Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgrade Twig to 2.15.3 or newer #1370

Merged
merged 1 commit into from
Oct 3, 2022
Merged

upgrade Twig to 2.15.3 or newer #1370

merged 1 commit into from
Oct 3, 2022

Conversation

osma
Copy link
Member

@osma osma commented Oct 3, 2022

Reasons for creating this PR

Dependabot complains about a potential security issue in Twig <2.15.3. This PR upgrades Twig to ^2.15.3 (meaning: 2.15.3 or newer, but must still be 2.15)

AFAICT, the security issue doesn't really affect us, as we're not using templates where the name is derived from user input. But it's better to be sure and to get rid of warnings from vulnerability scanning tools.

Link to relevant issue(s), if any

  • Closes #3

Description of the changes in this PR

  • upgrade to Twig 2.15.3

Known problems or uncertainties in this PR

n/a

Checklist

  • phpUnit tests pass locally with my changes
  • I have added tests that show that the new code works, or tests are not relevant for this PR (e.g. only HTML/CSS changes)
  • The PR doesn't reduce accessibility of the front-end code (e.g. tab focus, scaling to different resolutions, use of .sr-only class, color contrast)
  • The PR doesn't introduce unintended code changes (e.g. empty lines or useless reindentation)

@osma osma added the maintenance Dependency changes, security updates, infrastructure tweaks & general mainenance label Oct 3, 2022
@osma osma added this to the 2.16 milestone Oct 3, 2022
@osma osma self-assigned this Oct 3, 2022
@sonarqubecloud
Copy link

sonarqubecloud bot commented Oct 3, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@codecov
Copy link

codecov bot commented Oct 3, 2022

Codecov Report

Base: 71.17% // Head: 71.17% // No change to project coverage 👍

Coverage data is based on head (1c7d39b) compared to base (0bda0f5).
Patch has no changes to coverable lines.

Additional details and impacted files 
@@            Coverage Diff            @@
##             master    #1370   +/-   ##
=========================================
  Coverage     71.17%   71.17%           
  Complexity     1650     1650           
=========================================
  Files            32       32           
  Lines          3788     3788           
=========================================
  Hits           2696     2696           
  Misses         1092     1092

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@osma osma merged commit 77eb4a2 into master Oct 3, 2022
@osma osma deleted the upgrade-twig-2.15.3 branch October 3, 2022 12:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@osma osma

Labels
maintenance Dependency changes, security updates, infrastructure tweaks & general mainenance
Projects
None yet
Milestone
2.16
Development

Successfully merging this pull request may close these issues.
1 participant
@osma