Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump thymeleaf from 3.0.11.RELEASE to 3.0.12.RELEASE #80

Merged
merged 1 commit into from
Dec 28, 2020
Merged

Bump thymeleaf from 3.0.11.RELEASE to 3.0.12.RELEASE #80

merged 1 commit into from
Dec 28, 2020

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 22, 2020

Bumps thymeleaf from 3.0.11.RELEASE to 3.0.12.RELEASE.

Changelog

Sourced from thymeleaf's changelog.

3.0.12

  • Fixed #numbers.format*() expression utility methods not producing numbers using the correct digit symbols for locales that use them, in JDK versions where NumberFormat does this (currently >= JDK15).
  • Fixed "package-list" not being produced for JavaDoc since JDK 11 started being used for compiling the project.
  • Added instantiation of new objects and calls to static classes as forbidden operations in restricted mode.
  • Updated OGNL dependency to 3.1.26.
  • Updated jackson-databind to 2.11.3 and jackson-datatype to 2.11.3 (due to vulnerabilities in previous versions).

3.0.11

  • Updated jackson-databind dependency to 2.9.7 (due to vulnerabilities in previous jackson version).

3.0.10

  • Fixed StackOverflowError when inserting content before first element of model in a model processor.
  • Improved restricted expression evaluation mode to forbid output of textual data from context variables inside JavaScript event handlers in HTML templates.
  • Improved HTML event handler attributes (th:on*) in order to allow processing of their values as fragments of inlined JavaScript (using JAVASCRIPT template mode).
  • Improved use of template name abbreviation in logs and exceptions.
  • Added "Automatic-Module-Name: thymeleaf" to MANIFEST.MF for Java 9+ JPMS.
  • Updated AttoParser dependency to 2.0.5.RELEASE
  • Updated Unbescape dependency to 1.1.6.RELEASE

3.0.9

  • Fixed hit ratio in StandardCache not being correctly computed (always 1 or 0).
  • Improve restricted expression evaluation mode to restrict access to some request features (#request.getParameter(), #request.getParameterValues(), #request.getParameterMap(), #request.getQueryString()).
  • Added new scenarios for restricted expression evaluation: th:on*, th:attr, th:src, th:href, default attribute processor, fragment expressions, link expressions (only for URL bases), inlined output expression in TEXT mode.

3.0.8

  • Fixed WebEngineContext returning wrong boolean values for ServletContextAttributesMap#isEmpty() and SessionAttributesMap#isEmpty().
  • Fixed DateFormat implementation being used for Jackson-based serialization of dates not implementing clone() properly, which could result in thread-safety issues on the underlying SimpleDateFormat instance.
  • Fixed JavaScript parser failing on parsing JS regexp or JS template literals that contained unbalanced quotes.
  • Improved behaviour when parser-level or prototype-only comment block is not closed at the end of template. An exception is now thrown.
  • Updated SLF4j dependency to 1.7.25.

3.0.7

... (truncated)

Commits
  • 9a9dec1 [maven-release-plugin] prepare release thymeleaf-3.0.12.RELEASE
  • 2dc77bb Added 'pack' utility method to StringUtils
  • 4654cd2 Updated changelog for #809
  • d9bafb0 Minor javadoc modification
  • 9b55805 Implemented #809 for OGNL-based scenarios
  • 283f70a Fixed #782 - #numbers.format*() expression utility methods not producing numb...
  • 30e8b8d Made version parsing mechanism more lenient
  • 77d1942 Improved mechanism for internally processing library versions
  • 44eefb4 Closes #754 - Block "javascript:" scheme in Link Expressions
  • 0b6f046 Apply trim() on link base before processing in order for schemes to be dealt ...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@hazendaz hazendaz self-assigned this Dec 28, 2020
@hazendaz hazendaz merged commit fd6ff20 into master Dec 28, 2020
@dependabot dependabot bot deleted the dependabot/maven/org.thymeleaf-thymeleaf-3.0.12.RELEASE branch December 28, 2020 23:52
@kazuki43zoo kazuki43zoo added this to the 1.0.3 milestone Dec 12, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@hazendaz hazendaz

Labels
dependency upgrade
Projects
None yet
Milestone
1.0.3
Development

Successfully merging this pull request may close these issues.
2 participants
@hazendaz @kazuki43zoo