From 4f204fafa9d76567465ccb1d5aac7e1e6a548e5d Mon Sep 17 00:00:00 2001
From: maliming <malimings@gmail.com>
Date: Fri, 27 Mar 2026 15:05:15 +0800
Subject: [PATCH] Upgrade Scriban to 7.0.0 to fix security vulnerabilities

---
 Directory.Packages.props                             |  2 +-
 .../Scriban/ScribanTemplateLocalizer.cs              | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/Directory.Packages.props b/Directory.Packages.props
index 3b43d18c26..540af1030a 100644
--- a/Directory.Packages.props
+++ b/Directory.Packages.props
@@ -150,7 +150,7 @@
     <PackageVersion Include="Rebus" Version="8.8.0" />
     <PackageVersion Include="Rebus.ServiceProvider" Version="10.5.0" />
     <PackageVersion Include="Riok.Mapperly" Version="4.3.1" />
-    <PackageVersion Include="Scriban" Version="6.6.0" />
+    <PackageVersion Include="Scriban" Version="7.0.0" />
     <PackageVersion Include="Serilog" Version="4.3.0" />
     <PackageVersion Include="Serilog.AspNetCore" Version="9.0.0" />
     <PackageVersion Include="Serilog.Extensions.Hosting" Version="9.0.0" />
diff --git a/framework/src/Volo.Abp.TextTemplating.Scriban/Volo/Abp/TextTemplating/Scriban/ScribanTemplateLocalizer.cs b/framework/src/Volo.Abp.TextTemplating.Scriban/Volo/Abp/TextTemplating/Scriban/ScribanTemplateLocalizer.cs
index 6bf32d1a58..904a131342 100644
--- a/framework/src/Volo.Abp.TextTemplating.Scriban/Volo/Abp/TextTemplating/Scriban/ScribanTemplateLocalizer.cs
+++ b/framework/src/Volo.Abp.TextTemplating.Scriban/Volo/Abp/TextTemplating/Scriban/ScribanTemplateLocalizer.cs
@@ -18,16 +18,16 @@ public class ScribanTemplateLocalizer : IScriptCustomFunction
         _localizer = localizer;
     }
 
-    public object Invoke(TemplateContext context, ScriptNode callerContext, ScriptArray arguments,
-        ScriptBlockStatement blockStatement)
+    public object? Invoke(TemplateContext context, ScriptNode? callerContext, ScriptArray arguments,
+        ScriptBlockStatement? blockStatement)
     {
         return GetString(arguments);
     }
 
-    public ValueTask<object> InvokeAsync(TemplateContext context, ScriptNode callerContext, ScriptArray arguments,
-        ScriptBlockStatement blockStatement)
+    public ValueTask<object?> InvokeAsync(TemplateContext context, ScriptNode? callerContext, ScriptArray arguments,
+        ScriptBlockStatement? blockStatement)
     {
-        return new ValueTask<object>(GetString(arguments));
+        return new ValueTask<object?>(GetString(arguments));
     }
 
     private string GetString(ScriptArray arguments)
@@ -43,7 +43,7 @@ public class ScribanTemplateLocalizer : IScriptCustomFunction
             return string.Empty;
         }
 
-        var args = arguments.Skip(1).Where(x => x != null && !x.ToString().IsNullOrWhiteSpace()).ToArray();
+        var args = arguments.Skip(1).Where(x => x != null && !x.ToString().IsNullOrWhiteSpace()).Cast<object>().ToArray();
         return args.Any() ? _localizer[name.ToString()!, args] : _localizer[name.ToString()!];
     }