Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade handlebars from 4.3.0 to 4.5.3 #156

Merged
merged 2 commits into from Apr 26, 2020
Merged

[Snyk] Security upgrade handlebars from 4.3.0 to 4.5.3 #156

merged 2 commits into from Apr 26, 2020

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

鉁╓hat is Merge Advice? We check thousands of dependency upgrade pull requests and CI tests every day to see which upgrades were successfully merged. After crunching this data, we give a recommendation on how safe we think the change is for you to merge without causing issues. Learn more, and share your feedback to help improve this feature. 馃檹

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
high severity Denial of Service (DoS)
SNYK-JS-HANDLEBARS-480388		 No No Known Exploit
high severity Arbitrary Code Execution
SNYK-JS-HANDLEBARS-534478		 No No Known Exploit
high severity Prototype Pollution
SNYK-JS-HANDLEBARS-534988		 No No Known Exploit
Commit messages
Package name: handlebars The new version differs by 64 commits.
  • c819c8b v4.5.3
  • 827c9d0 Update release notes
  • f7f05d7 fix: add "no-prototype-builtins" eslint-rule and fix all occurences
  • 1988878 fix: add more properties required to be enumerable
  • 886ba86 test/chore: add chai/expect and sinon to "runtime"-environment
  • 0817dad test: add sinon as global variable to eslint in the specs
  • 93516a0 test: add sinon.js for spies, deprecate current assertions
  • 93e284e chore: add chai and dirty-chai for better test assertions
  • c02b05f fix: use !== 0 instead of != 0
  • 8de121d v4.5.2
  • 6914090 Update release notes
  • d541378 fix: use String(field) in lookup when checking for "constructor"
  • c2ac79c test: add fluent API for testing Handlebars
  • 7ef8617 v4.5.1
  • b75e3e1 Update release notes
  • 5e9d17f fix: move "eslint-plugin-compat" to devDependencies
  • b24797d v4.5.0
  • a243067 Update release notes
  • 088e618 chore: add eslint-plugin-compat and eslint-plugin-es5
  • 7052e88 Resolve deprecation warning message from eslint while running eslint (#1586)
  • b8913fc Add missing types for the Exception class properties (#1583)
  • 62ed3c2 Add Handlebars.parseWithoutProcessing (#1584)
  • 7fcf9d2 Use objects for hash value tracking
  • c76ded8 fix: add guard to if & unless helpers (#1549)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

馃 View latest project report

馃洜 Adjust project settings

馃摎 Read more about Snyk's upgrade and patch logic

@coveralls
Copy link

Pull Request Test Coverage Report for Build 562

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 94.783%
Totals Coverage Status
Change from base Build 536: 0.0%
Covered Lines: 80
Relevant Lines: 81
馃挍 - Coveralls

@lahsivjar lahsivjar merged commit d7f0508 into master Apr 26, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@snyk-bot @coveralls @lahsivjar