search

helpers / handlebars-helpers

188 handlebars helpers in ~20 categories. Can be used with Assemble, Ghost, YUI, express.js etc.
http://assemble.io/helpers/
MIT License
2.22k stars 365 forks source link

updates micromatch version number #422

Open cmcculloh-kr opened 10 months ago

cmcculloh-kr commented 10 months ago

This PR addresses Snyk identified security vulnerabilities from an older version of micromatch.

I have a PR open with helper-md and another one with helper-markdown that once merged could be included in either this or a later PR that addresses security vulnerabilities found there (and thus here) as well.

These vulnerabilities were found through an internal tool called "Snyk". You can see the vulnerability reports below. Basically the issue is that you need to upgrade your version of micromatch (and then once helper-md updates their code, updating your version of helper-md will address the other concerns).

image image image image image

scotty6435 commented 5 months ago

+1 for this fix though it needs further updates to the latest version. This will fix a number of vulns which are currently being flagged on our vulnerability management tool