Skip to content

chore(deps): bump smarty/smarty from 5.8.2 to 5.8.4#1525

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/composer/smarty/smarty-5.8.4
Open

chore(deps): bump smarty/smarty from 5.8.2 to 5.8.4#1525
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/composer/smarty/smarty-5.8.4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps smarty/smarty from 5.8.2 to 5.8.4.

Release notes

Sourced from smarty/smarty's releases.

v5.8.4

No release notes provided.

v5.8.3

What's Changed

Full Changelog: smarty-php/smarty@v5.8.2...v5.8.3

Changelog

Sourced from smarty/smarty's changelog.

[5.8.4] - 2026-06-29

  • Fixed a TypeError on PHP 8 when Security::$static_classes was set to a non-array value (e.g. the string 'none') to disable static class access; any non-array value now cleanly denies access. Use Security::$static_classes = null to disable access to all static classes.
  • Security: the built-in stream: resource type now validates the nested stream wrapper against the security policy, so a template such as stream:php://filter/... can no longer bypass Security::$streams (including Security::$streams = null) to read local files (CWE-22)

[5.8.3] - 2026-06-28

  • fixed a regression from #1189 where a child template's block override no longer applied to a template {include}d by the parent #1192
Commits
  • 94a27cb Merge branch 'release/5.8.4'
  • badc5ef version bump
  • 2ae0f9a Fix TypeError for non-array static_classes in Security policy (#1198)
  • b668745 drop unused version attribute from docker-compose.yml
  • 3c9f77a Security: validate nested stream wrapper in stream: resource (CWE-22) (#1195)
  • 042dff6 Merge branch 'release/5.8.3'
  • 1830aa7 version bump
  • b83ffdd requirements for building docs, switched test-runner from mutagen to basic do...
  • ac27e1e fixed a regression from #1189 where a child template's block override no long...
  • 17fae11 update documentation for building and previewing with mkdocs, fix unit tests ...
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [smarty/smarty](https://github.com/smarty-php/smarty) from 5.8.2 to 5.8.4.
- [Release notes](https://github.com/smarty-php/smarty/releases)
- [Changelog](https://github.com/smarty-php/smarty/blob/master/CHANGELOG.md)
- [Commits](smarty-php/smarty@v5.8.2...v5.8.4)

---
updated-dependencies:
- dependency-name: smarty/smarty
  dependency-version: 5.8.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file php Pull requests that update php code labels Jul 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file php Pull requests that update php code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants