build(deps): bump the npm_and_yarn group across 1 directory with 17 updates

[dependabot]

Bumps the npm_and_yarn group with 15 updates in the / directory:

Package	From	To
express	4.16.2	4.19.2
grunt	1.0.1	1.5.3
cookiejar	2.1.1	2.1.4
diff	3.3.1	5.0.0
mocha	4.1.0	10.4.0
extend	3.0.1	3.0.2
lodash	3.7.0	4.17.21
jshint	2.9.5	2.9.7
handlebars	4.0.11	4.7.8
js-yaml	3.5.5	3.14.1
minimist	1.2.0	1.2.8
handlebars	4.0.11	4.7.8
mkdirp	0.5.1	0.5.6
qs	6.5.1	6.12.1
shelljs	0.3.0	removed
grunt-contrib-jshint	1.1.0	3.2.0

Updates express from 4.16.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• deps: qs@6.11.0

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates grunt from 1.0.1 to 1.5.3

Release notes

Sourced from grunt's releases.

v1.5.3

• Merge pull request #1745 from gruntjs/fix-copy-op 572d79b
• Patch up race condition in symlink copying. 58016ff
• Merge pull request #1746 from JamieSlome/patch-1 0749e1d
• Create SECURITY.md 69b7c50

gruntjs/grunt@v1.5.2...v1.5.3

v1.5.2

• Update Changelog 7f15fd5
• Merge pull request #1743 from gruntjs/cleanup-link b0ec6e1
• Clean up link handling 433f91b

gruntjs/grunt@v1.5.1...v1.5.2

v1.5.1

• Merge pull request #1742 from gruntjs/update-symlink-test ad22608
• Fix symlink test 0652305

gruntjs/grunt@v1.5.0...v1.5.1

v1.5.0

• Updated changelog b2b2c2b
• Merge pull request #1740 from gruntjs/update-deps-22-10 3eda6ae
• Update testing matrix 47d32de
• More updates 2e9161c
• Remove console log 04b960e
• Update dependencies, tests... aad3d45
• Merge pull request #1736 from justlep/main fdc7056
• support .cjs extension e35fe54

gruntjs/grunt@v1.4.1...v1.5.0

v1.4.1

• Update Changelog e7625e5
• Merge pull request #1731 from gruntjs/update-options 5d67e34
• Fix ci install d13bf88
• Switch to Actions 08896ae
• Update grunt-known-options eee0673
• Add note about a breaking change 1b6e288

gruntjs/grunt@v1.4.0...v1.4.1

v1.4.0

• Merge pull request #1728 from gruntjs/update-deps-changelog 63b2e89
• Update changelog and util dep 106ed17
• Merge pull request #1727 from gruntjs/update-deps-apr 49de70b
• Update CLI and nodeunit 47cf8b6
• Merge pull request #1722 from gruntjs/update-through e86db1c
• Update deps 4952368

... (truncated)

Changelog

Sourced from grunt's changelog.

v1.5.3 date: 2022-04-23 changes: - Patch up race condition in symlink copying. v1.5.2 date: 2022-04-12 changes: - Unlink symlinks when copy destination is a symlink. v1.5.1 date: 2022-04-11 changes: - Fixed symlink destination handling. v1.5.0 date: 2022-04-10 changes: - Updated dependencies. - Add symlink handling for copying files. v1.4.1 date: 2021-05-24 changes: - Fix --preload option to be a known option - Switch to GitHub Actions v1.4.0 date: 2021-04-21 changes: - Security fixes in production and dev dependencies - Liftup/Liftoff upgrade breaking change. Update your scripts to use --preload instead of --require. Ref: gulpjs/liftoff@e7a969d. v1.3.0 date: 2020-08-18 changes: - Switch to use safeLoad for loading YML files via file.readYAML. - Upgrade legacy-log to ~3.0.0. - Upgrade legacy-util to ~2.0.0. v1.2.1 date: 2020-07-07 changes: - Remove path-is-absolute dependency. (PR: gruntjs/grunt#1715) v1.2.0 date: 2020-07-03 changes: - Allow usage of grunt plugins that are located in any location that is visible to Node.js and NPM, instead of node_modules directly inside package that have a dev dependency to these plugins. (PR: gruntjs/grunt#1677) - Removed coffeescript from dependencies. To ease transition, if coffeescript is still around, Grunt will attempt to load it. If it is not, and the user loads a CoffeeScript file, Grunt will print a useful error indicating that the coffeescript package should be installed as a dev dependency.

... (truncated)

Commits

• 82d79b8 1.5.3
• 572d79b Merge pull request #1745 from gruntjs/fix-copy-op
• 58016ff Patch up race condition in symlink copying.
• 0749e1d Merge pull request #1746 from JamieSlome/patch-1
• 69b7c50 Create SECURITY.md
• ac667b2 1.5.2
• 7f15fd5 Update Changelog
• b0ec6e1 Merge pull request #1743 from gruntjs/cleanup-link
• 433f91b Clean up link handling
• d5969ec 1.5.1
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by vladikoff, a new releaser for grunt since your current version.

Updates cookiejar from 2.1.1 to 2.1.4

Commits

• See full diff in compare view

Updates diff from 3.3.1 to 5.0.0

Changelog

Sourced from diff's changelog.

v5.0.0

• Breaking: UMD export renamed from JsDiff to Diff.
• Breaking: Newlines separated into separate tokens for word diff.
• Breaking: Unified diffs now match "quirks"

Commits

v4.0.1 - January 6th, 2019

• Fix main reference path - b826104

Commits

v4.0.0 - January 5th, 2019

• #94 - Missing "No newline at end of file" when comparing two texts that do not end in newlines (@​federicotdn)
• #227 - Licence
• #199 - Import statement for jsdiff
• #159 - applyPatch affecting wrong line number with with new lines
• #8 - A new state "replace"
• Drop ie9 from karma targets - 79c31bd
• Upgrade deps. Convert from webpack to rollup - 2c1a29c
• Make ()[]"' as word boundaries between each other - f27b899
• jsdiff: Replaced phantomJS by chrome - ec3114e
• Add yarn.lock to .npmignore - 29466d8

Compatibility notes:

• Bower and Component packages no longer supported

Commits

v3.5.0 - March 4th, 2018

• Omit redundant slice in join method of diffArrays - 1023590
• Support patches with empty lines - fb0f208
• Accept a custom JSON replacer function for JSON diffing - 69c7f0a
• Optimize parch header parser - 2aec429
• Fix typos - e89c832

Commits

v3.4.0 - October 7th, 2017

• #183 - Feature request: ability to specify a custom equality checker for diffArrays
• #173 - Bug: diffArrays gives wrong result on array of booleans
• #158 - diffArrays will not compare the empty string in array?
• comparator for custom equality checks - 30e141e
• count oldLines and newLines when there are conflicts - 53bf384

... (truncated)

Commits

• d358a57 5.0.0
• 4428de9 Remove dead code
• 7dbf2ea Update release notes for 5.0.0
• c64d178 Update to match quirks of unified diff format (#297)
• e47ca0a Upgrade security flagged deps
• 5aa499b Fix README.md (#300)
• a2ce567 Upgrade major deps
• 8c7a4ab Upgrade minor deps (#295)
• 4e41f90 Upgrade old Karma libs (#294)
• a58c580 Remove grunt-clean
• Additional commits viewable in compare view

Updates mocha from 4.1.0 to 10.4.0

Release notes

Sourced from mocha's releases.

v10.4.0

10.4.0 / 2024-03-26

🎉 Enhancements

• #4829 feat: include .cause stacks in the error stack traces (@​voxpelli)
• #4985 feat: add file path to xunit reporter (@​bmish)

🐛 Fixes

• #5074 fix: harden error handling in lib/cli/run.js (@​stalet)

🔩 Other

• #5077 chore: add mtfoley/pr-compliance-action (@​JoshuaKGoldberg)
• #5060 chore: migrate ESLint config to flat config (@​JoshuaKGoldberg)
• #5095 chore: revert #5069 to restore Netlify builds (@​voxpelli)
• #5097 docs: add sponsored to sponsorship link rels (@​JoshuaKGoldberg)
• #5093 chore: add 'status: in triage' label to issue templates and docs (@​JoshuaKGoldberg)
• #5083 docs: fix CHANGELOG.md headings to start with a root-level h1 (@​JoshuaKGoldberg)
• #5100 chore: fix header generation and production build crashes (@​JoshuaKGoldberg)
• #5104 chore: bump ESLint ecmaVersion to 2020 (@​JoshuaKGoldberg)
• #5116 fix: eleventy template builds crash with 'unexpected token at ": string, msg..."' (@​LcsK)
• #4869 docs: fix documentation concerning glob expansion on UNIX (@​binki)
• #5122 test: fix xunit integration test (@​voxpelli)
• #5123 chore: activate dependabot for workflows (@​voxpelli)
• #5125 build(deps): bump the github-actions group with 2 updates (@​dependabot)

v10.3.0

This is a stable release equivalent to v10.3.0-preminor.0.

What's Changed

• Fix deprecated warn gh actions by @​outsideris in mochajs/mocha#4962
• fix #4837 Update glob due to vulnerability in dep by @​jb2311 in mochajs/mocha#4970
• Add Node v19 to test matrix by @​juergba in mochajs/mocha#4974
• chore: fix the ci by @​Uzlopak in mochajs/mocha#5020
• update can-i-use by @​Uzlopak in mochajs/mocha#5021
• chore: remove uuid dev dependency by @​Uzlopak in mochajs/mocha#5022
• chore: remove nanoid as dependency by @​Uzlopak in mochajs/mocha#5024
• chore: remove touch as dev dependency by @​Uzlopak in mochajs/mocha#5023
• chore: remove stale workflow by @​JoshuaKGoldberg in mochajs/mocha#5029
• docs: fix fragment ID for yargs' "extends" documentation by @​Spencer-Doak in mochajs/mocha#4918
• docs: use mocha.js instead of mocha in the example run by @​nikolas in mochajs/mocha#4927
• docs: fix jsdoc return type of titlePath method by @​F3n67u in mochajs/mocha#4886
• docs: overhaul contributing and maintenance docs for end-of-year 2023 by @​JoshuaKGoldberg in mochajs/mocha#5038
• docs: touchups to labels and a template title post-revamp by @​JoshuaKGoldberg in mochajs/mocha#5050
• fix: add alt text to Built with Netlify badge by @​JoshuaKGoldberg in mochajs/mocha#5068
• chore: inline nyan reporter's write function by @​JoshuaKGoldberg in mochajs/mocha#5056
• chore: remove unnecessary canvas dependency by @​JoshuaKGoldberg in mochajs/mocha#5069

... (truncated)

Changelog

Sourced from mocha's changelog.

10.4.0 / 2024-03-26

🎉 Enhancements

• #4829 feat: include .cause stacks in the error stack traces (@​voxpelli)
• #4985 feat: add file path to xunit reporter (@​bmish)

🐛 Fixes

• #5074 fix: harden error handling in lib/cli/run.js (@​stalet)

🔩 Other

• #5077 chore: add mtfoley/pr-compliance-action (@​JoshuaKGoldberg)
• #5060 chore: migrate ESLint config to flat config (@​JoshuaKGoldberg)
• #5095 chore: revert #5069 to restore Netlify builds (@​voxpelli)
• #5097 docs: add sponsored to sponsorship link rels (@​JoshuaKGoldberg)
• #5093 chore: add 'status: in triage' label to issue templates and docs (@​JoshuaKGoldberg)
• #5083 docs: fix CHANGELOG.md headings to start with a root-level h1 (@​JoshuaKGoldberg)
• #5100 chore: fix header generation and production build crashes (@​JoshuaKGoldberg)
• #5104 chore: bump ESLint ecmaVersion to 2020 (@​JoshuaKGoldberg)
• #5116 fix: eleventy template builds crash with 'unexpected token at ": string, msg..."' (@​LcsK)
• #4869 docs: fix documentation concerning glob expansion on UNIX (@​binki)
• #5122 test: fix xunit integration test (@​voxpelli)
• #5123 chore: activate dependabot for workflows (@​voxpelli)
• #5125 build(deps): bump the github-actions group with 2 updates (@​dependabot)

10.3.0 / 2024-02-08

This is a stable release equivalent to 10.30.0-prerelease.

10.3.0-prerelease / 2024-01-18

This is a prerelease version to test our ability to release. Other than removing or updating dependencies, it contains no intended user-facing changes.

🔩 Other

• #5069: chore: remove unnecessary canvas dependency (@​JoshuaKGoldberg)
• #5068: fix: add alt text to Built with Netlify badge (@​JoshuaKGoldberg)
• #5056: chore: inline nyan reporter's write function (@​JoshuaKGoldberg)
• #5050: docs: touchups to labels and a template title post-revamp (@​JoshuaKGoldberg)
• #5038: docs: overhaul contributing and maintenance docs for end-of-year 2023 (@​JoshuaKGoldberg)
• #5029: chore: remove stale workflow (@​JoshuaKGoldberg)
• #5024: chore: remove nanoid as dependency (@​Uzlopak)
• #5023: chore: remove touch as dev dependency (@​Uzlopak)
• #5022: chore: remove uuid dev dependency (@​Uzlopak)
• #5021: update can-i-use (@​Uzlopak)
• #5020: chore: fix the ci (@​Uzlopak)
• #4974: Add Node v19 to test matrix (@​juergba)

... (truncated)

Commits

• ffd9557 Release v10.4.0
• 7ac67f3 build(deps): bump the github-actions group with 2 updates (#5125)
• 7a2781c chore: activate dependabot for workflows (#5123)
• 97dcbb2 fix: harden error handling in lib/cli/run.js (#5074)
• 6f3f45e fix: xunit integration test (#5122)
• a5b5652 docs: fix documentation concerning glob expansion on UNIX (#4869)
• efbb147 feat: add file path to xunit reporter (#4985)
• a2e600d fix: closes #5115 (#5116)
• 3735873 feat: include .cause stacks in the error stack traces (#4829)
• b88978d chore: bump ESLint ecmaVersion to 2020 (#5104)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by voxpelli, a new releaser for mocha since your current version.

Updates extend from 3.0.1 to 3.0.2

Changelog

Sourced from extend's changelog.

3.0.2 / 2018-07-19

• [Fix] Prevent merging __proto__ property (#48)
• [Dev Deps] update eslint, @ljharb/eslint-config, tape
• [Tests] up to node v10.7, v9.11, v8.11, v7.10, v6.14, v4.9; use nvm install-latest-npm

Commits

• 8d106d2 v3.0.2
• e97091f [Dev Deps] update tape
• e841aac [Tests] up to node v10.7
• 0e68e71 [Fix] Prevent merging proto property
• a689700 Only apps should have lockfiles
• f13c1c4 [Dev Deps] update eslint, @ljharb/eslint-config, tape
• f3570fe [Tests] up to node v10.0, v9.11, v8.11, v7.10, v6.14, v4.9; use...
• See full diff in compare view

Updates getobject from 0.1.0 to 1.0.2

Release notes

Sourced from getobject's releases.

v1.0.2

• Merge pull request #8 from cowboy/dependabot/npm_and_yarn/path-parse-1.0.7 6f86cf7
• Bump path-parse from 1.0.6 to 1.0.7 6e79841

cowboy/node-getobject@v1.0.1...v1.0.2

v1.0.1

• Update deps 141e3a5
• Merge pull request #7 from cowboy/dependabot/npm_and_yarn/hosted-git-info-2.8.9 c97cf3e
• Bump hosted-git-info from 2.8.8 to 2.8.9 201e91b
• Update dev deps 5ffb873

cowboy/node-getobject@v1.0.0...v1.0.1

v1.0.0

No release notes provided.

Commits

• 46e55ec 1.0.2
• 6f86cf7 Merge pull request #8 from cowboy/dependabot/npm_and_yarn/path-parse-1.0.7
• 6e79841 Bump path-parse from 1.0.6 to 1.0.7
• 84bd719 1.0.1
• 141e3a5 Update deps
• c97cf3e Merge pull request #7 from cowboy/dependabot/npm_and_yarn/hosted-git-info-2.8.9
• 201e91b Bump hosted-git-info from 2.8.8 to 2.8.9
• 5ffb873 Update dev deps
• 92e0d1f 1.0.0
• 6828cb9 README updates
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by vladikoff, a new releaser for getobject since your current version.

Updates lodash from 3.7.0 to 4.17.21

Release notes

Sourced from lodash's releases.

4.0.0

lodash v4.0.0

2015 was big year! Lodash became the most depended on npm package, passed 1 billion downloads, & its v3 release saw massive adoption!

The year was also one of collaboration, as discussions began on merging Lodash & Underscore. Much of Lodash v4 is proofing out the ideas from those discussions. Lodash v4 would not be possible without the collaboration & contributions of the Underscore core team. In the spirit of merging our teams have blended with several members contributing to both libraries.

For 2016 & lodash v4.0.0 we wanted to cut loose, push forward, & take things up a notch!

Modern only

With v4 we’re breaking free from old projects, old environments, & dropping old IE < 9 support!

4 kB Core

Lodash’s kitchen-sink size will continue to grow as new methods & functionality are added. However, we now offer a 4 kB (gzipped) core build that’s compatible with Backbone v1.2.4 for folks who want Lodash without lugging around the kitchen sink.

More ES6

We’ve continued to embrace ES6 with methods like _.isSymbol, added support for cloning & comparing array buffers, maps, sets, & symbols, converting iterators to arrays, & iterable _(…).

In addition, we’ve published an es-build & pulled babel-plugin-lodash into core to make tree-shaking a breeze.

More Modular

Pop quiz! 📣

What category path does the bindAll method belong to? Is it

A) require('lodash/function/bindAll') B) require('lodash/utility/bindAll') C) require('lodash/util/bindAll')

Don’t know? Well, with v4 it doesn’t matter because now module paths are as simple as

var bindAll = require('lodash/bindAll');

We’ve also reduced module complexity making it easier to create smaller bundles. This has helped Lodash adoption with libraries like Async & Redux!

1st Class FP

With v3 we introduced lodash-fp. We learned a lot & with v4 we decided to pull it into core.

Now you can get immutable, auto-curried, iteratee-first, data-last methods as simply as

var _ = require('lodash/fp');
var object = { 'a': 1 };
</tr></table> 

... (truncated)

Commits

• f299b52 Bump to v4.17.21
• c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
• 3469357 Prevent command injection through _.template's variable option
• ded9bc6 Bump to v4.17.20.
• 63150ef Documentation fixes.
• 00f0f62 test.js: Remove trailing comma.
• 846e434 Temporarily use a custom fork of lodash-cli.
• 5d046f3 Re-enable Travis tests on 4.17 branch.
• aa816b3 Remove /npm-package.
• d7fbc52 Bump to v4.17.19
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.

Updates jshint from 2.9.5 to 2.9.7

Release notes

Sourced from jshint's releases.

JSHint 2.9.7

2.9.7 (2018-12-07)

This release corrects a packaging issue. It is not expected to modify JSHint's behavior.

JSHint 2.9.6

2.9.6 (2018-07-30)

Bug Fixes

• Add missing global objects for browser env (badc7a4)
• Add other Fetch spec globals (07bb596), closes #2582
• Allow closing over immutable bindings (7091685)
• Allow computed method names in obj literal (a5ff715)
• Allow empty export and trailing comma (631327e), closes #2567
• Avoid infinite loop on invalid for stmt (56a4379)
• Consistently ignore dot-prefixed dirs (8d4317e)
• Correct impl of built-in bindings (a11d631)
• Correct interpretation of whitespace (dd06eea)
• Correct location of reported error (1c434a3)
• Correct location reported for W043 (1d04868)
• Correct reporting of var name in list comprehensions (0ff6644)
• Correct restriction on function name (55aa54e)
• Correct spelling of Uint8ClampedArray (8df4a32)
• Create block scope for switch statements (aa2be10)
• Disallow default values in rest parameters (b420aed)
• Do not create binding for illegal syntax (9fe8c94)
• Do not warn about non-ambiguous linebreaks (ab3ab85)
• Fix "is is" message typos (7993101)
• Preserve functionality in "legacy" Node.js (2f6ac13)
• recognize Jasmine global spyOnProperty (827237f), closes #3183
• Relax restriction on asgnmnt to arguments (0a66710)
• Remove warning W100 (ff71d3c)
• Report error for duplicate arrow params (506c7d5)
• Report error for redeclared generator fns (8896fa3)
• Restrict "name" of strict mode functions (a554c89)
• Restrict super usage to valid forms (8f3f880)
• Restrict IdentifierNames in ES5 code (5995a9f)
• Tolerate division following closing brace (3aa02db)
• Tolerate RegExp as void operand (3f920b5)
• Tolerate whitespace in inline directives (efeb0f8)

Features

• List outer scoped variables of W083 (d03662c), closes #3211

Changelog

Sourced from jshint's changelog.

2.9.7 (2018-12-07)

This release corrects a packaging issue. It is not expected to modify JSHint's behavior.

2.9.6 (2018-07-30)

Bug Fixes

• Add missing global objects for browser env (badc7a4)
• Add other Fetch spec globals (07bb596), closes #2582
• Allow closing over immutable bindings (7091685)
• Allow computed method names in obj literal (a5ff715)
• Allow empty export and trailing comma (631327e), closes #2567
• Avoid infinite loop on invalid for stmt (56a4379)
• Consistently ignore dot-prefixed dirs (8d4317e)
• Correct impl of built-in bindings (a11d631)
• Correct interpretation of whitespace (dd06eea)
• Correct location of reported error (1c434a3)
• Correct location reported for W043 (1d04868)
• Correct reporting of var name in list comprehensions (0ff6644)
• Correct restriction on function name (55aa54e)
• Correct spelling of Uint8ClampedArray (8df4a32)
• Create block scope for switch statements (aa2be10)
• Disallow default values in rest parameters (b420aed)
• Do not create binding for illegal syntax (9fe8c94)
• Do not warn about non-ambiguous linebreaks (ab3ab85)
• Fix "is is" message typos (7993101)
• Preserve functionality in "legacy" Node.js (2f6ac13)
• recognize Jasmine global spyOnProperty (827237f), closes #3183
• Relax restriction on asgnmnt to arguments (0a66710)
• Remove warning W100 (ff71d3c)
• Report error for duplicate arrow params (506c7d5)
• Report error for redeclared generator fns (8896fa3)
• Restrict "name" of strict mode functions (a554c89)
• Restrict super usage to valid forms (8f3f880)
• Restrict IdentifierNames in ES5 code (5995a9f)
• Tolerate division following closing brace (3aa02db)
• Tolerate RegExp as void operand (3f920b5)
• Tolerate whitespace in inline directives (efeb0f8)

Features

• List outer scoped variables of W083 (d03662c), closes #3211

Commits

• 01bf8c6 v2.9.7
• 71f2f1f [[TEST]] Assert CLI behavior: stdin w/o filename
• 3a8ef8b Added Spotify to companies who use JSHint (#3333)
• 80c7fda [[CHORE]] Relocate development dependency
• f70250b [[CHORE]] Relocate development dependencies
• d5c1a00 v2.9.6
• ab3ab85 [[FIX]] Do not warn about non-ambiguous linebreaks
• eaca85b [[CHORE]] Improve test coverage for ASI warning
• 0a66710 [[FIX]] Relax restriction on asgnmnt to arguments
• 3aa02db [[FIX]] Tolerate division following closing brace
• Additional commits viewable in compare view

Updates handlebars from 4.0.11 to 4.7.8

Release notes

Sourced from handlebars's releases.

v4.7.8

• Make library compatible with workers (#1894) - 3d3796c
• Don't rely on Node.js global object (#1776) - 2954e7e
• Fix compiling of each block params in strict mode (#1855) - 30dbf04
• Fix rollup warning when importing Handlebar...

  Description has been truncated