watsonarw
commented
8 years ago @hypomodern @cowboyd
Looking to bump the version of handlebars-source to 4.0.5 (currently latest) to bring in fixes to XSS vulnerability https://gemnasium.com/cowboyd/handlebars.rb/alerts
Handlebars source has an XSS vulnerability in versions prior to 4.0.0. See: https://gemnasium.com/cowboyd/handlebars.rb/alerts
By bumping handlebars-source to the latest version, we should resolve this vulnerability.
Also adding a step to update bundler in travis as recommended by https://github.com/travis-ci/travis-ci/issues/3531 as a workaround for bundler issue https://github.com/bundler/bundler/issues/3558