Skip to content

Update dependency handlebars to v4.7.7#15

Open
dev-mend-for-github-com[bot] wants to merge 1 commit intomasterfrom
whitesource-remediate/handlebars-4.x
Open

Update dependency handlebars to v4.7.7#15
dev-mend-for-github-com[bot] wants to merge 1 commit intomasterfrom
whitesource-remediate/handlebars-4.x

Conversation

@dev-mend-for-github-com
Copy link
Copy Markdown

@dev-mend-for-github-com dev-mend-for-github-com bot commented Jan 12, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
handlebars (source) dependencies minor 4.6.04.7.7

By merging this PR, the issue #3 will be automatically resolved and closed:

Severity CVSS Score Vulnerability Reachability
Medium Medium 5.6 CVE-2021-23369
Medium Medium 5.6 CVE-2021-23383

Release Notes

handlebars-lang/handlebars.js (handlebars)

v4.7.7

Compare Source

  • fix weird error in integration tests - eb860c0
  • fix: check prototype property access in strict-mode (#​1736) - b6d3de7
  • fix: escape property names in compat mode (#​1736) - f058970
  • refactor: In spec tests, use expectTemplate over equals and shouldThrow (#​1683) - 77825f8
  • chore: start testing on Node.js 12 and 13 - 3789a30

(POSSIBLY) BREAKING CHANGES:

  • the changes from version 4.6.0 now also apply
    in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods
    can be allowed via runtime-options. See #​1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties
    from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.

That is why we only bump the patch version despite mentioning breaking changes.

Commits

v4.7.6

Compare Source

Chore/Housekeeping:

Compatibility notes:

  • Restored Node.js compatibility

Commits

v4.7.5

Compare Source

Chore/Housekeeping:

  • Node.js version support has been changed to v6+ Reverted in 4.7.6

Compatibility notes:

  • Node.js < v6 is no longer supported Reverted in 4.7.6

Commits

v4.7.4

Compare Source

Chore/Housekeeping:

Compatibility notes:

  • No incompatibilities are to be expected

Commits

v4.7.3

Compare Source

Chore/Housekeeping:

  • #​1644 - Download links to aws broken on handlebarsjs.com - access denied (@​Tea56)
  • Fix spelling and punctuation in changelog - d78cc73

Bugfixes:

  • Add Type Definition for Handlebars.VERSION, Fixes #​1647 - 4de51fe
  • Include Type Definition for runtime.js in Package - a32d05f

Compatibility notes:

  • No incompatibilities are to be expected

Commits

v4.7.2

Compare Source

Bugfixes:

Chore/Build:

  • chore: execute saucelabs-task only if access-key exists - a4fd391

Compatibility notes:

  • No breaking changes are to be expected

Commits

v4.7.1

Compare Source

Bugfixes:

  • fix: fix log output in case of illegal property access - f152dfc
  • fix: log error for illegal property access only once per property - 3c1e252

Compatibility notes:

  • no incompatibilities are to be expected.

Commits

v4.7.0

Compare Source

Features:

  • feat: default options for controlling proto access - 7af1c12, #​1635
    • This makes it possible to disable the prototype access restrictions added in 4.6.0
    • an error is logged in the console, if access to prototype properties is attempted and denied
      and no explicit configuration has taken place.

Compatibility notes:

  • no compatibilities are expected

Commits

  • If you want to rebase/retry this PR, check this box

@dev-mend-for-github-com dev-mend-for-github-com bot added the security fix Security fix generated by Mend label Jan 12, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security fix Security fix generated by Mend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants