actions/mise-action
12
0
Fork 0
mirror of https://github.com/jdx/mise-action.git synced 2026-05-14 22:00:34 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

chore(deps): update dependency @types/handlebars to v4.1.0 (#294)

Browse source 
This PR contains the following updates:

| Package | Change | Age | Confidence |
|---|---|---|---|
| [@types/handlebars](https://redirect.github.com/wycats/handlebars.js)
| [`4.0.40` ->
`4.1.0`](https://renovatebot.com/diffs/npm/@types%2fhandlebars/4.0.40/4.1.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fhandlebars/4.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fhandlebars/4.0.40/4.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>wycats/handlebars.js (@&#8203;types/handlebars)</summary>

###
[`v4.1.0`](https://redirect.github.com/wycats/handlebars.js/blob/HEAD/release-notes.md#v410---February-7th-2019)

New Features

- import TypeScript typings -
[`27ac1ee`](27ac1ee)

Security fixes:

- disallow access to the constructor in templates to prevent RCE -
[`42841c4`](42841c4),
[#&#8203;1495](https://redirect.github.com/wycats/handlebars.js/issues/1495)

Housekeeping

- chore: fix components/handlebars package.json and auto-update on
release -
[`bacd473`](bacd473)
- chore: Use node 10 to build handlebars -
[`78dd89c`](78dd89c)
- chore/doc: Add more release docs -
[`6b87c21`](6b87c21)

Compatibility notes:

Access to class constructors (i.e. `({}).constructor`) is now prohibited
to prevent
Remote Code Execution. This means that following construct will no work
anymore:

```
class SomeClass {
}

SomeClass.staticProperty = 'static'

var template = Handlebars.compile('{{constructor.staticProperty}}');
document.getElementById('output').innerHTML = template(new SomeClass());
// expected: 'static', but now this is empty.
```

This kind of access is not the intended use of Handlebars and leads to
the vulnerability described in
[#&#8203;1495](https://redirect.github.com/wycats/handlebars.js/issues/1495).
We will **not** increase the major version, because such use is not
intended or documented, and because of the potential impact of the issue
(we fear that most people won't use a new major version and the issue
may not be resolved on many systems).


[Commits](https://redirect.github.com/handlebars-lang/handlebars.js/compare/v4.0.12...v4.1.0)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on friday" in timezone
America/Chicago, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled because a matching PR was automerged
previously.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNDMuMSIsInVwZGF0ZWRJblZlciI6IjQxLjE1OS40IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This commit is contained in:
renovate[bot] 2025-10-31 09:31:40 -05:00 committed by GitHub
parent 3de8df851d
commit 1a11af3821
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 8 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

12
package-lock.json generated
View file

@ -1901,10 +1901,14 @@
"license": "MIT"
},
"node_modules/@types/handlebars": {
"version": "4.0.40",
"resolved": "https://registry.npmjs.org/@types/handlebars/-/handlebars-4.0.40.tgz",
"integrity": "sha512-sGWNtsjNrLOdKha2RV1UeF8+UbQnPSG7qbe5wwbni0mw4h2gHXyPFUMOC+xwGirIiiydM/HSqjDO4rk6NFB18w==",
"license": "MIT"
"version": "4.1.0",
"resolved": "https://registry.npmjs.org/@types/handlebars/-/handlebars-4.1.0.tgz",
"integrity": "sha512-gq9YweFKNNB1uFK71eRqsd4niVkXrxHugqWFQkeLRJvGjnxsLr16bYtcsG4tOFwmYi0Bax+wCkbf1reUfdl4kA==",
"deprecated": "This is a stub types definition. handlebars provides its own type definitions, so you do not need this installed.",
"license": "MIT",
"dependencies": {
"handlebars": "*"
}
},
"node_modules/@types/istanbul-lib-coverage": {
"version": "2.0.6",