Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency nunjucks to ^3.2.4 (master) #27

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency nunjucks to ^3.2.4 (master) #27

wants to merge 1 commit into from

Conversation

mend-for-github-com[bot]
Copy link

@mend-for-github-com mend-for-github-com bot commented Apr 30, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change
nunjucks dependencies minor ^3.0.0 -> ^3.2.4

By merging this PR, the issue #25 will be automatically resolved and closed:

Severity CVSS Score CVE Reachability
Medium Medium 6.1 CVE-2023-2142

Release Notes

mozilla/nunjucks (nunjucks)

v3.2.4

Compare Source

  • HTML encode backslashes when expressions are passed through the escape
    filter (including when this is done automatically with autoescape). Merge
    of #​1437.

v3.2.3

Compare Source

  • Add support for nested attributes on
    sort filter;
    respect throwOnUndefined if sort attribute is undefined.
  • Add base arg to
    int filter.
  • Move chokidar to peerDependencies and mark it optional in peerDependenciesMeta.
  • Fix prototype pollution issue for template variables. Merge of
    #​1330; fixes
    #​1331. Thanks
    ChenKS12138!

v3.2.2

Compare Source

  • Add select and
    reject filters.
    Merge of #​1278 and
    #​1279; fixes
    #​282. Thanks
    ogonkov!
  • Fix precompile binary script TypeError: name.replace is not a function.
    Fixes #​1295.
  • Add support for nested attributes on
    groupby filter;
    respect throwOnUndefined option, if the groupby attribute is undefined.
    Merge of #​1276; fixes
    #​1198. Thanks
    ogonkov!
  • Fix bug that prevented errors in included templates from being raised when
    rendering templates synchronously. Fixes
    #​1272.
  • The indent filter no longer appends an additional newline. Fixes
    #​1231.

v3.2.1

Compare Source

  • Replace yargs with commander to reduce number of dependencies. Merge of
    #​1253. Thanks
    AlynxZhou.
  • Update optional dependency chokidar from ^2.0.0 to ^3.3.0. Merge of
    #​1254. Thanks
    eklingen.
  • Prevent optional dependency Chokidar from loading when not watching. Merge
    of #​1250. Thanks
    eklingen.

v3.2.0

Compare Source

v3.1.7

Compare Source

  • Fix bug where exceptions were silently swallowed with synchronous render.
    Fixes #​678,
    #​1116,
    #​1127, and
    #​1164

  • Removes deprecated postinstall-build package in favor of
    npm prepare.
    Merge of #​1172.
    Fixes #​1167.

    • Note: this means that npm@5 or later is required to install nunjucks
      directly from github.

v3.1.6

Compare Source

No code changes; fixed npm packaging issue.

v3.1.4

Compare Source

  • Fix engine version for Node v11.1.0
  • Fix "Unexpected token" error for U+2028 unicode newline. Fixes #​126 and #​736

v3.1.3

Compare Source

  • Add forceescape filter. Fixes #​782

  • Fix regression that prevented template errors from reporting line and column number.
    Fixes #​1087 and
    #​1095.

  • Fix "Invalid type: Is" error for {% if value is defined %}. Fixes
    #​1110

  • Formally drop support for node v4 (the upgrade to babel 7 in 3.1.0 made the
    build process incompatible with node < 6.9.0).

v3.1.2

Compare Source

  • Fix regression to make chokidar an optional dependency again. Fixes
    #​1073
  • Fix issue when running npm install nunjucks with the --no-bin-links flag
  • Fix regression that broke template caching. Fixes
    #​1074

v3.1.0

Compare Source

  • Support nunjucks.installJinjaCompat() with slim build. Fixes
    #​1019

  • Fix calling render callback twice when a conditional import throws an error.
    Solves #​1029

  • Support objects created with Object.create(null). fixes #​468

  • Support ESNext iterators, using Array.from. Merge of
    #​1058

v3.0.1

Compare Source

  • Fix handling methods and attributes of static arrays, objects and primitives.
    Solves the issue #​937

  • Add support for python-style array slices with Jinja compat enabled.
    Fixes #​188; merge of
    #​976.

  • Fix call blocks having access to their parent scope. Fixes
    #​906; merge of
    #​994.

  • Fix a bug that caused capturing block tags (e.g. set/endset,
    filter/endfilter) to write to the global buffer rather than capturing
    their contents. Fixes
    #​914 and
    #​972; merge of
    #​990. Thanks Noah
    Lange    .

  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Apr 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by Mend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants