UziTech
commented
4 years ago PR #267 should fix this
Open axago opened 4 years ago
UziTech
commented
4 years ago PR #267 should fix this
audiBookning
commented
4 years ago Is this project abandoned? I ask this because the above simple PR has no answers for so much time. I do appreciate the work done here, but i feel that i have to look somewhere else for a solution.
Nonetheless thanks for all the effort put in here that have no doubt benefited so many people.
BillGR17
commented
4 years ago I am running npm v6.13.4
I dont see any security issues with express-hadlebars
handlebars appears to be updating to latest by default
audiBookning
commented
4 years ago True. It would pass since package.json has in the dependencies: "handlebars": "^4.1.2".
I was talking about the lack of feedback on this and others issues, since some month ago. I was asking: Is the package totally "in the wild"?
I was making a side comment, not wanting to create a whole new issue for that and also not seeking to overextend and sidetrack too much the goal of this one. Sorry it seem it was badly executed, since it was just a ping to the package devs or maintainers.
BillGR17
commented
4 years ago I get what you are saying now. I don't know the answer to that question sorry.
Remediation : Upgrade to version 4.4.5 or later.