Changelog
*Sourced from [handlebars's changelog](https://github.com/wycats/handlebars.js/blob/master/release-notes.md).*
> ## v4.6.0 - January 8th, 2020
>
> Features:
>
> - feat: access control to prototype properties via whitelist ([#1633](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1633))- d03b6ec
>
> Bugfixes:
>
> - fix(runtime.js): partials compile not caching ([#1600](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1600)) - 23d58e7
>
> Chores, docs:
>
> - various refactorings and improvements to tests - d7f0dcf, 187d611, d337f40
> - modernize the build-setup
> - use prettier to format and eslint to verify - c40d9f3, 8901c28, e97685e, 1f61f21
> - use nyc instead of istanbul to collect coverage - 164b7ff, 1ebce2b
> - update build code to use modern javascript and make it cleaner - 14b621c, 1ec1737, 3a5b65e, dde108e, 04b1984, 587e7a3
> - restructur build commands - e913dc5,
> - eslint rule changes - ac4655e, dc54952
> - Update (C) year in the LICENSE file - d1fb07b
> - chore: try to fix saucelabs credentials ([#1627](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1627)) -
> - Update readme.md with updated links ([#1620](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1620)) - edcc84f
>
> BREAKING CHANGES:
>
> - access to prototype properties is forbidden completely by default,
> specific properties or methods can be allow via runtime-options.
> See [#1633](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1633) for details.
> If you are using Handlebars as documented, you should not be accessing prototype
> properties from your template anyway, so the changes should not be a problem
> for you. Only the use of undocumented features can break your build.
>
> That is why we only bump the minor version despite mentioning breaking changes
>
> [Commits](https://github.com/wycats/handlebars.js/compare/v4.5.3...v4.6.0)
>
> ## v4.5.3 - November 18th, 2019
>
> Bugfixes:
>
> - fix: add "no-prototype-builtins" eslint-rule and fix all occurences - f7f05d7
> - fix: add more properties required to be enumerable - 1988878
>
> Chores / Build:
>
> - fix: use !== 0 instead of != 0 - c02b05f
> - add chai and dirty-chai and sinon, for cleaner test-assertions and spies,
> deprecate old assertion-methods - 93e284e, 886ba86, 0817dad, 93516a0
>
> Security:
> ... (truncated)
Commits
- [`91a1b5d`](https://github.com/wycats/handlebars.js/commit/91a1b5d2f456cb733cbd88149fc9270973db79d7) v4.6.0
- [`770d746`](https://github.com/wycats/handlebars.js/commit/770d746e600eb1939501ab91d4bc81ed6b4cde94) Update release notes
- [`d7f0dcf`](https://github.com/wycats/handlebars.js/commit/d7f0dcf2bb91a1d27961941995d75c9800efc7ba) refactor: fix typo in private test method
- [`187d611`](https://github.com/wycats/handlebars.js/commit/187d611e8c2a7dc849f62f283ac70714fa637e84) test: add path to nodeJs when running test:bin
- [`d337f40`](https://github.com/wycats/handlebars.js/commit/d337f40d0efd59e163f871ed7a73e900322473a6) test: show diff when test:bin fails
- [`d03b6ec`](https://github.com/wycats/handlebars.js/commit/d03b6ecfc44e350fd08df752a9551d824287d7f5) feat: access control to prototype properties via whitelist
- [`164b7ff`](https://github.com/wycats/handlebars.js/commit/164b7ff0de3041532b0ba671b3eefb7c0c5b5338) chore: ignore .nyc_output
- [`ac4655e`](https://github.com/wycats/handlebars.js/commit/ac4655ee9516d5fc1b29d4d52e17c1751ffc8324) chore: disable "dot-notation" rule
- [`14b621c`](https://github.com/wycats/handlebars.js/commit/14b621caf5bcdcbf7476b3286afbc30380d2cc3f) test/style: remove or hide unused code in git.js, add tests
- [`1ec1737`](https://github.com/wycats/handlebars.js/commit/1ec1737d24a1a37e39ca4c24b0fdb7efd877e628) test/style: refactor remaining grunt tasks to use promises instead of callbacks
- Additional commits viewable in [compare view](https://github.com/wycats/handlebars.js/compare/v4.0.11...v4.6.0)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/carbon-design-system/carbon-addons-cloud/network/alerts).
Bumps handlebars from 4.0.11 to 4.6.0.
Changelog
*Sourced from [handlebars's changelog](https://github.com/wycats/handlebars.js/blob/master/release-notes.md).* > ## v4.6.0 - January 8th, 2020 > > Features: > > - feat: access control to prototype properties via whitelist ([#1633](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1633))- d03b6ec > > Bugfixes: > > - fix(runtime.js): partials compile not caching ([#1600](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1600)) - 23d58e7 > > Chores, docs: > > - various refactorings and improvements to tests - d7f0dcf, 187d611, d337f40 > - modernize the build-setup > - use prettier to format and eslint to verify - c40d9f3, 8901c28, e97685e, 1f61f21 > - use nyc instead of istanbul to collect coverage - 164b7ff, 1ebce2b > - update build code to use modern javascript and make it cleaner - 14b621c, 1ec1737, 3a5b65e, dde108e, 04b1984, 587e7a3 > - restructur build commands - e913dc5, > - eslint rule changes - ac4655e, dc54952 > - Update (C) year in the LICENSE file - d1fb07b > - chore: try to fix saucelabs credentials ([#1627](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1627)) - > - Update readme.md with updated links ([#1620](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1620)) - edcc84f > > BREAKING CHANGES: > > - access to prototype properties is forbidden completely by default, > specific properties or methods can be allow via runtime-options. > See [#1633](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1633) for details. > If you are using Handlebars as documented, you should not be accessing prototype > properties from your template anyway, so the changes should not be a problem > for you. Only the use of undocumented features can break your build. > > That is why we only bump the minor version despite mentioning breaking changes > > [Commits](https://github.com/wycats/handlebars.js/compare/v4.5.3...v4.6.0) > > ## v4.5.3 - November 18th, 2019 > > Bugfixes: > > - fix: add "no-prototype-builtins" eslint-rule and fix all occurences - f7f05d7 > - fix: add more properties required to be enumerable - 1988878 > > Chores / Build: > > - fix: use !== 0 instead of != 0 - c02b05f > - add chai and dirty-chai and sinon, for cleaner test-assertions and spies, > deprecate old assertion-methods - 93e284e, 886ba86, 0817dad, 93516a0 > > Security: > ... (truncated)Commits
- [`91a1b5d`](https://github.com/wycats/handlebars.js/commit/91a1b5d2f456cb733cbd88149fc9270973db79d7) v4.6.0 - [`770d746`](https://github.com/wycats/handlebars.js/commit/770d746e600eb1939501ab91d4bc81ed6b4cde94) Update release notes - [`d7f0dcf`](https://github.com/wycats/handlebars.js/commit/d7f0dcf2bb91a1d27961941995d75c9800efc7ba) refactor: fix typo in private test method - [`187d611`](https://github.com/wycats/handlebars.js/commit/187d611e8c2a7dc849f62f283ac70714fa637e84) test: add path to nodeJs when running test:bin - [`d337f40`](https://github.com/wycats/handlebars.js/commit/d337f40d0efd59e163f871ed7a73e900322473a6) test: show diff when test:bin fails - [`d03b6ec`](https://github.com/wycats/handlebars.js/commit/d03b6ecfc44e350fd08df752a9551d824287d7f5) feat: access control to prototype properties via whitelist - [`164b7ff`](https://github.com/wycats/handlebars.js/commit/164b7ff0de3041532b0ba671b3eefb7c0c5b5338) chore: ignore .nyc_output - [`ac4655e`](https://github.com/wycats/handlebars.js/commit/ac4655ee9516d5fc1b29d4d52e17c1751ffc8324) chore: disable "dot-notation" rule - [`14b621c`](https://github.com/wycats/handlebars.js/commit/14b621caf5bcdcbf7476b3286afbc30380d2cc3f) test/style: remove or hide unused code in git.js, add tests - [`1ec1737`](https://github.com/wycats/handlebars.js/commit/1ec1737d24a1a37e39ca4c24b0fdb7efd877e628) test/style: refactor remaining grunt tasks to use promises instead of callbacks - Additional commits viewable in [compare view](https://github.com/wycats/handlebars.js/compare/v4.0.11...v4.6.0)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/carbon-design-system/carbon-addons-cloud/network/alerts).