Skip to content

Bump thymeleaf from 3.0.12.RELEASE to 3.0.13.RELEASE #110

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 1, 2021
Merged

Bump thymeleaf from 3.0.12.RELEASE to 3.0.13.RELEASE #110

merged 1 commit into from
Dec 1, 2021

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 30, 2021

Bumps thymeleaf from 3.0.12.RELEASE to 3.0.13.RELEASE.

Changelog

Sourced from thymeleaf's changelog.

3.0.13

(no relevant changes in core module)

3.0.12

  • Fixed #numbers.format*() expression utility methods not producing numbers using the correct digit symbols for locales that use them, in JDK versions where NumberFormat does this (currently >= JDK15).
  • Fixed "package-list" not being produced for JavaDoc since JDK 11 started being used for compiling the project.
  • Added instantiation of new objects and calls to static classes as forbidden operations in restricted mode.
  • Updated OGNL dependency to 3.1.26.
  • Updated jackson-databind to 2.11.3 and jackson-datatype to 2.11.3 (due to vulnerabilities in previous versions).

3.0.11

  • Updated jackson-databind dependency to 2.9.7 (due to vulnerabilities in previous jackson version).

3.0.10

  • Fixed StackOverflowError when inserting content before first element of model in a model processor.
  • Improved restricted expression evaluation mode to forbid output of textual data from context variables inside JavaScript event handlers in HTML templates.
  • Improved HTML event handler attributes (th:on*) in order to allow processing of their values as fragments of inlined JavaScript (using JAVASCRIPT template mode).
  • Improved use of template name abbreviation in logs and exceptions.
  • Added "Automatic-Module-Name: thymeleaf" to MANIFEST.MF for Java 9+ JPMS.
  • Updated AttoParser dependency to 2.0.5.RELEASE
  • Updated Unbescape dependency to 1.1.6.RELEASE

3.0.9

  • Fixed hit ratio in StandardCache not being correctly computed (always 1 or 0).
  • Improve restricted expression evaluation mode to restrict access to some request features (#request.getParameter(), #request.getParameterValues(), #request.getParameterMap(), #request.getQueryString()).
  • Added new scenarios for restricted expression evaluation: th:on*, th:attr, th:src, th:href, default attribute processor, fragment expressions, link expressions (only for URL bases), inlined output expression in TEXT mode.

3.0.8

  • Fixed WebEngineContext returning wrong boolean values for ServletContextAttributesMap#isEmpty() and SessionAttributesMap#isEmpty().
  • Fixed DateFormat implementation being used for Jackson-based serialization of dates not implementing clone() properly, which could result in thread-safety issues on the underlying SimpleDateFormat instance.
  • Fixed JavaScript parser failing on parsing JS regexp or JS template literals that contained unbalanced quotes.
  • Improved behaviour when parser-level or prototype-only comment block is not closed at the end of template. An

... (truncated)

Commits
  • 1614274 [maven-release-plugin] prepare release thymeleaf-3.0.13.RELEASE
  • d2c6f31 Added (empty) changelog for 3.0.13
  • c62257f Updated version of maven-javadoc-plugin
  • 25360bc Fixes thymeleaf/thymeleaf-spring#258 - SpringStandardDialect doesn't allow to...
  • 309b9f2 Modified backlog project management addition task
  • e29645e Added backlog project management addition task
  • df796d8 Added workflow for the 'needs triage' label
  • 9a75074 Modified CONTRIBUTING file after change in CLA
  • eca1b9b Fixed position of maven-antrun-plugin in order to ensure execution during rel...
  • f04d5d5 [maven-release-plugin] prepare for next development iteration
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump thymeleaf from 3.0.12.RELEASE to 3.0.13.RELEASE
5437788 
Bumps [thymeleaf](https://github.com/thymeleaf/thymeleaf) from 3.0.12.RELEASE to 3.0.13.RELEASE.
- [Release notes](https://github.com/thymeleaf/thymeleaf/releases)
- [Changelog](https://github.com/thymeleaf/thymeleaf/blob/3.0-master/ChangeLog.txt)
- [Commits](thymeleaf/thymeleaf@thymeleaf-3.0.12.RELEASE...thymeleaf-3.0.13.RELEASE)

---
updated-dependencies:
- dependency-name: org.thymeleaf:thymeleaf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependency upgrade java Pull requests that update Java code labels Nov 30, 2021
@hazendaz hazendaz self-assigned this Dec 1, 2021
@hazendaz hazendaz merged commit 8fec19d into master Dec 1, 2021
@dependabot dependabot bot deleted the dependabot/maven/org.thymeleaf-thymeleaf-3.0.13.RELEASE branch December 1, 2021 03:16
@kazuki43zoo kazuki43zoo added this to the 1.0.3 milestone Dec 12, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@hazendaz hazendaz

Labels
dependency upgrade java Pull requests that update Java code
Projects
None yet
Milestone
1.0.3
Development

Successfully merging this pull request may close these issues.
2 participants
@hazendaz @kazuki43zoo