Open snyk-bot opened 2 years ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5
SNYK-JS-ASYNC-2441827
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: handlebars
The new version differs by 60 commits.- f691db5 v4.1.1
- 25b2e11 Update release notes
- e5c3937 Update release notes
- aef7287 Merge pull request #1511 from wycats/saucelabs
- 684f103 chore: reactivate saucelabs-tests
- 7840ab6 test: make security testcase internet explorer compatible
- 4108b83 Merge pull request #1504 from liqiang372/deprecate-substr-method
- 445ae12 deprecate substr method and use existing strip function in grammar
- 5cedd62 fix: add "runtime.d.ts" to allow "require('handlebars/runtime')"
- 40fb115 Revert "chore: re-activate saucelabs"
- b2e2cfe chore: re-activate saucelabs
- 037bfbf Merge pull request #1500 from wycats/neo-async
- 048f2ce refactor: replace "async" with "neo-async"
- b92589a test: add test for NodeJS compatibility
- 1c62d4c Merge branch 'issue-1495' into 4.x
- 7caca94 v4.1.0
- 7bd34fb Update release notes
- b02e9a2 test: run appveyor tests in Node 10
- f1c8b2e chore: disable sauce-labs
- dbc50ac chore: bump version of grunt-saucelabs
- c6a8fc1 chore: add .idea and yarn-error.log to .gitignore
- 42841c4 fix: disallow access to the constructor in templates to prevent RCE
- 56fc676 test: run appveyor tests in Node 10
- ee30222 chore: disable sauce-labs
See the full diffPackage name: i18n
The new version differs by 194 commits.- 02dd49d tests: use arrow function
- fa50268 eslint refactor var -> const,let
- abb05ec refactor to arrow functions
- 5855724 drop node support < 10
- 9e6559a Merge branch 'gajus-master'
- 234b94b (re-)added tests fast-printf #453
- ef5675c Merge branch 'master' of git://github.com/gajus/i18n-node into gajus-master
- 2461a97 typo
- 737b67d refactored test to cover mf plurals
- 42f12d3 Merge branch 'calmonr-fix-messageformat'
- 0faeee0 Merge branch 'fix-messageformat' of https://github.com/calmonr/i18n-node into calmonr-fix-messageformat
- 6018b9f Merge tag '0.13.4'
- 9683cc6 Merge branch 'release/0.13.4' into npm
- bdce606 v0.13.4
- 4e6963f upgrade tested
- 3139881 save update
- aa60ac7 upgraded devDeps
- b6e672d Merge pull request #482 from Justman10000/patch-1
- ed5c03f should fix coverage report
- 10daf65 publish coverage
- 84008b8 sad to see travis go paid only
- d433ebe Update node.js.yml
- 7b4a0a2 Create node.js.yml
- 5a08ecc #486 - test path traversal vulnerability
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution