Bower1.8.8 has a version of handlebars that caused Prototype Pollution.

bower / bower

A package manager for the web

bower.io

MIT License

14.99k stars 1.85k forks source link

Bower1.8.8 has a version of handlebars that caused Prototype Pollution. #2580

Closed nli8n closed 3 years ago

nli8n commented 4 years ago

Bower1.8.8 has a version of handlebars that caused Prototype Pollution. Please upgrade handlebars to 4.5.3

sheerun commented 3 years ago

Upgrade of handlebars will be released in 1.8.9 soon

nli8n commented 3 years ago

@sheerun : is bower going to release new version 1.8.9??

sheerun commented 3 years ago

Yes, today

On Tue, 12 Jan 2021 at 05:23, Priyanka Gurnani notifications@github.com wrote:

@sheerun https://github.com/sheerun : is bower going to release new version 1.8.9??

— You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub https://github.com/bower/bower/issues/2580#issuecomment-758388045, or unsubscribe https://github.com/notifications/unsubscribe-auth/AACHMDKQOXE7W737E6BR2YTSZPFCNANCNFSM4M2KDQMA .