Skip to content

Bump the prod-minor-updates group across 1 directory with 2 updates#5557

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/backend/prod-minor-updates-033d9d3f2b
Open

Bump the prod-minor-updates group across 1 directory with 2 updates#5557
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/backend/prod-minor-updates-033d9d3f2b

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 18, 2026
edited
Loading

Bumps the prod-minor-updates group with 2 updates in the /backend directory: liquidjs and pg.

Updates liquidjs from 10.25.7 to 10.27.0

Release notes

Sourced from liquidjs's releases.

v10.27.0

10.27.0 (2026-05-15)

Features

  • context: null-prototype scope frames via createScope (#899) (47d3f1b)

v10.26.0

10.26.0 (2026-05-14)

Bug Fixes

  • date: cap strftime widths and account padding in memoryLimit (#895) (3129d46)
  • enforce renderLimit for empty renderTemplates calls (#894) (5b9c346)
  • propagate ownPropertyOnly into Context.spawn() for {% render %} (#893) (dbbf628)
  • security: block Object.prototype filter/tag lookups (RCE) (#897) (457fae0)
  • strip html newline tags (#892) (26ea285)
  • strip_html: rewrite as linear single-pass scan to avoid ReDoS (#896) (3616a74)

Features

  • add sha256 and hmac_sha256 filters for cryptographic operations (#889) (1c816d4)
Changelog

Sourced from liquidjs's changelog.

10.27.0 (2026-05-15)

Features

  • context: null-prototype scope frames via createScope (#899) (47d3f1b)

10.26.0 (2026-05-14)

Bug Fixes

  • date: cap strftime widths and account padding in memoryLimit (#895) (3129d46)
  • enforce renderLimit for empty renderTemplates calls (#894) (5b9c346)
  • propagate ownPropertyOnly into Context.spawn() for {% render %} (#893) (dbbf628)
  • security: block Object.prototype filter/tag lookups (RCE) (#897) (457fae0)
  • strip html newline tags (#892) (26ea285)
  • strip_html: rewrite as linear single-pass scan to avoid ReDoS (#896) (3616a74)

Features

  • add sha256 and hmac_sha256 filters for cryptographic operations (#889) (1c816d4)
Commits
  • a8fd734 chore(release): 10.27.0 [skip ci]
  • 47d3f1b feat(context): null-prototype scope frames via createScope (#899)
  • c20c0af chore(release): 10.26.0 [skip ci]
  • 457fae0 fix(security): block Object.prototype filter/tag lookups (RCE) (#897)
  • 3616a74 fix(strip_html): rewrite as linear single-pass scan to avoid ReDoS (#896)
  • 3129d46 fix(date): cap strftime widths and account padding in memoryLimit (#895)
  • 5b9c346 fix: enforce renderLimit for empty renderTemplates calls (#894)
  • dbbf628 fix: propagate ownPropertyOnly into Context.spawn() for {% render %} (#893)
  • 26ea285 fix: strip html newline tags (#892)
  • a55f543 docs(readme): add Freshet to Who's Using LiquidJS (#888)
  • Additional commits viewable in compare view

Updates pg from 8.20.0 to 8.21.0

Changelog

Sourced from pg's changelog.

pg@8.21.0

Commits
  • 544b1ce Publish
  • cc03fa5 Add scramMaxIterations option to limit SCRAM iteration count (#3677)
  • f776327 Remove compatibility code for unsupported versions of Node (<16) (#3678)
  • f252870 cleanup: pg utils (#3675)
  • c8da6ab Assorted test cleanup (#3673)
  • fa47e73 fix: Client#end callback being called multiple times when first is no-op (#...
  • 88a7e60 cleanup: Move declaration to more natural place
  • 2095247 cleanup: Combine duplicated code in Client#query and avoid unneeded early n...
  • 0ac3edd fix: apply SASLprep (RFC 4013) to passwords before SCRAM-SHA-256 PBKDF2 (#3669)
  • be880d4 Assorted test fixes and cleanup (#3672)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 18, 2026
@dependabot
Bump the prod-minor-updates group across 1 directory with 2 updates
1bfb816 
Bumps the prod-minor-updates group with 2 updates in the /backend directory: [liquidjs](https://github.com/harttle/liquidjs) and [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg).


Updates `liquidjs` from 10.25.7 to 10.27.0
- [Release notes](https://github.com/harttle/liquidjs/releases)
- [Changelog](https://github.com/harttle/liquidjs/blob/master/CHANGELOG.md)
- [Commits](harttle/liquidjs@v10.25.7...v10.27.0)

Updates `pg` from 8.20.0 to 8.21.0
- [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md)
- [Commits](https://github.com/brianc/node-postgres/commits/pg@8.21.0/packages/pg)

---
updated-dependencies:
- dependency-name: liquidjs
  dependency-version: 10.27.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-minor-updates
- dependency-name: pg
  dependency-version: 8.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-minor-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump the prod-minor-updates group in /backend with 2 updates Bump the prod-minor-updates group across 1 directory with 2 updates May 25, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/backend/prod-minor-updates-033d9d3f2b branch from 753b98d to 1bfb816 Compare May 25, 2026 18:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants