Bump thymeleaf from 3.0.13.RELEASE to 3.0.14.RELEASE

[dependabot]

Bumps thymeleaf from 3.0.13.RELEASE to 3.0.14.RELEASE.

Changelog

Sourced from thymeleaf's changelog.

3.0.14

• Fixed inconsistent restricted variable access check due to caching.
• Improved detection of restricted expression execution scenarios.

3.0.13

(no relevant changes in core module)

3.0.12

• Fixed #numbers.format*() expression utility methods not producing numbers using the correct digit symbols for locales that use them, in JDK versions where NumberFormat does this (currently >= JDK15).
• Fixed "package-list" not being produced for JavaDoc since JDK 11 started being used for compiling the project.
• Added instantiation of new objects and calls to static classes as forbidden operations in restricted mode.
• Updated OGNL dependency to 3.1.26.
• Updated jackson-databind to 2.11.3 and jackson-datatype to 2.11.3 (due to vulnerabilities in previous versions).

3.0.11

• Updated jackson-databind dependency to 2.9.7 (due to vulnerabilities in previous jackson version).

3.0.10

• Fixed StackOverflowError when inserting content before first element of model in a model processor.
• Improved restricted expression evaluation mode to forbid output of textual data from context variables inside JavaScript event handlers in HTML templates.
• Improved HTML event handler attributes (th:on*) in order to allow processing of their values as fragments of inlined JavaScript (using JAVASCRIPT template mode).
• Improved use of template name abbreviation in logs and exceptions.
• Added "Automatic-Module-Name: thymeleaf" to MANIFEST.MF for Java 9+ JPMS.
• Updated AttoParser dependency to 2.0.5.RELEASE
• Updated Unbescape dependency to 1.1.6.RELEASE

3.0.9

• Fixed hit ratio in StandardCache not being correctly computed (always 1 or 0).
• Improve restricted expression evaluation mode to restrict access to some request features (#request.getParameter(), #request.getParameterValues(), #request.getParameterMap(), #request.getQueryString()).
• Added new scenarios for restricted expression evaluation: th:on*, th:attr, th:src, th:href, default attribute processor, fragment expressions, link expressions (only for URL bases), inlined output expression in TEXT mode.

3.0.8

... (truncated)

Commits

• c2643c6 [maven-release-plugin] prepare release thymeleaf-3.0.14.RELEASE
• 08f474f Improved detection of restricted scenarios
• 31800aa Fixed thymeleaf/thymeleaf-spring#226 - Inconsistent restricted variable acces...
• a5bf2b1 Improved detections of restricted expression execution scenarios
• c42de2b [maven-release-plugin] prepare for next development iteration
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)