Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: handlebars-lang/handlebars.js
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v4.0.12
Choose a base ref
...
head repository: handlebars-lang/handlebars.js
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v4.1.0
Choose a head ref
  • 11 commits
  • 15 files changed
  • 2 contributors

Commits on Dec 15, 2018

  1. chore/doc: Add more release docs

    @nknapp
    nknapp committed Dec 15, 2018
    Configuration menu
    Copy the full SHA
    6b87c21 View commit details
    Browse the repository at this point in the history

  2. chore: Use node 10 to build handlebars 

    Node 10 is LTS now...
    @nknapp
    nknapp committed Dec 15, 2018
    Configuration menu
    Copy the full SHA
    78dd89c View commit details
    Browse the repository at this point in the history

Commits on Dec 21, 2018

  1. Feat: Import TypeScript typings 

    - Import typings from DefinitelyTyped into repo.
- Update typings header to cite contributors from history and git blame.
- Update package.json to add typings field.
    @timlindvall @nknapp
    timlindvall authored and nknapp committed Dec 21, 2018
    Configuration menu
    Copy the full SHA
    27ac1ee View commit details
    Browse the repository at this point in the history

Commits on Jan 2, 2019

  1. chore: fix components/handlebars package.json and auto-update on release

    @nknapp
    nknapp committed Jan 2, 2019
    Configuration menu
    Copy the full SHA
    bacd473 View commit details
    Browse the repository at this point in the history

Commits on Feb 7, 2019

  1. fix: disallow access to the constructor in templates to prevent RCE 

    This commit fixes a Remote Code Execution (RCE) reported by
npm-security. Access to non-enumerable "constructor"-properties
is now prohibited by the compiled template-code, because this
the first step on the way to creating and execution arbitrary
JavaScript code.
The vulnerability affects systems where an attacker is allowed to
inject templates into the Handlebars setup.
Further details of the attack may be disclosed by npm-security.

Closes #1267
Closes #1495
    @nknapp
    nknapp committed Feb 7, 2019
    2 Configuration menu
    Copy the full SHA
    edc6220 View commit details
    Browse the repository at this point in the history

  2. chore: add .idea and yarn-error.log to .gitignore

    @nknapp
    nknapp committed Feb 7, 2019
    Configuration menu
    Copy the full SHA
    2db0d12 View commit details
    Browse the repository at this point in the history

  3. chore: bump version of grunt-saucelabs

    @nknapp
    nknapp committed Feb 7, 2019
    Configuration menu
    Copy the full SHA
    05e6293 View commit details
    Browse the repository at this point in the history

  4. chore: disable sauce-labs 

    Related to #1497
    @nknapp
    nknapp committed Feb 7, 2019
    Configuration menu
    Copy the full SHA
    ee30222 View commit details
    Browse the repository at this point in the history

  5. test: run appveyor tests in Node 10

    @nknapp
    nknapp committed Feb 7, 2019
    Configuration menu
    Copy the full SHA
    56fc676 View commit details
    Browse the repository at this point in the history

  6. Update release notes

    @nknapp
    nknapp committed Feb 7, 2019
    Configuration menu
    Copy the full SHA
    7bd34fb View commit details
    Browse the repository at this point in the history

  7. v4.1.0

    @nknapp
    nknapp committed Feb 7, 2019
    Configuration menu
    Copy the full SHA
    7caca94 View commit details
    Browse the repository at this point in the history
Loading