Open snyk-bot opened 2 years ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5
SNYK-JS-ASYNC-2441827
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: handlebars
The new version differs by 53 commits.- f691db5 v4.1.1
- 25b2e11 Update release notes
- e5c3937 Update release notes
- aef7287 Merge pull request #1511 from wycats/saucelabs
- 684f103 chore: reactivate saucelabs-tests
- 7840ab6 test: make security testcase internet explorer compatible
- 4108b83 Merge pull request #1504 from liqiang372/deprecate-substr-method
- 445ae12 deprecate substr method and use existing strip function in grammar
- 5cedd62 fix: add "runtime.d.ts" to allow "require('handlebars/runtime')"
- 40fb115 Revert "chore: re-activate saucelabs"
- b2e2cfe chore: re-activate saucelabs
- 037bfbf Merge pull request #1500 from wycats/neo-async
- 048f2ce refactor: replace "async" with "neo-async"
- b92589a test: add test for NodeJS compatibility
- 1c62d4c Merge branch 'issue-1495' into 4.x
- 7caca94 v4.1.0
- 7bd34fb Update release notes
- b02e9a2 test: run appveyor tests in Node 10
- f1c8b2e chore: disable sauce-labs
- dbc50ac chore: bump version of grunt-saucelabs
- c6a8fc1 chore: add .idea and yarn-error.log to .gitignore
- 42841c4 fix: disallow access to the constructor in templates to prevent RCE
- 56fc676 test: run appveyor tests in Node 10
- ee30222 chore: disable sauce-labs
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution