handlebars-helpers
handlebars-helpers copied to clipboard
Vulnerability found (due to highlight.js)
Consider updating the highlight.js
dependency to prevent the yarn audit
from yelling:
yarn audit
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate │ ReDOS vulnerabities: multiple grammars │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ highlight.js │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=10.4.1 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ handlebars-helpers │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ handlebars-helpers > helper-markdown > highlight.js │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://www.npmjs.com/advisories/1005528 │
└───────────────┴──────────────────────────────────────────────────────────────┘
This is preventing me from using handlebars-helpers.
Since this repository is abandoned, I forked and created a new package here with the fix: https://www.npmjs.com/package/helpers-for-handlebars
Thank you @jonathas