Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade mustache from 2.1.3 to 2.3.2 #8

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade mustache from 2.1.3 to 2.3.2 #8

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Apr 5, 2020

Snyk has created this PR to upgrade mustache from 2.1.3 to 2.3.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
  • The recommended version is 5 versions ahead of your current version.
  • The recommended version was released 2 years ago, on 2018-08-17.

The recommended version fixes:

Severity Issue Exploit Maturity
Content Injection due to quoteless attributes
npm:mustache:20151207		 No Known Exploit
Release notes
Package name: mustache
  • 2.3.2 - 2018-08-17

    This release is made to revert changes introduced in 2.3.1 that caused unexpected behaviour for several users.

    Minor

  • 2.3.1 - 2018-08-07

    Minor

    • #643: Writer.prototype.parse to cache by tags in addition to template string, by @raymond-lam.
    • #664: Fix Writer.prototype.parse cache, by @seminaoki.

    Dev

    Docs

    • #644: Document global Mustache.escape overriding capacity, by @paultopia.
    • #657: Correct Mustache.parse() return type documentation, by @bbrooks.
  • 2.3.0 - 2016-11-08

    Minor

    Dev

    Docs

    • #542: Add API documentation to README, by @tomekwi.
    • #546: Add missing syntax highlighting to README code blocks, by @pra85.
    • #569: Update Ctemplate links in README, by @mortonfox.
    • #592: Change "loadUser" to "loadUser()" in README, by @Flaque.
    • #593: Adding doctype to HTML code example in README, by @calvinf.

    Dependencies

    • eslint -> 2.2.0. Breaking changes fix by @phillipj. #548
    • eslint -> 2.5.1.
    • mocha -> 3.0.2.
    • zuul -> 3.11.0.

    Thanks to all the people that contributed to this release!
    Be it issues, comments, changes.. you are awesome! 🎉 😄

    PS: Hope you enjoy the new changelog format! I wanted it to group information in a more useful way, and link to PRs for easy diff viewing. :shipit:

  • 2.2.1 - 2015-12-13

    Fixes

    • Improve HTML escaping, by @phillipj.
    • Fix inconsistency in defining global mustache object, by @simast.
    • Fix switch-case indent error, by @norfish.
    • Unpin chai and eslint versions, by @dasilvacontin.
    • Update README.md with proper grammar, by @EvanLovely.
    • Update mjackson username in README, by @mjackson.
    • Remove syntax highlighting in README code sample, by @imagentleman.
    • Fix typo in README, by @Xcrucifier.
    • Fix link typo in README, by @keirog.
  • 2.2.0 - 2015-10-15

    Added

    • Add Partials support to CLI, by @palkan.

    Changed

    Fixes

    • Fix README spelling error to "aforementioned", by @djchie.
    • Equal error message test in .render() for server and browser, by @phillipj.

    Dependencies

    • chai -> 3.3.0
    • eslint -> 1.6.0
  • 2.1.3 - 2015-07-23

    Added

    • Throw error when providing .render() with invalid template type, by @phillipj.
    • Documents use of string literals containing double quotes, by @jfmercer.

    Changed

    • Move mustache gif to githubusercontent, by @Andersos.

    Fixed

    • Update UMD Shim to be resilient to HTMLElement global pollution, by @mikesherov.
from mustache GitHub release notes
Commit messages
Package name: mustache
  • 49714ba 🚢 bump to version 2.3.2
  • 5acafd3 Fix custom tags by rolling back #643 & #664 (#670)
  • 9578db9 Correct v2.3.1 release date in CHANGELOG.md
  • 9e8035d 🚢 bump to version 2.3.1
  • 2659301 Fix `Rakefile` by deleting refs to removed install tasks
  • e443ada Use ngrok rather than localtunnel when running browser tests (#668)
  • 5bbe25e Fix browser test suite by using Node.js 6 (#667)
  • 0a9999a Install release tools with npm rather than via pre-commit hook (#666)
  • 28ca619 fix bug: cache actually not working (#664)
  • 85a2c2d Readme: Mustache.parse returns an array of Tokens (#657)
  • 3fddfb1 Document global Mustache.escape overriding capacity (#644)
  • b283da5 Merge pull request #643 from raymond-lam/issue617
  • 198a565 fix typo in parse-caching/Mustache.tags test
  • 2465398 Writer.prototype.parse to cache by tags in addition to template string
  • 23beb3a 🚢 bump to version 2.3.0
  • 2f2588a Merge pull request #597 from mightyplow/patch-1
  • 672bbd5 Second shot at having greenkeeper ignore eslint (#610)
  • 1d1a8af add doctype to html template example (#593)
  • 66ff4d9 Run browser tests w/node v4
  • 0180f43 chore(package): update zuul to version 3.11.0 (#594)
  • 1b1a159 chore(package): update mocha to version 3.0.2 (#588)
  • 85fa743 Ignore eslint for greenkeeper updates. (#580)
  • fc5492b return mustache object from factory
  • eae8aa3 Fix #586: Change "loadUser" to "loadUser()" in docs. (#592)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@snyk-bot