eXigentCoder / dobby

A monorepo for a collection of useful services to aid development.
MIT License
0 stars 0 forks source link

[Snyk] Security upgrade handlebars from 4.5.1 to 4.7.7 #23

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 673/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.6
Prototype Pollution
SNYK-JS-HANDLEBARS-1279029
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: handlebars The new version differs by 84 commits.
  • a9a8e40 v4.7.7
  • e66aed5 Update release notes
  • 7d4d170 disable IE in Saucelabs tests
  • eb860c0 fix weird error in integration tests
  • b6d3de7 fix: check prototype property access in strict-mode (#1736)
  • f058970 fix: escape property names in compat mode (#1736)
  • 77825f8 refator: In spec tests, use expectTemplate over equals and shouldThrow (#1683)
  • 3789a30 chore: start testing on Node.js 12 and 13
  • e6ad93e v4.7.6
  • 2bf4fc6 Update release notes
  • b64202b Update release-notes.md
  • c2f1e62 Switch cmd parser to latest minimist
  • 08e9a11 Revert "chore: set Node.js compatibility to v6+"
  • 1fd2ede v4.7.5
  • 3c9c2f5 Update release notes
  • 16487a0 chore: downgrade yargs to v14
  • 309d2b4 chore: set Node.js compatibility to v6+
  • 645ac73 test: fix integration tests
  • b454b02 docs: update release-docs in CONTRIBUTING.md
  • 7adc19a v4.7.4
  • 9dd8d10 Update release notes
  • 4671c4b Use tmp directory for files written during tests
  • e46baa1 tasks/test-bin.js: Delete duplicate test
  • c491b4e Revert "Update release-notes.md"
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic