Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade handlebars from 2.0.0 to 3.0.8 #19

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade handlebars from 2.0.0 to 3.0.8 #19

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • test/fixtures/hbs-demo/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
critical severity 704/1000
Why? Has a fix available, CVSS 9.8		 Prototype Pollution
SNYK-JS-HANDLEBARS-534988		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: handlebars The new version differs by 196 commits.
  • 16bd606 v3.0.8
  • 90ad8d9 Update release notes
  • 156061e backport fixes from 4.x
  • 8ba9159 update package-lock.json
  • 55e4d9d v3.0.7
  • bae88eb Update release notes
  • c131bab chore: remove TODO comment from Gruntfile to enable clean build
  • 95f33b1 chore: disable saucelabs-tests since the tunnel is not working
  • 09aaa56 chore: update grunt-saucelabs and aws dependency
  • 0d6d8c3 Merge pull request [Snyk] Fix for 8 vulnerabilities聽#1532 from mattolson/backport-security-fixes
  • 7c39440 Fix Travis by updating git tag retrieval
  • 7820b20 Use istanbul/lib/cli.js instead of node_modules/.bin/istanbul
  • 420ac17 test: run appveyor tests in Node 10
  • 47adcda Fix build on Windows
  • de6ded4 Backport security fixes to 3.x branch
  • 7cf753b chore: fix package.json of components/handlebars.js repo
  • 5a427d2 v3.0.6
  • 26de7bd Update release notes
  • 6e9dbac Revert "Escape = in HTML content"
  • af919d2 chore: ignore idea config
  • df403ed chore: add publishConfig to prevent publishing 3.x as "latest"
  • 9679fe6 chore: update components/handlebars package.json on release
  • 9283205 chore: fix travis build
  • 725986d fix: gracefully handle read-only "column"-property of the Error class

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
馃 View latest project report

馃洜 Adjust project settings

馃摎 Read more about Snyk's upgrade and patch logic

@snyk-bot snyk-bot mentioned this pull request May 14, 2022
Open
@snyk-bot snyk-bot mentioned this pull request Sep 24, 2022
Open
@snyk-bot snyk-bot mentioned this pull request Dec 1, 2022
Open
@snyk-bot snyk-bot mentioned this pull request Jan 9, 2023
Open
This was referenced Apr 25, 2023
Open
Open
@snyk-bot snyk-bot mentioned this pull request Apr 26, 2023
Open
@snyk-bot snyk-bot mentioned this pull request May 29, 2023
Open
@aliscco aliscco mentioned this pull request Jun 6, 2023
Open
This was referenced Feb 2, 2024
Open
Open
This was referenced May 14, 2024
Open
Open
@aliscco aliscco mentioned this pull request May 23, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@snyk-bot