⬆️ Bump the npm_and_yarn group across 1 directory with 32 updates

[dependabot]

Bumps the npm_and_yarn group with 20 updates in the / directory:

Package	From	To
moment	2.25.3	2.29.4
moment-timezone	0.5.28	0.5.35
semantic-release	17.2.3	19.0.3
@babel/traverse	7.9.6	7.24.7
node-fetch	2.6.0	2.7.0
braces	3.0.2	3.0.3
jest	26.0.0	29.7.0
handlebars	4.7.3	4.7.8
qs	6.5.2	6.5.3
hosted-git-info	2.8.8	2.8.9
json-bigint	0.3.0	1.0.0
gcp-metadata	4.0.1	4.3.1
json5	2.1.3	2.2.3
lodash	4.17.15	4.17.21
luxon	1.24.1	1.28.1
node-forge	0.9.1	1.3.1
google-p12-pem	3.0.1	3.1.4
path-parse	1.0.6	1.0.7
parse-path	4.0.1	7.0.0
semantic-release-gitmoji	1.3.3	1.6.5

Updates moment from 2.25.3 to 2.29.4

Changelog

Sourced from moment's changelog.

2.29.4

• Release Jul 6, 2022
  • #6015 [bugfix] Fix ReDoS in preprocessRFC2822 regex

2.29.3 Full changelog

• Release Apr 17, 2022
  • #5995 [bugfix] Remove const usage
  • #5990 misc: fix advisory link

2.29.2 See full changelog

• Release Apr 3 2022

Address GHSA-8hfj-j24r-96c4

2.29.1 See full changelog

• Release Oct 6, 2020

Updated deprecation message, bugfix in hi locale

2.29.0 See full changelog

• Release Sept 22, 2020

New locales (es-mx, bn-bd). Minor bugfixes and locale improvements. More tests. Moment is in maintenance mode. Read more at this link: https://momentjs.com/docs/#/-project-status/

2.28.0 See full changelog

• Release Sept 13, 2020

Fix bug where .format() modifies original instance, and locale updates

2.27.0 See full changelog

• Release June 18, 2020

Added Turkmen locale, other locale improvements, slight TypeScript fixes

2.26.0 See full changelog

• Release May 19, 2020

... (truncated)

Commits

• 000ac18 Build 2.24.4
• f2006b6 Bump version to 2.24.4
• 536ad0c Update changelog for 2.29.4
• 9a3b589 [bugfix] Fix redos in preprocessRFC2822 regex (#6015)
• 6374fd8 Merge branch 'master' into develop
• b4e6153 Revert "[bugfix] Fix redos in preprocessRFC2822 regex (#6015)"
• 7aebb16 [bugfix] Fix redos in preprocessRFC2822 regex (#6015)
• 57c9062 Build 2.29.3
• aaf50b6 Fixup release complaints
• 26f4aef Bump version to 2.29.3
• Additional commits viewable in compare view

Updates moment-timezone from 0.5.28 to 0.5.35

Release notes

Sourced from moment-timezone's releases.

Release 0.5.35

• Fix command injection in data pipeline GHSA-56x4-j7p9-fcf9
• Fix cleartext transmission of sensitive information GHSA-v78c-4p63-2j6c

Thanks to the OpenSSF Alpha-Omega project for reporting these!

Release 0.5.34

• Updated data to IANA TZDB 2021e

Release 0.5.33

• Updated data to IANA TZDB 2021a

Release 0.5.32

• Updated data to IANA TZDB 2020d

Release 0.5.31

Fixed Travis builds for Node.js 4 and 6

Release 0.5.30

• Updated data to IANA TZDB 2020a
• Fixed typescript definitions

NOTE: You might need to un-install @types/moment-timezone. Check moment/moment-timezone#858 for more info.

Release 0.5.29

• Fixed es6 module loading issue moment/moment-timezone@1fd4234
• Fixed typescript declarations moment/moment-timezone@ed529ea
• Fixed changelog moment/moment-timezone@adb7d7b

Changelog

Sourced from moment-timezone's changelog.

0.5.35 2022-08-23

• Fix command injection in data pipeline GHSA-56x4-j7p9-fcf9
• Fix cleartext transmission of sensitive information GHSA-v78c-4p63-2j6c

Thanks to the OpenSSF Alpha-Omega project for reporting these!

0.5.34 2021-11-10

• Updated data to IANA TZDB 2021e

0.5.33 2021-02-06

• Updated data to IANA TZDB 2021a

0.5.32 2020-11-14

• Updated data to IANA TZDB 2020d

0.5.31 2020-05-16

• Fixed Travis builds for Node.js 4 and 6

0.5.30 2020-05-16

• Updated data to IANA TZDB 2020a
• Fixed typescript definitions

NOTE: You might need to un-install @​types/moment-timezone. Check moment/moment-timezone#858 for more info

0.5.29 2020-05-16

• Merged fix of es6 module loading issue moment/moment-timezone@1fd4234
• Merged PR with typescript declarations moment/moment-timezone@ed529ea
• Merged fixes to changelog moment/moment-timezone@adb7d7b

Commits

• b8fb1ba Build moment-timezone 0.5.35
• f1b5e5a Add changelog for 0.5.35
• 8b0eb0c Bump version to 0.5.35
• 7915ac5 Bugfix: Prevent cleartext transmission of tz data during build
• ce955a3 Bugfix: Fix command injection vulnerability in grunt tzdata pipeline
• 9430b4c Merge remote-tracking branch 'origin/master' into develop
• feaf900 Updated contributing.md + added 2021e files
• 704cfac updated contributing.md
• 877c863 Updated contributing.md + added 2021e files
• 5a3015c updated contributing.md
• Additional commits viewable in compare view

Updates semantic-release from 17.2.3 to 19.0.3

Release notes

Sourced from semantic-release's releases.

v19.0.3

19.0.3 (2022-06-09)

Bug Fixes

• log-repo: use the original form of the repo url to remove the need to mask credentials (#2459) (58a226f), closes #2449

v19.0.2

19.0.2 (2022-01-18)

Bug Fixes

• npm-plugin: upgraded to the stable version (0eca144)

v19.0.1

19.0.1 (2022-01-18)

Bug Fixes

• npm-plugin: upgraded to the latest beta version (8097afb)

v19.0.0

19.0.0 (2022-01-18)

Bug Fixes

• npm-plugin: upgraded to the beta, which upgrades npm to v8 (f634b8c)
• upgrade marked to resolve ReDos vulnerability (#2330) (d9e5bc0)

BREAKING CHANGES

• npm-plugin: @semantic-release/npm has also dropped support for node v15
• node v15 has been removed from our defined supported versions of node. this was done to upgrade to compatible versions of marked and marked-terminal that resolved the ReDoS vulnerability. removal of support of this node version should be low since it was not an LTS version and has been EOL for several months already.

v19.0.0-beta.2

19.0.0-beta.2 (2022-01-17)

Bug Fixes

• npm-plugin: upgraded to the beta, which upgrades npm to v8 (f634b8c)

... (truncated)

Commits

• 58a226f fix(log-repo): use the original form of the repo url to remove the need to ma...
• 17d60d3 build(deps): bump npm from 8.3.1 to 8.12.0 (#2447)
• ab45ab1 chore(lint): disabled rules that dont apply to this project (#2408)
• ea389c3 chore(deps): update dependency yargs-parser to 13.1.2 [security] (#2402)
• fa994db build(deps): bump node-fetch from 2.6.1 to 2.6.7 (#2399)
• b79116b build(deps): bump trim-off-newlines from 1.0.1 to 1.0.3
• 6fd7e56 build(deps): bump minimist from 1.2.5 to 1.2.6
• 2b94bb4 docs: update broken link to CI config recipes (#2378)
• b4bc191 docs: Correct circleci workflow (#2365)
• 2c30e26 Merge pull request #2333 from semantic-release/next
• Additional commits viewable in compare view

Updates @babel/traverse from 7.9.6 to 7.24.7

Release notes

Sourced from @​babel/traverse's releases.

v7.24.7 (2024-06-05)

🐛 Bug Fix

• babel-node
  • #16554 Allow extra flags in babel-node (@​nicolo-ribaudo)
• babel-traverse
  • #16522 fix: incorrect constantViolations with destructuring (@​liuxingbaoyu)
• babel-helper-transform-fixture-test-runner, babel-plugin-proposal-explicit-resource-management
  • #16524 fix: Transform using in switch correctly (@​liuxingbaoyu)

🏠 Internal

• babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16525 Delete unused array helpers (@​blakewilson)

Committers: 7

• Amjad Yahia Robeen Hassan (@​amjed-98)
• Babel Bot (@​babel-bot)
• Blake Wilson (@​blakewilson)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• Sukka (@​SukkaW)
• @​liuxingbaoyu

v7.24.6 (2024-05-24)

Thanks @​amjed-98, @​blakewilson, @​coelhucas, and @​SukkaW for your first PRs!

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • #16514 Fix source maps for private member expressions (@​nicolo-ribaudo)
• babel-core, babel-generator, babel-plugin-transform-modules-commonjs
  • #16515 Fix source maps for template literals (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16485 Support undecorated static accessor in anonymous classes (@​JLHwung)
  • #16484 Fix decorator bare yield await (@​JLHwung)
• babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
  • #16483 Fix: throw TypeError if addInitializer is called after finished (@​JLHwung)
• babel-parser, babel-plugin-transform-typescript
  • #16476 fix: Correctly parse cls.fn<C> = x (@​liuxingbaoyu)

🏠 Internal

• babel-core, babel-helpers, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16501 Generate helper metadata at build time (@​nicolo-ribaudo)
• babel-helpers
  • #16499 Add tsconfig.json for @babel/helpers/src/helpers (@​nicolo-ribaudo)
• babel-cli, babel-helpers, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16495 Move all runtime helpers to individual files (@​nicolo-ribaudo)
• babel-parser, babel-traverse
  • #16482 Statically generate boilerplate for bitfield accessors (@​nicolo-ribaudo)
• Other

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.24.7 (2024-06-05)

🐛 Bug Fix

• babel-node
  • #16554 Allow extra flags in babel-node (@​nicolo-ribaudo)
• babel-traverse
  • #16522 fix: incorrect constantViolations with destructuring (@​liuxingbaoyu)
• babel-helper-transform-fixture-test-runner, babel-plugin-proposal-explicit-resource-management
  • #16524 fix: Transform using in switch correctly (@​liuxingbaoyu)

🏠 Internal

• babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16525 Delete unused array helpers (@​blakewilson)

v7.24.6 (2024-05-24)

🐛 Bug Fix

• babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
  • #16514 Fix source maps for private member expressions (@​nicolo-ribaudo)
• babel-core, babel-generator, babel-plugin-transform-modules-commonjs
  • #16515 Fix source maps for template literals (@​nicolo-ribaudo)
• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
  • #16485 Support undecorated static accessor in anonymous classes (@​JLHwung)
  • #16484 Fix decorator bare yield await (@​JLHwung)
• babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
  • #16483 Fix: throw TypeError if addInitializer is called after finished (@​JLHwung)
• babel-parser, babel-plugin-transform-typescript
  • #16476 fix: Correctly parse cls.fn<C> = x (@​liuxingbaoyu)

🏠 Internal

• babel-core, babel-helpers, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16501 Generate helper metadata at build time (@​nicolo-ribaudo)
• babel-helpers
  • #16499 Add tsconfig.json for @babel/helpers/src/helpers (@​nicolo-ribaudo)
• babel-cli, babel-helpers, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • #16495 Move all runtime helpers to individual files (@​nicolo-ribaudo)
• babel-parser, babel-traverse
  • #16482 Statically generate boilerplate for bitfield accessors (@​nicolo-ribaudo)
• Other
  • #16466 Migrate import assertions syntax (@​JLHwung)

v7.24.5 (2024-04-29)

🐛 Bug Fix

• babel-plugin-transform-classes, babel-traverse
  • #16377 fix: TypeScript annotation affects output (@​liuxingbaoyu)
• babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3
  • #16440 Fix suppressed error order (@​sossost)
  • #16408 Await nullish async disposable (@​JLHwung)

💅 Polish

• babel-parser

... (truncated)

Commits

• bf1e9a3 v7.24.7
• 4463aa5 fix: incorrect constantViolations with destructuring (#16522)
• 07bd000 Improve getBindingIdentifiers (#16544)
• 17a5502 [Babel 8] Remove extra.shorthand (#16521)
• 7934963 Use type: module in all package.jsons (#16535)
• 9630250 v7.24.6
• 1f010df Explicitly define NodePath.prototype.* (#16488)
• 6e3539b [babel 8] Publish .d.ts files for every package (#16416)
• e37e64d Use eslint v9 (#16479)
• 3ff20b9 Statically generate boilerplate for bitfield accessors (#16482)
• Additional commits viewable in compare view

Updates node-fetch from 2.6.0 to 2.7.0

Release notes

Sourced from node-fetch's releases.

v2.7.0

2.7.0 (2023-08-23)

Features

• AbortError (#1744) (9b9d458)

v2.6.13

2.6.13 (2023-08-18)

Bug Fixes

• Remove the default connection close header (#1765) (65ae25a), closes #1735 #1473 #1736

v2.6.12

2.6.12 (2023-06-29)

Bug Fixes

• socket variable testing for undefined (#1726) (8bc3a7c)

v2.6.11

2.6.11 (2023-05-09)

Reverts

• Revert "fix: handle bom in text and json (#1739)" (#1741) (afb36f6), closes #1739 #1741

v2.6.10

2.6.10 (2023-05-08)

Bug Fixes

• handle bom in text and json (#1739) (29909d7)

v2.6.9

2.6.9 (2023-01-30)

Bug Fixes

• "global is not defined" (#1704) (70f592d)

v2.6.8

2.6.8 (2023-01-13)

... (truncated)

Commits

• 9b9d458 feat: AbortError (#1744)
• 65ae25a fix: Remove the default connection close header (#1765)
• 8bc3a7c fix: socket variable testing for undefined (#1726)
• afb36f6 Revert "fix: handle bom in text and json (#1739)" (#1741)
• 29909d7 fix: handle bom in text and json (#1739)
• 70f592d fix: "global is not defined" (#1704)
• 0f1ebb0 Prevent error when response is null (#1699)
• 6e9464d ci(release): install dependencies
• dd2a0ba ci(release): install dependencies
• 49bef02 ci(release): use latest Node LTS
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by node-fetch-bot, a new releaser for node-fetch since your current version.

Updates ajv from 5.5.2 to 6.12.2

Release notes

Sourced from ajv's releases.

v6.12.2

Removed post-install script

v6.12.1

Docs and dependency updates

v6.12.0

Improved hostname validation (@​sambauers, #1143) Option keywords to add custom keywords (@​franciscomorais, #1137) Types fixes (@​boenrobot, @​MattiAstedrone) Docs:

• error logging example (@​RadiationSickness)
• TypeScript usage notes (@​thetric)

v6.11.0

Time formats support two digit and colon-less variants of timezone offset (#1061 , @​cjpillsbury) Docs: RegExp related security considerations Tests: Disabled failing typescript test

v6.10.2

Fix: the unknown keywords were ignored with the option strictKeywords: true (instead of failing compilation) in some sub-schemas (e.g. anyOf), when the sub-schema didn't have known keywords.

v6.10.1

Fix types Fix addSchema (#1001) Update dependencies

v6.10.0

Option strictDefaults to report ignored defaults (#957, @​not-an-aardvark) Option strictKeywords to report unknown keywords (#781)

v6.9.0

OpenAPI keyword nullable can be any boolean (and not only true). Custom keyword definition changes:

• dependencies option in to require the presence of keywords in the same schema.
• more strict validation of the definition using JSON Schema.

v6.8.0

Docs: security considerations. Meta-schema for the security assessment of JSON Schemas.

v6.7.0

Option useDefaults: "empty" to replace null and "" (empty strings) with default values (in addition to assigning defaults to missing and undefined properties). Update draft-04 meta-schema to remove incorrect usage of "uri" format.

v6.6.0

Keyword "nullable" from OpenAPI spec Replaced phantomjs with headless chrome

v6.5.0

... (truncated)

Commits

• 6a67105 6.12.2
• 14bdb4b remove postinstall
• b511ae2 6.12.1
• 5354deb Merge branch 'opencollective-opencollective'
• 891f081 update readme
• bc60f57 Merge branch 'master' into opencollective
• f1ca328 Merge pull request #1191 from epoberezkin/greenkeeper/karma-sauce-launcher-4.1.3
• 3e9f375 Update package.json
• 0b641fe Merge branch 'master' into greenkeeper/karma-sauce-launcher-4.1.3
• db9e73a Merge pull request #1187 from epoberezkin/greenkeeper/karma-5.0.0
• Additional commits viewable in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates jest from 26.0.0 to 29.7.0

Release notes

Sourced from jest's releases.

v29.7.0

Features

• [create-jest] Add npm init / yarn create initialiser for Jest projects (#14465)
• [jest-validate] Allow deprecation warnings for unknown options (#14499)

Fixes

• [jest-resolver] Replace unmatched capture groups in moduleNameMapper with empty string instead of undefined (#14507)
• [jest-snapshot] Allow for strings as well as template literals in inline snapshots (#14465)
• [@jest/test-sequencer] Calculate test runtime if perStats.duration is missing (#14473)

Performance

• [@jest/create-cache-key-function] Cache access of NODE_ENV and BABEL_ENV (#14455)

Chore & Maintenance

• [jest-cli] Move internal config initialisation logic to the create-jest package (#14465)

New Contributors

• @​bawjensen made their first contribution in jestjs/jest#14465
• @​malaviya-parth made their first contribution in jestjs/jest#14467
• @​niklasholm made their first contribution in jestjs/jest#14507

Full Changelog: jestjs/jest@v29.6.4...v29.7.0

v29.6.4

Fixes

• [jest-core] Fix typo in scheduleAndRun performance marker (#14434)
• [jest-environment-node] Make sure atob and btoa are writeable in Node 20 (#14446)
• [jest-worker] Additional error wrapper for parentPort.postMessage to fix unhandled DataCloneError. (#14437)

New Contributors

• @​stanleyume made their first contribution in jestjs/jest#14424
• @​dj-stormtrooper made their first contribution in jestjs/jest#14437
• @​thw0rted made their first contribution in jestjs/jest#14444

Full Changelog: jestjs/jest@v29.6.3...v29.6.4

v29.6.3

Fixes

• [expect, @jest/expect-utils] ObjectContaining support symbol as key (#14414)
• [expect] Remove @types/node from dependencies (#14385)
• [jest-core] Use workers in watch mode by default to avoid crashes (#14059 & #14085).
• [jest-reporters] Update istanbul-lib-instrument dependency to v6. (#14401)
• [jest-mock] Revert #13692 as it was a breaking change (#14429)
• [jest-mock] Revert #13866 as it was a breaking change (#14429)

... (truncated)

Changelog

Sourced from jest's changelog.

29.7.0

Features

• [create-jest] Add npm init / yarn create initialiser for Jest projects (#14465)
• [jest-validate] Allow deprecation warnings for unknown options (#14499)

Fixes

• [jest-resolver] Replace unmatched capture groups in moduleNameMapper with empty string instead of undefined (#14507)
• [jest-snapshot] Allow for strings as well as template literals in inline snapshots (#14465)
• [@jest/test-sequencer] Calculate test runtime if perStats.duration is missing (#14473)

Performance

• [@jest/create-cache-key-function] Cache access of NODE_ENV and BABEL_ENV (#14455)

Chore & Maintenance

• [jest-cli] Move internal config initialisation logic to the create-jest package (#14465)

29.6.4

Fixes

• [jest-core] Fix typo in scheduleAndRun performance marker (#14434)
• [jest-environment-node] Make sure atob and btoa are writeable in Node 20 (#14446)
• [jest-worker] Additional error wrapper for parentPort.postMessage to fix unhandled DataCloneError. (#14437)

29.6.3

Fixes

• [expect, @jest/expect-utils] ObjectContaining support sumbol as key (#14414)
• [expect] Remove @types/node from dependencies (#14385)
• [jest-core] Use workers in watch mode by default to avoid crashes (#14059 & #14085).
• [jest-reporters] Update istanbul-lib-instrument dependency to v6. (#14401)
• [jest-mock] Revert #13692 as it was a breaking change (#14429)
• [jest-mock] Revert #13866 as it was a breaking change (#14429)
• [jest-mock] Revert #13867 as it was a breaking change (#14429)
• [@jest/reporters] Marks Reporter's hooks as optional (#14433)
• [jest-runtime] Fix dynamic ESM import module bug when loaded module through jest.isolateModulesAsync (#14397)

Chore & Maintenance

• [jest-changed-files, jest-circus, jest-console, @jest/core, @jest/runtime, @jest/transform] Use invariant and notEmpty from jest-util rather than own internal (#14366)

29.6.2

Fixes

... (truncated)

Commits

• 4e56991 v29.7.0
• 55cd6a0 v29.6.4
• fb7d95c v29.6.3
• 49bacb9 chore: update jest repo organisation in urls (#14413)
• 0fd5b1c v29.6.2
• 1f019af v29.6.1
• c1e5b8a v29.6.0
• 6ffa48d chore: upgrade TypeScript to v5 (#14155)
• a95eeb6 chore: update tsd runner (#14020)
• 39f3bed v29.5.0
• Additional commits viewable in compare view

Updates handlebars from 4.7.3 to 4.7.8

Release notes

Sourced from handlebars's releases.

v4.7.8

• Make library compatible with workers (#1894) - 3d3796c
• Don't rely on Node.js global object (#1776) - 2954e7e
• Fix compiling of each block params in strict mode (#1855) - 30dbf04
• Fix rollup warning when importing Handlebars as ESM - 03d387b
• Fix bundler issue with webpack 5 (#1862) - c6c6bbb
• Use https instead of git for mustache submodule - 88ac068

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.8 - July 27th, 2023

• Make library compatible with workers (#1894) - 3d3796c
• Don't rely on Node.js global object (#1776) - 2954e7e
• Fix compiling of each block params in strict mode (#1855) - 30dbf04
• Fix rollup warning when importing Handlebars as ESM - 03d387b
• Fix bundler issue with webpack 5 (#1862) - c6c6bbb
• Use https instead of git for mustache submodule - 88ac068

Commits

v4.7.7 - February 15th, 2021

• fix weird error in integration tests - eb860c0
• fix: check prototype property access in strict-mode (#1736) - b6d3de7
• fix: escape property names in compat mode (#1736) - f058970
• refactor: In spec tests, use expectTemplate over equals and shouldThrow (#1683) - 77825f8
• chore: start testing on Node.js 12 and 13 - 3789a30

(POSSIBLY) BREAKING CHANGES:

• the changes from version 4.6.0 now also apply in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.

That is why we only bump the patch version despite mentioning breaking changes.

Commits

v4.7.6 - April 3rd, 2020

Chore/Housekeeping:

• #1672 - Switch cmd parser to latest minimist (@​dougwilson

Compatibility notes:

• Restored Node.js compatibility

Commits

v4.7.5 - April 2nd, 2020

Chore/Housekeeping:

• Node.js version support has been changed to v6+ Reverted in 4.7.6

Compatibility notes:

... (truncated)

Commits

• 8dc3d25 v4.7.8
• 668c4fb Fix browser tests in CI pipeline
• c65c6cc Test on Node 18
• 3d3796c Make library compatible with workers
• 075b354 Fix sync issue with npm lock-file
• 30dbf04 Fix compiling of each block params in strict mode
• e3a5448 Fix bundler issue with webpack 5
• 8e23642 Fix integration-tests issue with npm >= 7
• 88ac068 use https instead of git for mustache submodule