Skip to content

[Snyk] Upgrade mustache from 2.2.1 to 4.0.1 #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
snyk-bot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade mustache from 2.2.1 to 4.0.1 #3

snyk-bot wants to merge 1 commit into from

Conversation

@snyk-bot
Copy link

@snyk-bot snyk-bot commented Dec 10, 2020

Snyk has created this PR to upgrade mustache from 2.2.1 to 4.0.1.

merge advice
✨ Snyk has automatically assigned this pull request, set who gets assigned.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 13 versions ahead of your current version.
  • The recommended version was released 9 months ago, on 2020-03-15.
Release notes
Package name: mustache
  • 4.0.1 - 2020-03-15

    🚢 bump to version 4.0.1

  • 4.0.0 - 2020-01-16

    🚢 bump to version 4.0.0

  • 3.2.1 - 2019-12-30

    🚢 bump to version 3.2.1

  • 3.2.0 - 2019-12-18

    🚢 bump to version 3.2.0

  • 3.2.0-beta.0 - 2019-12-07
  • 3.1.0 - 2019-09-13

    Added

    Fixed

  • 3.0.3 - 2019-08-27

    🚢 bump to version 3.0.3

  • 3.0.2 - 2019-08-21

    Fixed

    Dev

    • #701: Fix test failure for Node 10 and above, by @ andersk.
    • #704: Lint all test files just like the source files, by @ phillipj.
    • Start experimenting & comparing GitHub Actions vs Travis CI, by @ phillipj.
  • 3.0.1 - 2018-11-11

    #679: Fix partials not rendering tokens when using custom tags, by @ stackchain.

  • 3.0.0 - 2018-09-16

    3.0.0 / 16 September 2018

    We are very happy to announce a new major version of mustache.js. We want to be very careful not to break projects out in the wild, and adhering to Semantic Versioning we have therefore cut this new major version.

    The changes introduced will likely not require any actions for most using projects. The things to look out
    for that might cause unexpected rendering results are described in the migration guide below.

    A big shout out and thanks to @ raymond-lam for this release! Without his contributions with code and
    issue triaging, this release would never have happened.

    Major

    • #618: Allow rendering properties of primitive types that are not objects, by @ raymond-lam.
    • #643: Writer.prototype.parse to cache by tags in addition to template string, by @ raymond-lam.
    • #664: Fix Writer.prototype.parse cache, by @ seminaoki.

    Minor

    Migrating from mustache.js v2.x to v3.x

    Rendering properties of primitive types

    We have ensured properties of primitive types can be rendered at all times. That means Array.length, String.length and similar. A corner case where this could cause unexpected output follows:

    View:

    {
  stooges: [
    { name: "Moe" },
    { name: "Larry" },
    { name: "Curly" }
  ]
}

    Template:

    {{#stooges}}
  {{name}}: {{name.length}} characters
{{/stooges}}

    Output with v3.0:

      Moe: 3 characters
  Larry: 5 characters
  Curly: 5 characters

    Output with v2.x:

      Moe:  characters
  Larry:  characters
  Curly:  characters

    Caching for templates with custom delimiters

    We have improved the templates cache to ensure custom delimiters are taken into consideration for the
    cache. This improvement might cause unexpected rendering behaviour for using projects actively using the custom delimiters functionality.

    Previously it was possible to use Mustache.parse() as a means to set global custom delimiters. If custom
    delimiters were provided as an argument, it would affect all following calls to Mustache.render().
    Consider the following:

    const template = "[[item.title]] [[item.value]]";
mustache.parse(template, ["[[", "]]"]);

    console.log(
    
mustache.render(template, {
    
item: {
    
title: "TEST",
    
value: 1
    
}
    
})
    
);
    

    >> TEST 1

    The above illustrates the fact that Mustache.parse() made mustache.js cache the template without
    considering the custom delimiters provided. This is no longer true.

    We no longer encourage using Mustache.parse() for this purpose, but have rather added a fourth argument to Mustache.render() letting you provide custom delimiters when rendering.

    If you still need the pre-parse the template and use custom delimiters at the same time, ensure to provide
    the custom delimiters as argument to Mustache.render() as well.

  • 2.3.2 - 2018-08-17

    This release is made to revert changes introduced in 2.3.1 that caused unexpected behaviour for several users.

    Minor

  • 2.3.1 - 2018-08-07
  • 2.3.0 - 2016-11-08
  • 2.2.1 - 2015-12-13
from mustache GitHub release notes
Commit messages
Package name: mustache
  • 1de94bb 🚢 bump to version 4.0.1
  • f3bd888 Fix custom delimiters in nested partials (#739)
  • aca97b8 🚢 bump to version 4.0.0
  • f3012a2 Remove mustache.to_html() (#735)
  • 5938104 Use fetched template in usage example
  • 3bdd27c Add a section about TypeScript defs in README
  • 7f94f13 Move CLI and contribute section down in README
  • 39ee6ff Point out it's a zero-dependency package in README
  • c41045b Removing the rtype API definitions from README
  • bd742d5 Add response.text() from fetch() in README example
  • 185fd6b Update usage examples to not include jQuery
  • e77fc7c Allow template caching to be customised (#731)
  • 8e52a4a 🚢 bump to version 3.2.1
  • aaaa94f Allow JavaScript views to have the .cjs suffix.
  • 70d3e7e 🚢 bump to version 3.2.0
  • 492d683 🚢 bump to version 3.2.0-beta.0
  • f8d7a8d Improve pre-commit hook keeping version in sync to handle beta versions
  • 86fa37d Bump .version in mustache.js in git hook when version has changed
  • e0a3631 Add CI test verifying native ES Module usage for Node.js
  • ddad1a7 Add CI test to verify build output is in sync with source (.js vs .mjs)
  • b72d1a3 Add CI test verifying Mustache works with Deno
  • c28d73b Make mustache.mjs work with Deno
  • f25abbe Introduce build step to generate `.js | .min.js` from `.mjs`
  • b523b16 Turn source code into a plain ES module without UMD wrapper

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

👩‍💻 Set who automatically gets assigned

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@snyk-bot