Changelog
*Sourced from [handlebars's changelog](https://github.com/wycats/handlebars.js/blob/master/release-notes.md).*
> ## v4.2.0 - September 3rd, 2019
> Chore/Test:
> - Use custom `grunt-saucelab` with current sauce-connect proxy - f119497
> - Add framework for various integration tests - f9cce4d
> - Add integration test for webpack - a57b682
>
>
> Bugfixes:
> - [#1544](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1544) - Typescript types: `knownHelpers` doesnt allow for custom helpers ([@NickCis](https://api.github.com/users/NickCis))
> - [#1534](https://github-redirect.dependabot.com/wycats/handlebars.js/pull/1534) - Add typings for "Handlebars.VM.resolvePartial ([@AndrewLeedham](https://api.github.com/users/AndrewLeedham))
>
> Features:
> - [#1540](https://github-redirect.dependabot.com/wycats/handlebars.js/pull/1540) - added "browser"-property to package.json, resolves [#1102](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1102) ([@ouijan](https://api.github.com/users/ouijan))
>
> Compatibility notes:
> - The new "browser"-property should not break anything, but you can never be sure. The integration test for webpack
> shows that it works, but if it doesn't please open an issue.
>
>
>
> [Commits](https://github.com/wycats/handlebars.js/compare/v4.1.2-0...v4.2.0)
>
> ## v4.1.2-0 - August 25th, 2019
> [#1540](https://github-redirect.dependabot.com/wycats/handlebars.js/pull/1540) - added browser to package.json, resolves [#1102](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1102) ([@ouijan](https://api.github.com/users/ouijan))
>
> Compatibility notes:
> - We are not sure if imports via webpack are still working, which is why this release is a pre-release
>
> [Commits](https://github.com/wycats/handlebars.js/compare/v4.1.2...v4.1.2-0)
>
> ## v4.1.2 - April 13th, 2019
> Chore/Test:
> - [#1515](https://github-redirect.dependabot.com/wycats/handlebars.js/pull/1515) - Port over linting and test for typings ([@zimmi88](https://api.github.com/users/zimmi88))
> - chore: add missing typescript dependency, add package-lock.json - 594f1e3
> - test: remove safari from saucelabs - 871accc
>
> Bugfixes:
> - fix: prevent RCE through the "lookup"-helper - cd38583
>
> Compatibility notes:
>
> Access to the constructor of a class thought `{{lookup obj "constructor" }}` is now prohibited. This closes
> a leak that only half closed in versions 4.0.13 and 4.1.0, but it is a slight incompatibility.
>
> This kind of access is not the intended use of Handlebars and leads to the vulnerability described
> in [#1495](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1495). We will **not** increase the major version, because such use is not intended or documented,
> and because of the potential impact of the issue (we fear that most people won't use a new major version
> and the issue may not be resolved on many systems).
>
> [Commits](https://github.com/wycats/handlebars.js/compare/v4.1.1...v4.1.2)
> ... (truncated)
Commits
- [`164c7ce`](https://github.com/wycats/handlebars.js/commit/164c7ceea4ce074f70f2fefeba81e2e551757ea6) v4.2.0
- [`6ab48d8`](https://github.com/wycats/handlebars.js/commit/6ab48d8def548f013a13a08d40971f4d41d22d16) Update release notes
- [`8ac2028`](https://github.com/wycats/handlebars.js/commit/8ac20285f60391e4837c3abdb98b90b71c63b1f6) Merge pull request [#1534](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1534) from AndrewLeedham/4.x
- [`888750e`](https://github.com/wycats/handlebars.js/commit/888750ec27e6b9126b3af61cf526590b09ef8bd9) fix typings of resolvePartial-options
- [`133b96a`](https://github.com/wycats/handlebars.js/commit/133b96a2ff463dda71febbdae434057271e025ed) Add "Handlebars.VM.resolvePartial" to type definitions
- [`f119497`](https://github.com/wycats/handlebars.js/commit/f119497312dc990c5043f65ca96083ef8fd729ac) chore: attempt to fix saucelabs problems with custom lib
- [`62b64ec`](https://github.com/wycats/handlebars.js/commit/62b64ecc3d76033b8fc69dd1dcb0bef786b3e022) chore: add comment to integration test
- [`a57b682`](https://github.com/wycats/handlebars.js/commit/a57b6824e0d6cbbdb1d8c9ded21fd875d9320713) add webpack test
- [`a26633f`](https://github.com/wycats/handlebars.js/commit/a26633f20485c420d1967e191ce852bf37ae9bce) chore: fix integration tests
- [`f9cce4d`](https://github.com/wycats/handlebars.js/commit/f9cce4dd02577743a304bbf181dc90e371673be8) chore: add framework for various integration tests
- Additional commits viewable in [compare view](https://github.com/wycats/handlebars.js/compare/v4.0.6...v4.2.0)
Maintainer changes
This version was pushed to npm by [knappi](https://www.npmjs.com/~knappi), a new releaser for handlebars since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/agmcleod/wavelength/network/alerts).
dependabot[bot]
commented
4 years ago
Bumps handlebars from 4.0.6 to 4.2.0.
Changelog
*Sourced from [handlebars's changelog](https://github.com/wycats/handlebars.js/blob/master/release-notes.md).* > ## v4.2.0 - September 3rd, 2019 > Chore/Test: > - Use custom `grunt-saucelab` with current sauce-connect proxy - f119497 > - Add framework for various integration tests - f9cce4d > - Add integration test for webpack - a57b682 > > > Bugfixes: > - [#1544](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1544) - Typescript types: `knownHelpers` doesnt allow for custom helpers ([@NickCis](https://api.github.com/users/NickCis)) > - [#1534](https://github-redirect.dependabot.com/wycats/handlebars.js/pull/1534) - Add typings for "Handlebars.VM.resolvePartial ([@AndrewLeedham](https://api.github.com/users/AndrewLeedham)) > > Features: > - [#1540](https://github-redirect.dependabot.com/wycats/handlebars.js/pull/1540) - added "browser"-property to package.json, resolves [#1102](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1102) ([@ouijan](https://api.github.com/users/ouijan)) > > Compatibility notes: > - The new "browser"-property should not break anything, but you can never be sure. The integration test for webpack > shows that it works, but if it doesn't please open an issue. > > > > [Commits](https://github.com/wycats/handlebars.js/compare/v4.1.2-0...v4.2.0) > > ## v4.1.2-0 - August 25th, 2019 > [#1540](https://github-redirect.dependabot.com/wycats/handlebars.js/pull/1540) - added browser to package.json, resolves [#1102](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1102) ([@ouijan](https://api.github.com/users/ouijan)) > > Compatibility notes: > - We are not sure if imports via webpack are still working, which is why this release is a pre-release > > [Commits](https://github.com/wycats/handlebars.js/compare/v4.1.2...v4.1.2-0) > > ## v4.1.2 - April 13th, 2019 > Chore/Test: > - [#1515](https://github-redirect.dependabot.com/wycats/handlebars.js/pull/1515) - Port over linting and test for typings ([@zimmi88](https://api.github.com/users/zimmi88)) > - chore: add missing typescript dependency, add package-lock.json - 594f1e3 > - test: remove safari from saucelabs - 871accc > > Bugfixes: > - fix: prevent RCE through the "lookup"-helper - cd38583 > > Compatibility notes: > > Access to the constructor of a class thought `{{lookup obj "constructor" }}` is now prohibited. This closes > a leak that only half closed in versions 4.0.13 and 4.1.0, but it is a slight incompatibility. > > This kind of access is not the intended use of Handlebars and leads to the vulnerability described > in [#1495](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1495). We will **not** increase the major version, because such use is not intended or documented, > and because of the potential impact of the issue (we fear that most people won't use a new major version > and the issue may not be resolved on many systems). > > [Commits](https://github.com/wycats/handlebars.js/compare/v4.1.1...v4.1.2) > ... (truncated)Commits
- [`164c7ce`](https://github.com/wycats/handlebars.js/commit/164c7ceea4ce074f70f2fefeba81e2e551757ea6) v4.2.0 - [`6ab48d8`](https://github.com/wycats/handlebars.js/commit/6ab48d8def548f013a13a08d40971f4d41d22d16) Update release notes - [`8ac2028`](https://github.com/wycats/handlebars.js/commit/8ac20285f60391e4837c3abdb98b90b71c63b1f6) Merge pull request [#1534](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1534) from AndrewLeedham/4.x - [`888750e`](https://github.com/wycats/handlebars.js/commit/888750ec27e6b9126b3af61cf526590b09ef8bd9) fix typings of resolvePartial-options - [`133b96a`](https://github.com/wycats/handlebars.js/commit/133b96a2ff463dda71febbdae434057271e025ed) Add "Handlebars.VM.resolvePartial" to type definitions - [`f119497`](https://github.com/wycats/handlebars.js/commit/f119497312dc990c5043f65ca96083ef8fd729ac) chore: attempt to fix saucelabs problems with custom lib - [`62b64ec`](https://github.com/wycats/handlebars.js/commit/62b64ecc3d76033b8fc69dd1dcb0bef786b3e022) chore: add comment to integration test - [`a57b682`](https://github.com/wycats/handlebars.js/commit/a57b6824e0d6cbbdb1d8c9ded21fd875d9320713) add webpack test - [`a26633f`](https://github.com/wycats/handlebars.js/commit/a26633f20485c420d1967e191ce852bf37ae9bce) chore: fix integration tests - [`f9cce4d`](https://github.com/wycats/handlebars.js/commit/f9cce4dd02577743a304bbf181dc90e371673be8) chore: add framework for various integration tests - Additional commits viewable in [compare view](https://github.com/wycats/handlebars.js/compare/v4.0.6...v4.2.0)Maintainer changes
This version was pushed to npm by [knappi](https://www.npmjs.com/~knappi), a new releaser for handlebars since your current version.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/agmcleod/wavelength/network/alerts).