Address "Uses eval" Supply Chain Risk

#### What to build

Socket found 2 instances of `eval()` usage in 2 packages. Dynamic code execution is a security risk. We need to identify which packages use it and determine if it's avoidable.

#### Steps to resolve
1. Identify which packages use `eval` — likely `handlebars` (it compiles templates to functions).
2. If it's Handlebars: this is expected behavior for a template engine. Document it as an accepted risk.
3. If it's another package: evaluate if we can replace it.

#### Acceptance criteria
- [ ] Identify which packages use `eval`.
- [ ] If Handlebars: document as accepted (template compilation requires it).
- [ ] If other packages: replace or pin to versions without eval.
- [ ] Add note to SECURITY.md explaining the eval usage.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Address "Uses eval" Supply Chain Risk #81

What to build

Steps to resolve

Acceptance criteria

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Address "Uses eval" Supply Chain Risk #81

Description

What to build

Steps to resolve

Acceptance criteria

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions