of type in <script> & <style>
c2112c2 Escaper: refactoring, added constant Convertors
2fab03a test: improved escaping tests
7040bac PrintNode: better JavaScript detection
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

sinacek · 2023-11-09T20:48:34Z

@dependabot rebase

Bumps [latte/latte](https://github.com/nette/latte) from 2.11.6 to 3.0.10. - [Release notes](https://github.com/nette/latte/releases) - [Commits](nette/latte@v2.11.6...v3.0.10) --- updated-dependencies: - dependency-name: latte/latte dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2023-11-15T08:33:03Z

Superseded by #2462.

dependabot bot added dependencies Pull requests that update a dependency file php Pull requests that update Php code labels Nov 1, 2023

dependabot bot mentioned this pull request Nov 1, 2023

Bump latte/latte from 2.11.6 to 3.0.9 #2349

Closed

dependabot bot force-pushed the dependabot/composer/latte/latte-3.0.10 branch from 9fc494c to a0b5b96 Compare November 9, 2023 20:48

dependabot bot closed this Nov 15, 2023

dependabot bot deleted the dependabot/composer/latte/latte-3.0.10 branch November 15, 2023 08:33

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump latte/latte from 2.11.6 to 3.0.10 #2443

Bump latte/latte from 2.11.6 to 3.0.10 #2443

dependabot bot commented on behalf of github Nov 1, 2023 •

edited

Loading

sinacek commented Nov 9, 2023

dependabot bot commented on behalf of github Nov 15, 2023

Bump latte/latte from 2.11.6 to 3.0.10 #2443

Bump latte/latte from 2.11.6 to 3.0.10 #2443

Conversation

dependabot bot commented on behalf of github Nov 1, 2023 • edited Loading

Released version 3.0.10

Released version 3.0.9

Released version 3.0.8

Released version 3.0.7

Released version 3.0.6

sinacek commented Nov 9, 2023

dependabot bot commented on behalf of github Nov 15, 2023

dependabot bot commented on behalf of github Nov 1, 2023 •

edited

Loading