[Snyk] Upgrade nunjucks from 3.0.1 to 3.2.3

[snyk-bot]

Snyk has created this PR to upgrade nunjucks from 3.0.1 to 3.2.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 10 versions ahead of your current version.
• The recommended version was released 5 months ago, on 2021-02-15.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-NUNJUCKS-1079083	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: nunjucks

• 3.2.3 - 2021-02-15
• 3.2.2 - 2020-07-20
  
  • Add select and reject filters. Merge of #1278 and #1279; fixes #282. Thanks ogonkov!
  • Fix precompile binary script TypeError: name.replace is not a function. Fixes #1295.
  • Add support for nested attributes on groupby filter; respect throwOnUndefined option, if the groupby attribute is undefined. Merge of #1276; fixes #1198. Thanks ogonkov!
  • Fix bug that prevented errors in included templates from being raised when rendering templates synchronously. Fixes #1272.
  • The indent filter no longer appends an additional newline. Fixes #1231.
• 3.2.1 - 2020-03-17
  
  • Replace yargs with commander to reduce number of dependencies. Merge of #1253. Thanks AlynxZhou.
  • Update optional dependency chokidar from ^2.0.0 to ^3.3.0. Merge of #1254. Thanks eklingen.
  • Prevent optional dependency Chokidar from loading when not watching. Merge of #1250. Thanks eklingen.
• 3.2.0 - 2019-03-05
  
  • Adds NodeResolveLoader, a Loader that loads templates using node's require.resolve. Fixes #1175.
  • Emit 'load' events on Environment instances, to allow runtime dependency tracking. Fixes #1153.
• 3.1.7 - 2019-01-12
  

  • Fix bug where exceptions were silently swallowed with synchronous render. Fixes #678, #1116, #1127, and #1164

  • Removes deprecated postinstall-build package in favor of npm prepare. Merge of #1172. Fixes #1167.

    • Note: this means that npm@5 or later is required to install nunjucks directly from github.
• 3.1.6 - 2018-12-13
  

  No changes from 3.1.5; fixed packaging issue in npm

• 3.1.4 - 2018-11-09
  
  • Fix engine version for Node v11.1.0
  • Fix "Unexpected token" error for U+2028 unicode newline. Fixes #126 and #736
• 3.1.3 - 2018-05-19
  

  • Add forceescape filter. Fixes #782

  • Fix regression that prevented template errors from reporting line and column number. Fixes #1087 and #1095.

  • Fix "Invalid type: Is" error for {% if value is defined %}. Fixes #1110

  • Formally drop support for node v4 (the upgrade to babel 7 in v3.1.0 made the build process incompatible with node < 6.9.0).

• 3.1.2 - 2018-02-24
  

  Fix postinstall-build packaging issue, v3.1.2

• 3.1.0 - 2018-02-20
• 3.0.1 - 2017-05-24

from nunjucks GitHub release notes

Commit messages

Package name: nunjucks

• fd50090 Release v3.2.3
• d34fdbf Temporarily comment out codecov action
• cefad41 Replace README.md travis badge with github actions
• 7601ff4 Fixup github actions workflow file
• de9dc67 Add GitHub Workflow for tests. fixes Messenger - qa_data_collection task  facebookresearch/ParlAI#1333
• aa9e5b9 Fix prototype pollution security issue. fixes BERT rankers facebookresearch/ParlAI#1331
• f51afa3 Move chokidar to peerDependencies and make it optional via peerDependenciesMeta (please clarify "xs" and "ys" names in seq2seq tutorial facebookresearch/ParlAI#1329)
• f91f1c3 Fix `groupby` example formatting
• 7ef121c Add base and default args to int filter
• 0c02062 Use attribute getter for `sort` filter
• c7337e7 Release v3.2.2
• bea3a43 CHANGELOG: Fix issue link
• 8186d4f Don't append extra newline when using |indent filter
• 73a4eb3 Document `with context` behavior for `import` directive (fr)
• eea081c Document `with context` behavior for `import` directive
• bbcbaf3 Fix issue where sync render would not raise errors in included templates
• 63c4baf Remove development files from NPM package. Fixes fix parlai format batching facebookresearch/ParlAI#984
• 85918ef Document `if` statement with multiple conditions (fr). refs remove lua torch from readme paragraph facebookresearch/ParlAI#1284
• 7ddd747 Document `if` statement with multiple conditions
• 1e29863 Add support for nested attributes in `groupBy` filter. Fixes remove debug code from MemnnAgent facebookresearch/ParlAI#1198
• 7087fa9 Fix precompile bin TypeError: name.replace is not a function
• 1736334 Modify CHANGELOG message for select/reject filters
• 62565a1 Add `reject` filter
• 647fc11 Change version query

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs