Closed renovate[bot] closed 4 years ago
CLAassistant
commented
5 years ago
Thank you for your submission, we really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.
renovate[bot]
commented
4 years ago As this PR has been closed unmerged, Renovate will now ignore this update (4.5.3). You will still receive a PR once a newer version is released, so if you wish to permanently ignore this dependency, please add it to the ignoreDeps array of your renovate config.
If this PR was closed by mistake or you changed your mind, you can simply rename this PR and you will soon get a fresh replacement PR opened.
This PR contains the following updates:
4.4.3->4.5.3Release Notes
wycats/handlebars.js
### [`v4.5.3`](https://togithub.com/wycats/handlebars.js/blob/master/release-notes.md#v453---November-18th-2019) [Compare Source](https://togithub.com/wycats/handlebars.js/compare/v4.5.2...v4.5.3) Bugfixes: - fix: add "no-prototype-builtins" eslint-rule and fix all occurences - [`f7f05d7`](https://togithub.com/wycats/handlebars.js/commit/f7f05d7) - fix: add more properties required to be enumerable - [`1988878`](https://togithub.com/wycats/handlebars.js/commit/1988878) Chores / Build: - fix: use !== 0 instead of != 0 - [`c02b05f`](https://togithub.com/wycats/handlebars.js/commit/c02b05f) - add chai and dirty-chai and sinon, for cleaner test-assertions and spies, deprecate old assertion-methods - [`93e284e`](https://togithub.com/wycats/handlebars.js/commit/93e284e), [`886ba86`](https://togithub.com/wycats/handlebars.js/commit/886ba86), [`0817dad`](https://togithub.com/wycats/handlebars.js/commit/0817dad), [`93516a0`](https://togithub.com/wycats/handlebars.js/commit/93516a0) Security: - The properties `__proto__`, `__defineGetter__`, `__defineSetter__` and `__lookupGetter__` have been added to the list of "properties that must be enumerable". If a property by that name is found and not enumerable on its parent, it will silently evaluate to `undefined`. This is done in both the compiled template and the "lookup"-helper. This will prevent new Remote-Code-Execution exploits that have been published recently. Compatibility notes: - Due to the security-fixes. The semantics of the templates using `__proto__`, `__defineGetter__`, `__defineSetter__` and `__lookupGetter__` in the respect that those expression now return `undefined` rather than their actual value from the proto. - The semantics have not changed in cases where the properties are enumerable, as in: ```js { __proto__: 'some string' } ``` - The change may be breaking in that respect, but we still only increase the patch-version, because the incompatible use-cases are not intended, undocumented and far less important than fixing Remote-Code-Execution exploits on existing systems. [Commits](https://togithub.com/wycats/handlebars.js/compare/v4.5.2...v4.5.3) ### [`v4.5.2`](https://togithub.com/wycats/handlebars.js/blob/master/release-notes.md#v452---November-13th-2019) [Compare Source](https://togithub.com/wycats/handlebars.js/compare/v4.5.1...v4.5.2) #### v4.5.2 - November 13th, 2019 ### [`v4.5.1`](https://togithub.com/wycats/handlebars.js/blob/master/release-notes.md#v451---October-29th-2019) [Compare Source](https://togithub.com/wycats/handlebars.js/compare/v4.5.0...v4.5.1) Bugfixs - fix: move "eslint-plugin-compat" to devDependencies - [`5e9d17f`](https://togithub.com/wycats/handlebars.js/commit/5e9d17f) ([#1589](https://togithub.com/wycats/handlebars.js/issues/1589)) Compatibility notes: - No compatibility issues are to be expected [Commits](https://togithub.com/wycats/handlebars.js/compare/v4.5.0...v4.5.1) ### [`v4.5.0`](https://togithub.com/wycats/handlebars.js/blob/master/release-notes.md#v450---October-28th-2019) [Compare Source](https://togithub.com/wycats/handlebars.js/compare/v4.4.5...v4.5.0) Features / Improvements - Add method Handlebars.parseWithoutProcessing ([#1584](https://togithub.com/wycats/handlebars.js/issues/1584)) - [`62ed3c2`](https://togithub.com/wycats/handlebars.js/commit/62ed3c2) - add guard to if & unless helpers ([#1549](https://togithub.com/wycats/handlebars.js/issues/1549)) - show source location for the strict lookup exceptions - [`feb60f8`](https://togithub.com/wycats/handlebars.js/commit/feb60f8) Bugfixes: - Use objects for hash value tracking - [`7fcf9d2`](https://togithub.com/wycats/handlebars.js/commit/7fcf9d2) Chore: - Resolve deprecation warning message from eslint while running eslint ([#1586](https://togithub.com/wycats/handlebars.js/issues/1586)) - [`7052e88`](https://togithub.com/wycats/handlebars.js/commit/7052e88) - chore: add eslint-plugin-compat and eslint-plugin-es5 - [`088e618`](https://togithub.com/wycats/handlebars.js/commit/088e618) Compatibility notes: - No compatibility issues are to be expected [Commits](https://togithub.com/wycats/handlebars.js/compare/v4.4.5...v4.5.0) ### [`v4.4.5`](https://togithub.com/wycats/handlebars.js/blob/master/release-notes.md#v445---October-20th-2019) [Compare Source](https://togithub.com/wycats/handlebars.js/compare/v4.4.4...v4.4.5) Bugfixes: - Contents of raw-blocks must be matched with non-eager regex-matching - [`8d5530e`](https://togithub.com/wycats/handlebars.js/commit/8d5530e), [#1579](https://togithub.com/wycats/handlebars.js/issues/1579) [Commits](https://togithub.com/wycats/handlebars.js/compare/v4.4.4...v4.4.5) ### [`v4.4.4`](https://togithub.com/wycats/handlebars.js/blob/master/release-notes.md#v444---October-20th-2019) [Compare Source](https://togithub.com/wycats/handlebars.js/compare/v4.4.3...v4.4.4) Bugfixes: - fix: prevent zero length tokens in raw-blocks ([#1577](https://togithub.com/wycats/handlebars.js/issues/1577), [#1578](https://togithub.com/wycats/handlebars.js/issues/1578)) - [`f1752fe`](https://togithub.com/wycats/handlebars.js/commit/f1752fe) Chore: - chore: link to s3 bucket with https, add "npm ci" to build instructions - [`0b593bf`](https://togithub.com/wycats/handlebars.js/commit/0b593bf) Compatibility notes: - no compatibility issues are expected [Commits](https://togithub.com/wycats/handlebars.js/compare/v4.4.3...v4.4.4)Renovate configuration
:date: Schedule: "every weekend" in timezone America/Los_Angeles.
:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.
:recycle: Rebasing: Whenever PR becomes conflicted, or if you modify the PR title to begin with "
rebase!".:no_bell: Ignore: Close this PR and you won't be reminded about this update again.
Newsflash: Renovate has joined WhiteSource, and is now free for all use. Learn more or view updated terms and privacy policies.