Skip to content

Bump thymeleaf.version from 3.0.2.RELEASE to 3.0.11.RELEASE #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot-preview wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump thymeleaf.version from 3.0.2.RELEASE to 3.0.11.RELEASE #6

dependabot-preview wants to merge 1 commit into from

Conversation

@dependabot-preview
Copy link

@dependabot-preview dependabot-preview bot commented Sep 12, 2020

Bumps thymeleaf.version from 3.0.2.RELEASE to 3.0.11.RELEASE.
Updates thymeleaf from 3.0.2.RELEASE to 3.0.11.RELEASE

Changelog

Sourced from thymeleaf's changelog.

3.0.11

  • Updated jackson-databind dependency to 2.9.7 (due to vulnerabilities in previous jackson version).

3.0.10

  • Fixed StackOverflowError when inserting content before first element of model in a model processor.
  • Improved restricted expression evaluation mode to forbid output of textual data from context variables inside JavaScript event handlers in HTML templates.
  • Improved HTML event handler attributes (th:on*) in order to allow processing of their values as fragments of inlined JavaScript (using JAVASCRIPT template mode).
  • Improved use of template name abbreviation in logs and exceptions.
  • Added "Automatic-Module-Name: thymeleaf" to MANIFEST.MF for Java 9+ JPMS.
  • Updated AttoParser dependency to 2.0.5.RELEASE
  • Updated Unbescape dependency to 1.1.6.RELEASE

3.0.9

  • Fixed hit ratio in StandardCache not being correctly computed (always 1 or 0).
  • Improve restricted expression evaluation mode to restrict access to some request features (#request.getParameter(), #request.getParameterValues(), #request.getParameterMap(), #request.getQueryString()).
  • Added new scenarios for restricted expression evaluation: th:on*, th:attr, th:src, th:href, default attribute processor, fragment expressions, link expressions (only for URL bases), inlined output expression in TEXT mode.

3.0.8

  • Fixed WebEngineContext returning wrong boolean values for ServletContextAttributesMap#isEmpty() and SessionAttributesMap#isEmpty().
  • Fixed DateFormat implementation being used for Jackson-based serialization of dates not implementing clone() properly, which could result in thread-safety issues on the underlying SimpleDateFormat instance.
  • Fixed JavaScript parser failing on parsing JS regexp or JS template literals that contained unbalanced quotes.
  • Improved behaviour when parser-level or prototype-only comment block is not closed at the end of template. An exception is now thrown.
  • Updated SLF4j dependency to 1.7.25.

3.0.7

  • Fixed JavaScript line comment (//) parsing breaks when EOF comes before \n (script ends in the comment line).
  • Improved escaping of attributes in XML template mode: \t, \n and \r now being always escaped in order to prevent them being normalised into white spaces by XML parsers when reading (which would be according to the spec).
  • Improved #numbers.sequence(...) behaviour so that zero-element sequences are now returned when it is not possible to get from the initial to the final values using the specified step (was returning an error).
  • Updated Unbescape dependency to 1.1.5.RELEASE.

3.0.6

Commits
  • 3e4c129 [maven-release-plugin] prepare release thymeleaf-3.0.11.RELEASE
  • 55e6ec6 Updated jackson-databind dependency to 2.9.7 due to vulnerabilities in previo...
  • 0c56e56 Added computation of Automatic-Module-Name from artifactId (replacing - with .)
  • cfdaaba [maven-release-plugin] prepare for next development iteration
  • 1ed8e00 [maven-release-plugin] prepare release thymeleaf-3.0.10.RELEASE
  • bb2fd0e Fixed JavaDoc for JDK 11 build
  • 6bae7ac Updated maven plugins
  • fe8794d Updated change log
  • fe44b93 Fixes #707 - Enable processing of HTML event handler attributes in JAVASCRIPT...
  • b242fd3 Fixes #705 - Restricted mode: Avoid variable expressions returning strings in...
  • Additional commits viewable in compare view

Updates thymeleaf-spring4 from 3.0.2.RELEASE to 3.0.11.RELEASE

Commits
  • e1f0b70 [maven-release-plugin] prepare release thymeleaf-spring3-3.0.11.RELEASE
  • 4c09483 Fixes #196 - Non-blocking resolution of variables assumes mutable model
  • 0c19077 Added computation of Automatic-Module-Name from artifactId (replacing - with .)
  • 197ddef [maven-release-plugin] prepare for next development iteration
  • 09ab225 [maven-release-plugin] prepare release thymeleaf-spring5-3.0.10.RELEASE
  • a2d8848 [maven-release-plugin] prepare for next development iteration
  • fe52d3e [maven-release-plugin] prepare release thymeleaf-spring4-3.0.10.RELEASE
  • ab921a6 [maven-release-plugin] prepare for next development iteration
  • 47b4aee [maven-release-plugin] prepare release thymeleaf-spring3-3.0.10.RELEASE
  • 74c4203 Added flush() operation on the response writer at the end of write operation ...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

You can always request more updates by clicking Bump now in your Dependabot dashboard.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

@dependabot-preview
Bump thymeleaf.version from 3.0.2.RELEASE to 3.0.11.RELEASE
f6f8957 
Bumps `thymeleaf.version` from 3.0.2.RELEASE to 3.0.11.RELEASE.

Updates `thymeleaf` from 3.0.2.RELEASE to 3.0.11.RELEASE
- [Release notes](https://github.com/thymeleaf/thymeleaf/releases)
- [Changelog](https://github.com/thymeleaf/thymeleaf/blob/3.0-master/ChangeLog.txt)
- [Commits](thymeleaf/thymeleaf@thymeleaf-3.0.2.RELEASE...thymeleaf-3.0.11.RELEASE)

Updates `thymeleaf-spring4` from 3.0.2.RELEASE to 3.0.11.RELEASE
- [Release notes](https://github.com/thymeleaf/thymeleaf-spring/releases)
- [Commits](thymeleaf/thymeleaf-spring@thymeleaf-spring3-3.0.2.RELEASE...thymeleaf-spring3-3.0.11.RELEASE)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
@dependabot-preview dependabot-preview bot added the dependencies Pull requests that update a dependency file label Sep 12, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants