Skip to content

fix: Fix Dependabot alert #40 - Upgrade handlebars to 4.7.9#50

Merged
zygintas merged 2 commits intomainfrom
dex-automation/upgrade-handlebars-4.7.9-1774855916855
Mar 30, 2026
Merged

fix: Fix Dependabot alert #40 - Upgrade handlebars to 4.7.9#50
zygintas merged 2 commits intomainfrom
dex-automation/upgrade-handlebars-4.7.9-1774855916855

Conversation

@dex-botas
Copy link
Copy Markdown
Contributor

@dex-botas dex-botas bot commented Mar 30, 2026

🤖 Dex Code Automation

Slack Thread: View Discussion

Original Task:

View task details 
# Task
Title: Fix Dependabot alert #40 - Upgrade handlebars to 4.7.9
Description:
## Security Fix

Resolves Dependabot alert #40: https://github.com/hostinger/api-n8n-node/security/dependabot/40

### Vulnerability
- **Package**: `handlebars` (npm)
- **Affected versions**: `>= 4.0.0, < 4.7.9`
- **Patched version**: `4.7.9`

### Fix
Upgrade `handlebars` dependency to version `4.7.9` or higher to resolve the security vulnerability.

Update `package.json` and `package-lock.json` (or `yarn.lock` if applicable) to use `handlebars@4.7.9`.

# Instructions
Implement this task based on the description.
Always follow codebase rules defined in .cursor/rules directory.
It's critical that you don't over-engineer, stay within the scope of the task. Don't modify unrelated files if not in the scope of the task.
Before implementing, check if there are similar existing solutions.
After implementing, make sure that tests and lints are passing.
Only run the lint for the changed files, not the entire codebase.
Branch creation, committing with signed commits and pushing to remote is handled by the environment, you don't need to worry about that

Triggered by: zygintas@hostinger.com
Run ID: 23733180358

🤖 Change Summary

Added handlebars 4.7.9 override in package.json to force transitive dependency upgrade from 4.7.8. Handlebars is pulled in by @langchain/community and @n8n/node-cli. Override approach used since it's not a direct dependency. Build and lint pass.

Changes Made

2 file(s) modified

  • package-lock.json
  • package.json

@dex-botas dex-botas bot requested a review from a team as a code owner March 30, 2026 07:34
@dex-botas
Copy link
Copy Markdown
Contributor Author

dex-botas bot commented Mar 30, 2026

/dex

Instructions:
Do not add handlebars to package.json. Only update package-lock.json to resolve the dependabot alert for handlebars (upgrade to 4.7.9). Remove any changes made to package.json.

Triggered by: zygintas@hostinger.com

@dex-botas
Copy link
Copy Markdown
Contributor Author

dex-botas bot commented Mar 30, 2026

✅ I've addressed your feedback

Summary by AI

Removed handlebars override from package.json, reverted to original. Updated package-lock.json directly to upgrade handlebars 4.7.8→4.7.9 (version, resolved URL, integrity hash) for both top-level and @n8n/node-cli dependency entries. Build/lint commands unavailable (n8n-node CLI not installed) but changes are lock-file only, no code impact.

Detected file changes:

2 file(s) modified

  • package-lock.json
  • package.json

@zygintas zygintas merged commit cc24e22 into main Mar 30, 2026
@zygintas zygintas deleted the dex-automation/upgrade-handlebars-4.7.9-1774855916855 branch March 30, 2026 07:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zygintas zygintas zygintas approved these changes

Assignees

@zygintas zygintas

Labels

dex-code-automation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@zygintas