Bump thymeleaf from 2.1.4.RELEASE to 3.0.11.RELEASE

[dependabot-preview]

Bumps thymeleaf from 2.1.4.RELEASE to 3.0.11.RELEASE.

Changelog

Sourced from thymeleaf's changelog.

3.0.11

• Updated jackson-databind dependency to 2.9.7 (due to vulnerabilities in previous jackson version).

3.0.10

• Fixed StackOverflowError when inserting content before first element of model in a model processor.
• Improved restricted expression evaluation mode to forbid output of textual data from context variables inside JavaScript event handlers in HTML templates.
• Improved HTML event handler attributes (th:on*) in order to allow processing of their values as fragments of inlined JavaScript (using JAVASCRIPT template mode).
• Improved use of template name abbreviation in logs and exceptions.
• Added "Automatic-Module-Name: thymeleaf" to MANIFEST.MF for Java 9+ JPMS.
• Updated AttoParser dependency to 2.0.5.RELEASE
• Updated Unbescape dependency to 1.1.6.RELEASE

3.0.9

• Fixed hit ratio in StandardCache not being correctly computed (always 1 or 0).
• Improve restricted expression evaluation mode to restrict access to some request features (#request.getParameter(), #request.getParameterValues(), #request.getParameterMap(), #request.getQueryString()).
• Added new scenarios for restricted expression evaluation: th:on*, th:attr, th:src, th:href, default attribute processor, fragment expressions, link expressions (only for URL bases), inlined output expression in TEXT mode.

3.0.8

• Fixed WebEngineContext returning wrong boolean values for ServletContextAttributesMap#isEmpty() and SessionAttributesMap#isEmpty().
• Fixed DateFormat implementation being used for Jackson-based serialization of dates not implementing clone() properly, which could result in thread-safety issues on the underlying SimpleDateFormat instance.
• Fixed JavaScript parser failing on parsing JS regexp or JS template literals that contained unbalanced quotes.
• Improved behaviour when parser-level or prototype-only comment block is not closed at the end of template. An exception is now thrown.
• Updated SLF4j dependency to 1.7.25.

3.0.7

• Fixed JavaScript line comment (//) parsing breaks when EOF comes before \n (script ends in the comment line).
• Improved escaping of attributes in XML template mode: \t, \n and \r now being always escaped in order to prevent them being normalised into white spaces by XML parsers when reading (which would be according to the spec).
• Improved #numbers.sequence(...) behaviour so that zero-element sequences are now returned when it is not possible to get from the initial to the final values using the specified step (was returning an error).
• Updated Unbescape dependency to 1.1.5.RELEASE.

3.0.6

... (truncated)

Commits

• 3e4c129 [maven-release-plugin] prepare release thymeleaf-3.0.11.RELEASE
• 55e6ec6 Updated jackson-databind dependency to 2.9.7 due to vulnerabilities in previo...
• 0c56e56 Added computation of Automatic-Module-Name from artifactId (replacing - with .)
• cfdaaba [maven-release-plugin] prepare for next development iteration
• 1ed8e00 [maven-release-plugin] prepare release thymeleaf-3.0.10.RELEASE
• bb2fd0e Fixed JavaDoc for JDK 11 build
• 6bae7ac Updated maven plugins
• fe8794d Updated change log
• fe44b93 Fixes #707 - Enable processing of HTML event handler attributes in JAVASCRIPT...
• b242fd3 Fixes #705 - Restricted mode: Avoid variable expressions returning strings in...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

You can always request more updates by clicking Bump now in your Dependabot dashboard.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Superseded by #58.