Bump handlebars from 1.3.0 to 4.0.0 in /site #2

dependabot · 2019-12-26T18:58:18Z

Bumps handlebars from 1.3.0 to 4.0.0.

Changelog

v4.0.0 - September 1st, 2015

#1082 - Decorators and Inline Partials (@kpdecker)

#1076 - Implement partial blocks (@kpdecker)

#1087 - Fix #each when last object entry has empty key (@denniskuczynski)

#1084 - Bump uglify version to fix vulnerability (@John-Steidley)

#1068 - Fix typo (@0xack13)

#1060 - #1056 Fixed grammar for nested raw blocks (@ericbn)

#1052 - Updated year in License (@maqnouch)

#1037 - Fix minor typos in README (@tomxtobin)

#1032 - Is it possible to render a partial without the parent scope? (@aputinski)

#1019 - Fixes typo in tests (@aymerick)

#1016 - Version mis-match (@mayankdedhia)

#1023 - is it possible for nested custom helpers to communicate between each other?

#893 - [Proposal] Section blocks.

#792 - feature request: inline partial definitions

#583 - Parent path continues to drill down depth with multiple conditionals

#404 - Add named child helpers that can be referenced by block helpers

Escape = in HTML content - 83b8e84

Drop AST constructors in favor of JSON - 95d84ba

Pass container rather than exec as context - 9a2d1d6

Add ignoreStandalone compiler option - ea3a5a1

Ignore empty when iterating on sparse arrays - 06d515a

Add support for string and stdin precompilation - 0de8dac

Simplify object assignment generation logic - 77e6bfc

Bulletproof AST.helpers.helperExpression - 93b0760

Always return string responses - 8e868ab

Pass undefined fields to helpers in strict mode - 5d4b8da

Avoid depth creation when context remains the same - 279e038

Improve logging API - 9a49d35

Fix with operator in no @data mode - 231a8d7

Allow empty key name in each iteration - 1bb640b

Add with block parameter support - 2a85106

Fix escaping of non-javascript identifiers - 410141c

Fix location information for programs - 93faffa

Compatibility notes:

Depthed paths are now conditionally pushed on to the stack. If the helper uses the same context, then a new stack is not created. This leads to behavior that better matches expectations for helpers like if that do not seem to alter the context. Any instances of ../ in templates will need to be checked for the correct behavior under 4.0.0. In general templates will either reduce the number of ../ instances or leave them as is. See #1028.

The = character is now HTML escaped. This closes a potential exploit case when using unquoted attributes, i.e. <div foo={{bar}}>. In general it's recommended that attributes always be quoted when their values are generated from a mustache to avoid any potential exploit surfaces.

AST constructors have been dropped in favor of plain old javascript objects

The runtime version has been increased. Precompiled templates will need to use runtime of at least 4.0.0.

Commits

v3.0.3 - April 28th, 2015

#1004 - Latest version breaks with RequireJS (global is undefined) (@boskee)

Commits

v3.0.2 - April 20th, 2015

#998 - Add full support for es6 (@kpdecker)

... (truncated)

Commits

bff5fab v4.0.0
f97b99e Update release notes
6c07367 Update release notes
83b8e84 Escape = in HTML content
b0d217e Rev runtime compiler revision
c13c7df Add basic decorators docs
b63d74a Add explicitPartialContext compiler flag
e7a64f0 Merge branch 'decorators'
0f5061e Merge pull request #1087 from denniskuczynski/each_object_empty_string_key
7c896a0 Fix #each when last object entry has empty key
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [handlebars](https://github.com/wycats/handlebars.js) from 1.3.0 to 4.0.0. - [Release notes](https://github.com/wycats/handlebars.js/releases) - [Changelog](https://github.com/wycats/handlebars.js/blob/master/release-notes.md) - [Commits](handlebars-lang/handlebars.js@v1.3.0...v4.0.0) Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label Dec 26, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump handlebars from 1.3.0 to 4.0.0 in /site #2

Bump handlebars from 1.3.0 to 4.0.0 in /site #2

dependabot bot commented on behalf of github Dec 26, 2019

Bump handlebars from 1.3.0 to 4.0.0 in /site #2

Are you sure you want to change the base?

Bump handlebars from 1.3.0 to 4.0.0 in /site #2

Conversation

dependabot bot commented on behalf of github Dec 26, 2019

v4.0.0 - September 1st, 2015

v3.0.3 - April 28th, 2015

v3.0.2 - April 20th, 2015