Depends on handlebars v4.0.1 which has a severe security vulnerability

gotwarlost / istanbul

Yet another JS code coverage tool that computes statement, line, function and branch coverage with module loader hooks to transparently add coverage when running tests. Supports all JS coverage use cases including unit tests, server side functional tests and browser tests. Built for scale.

Other

8.7k stars 786 forks source link

Depends on handlebars v4.0.1 which has a severe security vulnerability #920

Open IanKemp opened 4 years ago

IanKemp commented 4 years ago

Please see https://www.npmjs.com/advisories/1164

Cazaimi commented 4 years ago

Also see: https://app.snyk.io/vuln/npm:istanbul

@gotwarlost , any ETA on this?

IanKemp commented 4 years ago

BTW, I'm fully aware that this package is deprecated, but a lot of projects still depend on it, hence why I think a release just to update the dependencies would be justified.

mailmrmanoj commented 4 years ago