Upgrade Scriban to 7.0.0 to fix security vulnerabilities

5 days ago · 4f204fafa9
2 changed files with 7 additions and 7 deletions
--- a/Directory.Packages.props
+++ b/Directory.Packages.props
@ -150,7 +150,7 @@
    <PackageVersion Include="Rebus" Version="8.8.0" />
    <PackageVersion Include="Rebus.ServiceProvider" Version="10.5.0" />
    <PackageVersion Include="Riok.Mapperly" Version="4.3.1" />
-    <PackageVersion Include="Scriban" Version="6.6.0" />
+    <PackageVersion Include="Scriban" Version="7.0.0" />
    <PackageVersion Include="Serilog" Version="4.3.0" />
    <PackageVersion Include="Serilog.AspNetCore" Version="9.0.0" />
    <PackageVersion Include="Serilog.Extensions.Hosting" Version="9.0.0" />
--- a/framework/src/Volo.Abp.TextTemplating.Scriban/Volo/Abp/TextTemplating/Scriban/ScribanTemplateLocalizer.cs
+++ b/framework/src/Volo.Abp.TextTemplating.Scriban/Volo/Abp/TextTemplating/Scriban/ScribanTemplateLocalizer.cs
@ -18,16 +18,16 @@ public class ScribanTemplateLocalizer : IScriptCustomFunction
        _localizer = localizer;
    }

-    public object Invoke(TemplateContext context, ScriptNode callerContext, ScriptArray arguments,
-        ScriptBlockStatement blockStatement)
+    public object? Invoke(TemplateContext context, ScriptNode? callerContext, ScriptArray arguments,
+        ScriptBlockStatement? blockStatement)
    {
        return GetString(arguments);
    }

-    public ValueTask<object> InvokeAsync(TemplateContext context, ScriptNode callerContext, ScriptArray arguments,
-        ScriptBlockStatement blockStatement)
+    public ValueTask<object?> InvokeAsync(TemplateContext context, ScriptNode? callerContext, ScriptArray arguments,
+        ScriptBlockStatement? blockStatement)
    {
-        return new ValueTask<object>(GetString(arguments));
+        return new ValueTask<object?>(GetString(arguments));
    }

    private string GetString(ScriptArray arguments)
@ -43,7 +43,7 @@ public class ScribanTemplateLocalizer : IScriptCustomFunction
            return string.Empty;
        }

-        var args = arguments.Skip(1).Where(x => x != null && !x.ToString().IsNullOrWhiteSpace()).ToArray();
+        var args = arguments.Skip(1).Where(x => x != null && !x.ToString().IsNullOrWhiteSpace()).Cast<object>().ToArray();
        return args.Any() ? _localizer[name.ToString()!, args] : _localizer[name.ToString()!];
    }