flypapertech / avian

Create Enterprise-class component driven applications that scale.
MIT License
4 stars 0 forks source link

[Snyk] Fix for 2 vulnerabilities #36

Closed snyk-bot closed 4 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change
high severity Arbitrary Code Execution
SNYK-JS-HANDLEBARS-534478
No
high severity Prototype Pollution
SNYK-JS-HANDLEBARS-534988
No
Commit messages
Package name: handlebars The new version differs by 28 commits.
  • c819c8b v4.5.3
  • 827c9d0 Update release notes
  • f7f05d7 fix: add "no-prototype-builtins" eslint-rule and fix all occurences
  • 1988878 fix: add more properties required to be enumerable
  • 886ba86 test/chore: add chai/expect and sinon to "runtime"-environment
  • 0817dad test: add sinon as global variable to eslint in the specs
  • 93516a0 test: add sinon.js for spies, deprecate current assertions
  • 93e284e chore: add chai and dirty-chai for better test assertions
  • c02b05f fix: use !== 0 instead of != 0
  • 8de121d v4.5.2
  • 6914090 Update release notes
  • d541378 fix: use String(field) in lookup when checking for "constructor"
  • c2ac79c test: add fluent API for testing Handlebars
  • 7ef8617 v4.5.1
  • b75e3e1 Update release notes
  • 5e9d17f fix: move "eslint-plugin-compat" to devDependencies
  • b24797d v4.5.0
  • a243067 Update release notes
  • 088e618 chore: add eslint-plugin-compat and eslint-plugin-es5
  • 7052e88 Resolve deprecation warning message from eslint while running eslint (#1586)
  • b8913fc Add missing types for the Exception class properties (#1583)
  • 62ed3c2 Add Handlebars.parseWithoutProcessing (#1584)
  • 7fcf9d2 Use objects for hash value tracking
  • c76ded8 fix: add guard to if & unless helpers (#1549)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic