danielkov / geodaisy

๐ŸŒŽGeolocation related algorithms for browser and web
MIT License
0 stars 0 forks source link

chore(deps): update dependency handlebars to 4.7.7 [security] #524

Closed renovate[bot] closed 2 years ago

renovate[bot] commented 2 years ago

WhiteSource Renovate

This PR contains the following updates:

Package Change
handlebars 4.7.6 -> 4.7.7

GitHub Vulnerability Alerts

CVE-2021-23369

The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.

CVE-2021-23383

The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.


Configuration

๐Ÿ“… Schedule: "" (UTC).

๐Ÿšฆ Automerge: Disabled by config. Please merge this manually once you are satisfied.

โ™ป Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

๐Ÿ”• Ignore: Close this PR and you won't be reminded about this update again.



This PR has been generated by WhiteSource Renovate. View repository job log here.

github-actions[bot] commented 2 years ago

This pull request does not seem to be getting much attention. If you feel this is an important change, try contacting one of the contributors of the project.

renovate[bot] commented 2 years ago

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (4.7.7). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.