Skip to content

Bump liquidjs from 10.9.2 to 10.27.2#662

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/liquidjs-10.25.5
Open

Bump liquidjs from 10.9.2 to 10.27.2#662
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/liquidjs-10.25.5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 8, 2026

Copy link
Copy Markdown
Contributor

Bumps liquidjs from 10.9.2 to 10.27.2.

Release notes

Sourced from liquidjs's releases.

v10.27.2

10.27.2 (2026-07-09)

Bug Fixes

  • charge join/json/inspect filters by produced output size (#925) (7ab49f9)
  • date: zero-pad milliseconds when formatting %N fractional seconds (#929) (2634f9d)
  • enforce ownPropertyOnly for inherited array indices (#924) (552819a)
  • filters: modulo should follow divisor sign for negative operands (#922) (568bd5f)
  • filters: return empty for out-of-range slice begin or negative length (#928) (f9a1316)

v10.27.1

10.27.1 (2026-06-23)

Bug Fixes

  • improve round function; improvement to #873 (#901) (956b51e)
  • security: charge pop filter allocation to memoryLimit (#907) (8a0c74a)
  • strip_html: infinite loop for strip_html (5c3522f)

Performance Improvements

  • parser: memoize createTrie to avoid rebuilding tries per Tokenizer (#911) (3a0d80d)

v10.27.0

10.27.0 (2026-05-15)

Features

  • context: null-prototype scope frames via createScope (#899) (47d3f1b)

v10.26.0

10.26.0 (2026-05-14)

Bug Fixes

  • date: cap strftime widths and account padding in memoryLimit (#895) (3129d46)
  • enforce renderLimit for empty renderTemplates calls (#894) (5b9c346)
  • propagate ownPropertyOnly into Context.spawn() for {% render %} (#893) (dbbf628)
  • security: block Object.prototype filter/tag lookups (RCE) (#897) (457fae0)
  • strip html newline tags (#892) (26ea285)
  • strip_html: rewrite as linear single-pass scan to avoid ReDoS (#896) (3616a74)

Features

... (truncated)

Changelog

Sourced from liquidjs's changelog.

10.27.2 (2026-07-09)

Bug Fixes

  • charge join/json/inspect filters by produced output size (#925) (7ab49f9)
  • date: zero-pad milliseconds when formatting %N fractional seconds (#929) (2634f9d)
  • enforce ownPropertyOnly for inherited array indices (#924) (552819a)
  • filters: modulo should follow divisor sign for negative operands (#922) (568bd5f)
  • filters: return empty for out-of-range slice begin or negative length (#928) (f9a1316)

10.27.1 (2026-06-23)

Bug Fixes

  • improve round function; improvement to #873 (#901) (956b51e)
  • security: charge pop filter allocation to memoryLimit (#907) (8a0c74a)
  • strip_html: infinite loop for strip_html (5c3522f)

Performance Improvements

  • parser: memoize createTrie to avoid rebuilding tries per Tokenizer (#911) (3a0d80d)

10.27.0 (2026-05-15)

Features

  • context: null-prototype scope frames via createScope (#899) (47d3f1b)

10.26.0 (2026-05-14)

Bug Fixes

  • date: cap strftime widths and account padding in memoryLimit (#895) (3129d46)
  • enforce renderLimit for empty renderTemplates calls (#894) (5b9c346)
  • propagate ownPropertyOnly into Context.spawn() for {% render %} (#893) (dbbf628)
  • security: block Object.prototype filter/tag lookups (RCE) (#897) (457fae0)
  • strip html newline tags (#892) (26ea285)
  • strip_html: rewrite as linear single-pass scan to avoid ReDoS (#896) (3616a74)

Features

  • add sha256 and hmac_sha256 filters for cryptographic operations (#889) (1c816d4)

10.25.7 (2026-04-23)

... (truncated)

Commits
  • 050f161 chore(release): 10.27.2 [skip ci]
  • 2634f9d fix(date): zero-pad milliseconds when formatting %N fractional seconds (#929)
  • f9a1316 fix(filters): return empty for out-of-range slice begin or negative length (#...
  • 7ab49f9 fix: charge join/json/inspect filters by produced output size (#925)
  • 552819a fix: enforce ownPropertyOnly for inherited array indices (#924)
  • 8bfb642 docs: add spokodev as a contributor for code (#923)
  • 568bd5f fix(filters): modulo should follow divisor sign for negative operands (#922)
  • ed48986 chore(release): 10.27.1 [skip ci]
  • afec88b docs(readme): README overhaul, used-by grid, and docs homepage (#914)
  • 3a0d80d perf(parser): memoize createTrie to avoid rebuilding tries per Tokenizer (#911)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for liquidjs since your current version.


@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 8, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 8, 2026 15:06
@james-alt

Copy link
Copy Markdown
Member

@dependabot rebase

Bumps [liquidjs](https://github.com/harttle/liquidjs) from 10.9.2 to 10.27.2.
- [Release notes](https://github.com/harttle/liquidjs/releases)
- [Changelog](https://github.com/harttle/liquidjs/blob/master/CHANGELOG.md)
- [Commits](harttle/liquidjs@v10.9.2...v10.27.2)

---
updated-dependencies:
- dependency-name: liquidjs
  dependency-version: 10.25.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump liquidjs from 10.9.2 to 10.25.5 Bump liquidjs from 10.9.2 to 10.27.2 Jul 10, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/liquidjs-10.25.5 branch from c4f9b2a to 234aaba Compare July 10, 2026 14:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant