Skip to content

build(deps): bump liquidjs from 10.25.0 to 10.27.0 in /docs#3611

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/docs/liquidjs-10.27.0
Open

build(deps): bump liquidjs from 10.25.0 to 10.27.0 in /docs#3611
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/docs/liquidjs-10.27.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 27, 2026

Copy link
Copy Markdown
Contributor

Bumps liquidjs from 10.25.0 to 10.27.0.

Release notes

Sourced from liquidjs's releases.

v10.27.0

10.27.0 (2026-05-15)

Features

  • context: null-prototype scope frames via createScope (#899) (47d3f1b)

v10.26.0

10.26.0 (2026-05-14)

Bug Fixes

  • date: cap strftime widths and account padding in memoryLimit (#895) (3129d46)
  • enforce renderLimit for empty renderTemplates calls (#894) (5b9c346)
  • propagate ownPropertyOnly into Context.spawn() for {% render %} (#893) (dbbf628)
  • security: block Object.prototype filter/tag lookups (RCE) (#897) (457fae0)
  • strip html newline tags (#892) (26ea285)
  • strip_html: rewrite as linear single-pass scan to avoid ReDoS (#896) (3616a74)

Features

  • add sha256 and hmac_sha256 filters for cryptographic operations (#889) (1c816d4)

v10.25.7

10.25.7 (2026-04-23)

Bug Fixes

  • filters: support Buffer input in base64_encode to prevent binary data corruption (#881) (0ee6dbb)

v10.25.6

10.25.6 (2026-04-19)

Bug Fixes

v10.25.5

10.25.5 (2026-04-07)

Bug Fixes

  • enforce root containment for renderFile/parseFile lookups (#870) (f41c1fc)
  • null date should return empty (#868) (#872) (4f9a499)

... (truncated)

Changelog

Sourced from liquidjs's changelog.

10.27.0 (2026-05-15)

Features

  • context: null-prototype scope frames via createScope (#899) (47d3f1b)

10.26.0 (2026-05-14)

Bug Fixes

  • date: cap strftime widths and account padding in memoryLimit (#895) (3129d46)
  • enforce renderLimit for empty renderTemplates calls (#894) (5b9c346)
  • propagate ownPropertyOnly into Context.spawn() for {% render %} (#893) (dbbf628)
  • security: block Object.prototype filter/tag lookups (RCE) (#897) (457fae0)
  • strip html newline tags (#892) (26ea285)
  • strip_html: rewrite as linear single-pass scan to avoid ReDoS (#896) (3616a74)

Features

  • add sha256 and hmac_sha256 filters for cryptographic operations (#889) (1c816d4)

10.25.7 (2026-04-23)

Bug Fixes

  • filters: support Buffer input in base64_encode to prevent binary data corruption (#881) (0ee6dbb)

10.25.6 (2026-04-19)

Bug Fixes

10.25.5 (2026-04-07)

Bug Fixes

  • enforce root containment for renderFile/parseFile lookups (#870) (f41c1fc)
  • null date should return empty (#868) (#872) (4f9a499)
  • rounding negative away from zero when half (#873) (1cdf10b)

10.25.4 (2026-04-07)

... (truncated)

Commits
  • a8fd734 chore(release): 10.27.0 [skip ci]
  • 47d3f1b feat(context): null-prototype scope frames via createScope (#899)
  • c20c0af chore(release): 10.26.0 [skip ci]
  • 457fae0 fix(security): block Object.prototype filter/tag lookups (RCE) (#897)
  • 3616a74 fix(strip_html): rewrite as linear single-pass scan to avoid ReDoS (#896)
  • 3129d46 fix(date): cap strftime widths and account padding in memoryLimit (#895)
  • 5b9c346 fix: enforce renderLimit for empty renderTemplates calls (#894)
  • dbbf628 fix: propagate ownPropertyOnly into Context.spawn() for {% render %} (#893)
  • 26ea285 fix: strip html newline tags (#892)
  • a55f543 docs(readme): add Freshet to Who's Using LiquidJS (#888)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump liquidjs from 10.25.0 to 10.27.0 in /docs
0ea2cac 
Bumps [liquidjs](https://github.com/harttle/liquidjs) from 10.25.0 to 10.27.0.
- [Release notes](https://github.com/harttle/liquidjs/releases)
- [Changelog](https://github.com/harttle/liquidjs/blob/master/CHANGELOG.md)
- [Commits](harttle/liquidjs@v10.25.0...v10.27.0)

---
updated-dependencies:
- dependency-name: liquidjs
  dependency-version: 10.27.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 27, 2026
@codecov

codecov Bot commented May 27, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 60.81%. Comparing base (c0ddf10) to head (0ea2cac).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #3611   +/-   ##
=======================================
  Coverage   60.81%   60.81%           
=======================================
  Files         652      652           
  Lines       45898    45898           
=======================================
+ Hits        27911    27912    +1     
+ Misses      17987    17986    -1
Flag Coverage Δ
.-amd64 90.90% <ø> (ø)
cmds/...-amd64 52.51% <ø> (+<0.01%) ⬆️
integration/generic-tests/...-amd64 30.46% <ø> (ø)
integration/generic-tests/...-arm 32.98% <ø> (ø)
integration/generic-tests/...-arm64 29.60% <ø> (ø)
integration/gotests/...-amd64 60.43% <ø> (+<0.01%) ⬆️
integration/gotests/...-arm 61.05% <ø> (ø)
integration/gotests/...-arm64 61.17% <ø> (+<0.01%) ⬆️
pkg/...-amd64 58.52% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
everything 65.65% <ø> (+<0.01%) ⬆️
cmds/exp 34.18% <ø> (ø)
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants