Bump liquid from 4.0.0 to 4.0.3

[dependabot]

Bumps liquid from 4.0.0 to 4.0.3.

Changelog

Sourced from liquid's changelog.

4.0.3 / 2019-03-12

Fixed

• Fix break and continue tags inside included templates in loops (#1072) [Justin Li]

4.0.2 / 2019-03-08

Changed

• Add where filter (#1026) [Samuel Doiron]
• Add ParseTreeVisitor to iterate the Liquid AST (#1025) [Stephen Paul Weber]
• Improve strip_html performance (#1032) [printercu]

Fixed

• Add error checking for invalid combinations of inputs to sort, sort_natural, where, uniq, map, compact filters (#1059) [Garland Zhang]
• Validate the character encoding in url_decode (#1070) [Clayton Smith]

4.0.1 / 2018-10-09

Changed

• Add benchmark group in Gemfile (#855) [Jerry Liu]
• Allow benchmarks to benchmark render by itself (#851) [Jerry Liu]
• Avoid calling line_number on String node when rescuing a render error. (#860) [Dylan Thacker-Smith]
• Avoid duck typing to detect whether to call render on a node. [Dylan Thacker-Smith]
• Clarify spelling of reversed on for block tag (#843) [Mark Crossfield]
• Replace recursion with loop to avoid potential stack overflow from malicious input (#891, #892) [Dylan Thacker-Smith]
• Limit block tag nesting to 100 (#894) [Dylan Thacker-Smith]
• Replace assert_equal nil with assert_nil (#895) [Dylan Thacker-Smith]
• Remove Spy Gem (#896) [Dylan Thacker-Smith]
• Add collection_name and variable_name reader to For block (#909)
• Symbols render as strings (#920) [Justin Li]
• Remove default value from Hash objects (#932) [Maxime Bedard]
• Remove one level of nesting (#944) [Dylan Thacker-Smith]
• Update Rubocop version (#952) [Justin Li]
• Add at_least and at_most filters (#954, #958) [Nithin Bekal]
• Add a regression test for a liquid-c trim mode bug (#972) [Dylan Thacker-Smith]
• Use https rather than git protocol to fetch liquid-c [Dylan Thacker-Smith]
• Add tests against Ruby 2.4 (#963) and 2.5 (#981)
• Replace RegExp literals with constants (#988) [Ashwin Maroli]
• Replace unnecessary #each_with_index with #each (#992) [Ashwin Maroli]
• Improve the unexpected end delimiter message for block tags. (#1003) [Dylan Thacker-Smith]
• Refactor and optimize rendering (#1005) [Christopher Aue]
• Add installation instruction (#1006) [Ben Gift]
• Remove Circle CI (#1010)
• Rename deprecated BigDecimal.new to BigDecimal (#1024) [Koichi ITO]
• Rename deprecated Rubocop name (#1027) [Justin Li]

Fixed

• Handle join filter on non String joiners (#857) [Richard Monette]
• Fix duplicate inclusion condition logic error of Liquid::Strainer.add_filter method (#861)
• Fix escape, url_encode, url_decode not handling non-string values (#898) [Thierry Joyal]

... (truncated)

Commits

• f2f467b v4.0.3
• ff99d92 Merge pull request #1072 from Shopify/fix-interrupts
• 39fecd0 Fix interrupts through includes
• 8013df8 v4.0.2
• 14cd011 Merge pull request #1070 from Shopify/url-decode-validation
• e2d9907 Validate the character encoding in url_decode.
• 23d669f Merge pull request #1032 from printercu/patch-1
• ed73794 Preserve existing strip_html behaviour for weird inputs
• f59f6de Fix simple RuboCop offenses and update TODO file (#1062)
• 7a81fb8 Merge pull request #1059 from Shopify/map_error_checking
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #12.