Update twig/twig to non vulnerable version

[Rotzbua]

Baikal version: 0.9.3

Expected behaviour:

No security warning from composer.

Current behaviour:

Found 1 security vulnerability advisory affecting 1 package.

+-------------------+----------------------------------------------------------------------------------+
| Package           | twig/twig                                                                        |
| CVE               | CVE-2022-39261                                                                   |
| Title             | Possibility to load a template outside a configured directory when using the fil |
|                   | esystem loader                                                                   |
| URL               | https://symfony.com/blog/twig-security-release-possibility-to-load-a-template-ou |
|                   | tside-a-configured-directory-when-using-the-filesystem-loader                    |
| Affected versions | >=1.0.0,<1.44.7|>=2.0.0,<2.15.3|>=3.0.0,<3.4.3                                   |
| Reported at       | 2022-09-28T10:36:08+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+

Steps to reproduce:

1. clone repo
2. composer install
3. composer audit

[ByteHamster]

We don't use the filesystem loader, so that doesn't affect Baikal

[Rotzbua]

Right, otherwise I would have written "baikal is vulnerable by twig" 😉
Nevertheless, a user or developer will get a warning and might be alerted unnecessarily. 🫣
A fixed minor version update from ~2.14.8 to 2.15.4 is available.

[ByteHamster]

Fixed in #1222