Bump the npm_and_yarn group across 2 directories with 24 updates

[dependabot]

Bumps the npm_and_yarn group with 22 updates in the / directory:

Package	From	To
lodash	4.17.4	4.17.21
chromedriver	2.35.0	119.0.1
electron	2.0.2	22.3.25
jsdom	9.9.1	16.5.0
browserify-sign	4.0.4	4.2.3
codemirror	5.22.0	5.65.16
css-what	2.1.0	2.1.3
decode-uri-component	0.2.0	0.2.2
elliptic	6.4.0	6.5.5
es5-ext	0.10.12	0.10.64
fsevents	1.0.17	1.2.13
handlebars	4.0.6	4.7.8
ini	1.3.4	1.3.8
is-my-json-valid	2.15.0	2.20.6
loader-utils	1.1.0	1.4.2
lodash-es	4.17.4	4.17.21
object-path	0.11.3	0.11.8
set-getter	0.1.0	0.1.1
ssri	6.0.1	6.0.2
ua-parser-js	0.7.12	0.7.38
urijs	1.18.4	1.19.11
y18n	4.0.0	4.0.3

Bumps the npm_and_yarn group with 2 updates in the /examples/router directory: jsdom and webpack-dev-middleware.

Updates lodash from 4.17.4 to 4.17.21

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• ded9bc6 Bump to v4.17.20.
• 63150ef Documentation fixes.
• 00f0f62 test.js: Remove trailing comma.
• 846e434 Temporarily use a custom fork of lodash-cli.
• 5d046f3 Re-enable Travis tests on 4.17 branch.
• aa816b3 Remove /npm-package.
• d7fbc52 Bump to v4.17.19
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Updates chromedriver from 2.35.0 to 119.0.1

Commits

• de961e3 Hide private attributes from exports
• 379046e Update package dependencies
• 5b708ad Add tests for Node.js version 21
• c99283d Bump version to 119.0.0
• f6edc1e Add provenance
• f43d7f8 Make install faster for update check
• 157d419 Add token to enable PR
• 09dd5b7 Bump version to 118.0.0
• 82a6380 Fix tag gh action script
• ce13f36 Bump package version to 117.0.3
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by giggio, a new releaser for chromedriver since your current version.

Updates electron from 2.0.2 to 22.3.25

Changelog

Sourced from electron's changelog.

Breaking Changes

Breaking changes will be documented here, and deprecation warnings added to JS code where possible, at least one major version before the change is made.

Types of Breaking Changes

This document uses the following convention to categorize breaking changes:

• API Changed: An API was changed in such a way that code that has not been updated is guaranteed to throw an exception.
• Behavior Changed: The behavior of Electron has changed, but not in such a way that an exception will necessarily be thrown.
• Default Changed: Code depending on the old default may break, not necessarily throwing an exception. The old behavior can be restored by explicitly specifying the value.
• Deprecated: An API was marked as deprecated. The API will continue to function, but will emit a deprecation warning, and will be removed in a future release.
• Removed: An API or feature was removed, and is no longer supported by Electron.

Planned Breaking API Changes (32.0)

Removed: File.path

The nonstandard path property of the Web File object was added in an early version of Electron as a convenience method for working with native files when doing everything in the renderer was more common. However, it represents a deviation from the standard and poses a minor security risk as well, so beginning in Electron 32.0 it has been removed in favor of the webUtils.getPathForFile method.

// Before (renderer)
const file = document.querySelector('input[type=file]')
alert(Uploaded file path was: ${file.path})

// After (renderer)
const file = document.querySelector('input[type=file]')
electron.showFilePath(file)
// (preload)
const { contextBridge, webUtils } = require('electron')
contextBridge.exposeInMainWorld('electron', {
showFilePath (file) {
// It's best not to expose the full file path to the web content if
// possible.
const path = webUtils.getPathForFile(file)
alert(Uploaded file path was: ${path})
}
})

Deprecated: clearHistory, canGoBack, goBack, canGoForward, goForward, canGoToOffset, goToOffset on WebContents

The navigation-related APIs are now deprecated.

... (truncated)

Commits

• 1c1c132 chore: cherry-pick 3fbd1dca6a4d from libvpx (#40026)
• d892c2b build: fixup autoninja (#39899)
• 6132e80 build: run on circle hosts for forks (#39865)
• a953199 build: use aks backed runners for linux builds (#39838)
• 056eacf chore: cherry-pick b2eab7500a18 from chromium (#39827)
• 5f8ef81 fix: ensure app load is limited to real asar files when appropriate (#39811)
• 4995c9e chore: cherry-pick 1 changes from Release-3-M116 (#39758)
• e29cdac build: fix depot_tools patch application (#39751)
• b58903d chore: cherry-pick 1 changes from Release-2-M116 (#39689)
• 33f9dce chore: cherry-pick 2 changes from Release-1-M116 (#39648)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by electron-nightly, a new releaser for electron since your current version.

Updates jsdom from 9.9.1 to 16.5.0

Release notes

Sourced from jsdom's releases.

Version 16.5.0

• Added window.queueMicrotask().
• Added window.event.
• Added inputEvent.inputType. (diegohaz)
• Removed ondragexit from Window and friends, per a spec update.
• Fixed the URL of about:blank iframes. Previously it was getting set to the parent's URL. (SimonMueller)
• Fixed the loading of subresources from the filesystem when they had non-ASCII filenames.
• Fixed the hidden="" attribute to cause display: none per the user-agent stylesheet. (ph-fritsche)
• Fixed the new File() constructor to no longer convert / to :, per a pending spec update.
• Fixed mutation observer callbacks to be called with the MutationObserver instance as their this value.
• Fixed <input type=checkbox> and <input type=radio> to be mutable even when disabled, per a spec update.
• Fixed XMLHttpRequest to not fire a redundant final progress event if a progress event was previously fired with the same loaded value. This would usually occur with small files.
• Fixed XMLHttpRequest to expose the Content-Length header on cross-origin responses.
• Fixed xhr.response to return null for failures that occur during the middle of the download.
• Fixed edge cases around passing callback functions or event handlers. (ExE-Boss)
• Fixed edge cases around the properties of proxy-like objects such as localStorage or dataset. (ExE-Boss)
• Fixed a potential memory leak with custom elements (although we could not figure out how to trigger it). (soncodi)

Version 16.4.0

• Added a not-implemented warning if you try to use the second pseudo-element argument to getComputedStyle(), unless you pass a ::part or ::slotted pseudo-element, in which case we throw an error per the spec. (ExE-Boss)
• Improved the performance of repeated access to el.tagName, which also indirectly improves performance of selector matching and style computation. (eps1lon)
• Fixed form.elements to respect the form="" attribute, so that it can contain non-descendant form controls. (ccwebdesign)
• Fixed el.focus() to do nothing on disconnected elements. (eps1lon)
• Fixed el.focus() to work on SVG elements. (zjffun)
• Fixed removing the currently-focused element to move focus to the <body> element. (eps1lon)
• Fixed imgEl.complete to return true for <img> elements with empty or unset src="" attributes. (strager)
• Fixed imgEl.complete to return true if an error occurs loading the <img>, when canvas is enabled. (strager)
• Fixed imgEl.complete to return false if the <img> element's src="" attribute is reset. (strager)
• Fixed the valueMissing validation check for <input type="radio">. (zjffun)
• Fixed translate="" and draggable="" attribute processing to use ASCII case-insensitivity, instead of Unicode case-insensitivity. (zjffun)

Version 16.3.0

• Added firing of focusin and focusout when using el.focus() and el.blur(). (trueadm)
• Fixed elements with the contenteditable="" attribute to be considered as focusable. (jamieliu386)
• Fixed window.NodeFilter to be per-Window, instead of shared across all Windows. (ExE-Boss)
• Fixed edge-case behavior involving use of objects with handleEvent properties as event listeners. (ExE-Boss)
• Fixed a second failing image load sometimes firing a load event instead of an error event, when the canvas package is installed. (strager)
• Fixed drawing an empty canvas into another canvas. (zjffun)

Version 16.2.2

• Updated StyleSheetList for better spec compliance; notably it no longer inherits from Array.prototype. (ExE-Boss)
• Fixed requestAnimationFrame() from preventing process exit. This likely regressed in v16.1.0.
• Fixed setTimeout() to no longer leak the closures passed in to it. This likely regressed in v16.1.0. (AviVahl)
• Fixed infinite recursion that could occur when calling click() on a <label> element, or one of its descendants.
• Fixed getComputedStyle() to consider inline style="" attributes. (eps1lon)
• Fixed several issues with <input type="number">'s stepUp() and stepDown() functions to be properly decimal-based, instead of floating point-based.
• Fixed various issues where updating selectEl.value would not invalidate properties such as selectEl.selectedOptions. (ExE-Boss)
• Fixed <input>'s src property, and <ins>/<del>'s cite property, to properly reflect as URLs.
• Fixed window.addEventLister, window.removeEventListener, and window.dispatchEvent to properly be inherited from EventTarget, instead of being distinct functions. (ExE-Boss)
• Fixed errors that would occur if attempting to use a DOM object, such as a custom element, as an argument to addEventListener.

... (truncated)

Changelog

Sourced from jsdom's changelog.

16.5.0

• Added window.queueMicrotask().
• Added window.event.
• Added inputEvent.inputType. (diegohaz)
• Removed ondragexit from Window and friends, per a spec update.
• Fixed the URL of about:blank iframes. Previously it was getting set to the parent's URL. (SimonMueller)
• Fixed the loading of subresources from the filesystem when they had non-ASCII filenames.
• Fixed the hidden="" attribute to cause display: none per the user-agent stylesheet. (ph-fritsche)
• Fixed the new File() constructor to no longer convert / to :, per a pending spec update.
• Fixed mutation observer callbacks to be called with the MutationObserver instance as their this value.
• Fixed <input type=checkbox> and <input type=radio> to be mutable even when disabled, per a spec update.
• Fixed XMLHttpRequest to not fire a redundant final progress event if a progress event was previously fired with the same loaded value. This would usually occur with small files.
• Fixed XMLHttpRequest to expose the Content-Length header on cross-origin responses.
• Fixed xhr.response to return null for failures that occur during the middle of the download.
• Fixed edge cases around passing callback functions or event handlers. (ExE-Boss)
• Fixed edge cases around the properties of proxy-like objects such as localStorage or dataset. (ExE-Boss)
• Fixed a potential memory leak with custom elements (although we could not figure out how to trigger it). (soncodi)

16.4.0

• Added a not-implemented warning if you try to use the second pseudo-element argument to getComputedStyle(), unless you pass a ::part or ::slotted pseudo-element, in which case we throw an error per the spec. (ExE-Boss)
• Improved the performance of repeated access to el.tagName, which also indirectly improves performance of selector matching and style computation. (eps1lon)
• Fixed form.elements to respect the form="" attribute, so that it can contain non-descendant form controls. (ccwebdesign)
• Fixed el.focus() to do nothing on disconnected elements. (eps1lon)
• Fixed el.focus() to work on SVG elements. (zjffun)
• Fixed removing the currently-focused element to move focus to the <body> element. (eps1lon)
• Fixed imgEl.complete to return true for <img> elements with empty or unset src="" attributes. (strager)
• Fixed imgEl.complete to return true if an error occurs loading the <img>, when canvas is enabled. (strager)
• Fixed imgEl.complete to return false if the <img> element's src="" attribute is reset. (strager)
• Fixed the valueMissing validation check for <input type="radio">. (zjffun)
• Fixed translate="" and draggable="" attribute processing to use ASCII case-insensitivity, instead of Unicode case-insensitivity. (zjffun)

16.3.0

• Added firing of focusin and focusout when using el.focus() and el.blur(). (trueadm)
• Fixed elements with the contenteditable="" attribute to be considered as focusable. (jamieliu386)
• Fixed window.NodeFilter to be per-Window, instead of shared across all Windows. (ExE-Boss)
• Fixed edge-case behavior involving use of objects with handleEvent properties as event listeners. (ExE-Boss)
• Fixed a second failing image load sometimes firing a load event instead of an error event, when the canvas package is installed. (strager)
• Fixed drawing an empty canvas into another canvas. (zjffun)

16.2.2

• Updated StyleSheetList for better spec compliance; notably it no longer inherits from Array.prototype. (ExE-Boss)
• Fixed requestAnimationFrame() from preventing process exit. This likely regressed in v16.1.0.
• Fixed setTimeout() to no longer leak the closures passed in to it. This likely regressed in v16.1.0. (AviVahl)
• Fixed infinite recursion that could occur when calling click() on a <label> element, or one of its descendants.
• Fixed getComputedStyle() to consider inline style="" attributes. (eps1lon)
• Fixed several issues with <input type="number">'s stepUp() and stepDown() functions to be properly decimal-based, instead of floating point-based.

... (truncated)

Commits

• 2d82763 Version 16.5.0
• 9741311 Fix loading of subresources with Unicode filenames
• 5e46553 Use domenic's ESLint config as the base
• 19b35da Fix the URL of about:blank iframes
• 017568e Support inputType on InputEvent
• 29f4fdf Upgrade dependencies
• e2f7639 Refactor create‑event‑accessor.js to remove code duplication
• ff69a75 Convert JSDOM to use callback functions
• 19df6bc Update links in contributing guidelines
• 1e34ff5 Test triage
• Additional commits viewable in compare view

Updates browserify-sign from 4.0.4 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

• [patch] widen support to 0.12 9247adf
• [patch] drop minimum node support to v1 4d0ee49
• [Dev Deps] update aud, npmignore, tape 87f3a35
• [actions] remove redundant finisher 37a4758
• [Deps] pin hash-base to ~3.0, due to a breaking change 9e2bf12
• [Deps] update parse-asn1 [f427270`](browserify/browserify-sign@f427270)
• [Deps] update elliptic fb261ce
• [Deps] pin elliptic due to a breaking change 168e16f

v4.2.2 - 2023-10-25

Fixed

• [Tests] log when openssl doesn't support cipher [#37](https://github.com/crypto-browserify/browserify-sign/issues/37)

Commits

• Only apps should have lockfiles 09a8995
• [eslint] switch to eslint 83fe463
• [meta] add npmignore and auto-changelog 4418183
• [meta] fix package.json indentation 9ac5a5e
• [Tests] migrate from travis to github actions d845d85
• [Fix] sign: throw on unsupported padding scheme 8767739
• [Fix] properly check the upper bound for DSA signatures 85994cd
• [Tests] handle openSSL not supporting a scheme f5f17c2
• [Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb
• [Dev Deps] update nyc, standard, tape cc5350b
• [Tests] always run coverage; downgrade nyc 75ce1d5
• [meta] add safe-publish-latest dcf49ce
• [Tests] add npm run posttest 75dd8fd
• [Dev Deps] update tape 3aec038
• [Tests] skip unsupported schemes 703c83e
• [Tests] node < 6 lacks array includes 3aa43cf
• [Dev Deps] fix eslint range 98d4e0d

v4.2.1 - 2020-08-04

Merged

• bump elliptic [#58](https://github.com/crypto-browserify/browserify-sign/issues/58)

v4.2.0 - 2020-05-18

Merged

• switch to safe buffer [#53](https://github.com/crypto-browserify/browserify-sign/issues/53)

... (truncated)

Commits

• bf2c3ec v4.2.3
• 9247adf [patch] widen support to 0.12
• f427270 [Deps] update `parse-asn1
• 87f3a35 [Dev Deps] update aud, npmignore, tape
• fb261ce [Deps] update elliptic
• 4d0ee49 [patch] drop minimum node support to v1
• 9e2bf12 [Deps] pin hash-base to ~3.0, due to a breaking change
• 168e16f [Deps] pin elliptic due to a breaking change
• 37a4758 [actions] remove redundant finisher
• 4af5a90 v4.2.2
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.

Updates codemirror from 5.22.0 to 5.65.16

Commits

• See full diff in compare view

Updates css-what from 2.1.0 to 2.1.3

Commits

• 2db00ca 2.1.3
• dc51092 fix(css-selectors): extend regex to include superscript in range, fix #27 (#28)
• a5f1991 Test on node LTS
• b2a2117 2.1.2
• e9ef3f1 Run prettier
• 070b2f8 Add remaining parsed outputs (#25)
• af801e4 update license references to match license file (#23)
• 2d495d0 Update to node 10 in .travis.yml (#22)
• c636f0d Allow escaped parentheses in pseudo selectors (#20)
• 4e255c9 Update .travis.yml
• Additional commits viewable in compare view

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

Updates elliptic from 6.4.0 to 6.5.5

Commits

• 7570078 6.5.5
• 206da2e lib: lint
• 0a78e03 [Fix] restore node < 4 compat
• 43ac7f2 6.5.4
• f4bc72b package: bump deps
• 441b742 ec: validate that a point before deriving keys
• e71b2d9 lib: relint using eslint
• 8421a01 build(deps): bump elliptic from 6.4.1 to 6.5.3 (#231)
• 8647803 6.5.3
• 856fe4d signature: prevent malleability and overflows
• Additional commits viewable in compare view

Updates es5-ext from 0.10.12 to 0.10.64

Release notes

Sourced from es5-ext's releases.

0.10.64 (2024-02-27)

Bug Fixes

• Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

---

Comparison since last release

0.10.63 (2024-02-23)

Bug Fixes

• Do not rely on problematic regex (3551cdd), addresses #201
• Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
• Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

• Simplify the manifest message (7855319)

---

Comparison since last release

0.10.62 (2022-08-02)

Maintenance Improvements

• Manifest improvements:
  • (#190) (b8dc53f)
  • (c51d552)

---

Comparison since last release

0.10.61 (2022-04-20)

Bug Fixes

• Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

• Bump dependencies (d7e0a61)

---

Comparison since last release

0.10.60 (2022-04-07)

Maintenance Improvements

• Improve postinstall script configuration (ab6b121)

---

... (truncated)

Changelog

Sourced from es5-ext's changelog.

0.10.64 (2024-02-27)

Bug Fixes

• Revert update to postinstall script meant to fix Powershell issue, as it's a regression for some Linux terminals (c2e2bb9)

0.10.63 (2024-02-23)

Bug Fixes

• Do not rely on problematic regex (3551cdd), addresses #201
• Support ES2015+ function definitions in function#toStringTokens() (a52e957), addresses #021
• Ensure postinstall script does not crash on Windows, fixes #181 (bf8ed79)

Maintenance Improvements

• Simplify the manifest message (7855319)

0.10.62 (2022-08-02)

Maintenance Improvements

• Manifest improvements:
  • (#190) (b8dc53f)
  • (c51d552)

0.10.61 (2022-04-20)

Bug Fixes

• Ensure postinstall script does not error (a0be4fd)

Maintenance Improvements

• Bump dependencies (d7e0a61)

0.10.60 (2022-04-07)

Maintenance Improvements

• Improve postinstall script configuration (ab6b121)

0.10.59 (2022-03-17)

Maintenance Improvements

• Improve manifest wording (#122) (eb7ae59)
• Update data in manifest (3d2935a)

0.10.58 (2022-03-11)

... (truncated)

Commits

• f76b03d chore: Release v0.10.64
• 2881acd chore: Bump dependencies
• c2e2bb9 fix: Revert update meant to fix Powershell issue, as it's a regression
• 16f2b72 docs: Fix date in the changelog
• de4e03c chore: Release v0.10.63
• 3fd53b7 chore: Upgrade lint-staged to v13
• bf8ed79 chore: Ensure postinstall script does not crash on Windows
• 2cbbb07 chore: Bump dependencies
• 22d0416 chore: Bump LICENSE year
• a52e957 fix: Support ES2015+ function definitions in function#toStringTokens()
• Additional commits viewable in compare view

Updates fsevents from 1.0.17 to 1.2.13

Release notes

Sourced from fsevents's releases.

Release v1.2.13

Only build on Mac-OSX

Release v1.2.11

Removing node-pre-gyp so that building fsevents becomes easier and enabled without the download of binaries.

The credentials to the AWS store have been lost. Releasing to AWS is both insecure and no longer possible due to the lost credentials.

Intermediate Release

No release notes provided.

Release v1.2.9 - Node v12 compatibility

No release notes provided.

Release Pre-NAPI v1.2.8

No release notes provided.

Version Bump (bundle node-pre-gyp)

No release notes provided.

Prebuilt v11.x

No release notes provided.

v1.2.3

• Added node v10 for pre-built binaries
• C++ tuning to fix potential SIGILL and cyclic dependency (#204)

v1.2.2

Fixed node-pre-gyp bundling issue

v1.2.1

[unpublished because of errors during publish process]

v1.2.0

• BREAKING: End support for Node v0.12. If you are using Node v0.12 please pin your fsevents dependencies to v1.1.3. Not bumping semver major for this release was a compromise solution discussed in #199 and #201.
  • Node v0.10 should continue to work with local compilation for now, but hosted pre-built binaries will no longer be provided. If this is a constraint for you, please pin to an earlier version.
• Fixed security vulnerability warnings by updating node-pre-gyp to ^0.9.0
• Compatibility updates for nan v2.9.0

v1.1.3

• Added node v9 for pre-built binaries
• Fixed bug related to using --no-bin-links option on install
• Updated node-pre-gyp to latest version (0.6.39)

v1.1.2

• Added Node.js v8 to the prebuild binary assets.
• Stopped prebuilding for io.js (can still be built locally)
• Updated node-pre-gyp to latest version (0.6.36)

v1.1.1

... (truncated)

Commits

• 844a05d Version Bump
• f393f2a Only build fsevents on macOS (#322)
• 6a281a7 [publish binary]
• acc2bce [publish binary]
• f532b6e [publish binary]
• 4c6a1c0 Add node 13 to travis matrix.
• 92e40aa Release 1.2.12.
• 909af26 Release v1.2.11
• 7074adb Release v1.2.10
• 0a052f6 Node.js v12 support for v1.x (#274)
• Additional commits viewable in compare view

Updates handlebars from 4.0.6 to 4.7.8

Release notes

Sourced from handlebars's releases.

v4.7.8

• Make library compatible with workers (#1894) - 3d3796c
• Don't rely on Node.js global object (#1776) - 2954e7e
• Fix compiling of each block params in strict mode (#1855) - 30dbf04
• Fix rollup warning when importing Handlebars as ESM - 03d387b
• Fix bundler issue with webpack 5 (#1862) - c6c6bbb
• Use https instead of git for mustache submodule - 88ac068

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.8 - July 27th, 2023

• Make library compatible with workers (#1894) - 3d3796c
• Don't rely on Node.js global object (#1776) - 2954e7e
• Fix compiling of each block params in strict mode (#1855) - 30dbf04
• Fix rollup warning when importing Handlebars as ESM - 03d387b
• Fix bundler issue with webpack 5 (#1862) - c6c6bbb
• Use https instead of git for mustache submodule - 88ac068

Commits

v4.7.7 - February 15th, 2021

• fix weird error in integration tests - eb860c0
• fix: check prototype property access in strict-mode (#1736) - b6d3de7
• fix: escape property names in compat mode (#1736) - f058970
• refactor: In spec tests, use expectTemplate over equals and shouldThrow (#1683) - 77825f8
• chore: start testing on Node.js 12 and 13 - 3789a30

(POSSIBLY) BREAKING CHANGES:

• the changes from version 4.6.0 now also apply in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.

That is why we only bump the patch version despite mentioning breaking changes.

Commits

v4.7.6 - April 3rd, 2020

Chore/Housekeeping:

• #1672 - Switch cmd parser to latest minimist (@​dougwilson

Compatibility notes:

• Restored Node.js compatibility

Commits

v4.7.5 - April 2nd, 2020

Chore/Housekeeping:

• Node.js version support has been changed to v6+ Reverted in 4.7.6

Compatibility notes:

... (truncated)

Commits

• 8dc3d25 v4.7.8
• 668c4fb Fix browser tests in CI pipeline
• c65c6cc Test on Node 18
• 3d3796c Make library compatible with workers
• 075b354 Fix sync issue with npm lock-file
• 30dbf04 Fix compiling of each block params in strict mode
• e3a5448 Fix bundler issue with webpack 5
• 8e23642 Fix integration-tests issue with npm >= 7
• 88ac068 use https instead of git for mustache submodule
• c68bc08 Fix typo
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jaylinski, a new releaser for handlebars since your current version.

Updates ini from 1.3.4 to 1.3.8

Commits

• a2c5da8 1.3.8
• af5c6bb Do not use Object.create(null)
• 8b648a1 don't test where our devdeps don't even work
• c74c8af 1.3.7
• 024b8b5 update deps, add linting
• 032fbaf Use Object.create(null) to avoid default object property hazards
• 2da9039 1.3.6
• cfea636 better git push script, before publish instead of after
• 56d2805 do not allow invalid hazardous string as section name
• 738eca5 v1.3.5
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for ini since your current version.

Updates is-my-json-valid from 2.15.0 to 2.20.6

Commits

• 58d30cb 2.20.6
• f76edf0 Merge pull request #188 from axelniklasson/master
• 4eef089 Upgrade jsonpointer to address security vulnerability
• 441f812 2.20.5
• d36a1b1 Merge pull request #182 from ChALkeR/chalker/fix-comma
• b6ea484 Fix uri prefix detection
• 5389c5b Merge pull request #181 from ChALkeR/chalker/fix-undef
• df5b313 add funding file
• c224619 Fix 'required' implementation
• 2534...

  Description has been truncated