Upstream library svg-sanitizer running out-of-date version resulting in PHP 8.4 deprecations in safe-svg releases.

[georgestephanis]

Describe the bug

This changeset was applied upstream, and shipped with svg-sanitizer v0.20.0 and above:

darylldoyle/svg-sanitizer@71b62a0

It remedies an issue causing a PHP 8.4 deprecation warning:

Deprecated: enshrined\svgSanitize\Exceptions\NestingException::__construct(): Implicitly marking parameter $element as nullable is deprecated, the explicit nullable type must be used instead in [...]/safe-svg/vendor/enshrined/svg-sanitize/src/Exceptions/NestingException.php on line 21

As v0.20.0 was shipped on Sept 5, 2024, my guess is the three releases of safe-svg since then (2.2.6 on Nov 7, 2.3.0 on Nov 25th, and 2.3.1 on Dec 5th) hadn't run composer to pull in the newer version of the dependency -- composer.lock still seems to be referring to the v0.19.0 release.

safe-svg/composer.lock

Line 11 in 826c416

"version": "0.19.0",

Hardly the most urgent issue! However, likely a quick remedy?

Steps to Reproduce

Check the distributed plugins's code (and bundled libraries) against php 8.4

Screenshots, screen recording, code snippet

Deprecated: enshrined\svgSanitize\Exceptions\NestingException::__construct(): Implicitly marking parameter $element as nullable is deprecated, the explicit nullable type must be used instead in [...]/safe-svg/vendor/enshrined/svg-sanitize/src/Exceptions/NestingException.php on line 21

Environment information

No response

WordPress information

No response

Code of Conduct

• I agree to follow this project's Code of Conduct