Update smarty/smarty requirement from 4.0.0 to 4.3.1

[dependabot]

Updates the requirements on smarty/smarty to permit the latest version.

Release notes

Sourced from smarty/smarty's releases.

v3.1.48

Security

• Fixed Cross site scripting vulnerability in Javascript escaping. This addresses CVE-2023-28447.

Fixed

• $smarty->muteUndefinedOrNullWarnings() now also mutes PHP7 notices for undefined array indexes #736
• $smarty->muteUndefinedOrNullWarnings() now treats undefined vars and array access of a null or false variables equivalent across all supported PHP versions
• $smarty->muteUndefinedOrNullWarnings() now allows dereferencing of non-objects across all supported PHP versions #831
• PHP 8.1 deprecation warnings on null strings in modifiers #834

Changelog

Sourced from smarty/smarty's changelog.

[4.3.1] - 2023-03-28

Security

• Fixed Cross site scripting vulnerability in Javascript escaping. This addresses CVE-2023-28447.

Fixed

• $smarty->muteUndefinedOrNullWarnings() now also mutes PHP7 notices for undefined array indexes #736
• $smarty->muteUndefinedOrNullWarnings() now treats undefined vars and array access of a null or false variables equivalent across all supported PHP versions
• $smarty->muteUndefinedOrNullWarnings() now allows dereferencing of non-objects across all supported PHP versions #831
• PHP 8.1 deprecation warnings on null strings in modifiers #834

[4.3.0] - 2022-11-22

Added

• PHP8.2 compatibility #775

Changed

• Include docs and demo in the releases #799
• Using PHP functions as modifiers now triggers a deprecation notice because we will drop support for this in the next major release #813
• Dropped remaining references to removed PHP-support in Smarty 4 from docs, lexer and security class. #816
• Support umask when writing (template) files and set dir permissions to 777 #548 #819

Fixed

• Output buffer is now cleaned for internal PHP errors as well, not just for Exceptions #514
• Fixed recursion and out of memory errors when caching in complicated template set-ups using inheritance and includes #801
• Fixed PHP8.1 deprecation errors in strip_tags
• Fix Variable Usage in Exception message when unable to load subtemplate #808
• Fixed PHP8.1 deprecation notices for strftime #672
• Fixed PHP8.1 deprecation errors passing null to parameter in trim #807
• Adapt Smarty upper/lower functions to be codesafe (e.g. for Turkish locale) #586
• Bug fix for underscore and limited length in template name in custom resources #581

[4.2.1] - 2022-09-14

Security

• Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks #454

Fixed

• Fixed PHP8.1 deprecation notices in modifiers (upper, explode, number_format and replace) #755 and #788
• Fixed PHP8.1 deprecation notices in capitalize modifier #789
• Fixed use of rand() without a parameter in math function #794
• Fixed unselected year/month/day not working in html_select_date #395

[4.2.0] - 2022-08-01

Fixed

• Fixed problems with smarty_mb_str_replace #549
• Fixed second parameter of unescape modifier not working #777

... (truncated)

Commits

• e28cb09 Merge branch 'release/4.3.1'
• fe7817c version bump
• 6856624 Merge branch 'js_escape_security_fix'
• 71d1135 Add changelog
• 5512d64 Upgrade actions/checkout and actions/cache (#870)
• 2038890 Changelog
• e751655 Implement fix and tests
• 3d2a8dc Update SECURITY.md with correct version info.
• 2764816 Add missing dirs
• 801d186 CompileCheck test and extra note on how it works in docs
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)