Sourced from handlebars's changelog.

v4.7.7 - February 15th, 2021

• fix weird error in integration tests - eb860c0
• fix: check prototype property access in strict-mode (#1736) - b6d3de7
• fix: escape property names in compat mode (#1736) - f058970
• refactor: In spec tests, use expectTemplate over equals and shouldThrow (#1683) - 77825f8
• chore: start testing on Node.js 12 and 13 - 3789a30

(POSSIBLY) BREAKING CHANGES:

• the changes from version 4.6.0 now also apply in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.

That is why we only bump the patch version despite mentioning breaking changes.

Commits

v4.7.6 - April 3rd, 2020

Chore/Housekeeping:

• #1672 - Switch cmd parser to latest minimist (@​dougwilson

Compatibility notes:

• Restored Node.js compatibility

Commits

v4.7.5 - April 2nd, 2020

Chore/Housekeeping:

• Node.js version support has been changed to v6+ Reverted in 4.7.6

Compatibility notes:

• Node.js < v6 is no longer supported Reverted in 4.7.6

Commits

v4.7.4 - April 1st, 2020

Chore/Housekeeping:

• #1666 - Replaced minimist with yargs for handlebars CLI (@​aorinevo, @​AviVahl & @​fabb)

Compatibility notes:

... (truncated)

• a9a8e40 v4.7.7
• e66aed5 Update release notes
• 7d4d170 disable IE in Saucelabs tests
• eb860c0 fix weird error in integration tests
• b6d3de7 fix: check prototype property access in strict-mode (#1736)
• f058970 fix: escape property names in compat mode (#1736)
• 77825f8 refator: In spec tests, use expectTemplate over equals and shouldThrow (#1683)
• 3789a30 chore: start testing on Node.js 12 and 13
• e6ad93e v4.7.6
• 2bf4fc6 Update release notes
• Additional commits viewable in compare view

Sourced from koa's releases.

v3.0.3

What's Changed

• fix: normalize referer before redirect by @​fengmk2 in koajs/koa#1908

Full Changelog: koajs/koa@v3.0.2...v3.0.3

v3.0.2

What's Changed

• fix: fixes response.attachment behaviour leads to Content-Type Sniffing by @​yowainwright in koajs/koa#1904
• chore: use NPM trusted publishing with semver tag triggers by @​Copilot in koajs/koa#1907

New Contributors

• @​Copilot made their first contribution in koajs/koa#1907

Full Changelog: koajs/koa@v3.0.1...v3.0.2

v3.0.1

What's Changed

• fix(security): only allow same origin referer on response back koajs/koa@422c551
• chore: adds initial doc text refresh; migration guide [CHORE-1870] by @​yowainwright in koajs/koa#1877
• build(deps-dev): bump formidable from 3.5.2 to 3.5.4 by @​dependabot[bot] in koajs/koa#1878
• chore: removes done callbacks in tests [CHORE-1870] by @​yowainwright in koajs/koa#1875
• build(deps-dev): bump supertest from 7.1.0 to 7.1.1 by @​dependabot[bot] in koajs/koa#1879
• build(deps): bump debug from 4.4.0 to 4.4.1 by @​dependabot[bot] in koajs/koa#1880
• feat: replace debug module with pure node:util::debuglog by @​3imed-jaberi in koajs/koa#1885
• feat: replace cache-content-type with mime-types directly by @​3imed-jaberi in koajs/koa#1886
• build(deps): bump statuses from 2.0.1 to 2.0.2 by @​dependabot[bot] in koajs/koa#1888
• build(deps-dev): bump supertest from 7.1.1 to 7.1.4 by @​dependabot[bot] in koajs/koa#1895
• build(deps-dev): bump form-data from 4.0.3 to 4.0.4 by @​dependabot[bot] in koajs/koa#1894

Full Changelog: koajs/koa@v3.0.0...v3.0.1

v3.0.0

This is a major release.

Breaking

• Minimum node v18
• Removes .redirect('back'), adds .back(fallback_url) @​fl0w koajs/koa#1115
• For .redirect(), don't render redirect values in anchor ref koajs/koa@ff25eb4
• req.origin should display the origin header if it exists, not the current hostname koajs/koa#1008. origin now aligns with the Origin header as used in CORS.
• .body=<json> should not overwrite type if type already json koajs/koa#1120
• Remove special ENOENT support koajs/koa#1861 - this is a big change and will require any file servers to adapt to this change for handling 404s / files not found
• Removes generator deprecation messages. Generators are no longer supported. Koa no longer asserts if generators are used. Set content-length: 0 if body is explicitly set to null @​ognjenjevremovic #1528 Remove obsolete createAsyncCtxStorageMiddleware koajs/koa#1817
• ctx.throw now requires a format of ctx.throw(status, error, properties). See: https://www.npmjs.com/package/http-errors

... (truncated)

Sourced from koa's changelog.

[!IMPORTANT] Moving forwards we are using the GitHub releases page at https://github.com/koajs/koa/releases in combination with np for publishing releases and their changelogs.

---

3.0.0-alpha.3 / 2025-02-11

fixes

• Avoid redos on host and protocol getter

3.0.0-alpha.2 / 2024-11-04

breaking changes

• Update http-errors to v2.0.0 #1486
  • ctx.throw now requires a format of ctx.throw(status, error, properties). See: https://www.npmjs.com/package/http-errors
• Remove res.redirect('back'), add back() method to ctx #1115
• Replace node querystring with URLSearchParams #1828
• Remove obsolete createAsyncCtxStorageMiddleware #1817

features

• Add support for web WHATWG #1830

updates

• Update cookies to ~0.9.1 #1846
• Update statuses to ^2.0.1
• Update supertest to ^7.0.0 #1841

fixes

• Fix exports.defaults in package.json #1630
• Fix leaky handles in tests #1838
• Fix body null checks #1814
• Fix reformatting redirect URLs #1805 #1804
• Fix passing ctx in error handler #1758

migrations

• Migrate from jest to the native node test runner #1845

3.0.0-alpha.1 / 2023-04-12

fixes

• [e98b8d1] - fix: can not get currentContext in error handler (#1758) (Gxkl <gxkl203@gmail.com>)

3.0.0-alpha.0 / 2023-01-02

Breaking Changes

... (truncated)

• ffd497a 3.0.3
• 769fd75 fix: normalize referer before redirect (#1908)
• 433b20c 3.0.2
• 307013b chore: use NPM trusted publishing with semver tag triggers (#1907)
• 83128eb fix: fixes response.attachment behavior leads to Content-Type Sniffing (#1904)
• 1ddb048 3.0.1
• 422c551 Merge commit from fork
• 6e51eb1 build(deps-dev): bump form-data from 4.0.3 to 4.0.4 (#1894)
• d378e5c build(deps-dev): bump supertest from 7.1.1 to 7.1.4 (#1895)
• cb22d8d build(deps): bump statuses from 2.0.1 to 2.0.2 (#1888)
• Additional commits viewable in compare view

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for koa since your current version.

Sourced from mongoose's releases.

6.13.6 / 2025-01-13

• fix: disallow nested $where in populate match

Sourced from mongoose's changelog.

6.13.6 / 2025-01-13

• fix: disallow nested $where in populate match CVE-2025-23061

8.9.4 / 2025-01-09

• fix(document): fix document not applying manual populate when using a function in schema.options.ref #15138 IchirokuXVI
• fix(model): make Model.validate() static correctly cast document arrays #15169 #15164
• fix(model): allow passing validateBeforeSave option to bulkSave() to skip validation #15161 #15156
• fix(schema): allow multiple self-referencing discriminator schemas using Schema.prototype.discriminator #15142 #15120
• types: avoid BufferToBinary<> wiping lean types when passed to generic functions #15160 #15158
• docs: fix <code> in header ids #15159
• docs: fix header in field-level-encryption.md #15137 damieng

8.9.3 / 2024-12-30

• fix(schema): make duplicate index error a warning for now to prevent blocking upgrading #15135 #15112 #15109
• fix(model): handle document array paths set to non-array values in Model.castObject() #15124 #15075
• fix(document): avoid using childSchemas.path for compatibility with pre-Mongoose-8.8 schemas #15131 #15071
• fix(model): avoid throwing unnecessary error if updateOne() returns null in save() #15126
• perf(cursor): clear the stack every time if using populate with batchSize to avoid stack overflows with large docs #15136 #10449
• types: make BufferToBinary avoid Document instances #15123 #15122
• types(model+query): avoid stripping out virtuals when calling populate with paths generic #15132 #15111
• types(schema): add missing removeIndex #15134
• types: add cleanIndexes() to IndexManager interface #15127
• docs: move search endpoint to netlify #15119

8.9.2 / 2024-12-19

• fix(schema): avoid throwing duplicate index error if index spec keys have different order or index has a custom name #15112 #15109
• fix(map): clean modified subpaths when overwriting values in map of subdocs #15114 #15108
• fix(aggregate): pull session from transaction local storage for aggregation cursors #15094 IchirokuXVI
• types: correctly handle union types in BufferToBinary and related helpers #15103 #15102 #15057
• types: add UUID to RefType #15115 #15101
• docs: remove link to Mongoose 5.x docs from dropdown #15116
• docs(connection+document+model): remove remaining references to remove(), clarify that deleteOne() does not execute until then() or exec() #15113 #15107

8.9.1 / 2024-12-16

• fix(connection): remove heartbeat check in load balanced mode #15089 #15042 #14812
• fix(discriminator): gather childSchemas when creating discriminator to ensure $getAllSubdocs() can properly get all subdocs #15099 #15088 #15092
• fix(model): handle discriminators in castObject() #15096 #15075
• fix(schema): throw error if duplicate index definition using unique in schema path and subsequent .index() call #15093 #15056
• fix: mark documents that are populated using hydratedPopulatedDocs option as populated in top-level doc #15080 #15048
• fix(document+schema): improve error message for get() on invalid path #15098 #15071
• docs: remove more callback doc references & some small other changes #15095

8.9.0 / 2024-12-13

• feat: upgrade mongodb -> 6.12

... (truncated)

• e59e342 chore: release 6.13.6
• 64a9f97 fix: disallow nested $where in populate match
• 15bdccf chore: release 6.13.5
• 33679bc fix: disallow using $where in match
• 22210b1 chore: release 6.13.4
• d21a239 Merge pull request #15043 from Automattic/vkarpov15/gh-15039
• 68377ff fix: save execution stack in query as string
• 6fbe9f0 Merge pull request #14998 from markstos/UT-8434-doc-strict-query-flipflop
• 3e3dc2e docs: clarify strictQuery default will flip-flop in "Migrating to 6.x"
• d98b2e7 docs: Add missing closing tag for Lodash entry.
• Additional commits viewable in compare view

Sourced from mongoose's releases.

6.13.6 / 2025-01-13

• fix: disallow nested $where in populate match

Sourced from mongoose's changelog.

6.13.6 / 2025-01-13

• fix: disallow nested $where in populate match CVE-2025-23061

8.9.4 / 2025-01-09

• fix(document): fix document not applying manual populate when using a function in schema.options.ref #15138 IchirokuXVI
• fix(model): make Model.validate() static correctly cast document arrays #15169 #15164
• fix(model): allow passing validateBeforeSave option to bulkSave() to skip validation #15161 #15156
• fix(schema): allow multiple self-referencing discriminator schemas using Schema.prototype.discriminator #15142 #15120
• types: avoid BufferToBinary<> wiping lean types when passed to generic functions #15160 #15158
• docs: fix <code> in header ids #15159
• docs: fix header in field-level-encryption.md #15137 damieng

8.9.3 / 2024-12-30

• fix(schema): make duplicate index error a warning for now to prevent blocking upgrading #15135 #15112 #15109
• fix(model): handle document array paths set to non-array values in Model.castObject() #15124 #15075
• fix(document): avoid using childSchemas.path for compatibility with pre-Mongoose-8.8 schemas #15131 #15071
• fix(model): avoid throwing unnecessary error if updateOne() returns null in save() #15126
• perf(cursor): clear the stack every time if using populate with batchSize to avoid stack overflows with large docs #15136 #10449
• types: make BufferToBinary avoid Document instances #15123 #15122
• types(model+query): avoid stripping out virtuals when calling populate with paths generic #15132 #15111
• types(schema): add missing removeIndex #15134
• types: add cleanIndexes() to IndexManager interface #15127
• docs: move search endpoint to netlify #15119

8.9.2 / 2024-12-19

• fix(schema): avoid throwing duplicate index error if index spec keys have different order or index has a custom name #15112 #15109
• fix(map): clean modified subpaths when overwriting values in map of subdocs #15114 #15108
• fix(aggregate): pull session from transaction local storage for aggregation cursors #15094 IchirokuXVI
• types: correctly handle union types in BufferToBinary and related helpers #15103 #15102 #15057
• types: add UUID to RefType #15115 #15101
• docs: remove link to Mongoose 5.x docs from dropdown #15116
• docs(connection+document+model): remove remaining references to remove(), clarify that deleteOne() does not execute until then() or exec() #15113 #15107

8.9.1 / 2024-12-16

• fix(connection): remove heartbeat check in load balanced mode #15089 #15042 #14812
• fix(discriminator): gather childSchemas when creating discriminator to ensure $getAllSubdocs() can properly get all subdocs #15099 #15088 #15092
• fix(model): handle discriminators in castObject() #15096 #15075
• fix(schema): throw error if duplicate index definition using unique in schema path and subsequent .index() call #15093 #15056
• fix: mark documents that are populated using hydratedPopulatedDocs option as populated in top-level doc #15080 #15048
• fix(document+schema): improve error message for get() on invalid path #15098 #15071
• docs: remove more callback doc references & some small other changes #15095

8.9.0 / 2024-12-13

• feat: upgrade mongodb -> 6.12

... (truncated)

• e59e342 chore: release 6.13.6
• 64a9f97 fix: disallow nested $where in populate match
• 15bdccf chore: release 6.13.5
• 33679bc fix: disallow using $where in match
• 22210b1 chore: release 6.13.4
• d21a239 Merge pull request #15043 from Automattic/vkarpov15/gh-15039
• 68377ff fix: save execution stack in query as string
• 6fbe9f0 Merge pull request #14998 from markstos/UT-8434-doc-strict-query-flipflop
• 3e3dc2e docs: clarify strictQuery default will flip-flop in "Migrating to 6.x"
• d98b2e7 docs: Add missing closing tag for Lodash entry.
• Additional commits viewable in compare view

Sourced from pg-promise's releases.

11.5.5

• Addressing sql injection issue; All negative numbers are now wrapped in parentheses.
• Dev dependencies updated.

Thanks to @​paul-gerste-sonarsource!

11.5.4

• Dependencies updated, including the driver, to v8.11.3

11.5.3

• Following up on driver fix-update, see issue #888

11.5.2

This update is to clarify the full range of environments officially supported:

• PostgreSql v10 - v15
• NodeJS v14 - v18

It is worth noting that:

• It may work with PostgreSql v9, but it is no longer officially supported.
• It should work with NodeJS v20, but it is not officially supported yet (we support LTS versions of NodeJS only).

The CI has been updated accordingly. No functional changes.

11.5.1

• Updated dependencies, including the driver, to v8.11.1
• Fixed #884 - CI build issue in test

11.5.0

• Many dependencies updated, including Postgres driver.
• Minor documentation updates.

Please note that at the time of publishing this, GitHub CI started showing problems again, unrelated to the project. All tests pass locally fine, disregard Failed Build status for the time being.

11.4.3

• Updated dependencies
• Marked method batch as deprecated.

11.4.2

• Dev dependencies updated
• Semantic refactoring of the code

11.4.1

• Corrected TypeScript signature for the Pool's property log.

11.4.0

• Updated dependencies: "pg" -> "8.10.0" and "pg-query-stream" -> "4.4.0"
• Extended IPool TypeScript declaration with properties expiredCount + log. The latter in case you want to log what the pool is doing:

... (truncated)

• 1a4dfe6 Fixing issue Vulnerability: SQL Injection via Line Comment Creation vitaly-t/pg-promise#911 (comment)...
• 79199d4 update the package
• 8f30428 Fix node-postgres.com/apis/... links (#912)
• 8343d4b update deps
• 00cd486 updating deps
• e86ef61 update node ver
• 40311c3 add version check
• ab150f2 add pg11 tests
• b58bfcc downgrade supported pg to v10
• 7b71768 Update README.md
• Additional commits viewable in compare view

Sourced from knex's releases.

3.1.0 - 8 December, 2023

Bug fixes

• andWhereNotJsonObject calling wrong function (#5683)
• PostgreSQL: fix error when setting query_timeout (#5673)
• MySQL: Missing comments on delete, update and insert (#5738)
• MySQL: Fixed issue with bigincrements not working with composite primary key - #5341 (#5343)

New features

• Add transactor.parentTransaction (#5567)
• MySQL: Added implementation for upsert (#5743)
• Oracle: Support Object Names Greater than 30 Characters for Oracle DB Versions 12.2 and Greater (#5197)

Types

• Add type definitions for orHavingNull and orHavingNotNull (#5669)
• Import knex as type in TS migration template (#5741)
• Fix conditional constraint error (#5747)
• PostgreSQL: Fix typing to reflect pg typing change (#5647)

3.0.1

• Fix broken release

3.0.0 - 6 October, 2023

• Fix raw bindings typing (#5401)
• Fix migrate:unlock when used with custom identifier wrapping. (#5353)
• Fix driver options specified with .options() method being ignored for oracledb dialect (#5123)
• Drop compatibility for Node < 16
• Fix knex d.ts to work with mixed modules (#5659)
• Fix Lexical error from "Instaed" to "Instead" (#5655)

2.5.1 - 12 July, 2023

Bug fixes

• Fix Linting #5455 - #5460

2.5.0 - 08 July, 2023

New features

• Add uuid helper function #5617
• Add nativeBindings option to better-sqlite3 options #5461
• Add QueryBuilder#updateFrom #5386
• Add readonly transaction access mode #5445
• Add readonly option to Better-SQLite3 #5530
• Add EXCEPT as a valid keyword #5357

... (truncated)

Sourced from knex's changelog.

3.1.0 - 8 December, 2023

Bug fixes

• andWhereNotJsonObject calling wrong function (#5683)
• PostgreSQL: fix error when setting query_timeout (#5673)
• MySQL: Missing comments on delete, update and insert (#5738)
• MySQL: Fixed issue with bigincrements not working with composite primary key - #5341 (#5343)

Types

• Add type definitions for orHavingNull and orHavingNotNull (#5669)
• Import knex as type in TS migration template (#5741)
• Fix conditional constraint error (#5747)
• PostgreSQL: Fix typing to reflect pg typing change (#5647)

New features

• Add transactor.parentTransaction (#5567)
• MySQL: Added implementation for upsert (#5743)
• Oracle: Support Object Names Greater than 30 Characters for Oracle DB Versions 12.2 and Greater (#5197)

3.0.1 - 6 October, 2023

• Build fix

3.0.0 - 6 October, 2023

• Fix raw bindings typing (#5401)
• Fix migrate:unlock when used with custom identifier wrapping. (#5353)
• Fix driver options specified with .options() method being ignored for oracledb dialect (#5123)
• Drop compatibility for Node < 16
• Fix knex d.ts to work with mixed modules (#5659)
• Fix Lexical error from "Instaed" to "Instead" (#5655)

Bug fixes

• Fix Linting #5455 - #5460

2.5.1 - 12 July, 2023

Bug fixes

• Fix Linting #5455 - #5460

2.5.0 - 08 July, 2023

New features

• Add uuid helper function (#5617)

... (truncated)

• 4ca3dd5 Prepare to release 3.1.0
• ca3dd19 Commit compiled files
• 6243f6c Bump rimraf from 3.0.2 to 5.0.5 (#5699)
• 8bc07c7 Include Node 20 in CI (#5760)
• 0f2aea0 Bump pg-connection-string from 2.6.1 to 2.6.2 (#5753)
• e1898bf Fix linting
• 9d95132 Only run user experience flow on 18.x
• 2063b55 Bump tedious from 14.7.0 to 16.6.1 (#5754)
• 07589e9 Fix pg typing to reflect pg typing change (#5647)
• 7b7fef5 fix error on postgres when setting query_timeout (#5673)
• Additional commits viewable in compare view

This version was pushed to npm by kibertoad, a new releaser for knex since your current version.

• 76fb48e v3.1.5
• bf76780 fix: Generic static This.
• 85f0a10 Bump elliptic from 6.5.4 to 6.5.7
• e65d86e Add fromRaw to FromSelector regex. Closes Vincit/objection.js#2628
• 52582fe Fix argument types of onConflict
• 1401e5f Bump send and express
• 766ab1d Migrate to docker compose v2
• 47b61f6 Make trx optional for Model.transaction(trx, cb)
• 5576d18 fix: naming mismatch between documentation and example
• 4f089ce CI: add Node 22 to version matrix
• Additional commits viewable in compare view

This version was pushed to npm by lehni, a new releaser for objection since your current version.

Sourced from handlebars's changelog.

v4.7.7 - February 15th, 2021

• fix weird error in integration tests - eb860c0
• fix: check prototype property access in strict-mode (#1736) - b6d3de7
• fix: escape property names in compat mode (#1736) - f058970
• refactor: In spec tests, use expectTemplate over equals and shouldThrow (#1683) - 77825f8
• chore: start testing on Node.js 12 and 13 - 3789a30

(POSSIBLY) BREAKING CHANGES:

• the changes from version 4.6.0 now also apply in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.

That is why we only bump the patch version despite mentioning breaking changes.

Commits

v4.7.6 - April 3rd, 2020

Chore/Housekeeping:

• #1672 - Switch cmd parser to latest minimist (@​dougwilson

Compatibility notes:

• Restored Node.js compatibility

Commits

v4.7.5 - April 2nd, 2020

Chore/Housekeeping:

• Node.js version support has been changed to v6+ Reverted in 4.7.6

Compatibility notes:

• Node.js < v6 is no longer supported Reverted in 4.7.6

Commits

v4.7.4 - April 1st, 2020

Chore/Housekeeping:

• #1666 - Replaced minimist with yargs for handlebars CLI (@​aorinevo, @​AviVahl & @​fabb)

Compatibility notes:

... (truncated)

• a9a8e40 v4.7.7
• e66aed5 Update release notes
• 7d4d170 disable IE in Saucelabs tests
• eb860c0 fix weird error in integration tests
• b6d3de7 fix: check prototype property access in strict-mode (#1736)
• f058970 fix: escape property names in compat mode (#1736)
• 77825f8 refator: In spec tests, use expectTemplate over equals and shouldThrow (#1683)
• 3789a30 chore: start testing on Node.js 12 and 13
• e6ad93e v4.7.6
• 2bf4fc6 Update release notes
• Additional commits viewable in compare view

Sourced from @​nestjs/core's releases.

v9.0.5 (2022-07-20)

Bug fixes

• common, platform-express
  • #9819 fix: use pipeline over stream.pipe (@​jmcdo29)

Enhancements

• microservices
  • #9798 feat(microservices): add noAssert option for RMQ connection (@​frankmangone)
  • #9954 feat(microservices): add Kafka heartbeat callback to KafkaContext (@​kosh-b)
• platform-express, platform-fastify
  • #9926 fix(express,fastify): raw body for urlencoded requests (@​tolgap)

Dependencies

• Other
  • #9959 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/30-event-emitter (@​dependabot[bot])
  • #9960 chore(deps): bump terser from 5.14.1 to 5.14.2 in /sample/32-graphql-federation-schema-first/users-application (@​dependabot[bot])
  • #9961 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/31-graphql-federation-code-first/gateway (@​dependabot[bot])
  • #9962 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/31-graphql-federation-code-first/users-application (@​dependabot[bot])
  • #9963 chore(deps): bump terser from 5.10.0 to 5.14.2 in /sample/32-graphql-federati...

    Description has been truncated