search

leshill / handlebars_assets

Use handlebars.js templates with the Rails asset pipeline.
MIT License
649 stars 159 forks source link

Update Handlebars to 4.4.5 or higher for Handlebars Vulnerability #174

Closed melissap-nulogy closed 4 years ago

melissap-nulogy commented 4 years ago

There is a vulnerability in Handlebars versions >=4.0.0 <4.4.5 regarding raw block helpers.

The vulnerability: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-480388 The Handlebars issue: https://github.com/wycats/handlebars.js/issues/1579 The Handlebars fix: https://github.com/wycats/handlebars.js/commit/8d5530ee2c3ea9f0aee3fde310b9f36887d00b8b

AlexRiedler commented 4 years ago

Upgraded to latest release, which includes v4.5.2 (weirdly enough their website is still 4.4.3)