[Snyk] Security upgrade liquidjs from 10.25.7 to 10.26.0

[snyk-io]

Snyk has created this PR to fix 3 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue
	Denial of Service (DoS) SNYK-JS-LIQUIDJS-16882546
	Insecure Default Initialization of Resource SNYK-JS-LIQUIDJS-16887887
	Cross-site Scripting (XSS) SNYK-JS-LIQUIDJS-16887888

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Cross-site Scripting (XSS)

---

This change is 

[snyk-io]

This minor upgrade introduces security fixes and new features. The risk is assessed as medium due to behavioral changes in security hardening that may require verification.

Key Changes:

• Behavioral/Security Change: A security fix has been implemented to block filter and tag lookups from Object.prototype to prevent a potential Remote Code Execution (RCE) vulnerability. [1, 2, 3] Applications improperly relying on prototype chain lookups for filters or tags may break.
• Bug Fix / Security: The strip_html filter was rewritten to prevent a Regular Expression Denial of Service (ReDoS) vulnerability. [1, 2, 3] This may result in subtle output changes.
• New Features: New cryptographic filters sha256 and hmac_sha256 have been added. [1, 3]

Recommendation:
Verify that your templates do not depend on resolving filters or tags from the object prototype. It is also advisable to test any functionality that uses the strip_html filter to ensure the output remains as expected.

Source: Changelog

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 77f5a88

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
🔚	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.