Closed lukos closed 4 years ago
Panini depends on ^4.0.5.
This will automatically use the latest 4.x version. See https://semver.npmjs.com/
We are already aware of this, see https://github.com/foundation/panini/pull/197
Great thanks. I guess I need to npm update somewhere.
The following vuln relates to Handlebars prior to version 4.3: https://nvd.nist.gov/vuln/detail/CVE-2019-19919, Panini depends on ^4.0.5.
If you agree that this version creates a vulnerability, please update the dependency of Handlebars to a later version.