[Snyk] Security upgrade nunjucks from 2.5.2 to 3.2.4

[Bhanditz]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	698/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.1	Cross-site Scripting (XSS) SNYK-JS-NUNJUCKS-5431309	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: nunjucks

The new version differs by 250 commits.

• 86a77f4 Release v3.2.4
• ec16d21 fix: html encode backslashes if used with escape filter or autoescape (发现一个bug，md文件的标题不能以问号结尾，否则点击就会变成页面下载 hexojs/hexo#1437)
• fd50090 Release v3.2.3
• d34fdbf Temporarily comment out codecov action
• cefad41 Replace README.md travis badge with github actions
• 7601ff4 Fixup github actions workflow file
• de9dc67 Add GitHub Workflow for tests. fixes 无论skip_render如何设置都无法跳过source目录下的某个js文件目录，生成出错 hexojs/hexo#1333
• aa9e5b9 Fix prototype pollution security issue. fixes css / js helpers and handling relative paths hexojs/hexo#1331
• f51afa3 Move chokidar to peerDependencies and make it optional via peerDependenciesMeta (/source里的README.md文件在deploy后变成了README.html文件 hexojs/hexo#1329)
• f91f1c3 Fix `groupby` example formatting
• 7ef121c Add base and default args to int filter
• 0c02062 Use attribute getter for `sort` filter
• c7337e7 Release v3.2.2
• bea3a43 CHANGELOG: Fix issue link
• 8186d4f Don't append extra newline when using |indent filter
• 73a4eb3 Document `with context` behavior for `import` directive (fr)
• eea081c Document `with context` behavior for `import` directive
• bbcbaf3 Fix issue where sync render would not raise errors in included templates
• 63c4baf Remove development files from NPM package. Fixes mac 上 在chrome/firefox/safari 打开 localhost:4000/特别的慢，大家遇到过？ hexojs/hexo#984
• 85918ef Document `if` statement with multiple conditions (fr). refs 如果页面上有table的话，会在前面添加很多br hexojs/hexo#1284
• 7ddd747 Document `if` statement with multiple conditions
• 1e29863 Add support for nested attributes in `groupBy` filter. Fixes 如何调整Hexo语言为英文? hexojs/hexo#1198
• 7087fa9 Fix precompile bin TypeError: name.replace is not a function
• 1736334 Modify CHANGELOG message for select/reject filters

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)