chore(deps): bump dustjs-linkedin from 2.7.5 to 3.0.0

[dependabot]

Bumps dustjs-linkedin from 2.7.5 to 3.0.0.

Release notes

Sourced from dustjs-linkedin's releases.

v3.0.0

What's Changed

• Bump deps by @​sethkinast in linkedin/dustjs#734
• Prioritize resolution of .then by @​brianmhunt in linkedin/dustjs#736
• Don't use instanceof to determine if a Context is a Context by @​sethkinast in linkedin/dustjs#744
• place location provided by peg 0.9 onto the AST by @​jimmyhchan in linkedin/dustjs#706
• {?exists} and {^exists} now supports values from a promise by @​samuelms1 in linkedin/dustjs#753
• Decrease security vulnerabilities by upgrading cli dependency (#754 #748) by @​danactive in linkedin/dustjs#756
• fix: Security bug about prototype pollution by @​sumeetkakkar in linkedin/dustjs#805

New Contributors

• @​brianmhunt made their first contribution in linkedin/dustjs#736
• @​samuelms1 made their first contribution in linkedin/dustjs#753
• @​danactive made their first contribution in linkedin/dustjs#756
• @​sumeetkakkar made their first contribution in linkedin/dustjs#805

Full Changelog: linkedin/dustjs@v2.7.2...v3.0.0

Changelog

Sourced from dustjs-linkedin's changelog.

v3.0.0 (2021/10/20 22:56 +00:00)

• #805 fix: Security bug about prototype pollution (@​sumeetkakkar)

list (2016/12/08 20:15 +00:00)

• #756 Decrease security vulnerabilities by upgrading cli dependency (#754 #748) (@​danactive)
• #753 {?exists} and {^exists} resolve Promises and check if the result exists (#753) (@​samuelms1)

v2.7.4 (2016/09/13 02:52 +00:00)

• #744 Don't use instanceof to determine if a Context is a Context. Instead use a flag on the instance itself so it can survive object merges. (@​sethkinast)

v2.6.3 (2016/07/26 18:03 +00:00)

• #736 Prioritize resolution of .then (@​brianmhunt)
• #735 Prioritize .then on thenable functios (#735) (@​brianmhunt)
• #734 Bump deps (@​sethkinast)
• #703 Upgrade to peg.js 0.9 (@​sethkinast)
• #705 When rendering with a Context object, use the templateName provided by the template (@​sethkinast)
• #701 Fix stacktrace logging for IE8 (@​sethkinast)
• #700 At DEBUG loglevel, log the full stack trace on errors (@​r1b)
• #690 Update deps (@​sethkinast)
• #689 Make the AMD loader pass the template directly rather than communicating via the cache (@​aredridel)

v2.7.2 (2015/06/08 20:41 +00:00)

• #673 Pass the current context to filters (@​sethkinast)
• #676 If a Promise is resolved with an array, iterate over it instead of rendering the whole array at once.

Closes #674 (@​sethkinast)

• #647 Allow helpers to return primitives

Previously returning a primitive would crash rendering with no way to recover. You can still return a Chunk and do more complex work if you need to.

Helpers act like references or sections depending on if they have a body. When they have no body, they act like a reference and look in params.filters for filters to use. When they have a body, they act like a section. You can return thenables and streams normally.

{@​return value="" filters="|s" /} {@​return value=""}{.} World{/return}

Closes #645 (@​sethkinast)

• #664 Be slightly pickier about what Dust thinks a Stream is.

Closes #663 (@​sethkinast)

• #661 Add saucelabs integration (@​sethkinast)
• #658 Refactor testing frameworks

Closes #649 Closes #602 Closes #642 (@​sethkinast)

• #660 Grammar: s/char/character/ to avoid using a reserved name

Closes #659 (@​sethkinast)

v2.7.1 (2015/04/30 20:32 +00:00)

• #655 Update CommonJS example to make use of new onLoad behavior (@​sethkinast)
• #653 Fix array iteration when context is undefined (@​sethkinast)
• #641 Add a cb(null, compiledTemplate) signature to dust.onLoad

Calling the onLoad callback with a compiled template function will use this template to satisfy the load request. The template is not automatically registered under any name when passed to the callback, so the onLoad function should handle registration as it needs.

dust.cache behavior has been changed slightly. Before, setting it to false would blow away the entire cache on every render. Now, setting it to false just prevents new templates from being added and cached templates from being used, but if it's set to true again previously-cached templates will be ready to use. (@​sethkinast)

• #650 Pin [email protected] for grunt-jasmine-nodejs (@​sethkinast)
• #646 Update AMD and CommonJS examples (@​sethkinast)
• #637 CommonJS example (@​sethkinast)
• #638 Preserve compiler backwards compatibility with pre-2.7 versions (@​sethkinast)
• #639 Fix failing test on Windows (@​sethkinast)

v2.7.0 (2015/04/17 23:23 +00:00)

• #636 Fix failing tests in IE8 (@​sethkinast)
• #633 Drop Node 0.8 (@​sethkinast)
• #635 Resolve dynamic partial names via original context (@​sethkinast)
• #631 Try to avoid creating Stacks with no content when possible (@​sethkinast)
• #613 Refactor template compilation

• dust.render and dust.stream now accept a compiled template function in addition to a template name.
• dust.compile no longer requires a template name, and will compile an anonymous template without one (so --name is no longer required for dustc either)
• dust.load is removed from the public API
• dust.renderSource is moved to the compiler, so it's only included in dust-full now (Fixes #412)
• dust.compileFn is moved to the compiler, so it's only included in dust-full now
• add dust.isTemplateFn
• add dust.config.cache = true, set to false to disable caching and load templates again every time (Fixes #451)
• add dust.config.cjs = false, set to true to compile templates as CommonJS modules
• add --cjs flag to dustc
• Move a bunch of exposed compiler stuff under dust.compiler (but leave it exposed until 2.8) (@​sethkinast)

• #624 dustc always creates templates with forward slashes (@​sethkinast)
• #617 Add chunk.stream to allow streamables in context (@​sethkinast)
• #610 clean up PEG grammar a little bit (@​sethkinast)
• #622 Fix behavior of Context#resolve when resolving a context function that returns a Chunk (@​sethkinast)

... (truncated)

Commits

• 2e8795c Release v3.0.0
• 6f98371 merge from 2.7
• db6d8b9 Merge pull request #805 from sumeetkakkar/fix/proto-pollution
• ddb6523 fix for prototype pollution vulnerability
• e0e25f7 Merge pull request #756 from danactive/master
• eeb1c17 Decrease security vulnerabilities by upgrading cli dependency (#754 #748)
• d485a72 {?exists} and {^exists} resolve Promises and check if the result exists (#753)
• 43c0831 place location provided by peg 0.9 onto the AST
• 07b73b3 Merge pull request #744 from sethkinast/is-context
• ae69314 Don't use instanceof to determine if a Context is a Context
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by krakenjs, a new releaser for dustjs-linkedin since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

[mikaello]

Duplicate of #100

This cannot be merged because of:

This update seems to work after manual testing, but it does break the peer requirement from dustjs-helper: warning " > [email protected]" has incorrect peer dependency "[email protected] - 2.8".

See also issue LinkedInAttic/dustjs-helpers#148

Ref #35 (comment)

[mikaello]

This cannot be merged because of:

This update seems to work after manual testing, but it does break the peer requirement from dustjs-helper: warning " > [email protected]" has incorrect peer dependency "[email protected] - 2.8".

See also issue LinkedInAttic/dustjs-helpers#148

See MR #100

@dependabot ignore this major version

[dependabot]

OK, I won't notify you about version 3.x.x again, unless you re-open this PR. 😢