All Versions
72
Latest Version
Avg Release Cycle
9 days
Latest Release
52 days ago

Changelog History
Page 1

  • v4.7.6

    April 03, 2020

    Chore/Housekeeping:

    Compatibility notes:

    • ⏪ Restored Node.js compatibility

    Commits

  • v4.7.5

    April 02, 2020

    Chore/Housekeeping:

    • ⏪ ~Node.js version support has been changed to v6+~ Reverted in 4.7.6

    Compatibility notes:

    • ⏪ ~Node.js < v6 is no longer supported~ Reverted in 4.7.6

    Commits

  • v4.7.4

    March 31, 2020

    Chore/Housekeeping:

    Compatibility notes:

    • No incompatibilities are to be expected

    Commits

  • v4.7.3

    February 05, 2020

    Chore/Housekeeping:

    • #1644 - Download links to aws broken on handlebarsjs.com - access denied (@Tea56)
    • 🛠 Fix spelling and punctuation in changelog - d78cc73

    🛠 Bugfixes:

    • ➕ Add Type Definition for Handlebars.VERSION, Fixes #1647 - 4de51fe
    • 📦 Include Type Definition for runtime.js in Package - a32d05f

    Compatibility notes:

    • No incompatibilities are to be expected

    Commits

  • v4.7.2

    January 13, 2020

    🛠 Bugfixes:

    • 🛠 fix: don't wrap helpers that are not functions - 9d5aa36, #1639

    🏗 Chore/Build:

    • chore: execute saucelabs-task only if access-key exists - a4fd391

    Compatibility notes:

    • No breaking changes are to be expected

    Commits

  • v4.7.1

    January 12, 2020

    🛠 Bugfixes:

    • 🛠 fix: fix log output in case of illegal property access - f152dfc
    • 🛠 fix: log error for illegal property access only once per property - 3c1e252

    Compatibility notes:

    • no incompatibilities are to be expected.

    Commits

  • v4.7.0

    January 10, 2020

    🔋 Features:

    • 0️⃣ feat: default options for controlling proto access - 7af1c12, #1635
      • This makes it possible to disable the prototype access restrictions added in 4.6.0
      • an error is logged in the console, if access to prototype properties is attempted and denied and no explicit configuration has taken place.

    Compatibility notes:

    • no compatibilities are expected

    Commits

  • v4.6.0

    January 08, 2020

    🔋 Features:

    • feat: access control to prototype properties via whitelist (#1633)- d03b6ec

    🛠 Bugfixes:

    • 🛠 fix(runtime.js): partials compile not caching (#1600) - 23d58e7

    📄 Chores, docs:

    • ♻️ various refactorings and improvements to tests - d7f0dcf, 187d611, d337f40
    • 🏗 modernize the build-setup
      • use prettier to format and eslint to verify - c40d9f3, 8901c28, e97685e, 1f61f21
      • use nyc instead of istanbul to collect coverage - 164b7ff, 1ebce2b
      • update build code to use modern javascript and make it cleaner - 14b621c, 1ec1737, 3a5b65e, dde108e, 04b1984, 587e7a3
      • restructur build commands - e913dc5,
    • 👕 eslint rule changes - ac4655e, dc54952
    • ⚡️ Update (C) year in the LICENSE file - d1fb07b
    • chore: try to fix saucelabs credentials (#1627) -
    • ⚡️ Update readme.md with updated links (#1620) - edcc84f

    💥 BREAKING CHANGES:

    • 0️⃣ access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.

    That is why we only bump the minor version despite mentioning breaking changes.

    Commits

  • v4.5.3

    November 18, 2019

    🛠 Bugfixes:

    • 🛠 fix: add "no-prototype-builtins" eslint-rule and fix all occurences - f7f05d7
    • 🛠 fix: add more properties required to be enumerable - 1988878

    🏗 Chores / Build:

    • 🛠 fix: use !== 0 instead of != 0 - c02b05f
    • ➕ add chai and dirty-chai and sinon, for cleaner test-assertions and spies, deprecate old assertion-methods - 93e284e, 886ba86, 0817dad, 93516a0

    🔒 Security:

    • The properties __proto__, __defineGetter__, __defineSetter__ and __lookupGetter__ have been added to the list of "properties that must be enumerable". If a property by that name is found and not enumerable on its parent, it will silently evaluate to undefined. This is done in both the compiled template and the "lookup"-helper. This will prevent new Remote-Code-Execution exploits that have been published recently.

    Compatibility notes:

    • 🔒 Due to the security-fixes. The semantics of the templates using __proto__, __defineGetter__, __defineSetter__ and __lookupGetter__ in the respect that those expression now return undefined rather than their actual value from the proto.
    • The semantics have not changed in cases where the properties are enumerable, as in:
    {
      __proto__: 'some string'
    }
    
    • The change may be breaking in that respect, but we still only increase the patch-version, because the incompatible use-cases are not intended, undocumented and far less important than fixing Remote-Code-Execution exploits on existing systems.

    Commits

  • v4.5.2

    November 13, 2019