profile
viewpoint

push eventmirkojotic/mirkojotic.github.io

Mirko Jotic

commit sha 0647b2a7e6da58bf6df0ab5bb31c9e88ce0f4799

Delete CNAME

view details

push time in 18 days

started1995parham/github-do-not-ban-us

started time in a month

fork mirkojotic/spring-integration-samples

You are looking for examples, code snippets, sample applications for Spring Integration? This is the place.

http://www.springsource.org/spring-integration

fork in a month

push eventmirkojotic/mirkojotic.github.io

Mirko Jotic

commit sha 50aac10ef7afd3fd80a45d773d139bb1956a9d0b

Adding jekyll-feed to plugins in _config.yml

view details

push time in 2 months

push eventmirkojotic/mirkojotic.github.io

Mirko Jotic

commit sha a704b6360671f49cbc0051f135ee4363ac97a7f8

New article able Route Model Binding in Express.js

view details

push time in 2 months

push eventmirkojotic/react-aphrodite-nike

dependabot[bot]

commit sha 652aee0df38ef0db7cdc311db7dee57ec3ce0f82

Bump handlebars from 4.0.6 to 4.1.2 Bumps [handlebars](https://github.com/wycats/handlebars.js) from 4.0.6 to 4.1.2. - [Release notes](https://github.com/wycats/handlebars.js/releases) - [Changelog](https://github.com/wycats/handlebars.js/blob/master/release-notes.md) - [Commits](https://github.com/wycats/handlebars.js/compare/v4.0.6...v4.1.2) Signed-off-by: dependabot[bot] <support@github.com>

view details

Mirko Jotic

commit sha 8d29e360dffc8b743a8772146160129dc407bf17

Merge pull request #1 from mirkojotic/dependabot/npm_and_yarn/handlebars-4.1.2 Bump handlebars from 4.0.6 to 4.1.2

view details

push time in 2 months

PR merged mirkojotic/react-aphrodite-nike

Bump handlebars from 4.0.6 to 4.1.2 dependencies

Bumps handlebars from 4.0.6 to 4.1.2. <details> <summary>Changelog</summary>

Sourced from handlebars's changelog.

v4.1.2 - April 13th, 2019

Chore/Test:

  • #1515 - Port over linting and test for typings (@​zimmi88)
  • chore: add missing typescript dependency, add package-lock.json - 594f1e3
  • test: remove safari from saucelabs - 871accc

Bugfixes:

  • fix: prevent RCE through the "lookup"-helper - cd38583

Compatibility notes:

Access to the constructor of a class thought {{lookup obj "constructor" }} is now prohibited. This closes a leak that only half closed in versions 4.0.13 and 4.1.0, but it is a slight incompatibility.

This kind of access is not the intended use of Handlebars and leads to the vulnerability described in #1495. We will not increase the major version, because such use is not intended or documented, and because of the potential impact of the issue (we fear that most people won't use a new major version and the issue may not be resolved on many systems).

Commits

v4.1.1 - March 16th, 2019

Bugfixes:

  • fix: add "runtime.d.ts" to allow "require('handlebars/runtime')" in TypeScript - 5cedd62

Refactorings:

  • replace "async" with "neo-async" - 048f2ce
  • use "substring"-function instead of "substr" - 445ae12

Compatibility notes:

  • This is a bugfix release. There are no breaking change and no new features.

Commits

v4.1.0 - February 7th, 2019

New Features

  • import TypeScript typings - 27ac1ee

Security fixes:

  • disallow access to the constructor in templates to prevent RCE - 42841c4, #1495

Housekeeping

  • chore: fix components/handlebars package.json and auto-update on release - bacd473
  • chore: Use node 10 to build handlebars - 78dd89c
  • chore/doc: Add more release docs - 6b87c21

</tr></table> ... (truncated) </details> <details> <summary>Commits</summary>

  • 10b5fcf v4.1.2
  • dd0144c Update release notes
  • 594f1e3 chore: add missing typescript dependency, add package-lock.json
  • 871accc test: remove safari from saucelabs
  • cd38583 fix: prevent RCE through the "lookup"-helper
  • c454d94 Merge pull request #1515 from zimmi88/4.x-typings-lint
  • 9cfb5dd Merge pull request #1516 from phil-davis/revert-double-release-notes
  • be44246 Remove triplicate of v4.0.12 release notes
  • 002561b Revert "Update release notes"
  • 3fb6687 Port over linting and test for typings
  • Additional commits viewable in compare view </details> <details> <summary>Maintainer changes</summary>

This version was pushed to npm by knappi, a new releaser for handlebars since your current version. </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

</details>

+36 -13

0 comment

1 changed file

dependabot[bot]

pr closed time in 2 months

more