search

squirrellyjs / squirrelly

Semi-embedded JS template engine that supports helpers, filters, partials, and template inheritance. 4KB minzipped, written in TypeScript ⛺
https://squirrelly.js.org
MIT License
555 stars 81 forks source link

[security] Don't use data object for Squirrelly configuration #254

Closed legobeat closed 1 year ago

legobeat commented 1 year ago

It would be really great if Squirrelly released a fix for https://github.com/advisories/GHSA-q8j6-pwqx-pm96.

This is an attempt at porting over the corresponding fix from https://github.com/eta-dev/eta/pull/214

Reported in #238

https://github.com/eta-dev/eta/releases/tag/v2.0.0

nebrelbug commented 1 year ago

@legobeat thanks for the PR. I'll merge this tonight and release 9.0.0.