🚨 [security] [php - developer] Update smarty/smarty: 4.3.0 → 4.3.1 (patch)

[depfu]

---

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

---

Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ smarty/smarty (4.3.0 → 4.3.1) · Repo · Changelog

Security Advisories 🚨

🚨 smarty Cross-site Scripting vulnerability in Javascript escaping

Impact

An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user.

Patches

Please upgrade to the most recent version of Smarty v3 or v4.

For more information

If you have any questions or comments about this advisory please open an issue in the Smarty repo

Commits

See the full diff on Github. The new version differs by 24 commits:

• Merge branch 'release/4.3.1'
• version bump
• Merge branch 'js_escape_security_fix'
• Add changelog
• Upgrade actions/checkout and actions/cache (#870)
• Changelog
• Implement fix and tests
• Update SECURITY.md with correct version info.
• Add missing dirs
• CompileCheck test and extra note on how it works in docs
• Some additional unit tests
• Finished improving designers docs
• Improved another chunk of the designers docs
• WIP improving the docs
• fixes to docs
• multiversion mkdocs config
• Fix error in docs on prepend/append. Fixes #818.
• PHP 8.1 deprecation warnings on null strings in modifiers (#834)
• Fix unit tests that broke because now is now in 2023
• Added variable scope test for multi-level extends resource
• Allow dereferencing of non-objects accross all supported PHP versions (#832)
• Simplify test running to support all phpunit cmdline options
• Treat undefined vars and array access of a null or false variables equivalent across all supported PHP versions (#830)
• Also mute php7 notices for undefined array indexes when muteUndefinedOrNullWarnings is activated. (#829)

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)

[depfu]

Closed in favor of #577.