Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PROD](renovate) Update dependency smarty/smarty to v4.2.1 [SECURITY] - autoclosed #16483

Closed
wants to merge 1 commit into from
Closed

[PROD](renovate) Update dependency smarty/smarty to v4.2.1 [SECURITY] - autoclosed #16483

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 16, 2022
edited

Mend Renovate

This PR contains the following updates:

Package Type Update Change
smarty/smarty (source) require patch 4.2.0 -> 4.2.1

GitHub Vulnerability Alerts

CVE-2018-25047

In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows cross-site scripting. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user.

Release Notes

smarty-php/smarty

v4.2.1

Compare Source

Security
  • Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks #​454
Fixed
  • Fixed PHP8.1 deprecation notices in modifiers (upper, explode, number_format and replace) #​755 and #​788
  • Fixed PHP8.1 deprecation notices in capitalize modifier #​789
  • Fixed use of rand() without a parameter in math function #​794
  • Fixed unselected year/month/day not working in html_select_date #​395

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Warsaw, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Sep 16, 2022
@renovate renovate bot mentioned this pull request Sep 16, 2022
Open
61 tasks
@blackduck-copilot
Copy link

blackduck-copilot bot commented Sep 16, 2022
edited

Black Duck Security Report

Merging #16483 into developer will decrease security risk!

Added Components

Clean: 33

Removed Components

Low Risk: 1
Clean: 30

Click here to see full report

@renovate renovate bot changed the title [PROD](renovate) Update dependency smarty/smarty to v4.2.1 [SECURITY] [PROD](renovate) Update dependency smarty/smarty to v4.2.1 [SECURITY] - autoclosed Oct 11, 2022
@renovate renovate bot closed this Oct 11, 2022
@renovate renovate bot deleted the renovate/packagist-smarty/smarty-vulnerability branch October 11, 2022 17:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@mariuszkrzaczkowski mariuszkrzaczkowski

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@mariuszkrzaczkowski