tars / tars-cli

CLI for TARS
MIT License
106 stars 28 forks source link

Bump handlebars from 4.1.2 to 4.7.0 #110

Closed dependabot[bot] closed 4 years ago

dependabot[bot] commented 4 years ago

Bumps handlebars from 4.1.2 to 4.7.0.

Changelog *Sourced from [handlebars's changelog](https://github.com/wycats/handlebars.js/blob/v4.7.0/release-notes.md).* > ## v4.7.0 - January 10th, 2020 > > Features: > > - feat: default options for controlling proto access - 7af1c12, [#1635](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1635) > - This makes it possible to disable the prototype access restrictions added in 4.6.0 > - an error is logged in the console, if access to prototype properties is attempted and denied > and no explicit configuration has taken place. > > Compatibility notes: > > - no compatibilities are expected > > [Commits](https://github.com/wycats/handlebars.js/compare/v4.6.0...v4.7.0) > > ## v4.6.0 - January 8th, 2020 > > Features: > > - feat: access control to prototype properties via whitelist ([#1633](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1633))- d03b6ec > > Bugfixes: > > - fix(runtime.js): partials compile not caching ([#1600](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1600)) - 23d58e7 > > Chores, docs: > > - various refactorings and improvements to tests - d7f0dcf, 187d611, d337f40 > - modernize the build-setup > - use prettier to format and eslint to verify - c40d9f3, 8901c28, e97685e, 1f61f21 > - use nyc instead of istanbul to collect coverage - 164b7ff, 1ebce2b > - update build code to use modern javascript and make it cleaner - 14b621c, 1ec1737, 3a5b65e, dde108e, 04b1984, 587e7a3 > - restructur build commands - e913dc5, > - eslint rule changes - ac4655e, dc54952 > - Update (C) year in the LICENSE file - d1fb07b > - chore: try to fix saucelabs credentials ([#1627](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1627)) - > - Update readme.md with updated links ([#1620](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1620)) - edcc84f > > BREAKING CHANGES: > > - access to prototype properties is forbidden completely by default, > specific properties or methods can be allow via runtime-options. > See [#1633](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1633) for details. > If you are using Handlebars as documented, you should not be accessing prototype > properties from your template anyway, so the changes should not be a problem > for you. Only the use of undocumented features can break your build. > > That is why we only bump the minor version despite mentioning breaking changes > > [Commits](https://github.com/wycats/handlebars.js/compare/v4.5.3...v4.6.0) > ... (truncated)
Commits - [`0d5c807`](https://github.com/wycats/handlebars.js/commit/0d5c807017f8ba6c6d947f9d6852033c8faa2e49) v4.7.0 - [`1f0834b`](https://github.com/wycats/handlebars.js/commit/1f0834b1a2937150923f9de849b9612bd1969d11) Update release notes - [`575d877`](https://github.com/wycats/handlebars.js/commit/575d8772e2ccf05da235c596dd3405ae74194e1b) fix: use "logger" instead of console.error - [`7af1c12`](https://github.com/wycats/handlebars.js/commit/7af1c12db6222ab4b689bb60820628209d295049) feat: default options for controlling proto access - [`91a1b5d`](https://github.com/wycats/handlebars.js/commit/91a1b5d2f456cb733cbd88149fc9270973db79d7) v4.6.0 - [`770d746`](https://github.com/wycats/handlebars.js/commit/770d746e600eb1939501ab91d4bc81ed6b4cde94) Update release notes - [`d7f0dcf`](https://github.com/wycats/handlebars.js/commit/d7f0dcf2bb91a1d27961941995d75c9800efc7ba) refactor: fix typo in private test method - [`187d611`](https://github.com/wycats/handlebars.js/commit/187d611e8c2a7dc849f62f283ac70714fa637e84) test: add path to nodeJs when running test:bin - [`d337f40`](https://github.com/wycats/handlebars.js/commit/d337f40d0efd59e163f871ed7a73e900322473a6) test: show diff when test:bin fails - [`d03b6ec`](https://github.com/wycats/handlebars.js/commit/d03b6ecfc44e350fd08df752a9551d824287d7f5) feat: access control to prototype properties via whitelist - Additional commits viewable in [compare view](https://github.com/wycats/handlebars.js/compare/v4.1.2...v4.7.0)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/tars/tars-cli/network/alerts).
artem-malko commented 4 years ago

done on master

dependabot[bot] commented 4 years ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.