fix(deps): update getgrav/grav 1.7.52 → 1.7.53

[truecharts-admin]

This PR contains the following updates:

Package	Update	Change
getgrav/grav	patch	1.7.52 → 1.7.53

---

Release Notes

getgrav/grav (getgrav/grav)

v1.7.53

Compare Source

06/16/2026

1. • [security] Direct web access to the user/accounts, user/config, user/data and user/env folders is now blocked outright in every bundled webserver config, closing a hole where files such as certificates, tokens and databases stored under user/data with an unlisted extension could be downloaded directly.
   • [security] A backup deny-all .htaccess now ships inside user/accounts, user/config and user/data so Apache installs stay protected even when the site root .htaccess has been customised or is out of date.
   • [security] The upgrade postflight now patches an existing stock root .htaccess to add the folder block automatically, so installs that updated from an earlier version are protected without editing the file by hand.
   • [security] URL query image transforms (such as image.jpg?resize=) are now turned off by default and, when enabled, refuse oversized dimensions above a configurable pixel limit, closing an unauthenticated denial of service where huge resize values could exhaust server memory.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[Crow-Control]

Auto approved automated PR