search

mike-works / sql-fundamentals

Mike North's SQL Fundamentals and Professional SQL Courses
https://frontendmasters.com/courses/sql-fundamentals/
BSD 3-Clause "New" or "Revised" License
169 stars 108 forks source link

fix(deps): update dependency express-handlebars to v5 [security] #378

Open renovate[bot] opened 2 years ago

renovate[bot] commented 2 years ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
express-handlebars 3.1.0 -> 5.3.1 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2021-32820

Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability is somewhat restricted in that only files with existing extentions (i.e. file.extension) can be included, files that lack an extension will have .handlebars appended to them. For complete details refer to the referenced GHSL-2021-018 report. Notes in documentation have been added to help users avoid this potential information exposure vulnerability.

A fix is discussed in https://github.com/express-handlebars/express-handlebars/pull/163

Release Notes

express-handlebars/express-handlebars ### [`v5.3.1`](https://togithub.com/express-handlebars/express-handlebars/blob/HEAD/CHANGELOG.md#​531-httpsgithubcomexpress-handlebarsexpress-handlebarscomparev530v531-2021-05-04) [Compare Source](https://togithub.com/express-handlebars/express-handlebars/compare/v5.3.0...v5.3.1) ##### Bug Fixes - add note about security ([78c47a2](https://togithub.com/express-handlebars/express-handlebars/commit/78c47a235c4ad7bc2674bddd8ec2721567ed8c72)) ### [`v5.3.0`](https://togithub.com/express-handlebars/express-handlebars/blob/HEAD/CHANGELOG.md#​530-httpsgithubcomexpress-handlebarsexpress-handlebarscomparev521v530-2021-03-30) [Compare Source](https://togithub.com/express-handlebars/express-handlebars/compare/v5.2.1...v5.3.0) ##### Features - Add partialsDir.rename option ([#​151](https://togithub.com/express-handlebars/express-handlebars/issues/151)) ([1a6771b](https://togithub.com/express-handlebars/express-handlebars/commit/1a6771b0f9a3db1cbd516faf79cb5e20a779e456)) #### [5.2.1](https://togithub.com/express-handlebars/express-handlebars/compare/v5.2.0...v5.2.1) (2021-02-16) ##### Bug Fixes - **deps:** update dependency handlebars to ^4.7.7 ([1930523](https://togithub.com/express-handlebars/express-handlebars/commit/1930523103e6c97a3f3e41d6e7b5d6dc329c66f9)) ### [`v5.2.1`](https://togithub.com/express-handlebars/express-handlebars/blob/HEAD/CHANGELOG.md#​521-httpsgithubcomexpress-handlebarsexpress-handlebarscomparev520v521-2021-02-16) [Compare Source](https://togithub.com/express-handlebars/express-handlebars/compare/v5.2.0...v5.2.1) ##### Bug Fixes - **deps:** update dependency handlebars to ^4.7.7 ([1930523](https://togithub.com/express-handlebars/express-handlebars/commit/1930523103e6c97a3f3e41d6e7b5d6dc329c66f9)) ### [`v5.2.0`](https://togithub.com/express-handlebars/express-handlebars/blob/HEAD/CHANGELOG.md#​520-httpsgithubcomexpress-handlebarsexpress-handlebarscomparev510v520-2020-10-23) [Compare Source](https://togithub.com/express-handlebars/express-handlebars/compare/v5.1.0...v5.2.0) ##### Features - allow views to be an array ([a9f4aaa](https://togithub.com/express-handlebars/express-handlebars/commit/a9f4aaabd657221236b7321a4f87df7c9eb9a1bd)) ### [`v5.1.0`](https://togithub.com/express-handlebars/express-handlebars/blob/HEAD/CHANGELOG.md#​510-httpsgithubcomexpress-handlebarsexpress-handlebarscomparev500v510-2020-07-16) [Compare Source](https://togithub.com/express-handlebars/express-handlebars/compare/v5.0.0...v5.1.0) ##### Features - add encoding option ([9e516c3](https://togithub.com/express-handlebars/express-handlebars/commit/9e516c382269b3ab586a6ab0dbd586b3c23110c4)) ### [`v5.0.0`](https://togithub.com/express-handlebars/express-handlebars/blob/HEAD/CHANGELOG.md#​500-httpsgithubcomexpress-handlebarsexpress-handlebarscomparev406v500-2020-07-06) [Compare Source](https://togithub.com/express-handlebars/express-handlebars/compare/v4.0.6...v5.0.0) ##### Bug Fixes - update code to es2015+ ([e5a08ee](https://togithub.com/express-handlebars/express-handlebars/commit/e5a08eed844f177b0f365f882a20c7b229715bdd)) - update node support ([ea30d53](https://togithub.com/express-handlebars/express-handlebars/commit/ea30d531b2f458c37f65b50bddc504180e774f8f)) ##### BREAKING CHANGES - Drop support for node versions below v10 #### [4.0.6](https://togithub.com/express-handlebars/express-handlebars/compare/v4.0.5...v4.0.6) (2020-07-06) ##### Bug Fixes - add runtimeOptions ([b64284f](https://togithub.com/express-handlebars/express-handlebars/commit/b64284f6f6eab2d184671736c33fc45df5b26246)) #### [4.0.5](https://togithub.com/express-handlebars/express-handlebars/compare/v4.0.4...v4.0.5) (2020-07-03) ##### Bug Fixes - overwrite past settings.views ([c27f1b0](https://togithub.com/express-handlebars/express-handlebars/commit/c27f1b0e8dcf2be974584861433cfb01a10ce1f6)) - renderView returns promise when no callback given ([c39ed87](https://togithub.com/express-handlebars/express-handlebars/commit/c39ed87f2478ed64211821a6ffe1dca7212fb21b)) #### [4.0.4](https://togithub.com/express-handlebars/express-handlebars/compare/v4.0.3...v4.0.4) (2020-04-29) ##### Bug Fixes - **deps:** update dependency graceful-fs to ^4.2.4 ([c01661b](https://togithub.com/express-handlebars/express-handlebars/commit/c01661be5193ea77d9914b71aedcb71d6ad4ab92)) #### [4.0.3](https://togithub.com/express-handlebars/express-handlebars/compare/v4.0.2...v4.0.3) (2020-04-05) ##### Bug Fixes - **deps:** update dependency handlebars to ^4.7.6 ([2aa29ab](https://togithub.com/express-handlebars/express-handlebars/commit/2aa29ab29d5db9becccb5690a6fdef4a46055906)) #### [4.0.2](https://togithub.com/express-handlebars/express-handlebars/compare/v4.0.1...v4.0.2) (2020-04-03) ##### Bug Fixes - **deps:** update dependency handlebars to ^4.7.5 ([#​6](https://togithub.com/express-handlebars/express-handlebars/issues/6)) ([e597254](https://togithub.com/express-handlebars/express-handlebars/commit/e59725426cd6c6ab261127fd96065f30009ea1e1)) ### [`v4.0.6`](https://togithub.com/express-handlebars/express-handlebars/blob/HEAD/CHANGELOG.md#​406-httpsgithubcomexpress-handlebarsexpress-handlebarscomparev405v406-2020-07-06) [Compare Source](https://togithub.com/express-handlebars/express-handlebars/compare/v4.0.5...v4.0.6) ##### Bug Fixes - add runtimeOptions ([b64284f](https://togithub.com/express-handlebars/express-handlebars/commit/b64284f6f6eab2d184671736c33fc45df5b26246)) ### [`v4.0.5`](https://togithub.com/express-handlebars/express-handlebars/blob/HEAD/CHANGELOG.md#​405-httpsgithubcomexpress-handlebarsexpress-handlebarscomparev404v405-2020-07-03) [Compare Source](https://togithub.com/express-handlebars/express-handlebars/compare/v4.0.4...v4.0.5) ##### Bug Fixes - overwrite past settings.views ([c27f1b0](https://togithub.com/express-handlebars/express-handlebars/commit/c27f1b0e8dcf2be974584861433cfb01a10ce1f6)) - renderView returns promise when no callback given ([c39ed87](https://togithub.com/express-handlebars/express-handlebars/commit/c39ed87f2478ed64211821a6ffe1dca7212fb21b)) ### [`v4.0.4`](https://togithub.com/express-handlebars/express-handlebars/blob/HEAD/CHANGELOG.md#​404-httpsgithubcomexpress-handlebarsexpress-handlebarscomparev403v404-2020-04-29) [Compare Source](https://togithub.com/express-handlebars/express-handlebars/compare/v4.0.3...v4.0.4) ##### Bug Fixes - **deps:** update dependency graceful-fs to ^4.2.4 ([c01661b](https://togithub.com/express-handlebars/express-handlebars/commit/c01661be5193ea77d9914b71aedcb71d6ad4ab92)) ### [`v4.0.3`](https://togithub.com/express-handlebars/express-handlebars/blob/HEAD/CHANGELOG.md#​403-httpsgithubcomexpress-handlebarsexpress-handlebarscomparev402v403-2020-04-05) [Compare Source](https://togithub.com/express-handlebars/express-handlebars/compare/v4.0.2...v4.0.3) ##### Bug Fixes - **deps:** update dependency handlebars to ^4.7.6 ([2aa29ab](https://togithub.com/express-handlebars/express-handlebars/commit/2aa29ab29d5db9becccb5690a6fdef4a46055906)) ### [`v4.0.2`](https://togithub.com/express-handlebars/express-handlebars/blob/HEAD/CHANGELOG.md#​402-httpsgithubcomexpress-handlebarsexpress-handlebarscomparev401v402-2020-04-03) [Compare Source](https://togithub.com/express-handlebars/express-handlebars/compare/v4.0.1...v4.0.2) ##### Bug Fixes - **deps:** update dependency handlebars to ^4.7.5 ([#​6](https://togithub.com/express-handlebars/express-handlebars/issues/6)) ([e597254](https://togithub.com/express-handlebars/express-handlebars/commit/e59725426cd6c6ab261127fd96065f30009ea1e1)) ### [`v4.0.1`](https://togithub.com/express-handlebars/express-handlebars/compare/v4.0.0...v4.0.1) [Compare Source](https://togithub.com/express-handlebars/express-handlebars/compare/v4.0.0...v4.0.1) ### [`v4.0.0`](https://togithub.com/express-handlebars/express-handlebars/compare/v3.1.0...v4.0.0) [Compare Source](https://togithub.com/express-handlebars/express-handlebars/compare/v3.1.0...v4.0.0)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] commented 1 year ago

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.