[Snyk] Upgrade express-handlebars from 5.1.0 to 5.3.4

[snyk-bot]

Snyk has created this PR to upgrade express-handlebars from 5.1.0 to 5.3.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 7 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2021-09-23.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	457/1000 Why? Proof of Concept exploit, CVSS 7	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	457/1000 Why? Proof of Concept exploit, CVSS 7	No Known Exploit
	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	457/1000 Why? Proof of Concept exploit, CVSS 7	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: express-handlebars

• 5.3.4 - 2021-09-23
  

  5.3.4 (2021-09-23)

  Bug Fixes

  • deps: update dependency glob to ^7.2.0 (15c77f5)
• 5.3.3 - 2021-08-05
  

  5.3.3 (2021-08-05)

  Bug Fixes

  • deps: update dependency graceful-fs to ^4.2.7 (94a4073)
• 5.3.2 - 2021-05-06
  

  5.3.2 (2021-05-06)

  Bug Fixes

  • deps: update dependency glob to ^7.1.7 (8222f00)
• 5.3.1 - 2021-05-04
  

  5.3.1 (2021-05-04)

  Bug Fixes

  • add note about security (78c47a2)
• 5.3.0 - 2021-03-30
  

  5.3.0 (2021-03-30)

  Features

  • Add partialsDir.rename option (#151) (1a6771b)
• 5.2.1 - 2021-02-16
  

  5.2.1 (2021-02-16)

  Bug Fixes

  • deps: update dependency handlebars to ^4.7.7 (1930523)
• 5.2.0 - 2020-10-23
  

  5.2.0 (2020-10-23)

  Features

  • allow views to be an array (a9f4aaa)
• 5.1.0 - 2020-07-16
  

  5.1.0 (2020-07-16)

  Features

  • add encoding option (9e516c3)

from express-handlebars GitHub release notes

Commit messages

Package name: express-handlebars

• 8c1a26f chore(release): 5.3.4 [skip ci]
• 378d2c7 Merge pull request #211 from express-handlebars/renovate/glob-7.x
• 15c77f5 fix(deps): update dependency glob to ^7.2.0
• 08623a3 chore(deps): update semantic-release monorepo
• e5ea678 chore(deps): update devdependency jest-cli to ^27.2.1
• af454a1 chore(deps): update devdependency jest-cli to ^27.2.0
• 8cf1fe2 chore(deps): update devdependency jest-cli to ^27.1.1
• afd6355 chore(deps): update devdependency @ semantic-release/git to ^9.0.1
• 2c93b7f chore(deps): update devdependency jest-cli to ^27.1.0
• a02346d chore(deps): update devdependency semantic-release to ^17.4.7
• 6e8a2c9 chore(deps): update devdependency eslint-plugin-import to ^2.24.2
• 942d5d4 chore(deps): update devdependency semantic-release to ^17.4.6
• 0244d02 Merge pull request #198 from express-handlebars/renovate/eslint-plugin-import-2.x
• d78acbf chore(deps): update devdependency eslint-plugin-import to ^2.24.1
• 4d116b3 chore(deps): update devdependency semantic-release to ^17.4.5
• ba2c9fe chore(deps): update devdependency eslint-plugin-import to ^2.24.0
• 960f933 chore(release): 5.3.3 [skip ci]
• 4355941 Merge pull request #194 from express-handlebars/renovate/graceful-fs-4.x
• 94a4073 fix(deps): update dependency graceful-fs to ^4.2.7
• 0fbfbf3 Merge pull request #193 from express-handlebars/renovate/eslint-7.x
• 0aa7b53 chore(deps): update devdependency eslint to ^7.32.0
• 598b764 chore(deps): update devdependency eslint to ^7.31.0
• a78c1fa chore(deps): update devdependency eslint to ^7.30.0
• ad03841 chore(deps): update devdependency jest-cli to ^27.0.6

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs