search

helpers / handlebars-helpers

188 handlebars helpers in ~20 categories. Can be used with Assemble, Ghost, YUI, express.js etc.
http://assemble.io/helpers/
MIT License
2.22k stars 365 forks source link

Vulnerability found (due to highlight.js) #400

Open damianobarbati opened 2 years ago

damianobarbati commented 2 years ago

Consider updating the highlight.js dependency to prevent the yarn audit from yelling:

yarn audit
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate      │ ReDOS vulnerabities: multiple grammars                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ highlight.js                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=10.4.1                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ handlebars-helpers                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ handlebars-helpers > helper-markdown > highlight.js          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1005528                     │
└───────────────┴──────────────────────────────────────────────────────────────┘
hristoiankov commented 2 years ago

This is preventing me from using handlebars-helpers.

jonathas commented 2 years ago

Since this repository is abandoned, I forked and created a new package here with the fix: https://www.npmjs.com/package/helpers-for-handlebars

damianobarbati commented 2 years ago

Thank you @jonathas