Update dependency getgrav/grav to v1.7.45 - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
getgrav/grav (source)	1.7.25 -> 1.7.45

---

Release Notes

getgrav/grav (getgrav/grav)

v1.7.45

Compare Source

03/18/2024

1. • Added new Image trait for decoding attribute #​3796
2. • Fixed some multibyte issues in Inflector class #​732
   • Fallback to page modified date if Page date provided is invalid and can't be parsed getgrav/grav-plugin-admin#2394
   • Fixed a path traversal vulnerability with file uploads #GHSA-m7hx-hw6h-mqmc
   • Fixed a security issue with insecure Twig functions be processed #GHSA-2m7x-c7px-hp58 #GHSA-r6vw-8v8r-pmp4 #GHSA-qfv4-q44r-g7rv #GHSA-c9gp-64c4-2rrh
3. • Updated composer packages
   • Updated bin/composer.phar to latest 2.7.2

v1.7.44

Compare Source

01/05/2024

1. • Added PHP 8.3 to tests #​3782
   • Added debugger messages when Page routes conflict
   • Added ISO 8601 date format #​3721
   • Added support for .vcf (vCard) in media configuration #​3772
2. • Update jQuery to v3.6.4 #​3713
   • Updated vendor libraries including Dom-Sanitizer v1.0.7 that addresses an XSS issue
   • Updated bin/composer.phar to latest 2.6.6
   • Updated vendor libraries to latest
   • Updated language files
   • Updated copyright year
3. • Fixed a math rounding issue with number validation when using floating point steps #​3761
   • Fixed an issue with Inflector::ordinalize() not working as expected #​3759
   • Fixed various issues with file extension checking with dangerous extensions [#​3756(https://github.com/getgrav/grav/pull/3756)]
   • Fix for invalid input to foreach in UserGroupObject #​3724
   • Fixed exception: Property 'jsmodule_pipeline_include_externals' does not exist in object #​3661
   • Fixed too few arguments exception in FlexObjects #​3658

v1.7.43

Compare Source

10/02/2023

1. • Add the ability to programatically set a page's modified timestamp via a modified: frontmatter entry
2. • Update vendor libraries
   • Include phar in the list of security.uploads_dangerous_extensions
   • When enabled system.languages.debug now dumps Key -> Value to debugger #​3752
   • Updated built-in composer to latest 2.6.4 #​3748
   • Added support for @import to ensure paths are rewritten correctly in CSS pipeline #​3750

v1.7.42

Compare Source

07/18/2023

2. • Fixed a typo in Utils::isDangerousFunction

v1.7.41

Compare Source

06/01/2023

1. • Added the ability to set a configurable 'key' for the Twig Cache Tag: {% cache 'my-key' 600 %}
2. • Fixed an issue with special characters in slug's would cause redirect loops

v1.7.40

Compare Source

03/22/2023

1. • Added a new timestamp: true|false option for individual assets
2. • Removed outdated xcache setting #​3615
   • Updated robots.txt #​3625
3. • Fixed force_ssl redirect in case of undefined hostname #​3702
   • Fixed an issue with duplicate identical page paths
   • Fixed BlueprintSchema:flattenData to properly handle ignored fields
   • Fixed LogViewer regex greediness #​3684
   • Fixed whoami command #​3695

v1.7.39

Compare Source

02/22/2023

1. • Reverted a reorganization of account.yaml that caused username to be disabled admin#2344

v1.7.38

Compare Source

01/02/2023

1. • New onBeforeSessionStart() event to be used to store data lost during session regeneration (e.g. login)
2. • Vendor library updates to latest versions
   • Updated bin/composer.phar to latest 2.4.4 version #​3627
3. • Don't fail hard if pages recurse with same path
   • Github workflows security hardening #​3624

v1.7.37

Compare Source

10/05/2022

1. • Fixed a bad return type #​3630

v1.7.36

Compare Source

09/08/2022

1. • Added authorize-*@​: support for Flex blueprints, e.g. authorize-disabled@: not delete disables the field if user does not have access to delete object
   • Added support for flex-ignore@ to hide all the nested fields in the blueprint
2. • Fixed login with a capitalised email address when using old users getgrav/grav-plugin-login#229

v1.7.35

Compare Source

08/04/2022

1. • Added support for multipart/form-data content type in PUT and PATCH requests
   • Added support for object relationships
   • Added variables $environment (string), $request (PSR-7 ServerRequestInterface|null) and $uri (PSR-7 Uri|null) to be used in setup.php
2. • Minor vendor updates

v1.7.34

Compare Source

06/14/2022

1. • Added back Yiddish to Language Codes #​3336
   • Ignore upcoming media.json file in media
2. • Regression: Fixed saving page with a new language causing cache corruption getgrav/grav-plugin-admin#2282
   • Fixed a potential fatal error when using watermark in images
   • Fixed bin/grav install command with arbitrary destination folder name
   • Fixed Twig |filter() allowing code execution
   • Fixed login and user search by email not being case-insensitive when using Flex Users

v1.7.33

Compare Source

04/25/2022

1. • When saving yaml and markdown, create also a cached version of the file and recompile it in opcache
2. • Fixed missing changes in yaml & markdown files if saved multiple times during the same second because of a caching issue
   • Fixed XSS check not detecting onX events without quotes
   • Fixed default collection ordering in pages admin

v1.7.32

Compare Source

03/28/2022

1. • Added |replace_last(search, replace) filter
   • Added parseurl Twig function to expose PHP's parse_url function
2. • Added multi-language support for page routes in Utils::url()
   • Set default maximum length for text fields
     • password: 256
     • email: 320
     • text, url, hidden, commalist: 2048
     • text (multiline), textarea: 65536
3. • Fixed issue with system.cache.gzip: true resulted in "Fetch Failed" for PHP 8.0.17 and PHP 8.1.4 PHP issue #​8218
   • Fix for multi-lang issues with Security Report
   • Fixed page search not working with selected language #​3316

v1.7.31

Compare Source

03/14/2022

1. • Added new local Multiavatar (local generation). This will be default in Grav 1.8
   • Added support to get image size for SVG vector images #​3533
   • Added XSS check for uploaded SVG files before they get stored
   • Fixed phpstan issues (All level 2, Framework level 5)
2. • Moved Accounts out of Experimental section of System configuration to new "Accounts" tab
3. • Fixed 'mbstring' extension is not loaded error, use Polyfill instead #​3504
   • Fixed new Utils::pathinfo() and Utils::basename() being too strict for legacy use #​3542
   • Fixed non-standard video html atributes generated by {{ media.html() }} #​3540
   • Fixed entity sanitization for XSS detection
   • Fixed avatar save location when account:// stream points to custom directory
   • Fixed bug in Utils::url() when path contains part of root

v1.7.30

Compare Source

02/07/2022

1. • Added twig filter |field_parent to get parent field name
2. • Fixed error while deleting retina image in admin
   • Fixed "Page Authors" field in Security tab, wrongly loading and saving the value #​3525
   • Fixed accounts filter only matches against email address getgrav/grav-plugin-admin#2224

v1.7.29

Compare Source

01/31/2022

1. • Fixed Call to undefined method error when upgrading from Grav 1.6 #​3523

v1.7.28

Compare Source

01/24/2022

1. • Added links and modules support to HtmlBlock class
   • Added module support for twig script tag: {% script module 'theme://js/module.mjs' %}
   • Added twig tag for links: {% link icon 'theme://images/favicon.png' priority: 20 with { type: 'image/png' } %}
   • Added HtmlBlock support for {% style %}, {% script %} and {% link %} tags
   • Support for page-level redirect_default_route frontmatter header override
2. • Fixed XSS check not detecting escaped &#​58

v1.7.27

Compare Source

01/12/2022

3. • Fixed a typo in CSS Asset pipeline that was erroneously joining files with ;

v1.7.26

Compare Source

01/04/2022

3. • Fixed UserObject::getAccess() after cloning the object

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: composer.lock

Command failed: composer update getgrav/grav:1.7.45 --with-dependencies --ignore-platform-req='ext-*' --ignore-platform-req='lib-*' --no-ansi --no-interaction --no-scripts --no-autoloader --no-plugins
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Root composer.json requires codeception/codeception 5.1.0 (exact version match: 5.1.0 or 5.1.0.0), found codeception/codeception[5.1.0] but the package is fixed to 4.1.22 (lock file version) by a partial update and that version does not match. Make sure you list it as an argument for the update command.

Use the option --with-all-dependencies (-W) to allow upgrades, downgrades and removals for packages currently locked to specific versions.