From 39d61ccc0b157ca0ea4e0b796d25c52c431922f4 Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Tue, 10 Aug 2021 06:46:12 +0200
Subject: [PATCH] [TASK] Update enshrined/svg-sanitize to v0.14.1

Addresses work-around of issues #94565 and #94582
concerning libxml2 segmentation faults.

https://github.com/darylldoyle/svg-sanitizer/compare/0.14.0...0.14.1

Resolves: #94768
Releases: master, 11.3, 10.4, 9.5
Change-Id: I10f6386f0986f514a1387fb1153bbfc36f9c9dcc
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70333
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
---
 composer.json                                 |  2 +-
 composer.lock                                 | 19 ++++++++++---------
 .../Resource/Security/SvgSanitizerTest.php    |  4 ----
 typo3/sysext/core/composer.json               |  2 +-
 4 files changed, 12 insertions(+), 15 deletions(-)

diff --git a/composer.json b/composer.json
index 409901228f5f..0fedc35ebff2 100644
--- a/composer.json
+++ b/composer.json
@@ -47,7 +47,7 @@
 		"doctrine/instantiator": "^1.4",
 		"doctrine/lexer": "^1.2.1",
 		"egulias/email-validator": "^2.1",
-		"enshrined/svg-sanitize": "^0.14.0",
+		"enshrined/svg-sanitize": "^0.14.1",
 		"guzzlehttp/guzzle": "^7.2",
 		"guzzlehttp/psr7": "^1.7.0",
 		"nikic/php-parser": "^4.10.4",
diff --git a/composer.lock b/composer.lock
index f29c6b33c0b6..c6532b1bd654 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "e9862b5af376514f356ce32811be4e78",
+    "content-hash": "07fe494edcb0afd7960429689b1dceb9",
     "packages": [
         {
             "name": "bacon/bacon-qr-code",
@@ -817,25 +817,26 @@
         },
         {
             "name": "enshrined/svg-sanitize",
-            "version": "0.14.0",
+            "version": "0.14.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/darylldoyle/svg-sanitizer.git",
-                "reference": "beff89576a72540ee99476aeb9cfe98222e76fb8"
+                "reference": "307b42066fb0b76b5119f5e1f0826e18fefabe95"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/beff89576a72540ee99476aeb9cfe98222e76fb8",
-                "reference": "beff89576a72540ee99476aeb9cfe98222e76fb8",
+                "url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/307b42066fb0b76b5119f5e1f0826e18fefabe95",
+                "reference": "307b42066fb0b76b5119f5e1f0826e18fefabe95",
                 "shasum": ""
             },
             "require": {
                 "ext-dom": "*",
-                "ext-libxml": "*"
+                "ext-libxml": "*",
+                "php": "^7.0 || ^8.0"
             },
             "require-dev": {
                 "codeclimate/php-test-reporter": "^0.1.2",
-                "phpunit/phpunit": "^6"
+                "phpunit/phpunit": "^6.5 || ^8.5"
             },
             "type": "library",
             "autoload": {
@@ -856,9 +857,9 @@
             "description": "An SVG sanitizer for PHP",
             "support": {
                 "issues": "https://github.com/darylldoyle/svg-sanitizer/issues",
-                "source": "https://github.com/darylldoyle/svg-sanitizer/tree/0.14.0"
+                "source": "https://github.com/darylldoyle/svg-sanitizer/tree/0.14.1"
             },
-            "time": "2021-01-21T10:13:20+00:00"
+            "time": "2021-08-09T23:46:54+00:00"
         },
         {
             "name": "guzzlehttp/guzzle",
diff --git a/typo3/sysext/core/Tests/Functional/Resource/Security/SvgSanitizerTest.php b/typo3/sysext/core/Tests/Functional/Resource/Security/SvgSanitizerTest.php
index a48366505fb6..a09ce50005ff 100644
--- a/typo3/sysext/core/Tests/Functional/Resource/Security/SvgSanitizerTest.php
+++ b/typo3/sysext/core/Tests/Functional/Resource/Security/SvgSanitizerTest.php
@@ -55,10 +55,6 @@ class SvgSanitizerTest extends FunctionalTestCase
      */
     public function svgContentIsSanitized($filePath, $sanitizedFilePath)
     {
-        // @todo re-enable test once https://github.com/darylldoyle/svg-sanitizer/pull/53 is merged
-        if ($filePath === 'DirtySVG/entity.svg' || $filePath === 'DirtySVG/entity_2.svg') {
-            self::markTestSkipped('Skipped due experienced segmentation faults');
-        }
         $basePath = dirname(__FILE__, 2) . '/Fixtures/';
         $sanitizer = new SvgSanitizer();
         self::assertStringEqualsFile(
diff --git a/typo3/sysext/core/composer.json b/typo3/sysext/core/composer.json
index 6e8af0d76736..fe5d1ad7c0dc 100644
--- a/typo3/sysext/core/composer.json
+++ b/typo3/sysext/core/composer.json
@@ -35,7 +35,7 @@
 		"doctrine/instantiator": "^1.4",
 		"doctrine/lexer": "^1.2.1",
 		"egulias/email-validator": "^2.1",
-		"enshrined/svg-sanitize": "^0.14.0",
+		"enshrined/svg-sanitize": "^0.14.1",
 		"guzzlehttp/guzzle": "^7.2",
 		"guzzlehttp/psr7": "^1.7.0",
 		"nikic/php-parser": "^4.10.4",
-- 
GitLab