fix(deps): update dependency squirrelly to v9 [security] #30012
+5
−5
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
7.9.2
->9.0.0
GitHub Vulnerability Alerts
CVE-2021-32819
Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in downstream applications. Version 9.0.0 has a fix for this issue. For complete details refer to the referenced GHSL-2021-023.
Release Notes
squirrellyjs/squirrelly (squirrelly)
v9.0.0
: Version 9.0.0Compare Source
TL;DR
The main news in this commit is that the
settings
field in the data object is no longer merged with your configuration. This resolves several security issues.This may cause changes in the way you use Express.js with Squirrelly, since you'll have to configure caching and the views directory for both Express and Squirrelly separately.
Example:
Commits
e1a554b
af6018f
c12418a
dca7a1e
d460cc1
ba66a3f
5d5b2fe
f51c304
6400940
cbdd42f
31833df
9b8afbe
51dd9be
151bbd6
8321eda
75a8687
c7fd5fe
5b5259f
e148698
a9bdfe7
021c6a5
6235b55
d60d325
23008f0
8a6f4fa
96eb062
76c15ca
9967601
ec3ebd6
20664b9
b037db1
19e05ae
50652e6
3710f94
bd9106b
44424c7
09b0dfe
34476cc
f862efe
1ee720c
fdae927
8038a7d
e30a761
df63f2e
72d6125
5744f06
817f325
07c994d
27fadf2
59b4a7f
3d333dd
8318455
v8.0.8
: Version 8.0.8Compare Source
TL;DR
FilterFunction
containers.ts
intocontainer-utils.ts
, and wrote accompanying tests 🎉Commits
0383045
ad6fe3d
d158e64
81c09e9
93d2997
56e8685
d200f89
c1c71d5
4ba4f2b
4fd4a57
08c72d2
bf3e9bd
009073d
db7ef0f
b97041c
82fa1bf
6211864
v8.0.7
: Version 8.0.7Compare Source
TL;DR
Mainly minor updates. One important fix by @futurelucas4502 preventing
renderFile
from erroring if the data argument was undefined or null; see #201.Commits
a5b40f6
b310830
9744133
d15e60a
a62f36f
31d0268
4b9e964
e9a023d
386c3aa
Contributors
v8.0.6
: Version 8.0.6Compare Source
TL;DR
Nothing exciting here, just a little package cleanup! All our dev dependencies are now up-to-date.
Commits
4c66bdc
f15847b
8a65881
20f9a3e
v8.0.5
: Version 8.0.5Compare Source
TL;DR
This release just contains a few quick README updates.
Commits
9a0ee15
519e4ef
v8.0.4
: Version 8.0.4Compare Source
TL;DR
Changes in this release:
e
) is now applied after all other filters by default. See #189 and #198Commits
b61f2b0
623dc42
264c230
1e5d747
0e511f0
f6a4920
5bb49a7
0d647a1
v8.0.3
: Version 8.0.3Compare Source
TL;DR
Just updated the README to add a note about the contributors to Version 7 (who unfortunately aren't listed in the README) and removed the badge for David-DM (which has had downtime problems).
Commits
e2f97a7
v8.0.2
: Version 8.0.2Compare Source
TL;DR
This commit merged #195 (which fixes a compilation error thrown in newer versions of TypeScript), updated dev dependencies, and updated some unit tests to import functions from
index.ts
(to improve test coverage)Commits
4ae327b
2092ec8
57a9a9d
ffd9c9e
0c534bc
e36ad3a
4b9944d
139a9d0
v8.0.1
: Version 8.0.1Compare Source
Commits
0875563
2a0dc7d
v8.0.0
: Version 8Compare Source
Version 8 is now stable!
Thank you to all those who helped with development or gave feedback!
Documentation is at https://squirrelly.js.org
Configuration
📅 Schedule: Branch creation - "" in timezone America/New_York, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.