From f8f563cf41f933322d200e6f88955ebd400b8551 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20del=20R=C3=ADo=20Santiago?= Date: Thu, 7 Nov 2019 10:46:31 -0500 Subject: [PATCH 1/3] Update handlebars package due to a Security Vulnerability Update handlebars package due to a Security Vulnerability --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index d5f1fd8..7c4e16d 100644 --- a/package.json +++ b/package.json @@ -26,7 +26,7 @@ "dependencies": { "glob": "^7.1.3", "graceful-fs": "^4.1.2", - "handlebars": "^4.1.2", + "handlebars": "^4.5.1", "object.assign": "^4.1.0", "promise": "^8.0.2" }, From fad8fb411b33fa4ca302ce3b32821c3f0ae15177 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20del=20R=C3=ADo=20Santiago?= Date: Tue, 26 Nov 2019 09:08:03 -0500 Subject: [PATCH 2/3] Bump to next version As @milo526 suggested: Handlebars ^4.5.1 could still be vulnerable to Arbitrary Code Execution and Prototype Pollution. Please upgrade this to ^4.5.3 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 7c4e16d..d620fbd 100644 --- a/package.json +++ b/package.json @@ -26,7 +26,7 @@ "dependencies": { "glob": "^7.1.3", "graceful-fs": "^4.1.2", - "handlebars": "^4.5.1", + "handlebars": "^4.5.3", "object.assign": "^4.1.0", "promise": "^8.0.2" }, From a2563333469a53e7620bd24c7f5721324d6128c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20del=20R=C3=ADo=20Santiago?= Date: Thu, 23 Jan 2020 11:22:42 -0500 Subject: [PATCH 3/3] Update once again the PR --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index d620fbd..a256d80 100644 --- a/package.json +++ b/package.json @@ -26,7 +26,7 @@ "dependencies": { "glob": "^7.1.3", "graceful-fs": "^4.1.2", - "handlebars": "^4.5.3", + "handlebars": "^4.7.2", "object.assign": "^4.1.0", "promise": "^8.0.2" },