Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade handlebars from 4.1.2 to 4.6.0 #38

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade handlebars from 4.1.2 to 4.6.0 #38

wants to merge 2 commits into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

✨What is Merge Advice? We check thousands of dependency upgrade pull requests and CI tests every day to see which upgrades were successfully merged. After crunching this data, we give a recommendation on how safe we think the change is for you to merge without causing issues. Learn more, and share your feedback to help improve this feature. 🙏

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • metalsmith/package.json
    • metalsmith/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Prototype Pollution
SNYK-JS-HANDLEBARS-567742		 No Proof of Concept
Commit messages
Package name: handlebars The new version differs by 112 commits.
  • 91a1b5d v4.6.0
  • 770d746 Update release notes
  • d7f0dcf refactor: fix typo in private test method
  • 187d611 test: add path to nodeJs when running test:bin
  • d337f40 test: show diff when test:bin fails
  • d03b6ec feat: access control to prototype properties via whitelist
  • 164b7ff chore: ignore .nyc_output
  • ac4655e chore: disable "dot-notation" rule
  • 14b621c test/style: remove or hide unused code in git.js, add tests
  • 1ec1737 test/style: refactor remaining grunt tasks to use promises instead of callbacks
  • 1ebce2b test/style: use nyc instead of istanbul, npm audit fix
  • 3a5b65e test/style: refactor parser task
  • dde108e test/style: refactor test-task to make it more readable
  • dc54952 chore: change eslint-rules for tasks/
  • d1fb07b Update (C) year in the LICENSE file
  • 04b1984 chore: try to fix saucelabs credentials (#1627)
  • c40d9f3 chore: active linting and formatting on commit
  • 8901c28 chore: fix task name in build
  • e97685e style: reformat all files using prettier
  • e913dc5 chore: restructure build commands
  • 1f61f21 chore: configure prettier and eslint
  • 587e7a3 remove yarn.lock
  • edcc84f Update readme.md with updated links (#1620)
  • 23d58e7 fix(runtime.js): partials compile not caching (#1600)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@ajesse11x ajesse11x mentioned this pull request Apr 26, 2022
Open
@ajesse11x ajesse11x mentioned this pull request Apr 29, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@snyk-bot