search

hobbit-project / platform

HOBBIT benchmarking platform
GNU General Public License v2.0
24 stars 9 forks source link

Frontend security issue: handlebars #212

Closed earthquakesan closed 6 years ago

earthquakesan commented 6 years ago

The handlebars dependency defined in package-lock.json has a known moderate severity security vulnerability in version range < 4.0.0 and should be updated

MichaelRoeder commented 6 years ago

See also https://github.com/hobbit-project/platform/network/dependencies#35635765

Ennosigaeon commented 6 years ago

This is a known issue (see https://github.com/angular/angular-cli/issues/8534) and already fixed for angular-cli v1.5.3. As we are currently using angular-cli v1.2.6 I would suggest to simply update to current version v1.6.x.

MichaelRoeder commented 6 years ago

Sounds good to me. Please do so.

Ennosigaeon commented 6 years ago

I have updated all dependencies, especially Angular to version 5.2.3 and angular-cli to 1.6.7. Furthermore, I have made some minor UI improvements during testing.

MichaelRoeder commented 6 years ago

Fixed in develop.