Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also .

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also .
base repository: handlebars-lang/handlebars.js
base: v4.1.0
Choose a base ref
...
head repository: handlebars-lang/handlebars.js
compare: v4.1.1
Choose a head ref
  • 20 commits
  • 22 files changed
  • 3 contributors

Commits on Feb 7, 2019

  1. fix: disallow access to the constructor in templates to prevent RCE 

    This commit fixes a Remote Code Execution (RCE) reported by
npm-security. Access to non-enumerable "constructor"-properties
is now prohibited by the compiled template-code, because this
the first step on the way to creating and execution arbitrary
JavaScript code.
The vulnerability affects systems where an attacker is allowed to
inject templates into the Handlebars setup.
Further details of the attack may be disclosed by npm-security.

Closes #1267
Closes #1495
    @nknapp
    nknapp committed Feb 7, 2019
    Copy the full SHA
    42841c4 View commit details
    Browse the repository at this point in the history

  2. chore: add .idea and yarn-error.log to .gitignore

    @nknapp
    nknapp committed Feb 7, 2019
    Copy the full SHA
    c6a8fc1 View commit details
    Browse the repository at this point in the history

  3. chore: bump version of grunt-saucelabs

    @nknapp
    nknapp committed Feb 7, 2019
    Copy the full SHA
    dbc50ac View commit details
    Browse the repository at this point in the history

  4. chore: disable sauce-labs 

    Related to #1497
    @nknapp
    nknapp committed Feb 7, 2019
    Copy the full SHA
    f1c8b2e View commit details
    Browse the repository at this point in the history

  5. test: run appveyor tests in Node 10

    @nknapp
    nknapp committed Feb 7, 2019
    Copy the full SHA
    b02e9a2 View commit details
    Browse the repository at this point in the history

  6. Merge branch 'issue-1495' into 4.x

    @nknapp
    nknapp committed Feb 7, 2019
    Copy the full SHA
    1c62d4c View commit details
    Browse the repository at this point in the history

Commits on Feb 18, 2019

  1. test: add test for NodeJS compatibility 

    The test is a simple addition to the existing tests. It should ensure
that the built Handlebars artifact only uses language features that are
available in old versions of NodeJS. A simple program and the
precompiler are started with NodeJS 0.10 to 11
    @nknapp
    nknapp committed Feb 18, 2019
    Copy the full SHA
    b92589a View commit details
    Browse the repository at this point in the history

  2. refactor: replace "async" with "neo-async" 

    The main reason is that neo-async takes a lot less space due to the missing lodash-dependency.
The other is speed.

closes #1431
    @nknapp
    nknapp committed Feb 18, 2019
    Copy the full SHA
    048f2ce View commit details
    Browse the repository at this point in the history

Commits on Feb 19, 2019

  1. Merge pull request #1500 from wycats/neo-async 

    Use `neo-async` instead of `async
    @nknapp
    nknapp committed Feb 19, 2019
    Copy the full SHA
    037bfbf View commit details
    Browse the repository at this point in the history

  2. chore: re-activate saucelabs

    @nknapp
    nknapp committed Feb 19, 2019
    Copy the full SHA
    b2e2cfe View commit details
    Browse the repository at this point in the history

  3. Revert "chore: re-activate saucelabs" 

    This reverts commit b2e2cfe.
    @nknapp
    nknapp committed Feb 19, 2019
    Copy the full SHA
    40fb115 View commit details
    Browse the repository at this point in the history

Commits on Feb 21, 2019

  1. fix: add "runtime.d.ts" to allow "require('handlebars/runtime')" 

    see #1499
    @nknapp
    nknapp committed Feb 21, 2019
    Copy the full SHA
    5cedd62 View commit details
    Browse the repository at this point in the history

Commits on Mar 13, 2019

  1. deprecate substr method and use existing strip function in grammar

    @liqiang372
    liqiang372 committed Mar 13, 2019
    Copy the full SHA
    445ae12 View commit details
    Browse the repository at this point in the history

Commits on Mar 14, 2019

  1. Merge pull request #1504 from liqiang372/deprecate-substr-method 

    deprecate substr method and use existing strip function in grammar
    @nknapp
    nknapp committed Mar 14, 2019
    Copy the full SHA
    4108b83 View commit details
    Browse the repository at this point in the history

Commits on Mar 15, 2019

  1. test: make security testcase internet explorer compatible 

    Internet Explorer does not support the 'class Testclass {}' notation,
and tests are not compiled using babel.

closes #1497
    @nknapp
    nknapp committed Mar 15, 2019
    Copy the full SHA
    7840ab6 View commit details
    Browse the repository at this point in the history

  2. chore: reactivate saucelabs-tests

    @nknapp
    nknapp committed Mar 15, 2019
    Copy the full SHA
    684f103 View commit details
    Browse the repository at this point in the history

  3. Merge pull request #1511 from wycats/saucelabs 

    Fix Saucelabs tests
    @nknapp
    nknapp committed Mar 15, 2019
    Copy the full SHA
    aef7287 View commit details
    Browse the repository at this point in the history

Commits on Mar 16, 2019

  1. Update release notes

    @nknapp
    nknapp committed Mar 16, 2019
    Copy the full SHA
    e5c3937 View commit details
    Browse the repository at this point in the history

  2. Update release notes

    @nknapp
    nknapp committed Mar 16, 2019
    Copy the full SHA
    25b2e11 View commit details
    Browse the repository at this point in the history

  3. v4.1.1

    @nknapp
    nknapp committed Mar 16, 2019
    Copy the full SHA
    f691db5 View commit details
    Browse the repository at this point in the history