Closed isatria closed 1 year ago
Thanks for letting us know! We already allow every version of uglify-js v3
in the latest handlebars release, including the patched uglify-js version:
"uglify-js": "^3.1.4"
Related to #1882, https://github.com/handlebars-lang/handlebars.js/issues/1845, https://github.com/handlebars-lang/handlebars.js/pull/1879, https://github.com/handlebars-lang/handlebars.js/pull/1877 and https://github.com/handlebars-lang/handlebars.js/pull/1841#issuecomment-1074883027.
Vulnerability: https://security.snyk.io/vuln/SNYK-JS-UGLIFYJS-1727251
Before filing issues, please check the following points first:
I tried reporting the issue on the link above, but the link is broken.
According to twistlock, there is a medium security issue (PRISMA-2021-0169) that needs to be addressed here that affected the uglify-js (before v3.14.3) dependency.
Is there any plan on fixing this?