liumcse / ntuvibe

NTUVibe is a student-run online platform committed to making information at Nanyang Technological University more open and accessible.
https://ntuvibe.com
8 stars 0 forks source link

Bump handlebars from 4.1.0 to 4.2.0 in /www #148

Closed dependabot[bot] closed 5 years ago

dependabot[bot] commented 5 years ago

Bumps handlebars from 4.1.0 to 4.2.0.

Changelog *Sourced from [handlebars's changelog](https://github.com/wycats/handlebars.js/blob/master/release-notes.md).* > ## v4.2.0 - September 3rd, 2019 > Chore/Test: > - Use custom `grunt-saucelab` with current sauce-connect proxy - f119497 > - Add framework for various integration tests - f9cce4d > - Add integration test for webpack - a57b682 > > > Bugfixes: > - [#1544](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1544) - Typescript types: `knownHelpers` doesnt allow for custom helpers ([@​NickCis](https://api.github.com/users/NickCis)) > - [#1534](https://github-redirect.dependabot.com/wycats/handlebars.js/pull/1534) - Add typings for "Handlebars.VM.resolvePartial ([@​AndrewLeedham](https://api.github.com/users/AndrewLeedham)) > > Features: > - [#1540](https://github-redirect.dependabot.com/wycats/handlebars.js/pull/1540) - added "browser"-property to package.json, resolves [#1102](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1102) ([@​ouijan](https://api.github.com/users/ouijan)) > > Compatibility notes: > - The new "browser"-property should not break anything, but you can never be sure. The integration test for webpack > shows that it works, but if it doesn't please open an issue. > > > > [Commits](https://github.com/wycats/handlebars.js/compare/v4.1.2-0...v4.2.0) > > ## v4.1.2-0 - August 25th, 2019 > [#1540](https://github-redirect.dependabot.com/wycats/handlebars.js/pull/1540) - added browser to package.json, resolves [#1102](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1102) ([@​ouijan](https://api.github.com/users/ouijan)) > > Compatibility notes: > - We are not sure if imports via webpack are still working, which is why this release is a pre-release > > [Commits](https://github.com/wycats/handlebars.js/compare/v4.1.2...v4.1.2-0) > > ## v4.1.2 - April 13th, 2019 > Chore/Test: > - [#1515](https://github-redirect.dependabot.com/wycats/handlebars.js/pull/1515) - Port over linting and test for typings ([@​zimmi88](https://api.github.com/users/zimmi88)) > - chore: add missing typescript dependency, add package-lock.json - 594f1e3 > - test: remove safari from saucelabs - 871accc > > Bugfixes: > - fix: prevent RCE through the "lookup"-helper - cd38583 > > Compatibility notes: > > Access to the constructor of a class thought `{{lookup obj "constructor" }}` is now prohibited. This closes > a leak that only half closed in versions 4.0.13 and 4.1.0, but it is a slight incompatibility. > > This kind of access is not the intended use of Handlebars and leads to the vulnerability described > in [#1495](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1495). We will **not** increase the major version, because such use is not intended or documented, > and because of the potential impact of the issue (we fear that most people won't use a new major version > and the issue may not be resolved on many systems). > > [Commits](https://github.com/wycats/handlebars.js/compare/v4.1.1...v4.1.2) > ... (truncated)
Commits - [`164c7ce`](https://github.com/wycats/handlebars.js/commit/164c7ceea4ce074f70f2fefeba81e2e551757ea6) v4.2.0 - [`6ab48d8`](https://github.com/wycats/handlebars.js/commit/6ab48d8def548f013a13a08d40971f4d41d22d16) Update release notes - [`8ac2028`](https://github.com/wycats/handlebars.js/commit/8ac20285f60391e4837c3abdb98b90b71c63b1f6) Merge pull request [#1534](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1534) from AndrewLeedham/4.x - [`888750e`](https://github.com/wycats/handlebars.js/commit/888750ec27e6b9126b3af61cf526590b09ef8bd9) fix typings of resolvePartial-options - [`133b96a`](https://github.com/wycats/handlebars.js/commit/133b96a2ff463dda71febbdae434057271e025ed) Add "Handlebars.VM.resolvePartial" to type definitions - [`f119497`](https://github.com/wycats/handlebars.js/commit/f119497312dc990c5043f65ca96083ef8fd729ac) chore: attempt to fix saucelabs problems with custom lib - [`62b64ec`](https://github.com/wycats/handlebars.js/commit/62b64ecc3d76033b8fc69dd1dcb0bef786b3e022) chore: add comment to integration test - [`a57b682`](https://github.com/wycats/handlebars.js/commit/a57b6824e0d6cbbdb1d8c9ded21fd875d9320713) add webpack test - [`a26633f`](https://github.com/wycats/handlebars.js/commit/a26633f20485c420d1967e191ce852bf37ae9bce) chore: fix integration tests - [`f9cce4d`](https://github.com/wycats/handlebars.js/commit/f9cce4dd02577743a304bbf181dc90e371673be8) chore: add framework for various integration tests - Additional commits viewable in [compare view](https://github.com/wycats/handlebars.js/compare/v4.1.0...v4.2.0)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/liumcse/ntuvibe/network/alerts).
dependabot[bot] commented 5 years ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.