handlebars-helpers icon indicating copy to clipboard operation
handlebars-helpers copied to clipboard

Published 20 hours ago verified publisher icon helpers

Vulnerability found (due to highlight.js)

Open damianobarbati opened this issue 2 years ago • 3 comments

Consider updating the highlight.js dependency to prevent the yarn audit from yelling:

yarn audit
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ moderate      │ ReDOS vulnerabities: multiple grammars                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ highlight.js                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=10.4.1                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ handlebars-helpers                                           │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ handlebars-helpers > helper-markdown > highlight.js          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1005528                     │
└───────────────┴──────────────────────────────────────────────────────────────┘

damianobarbati avatar Jan 11 '22 16:01 damianobarbati

This is preventing me from using handlebars-helpers.

hristoiankov avatar Apr 02 '22 13:04 hristoiankov

Since this repository is abandoned, I forked and created a new package here with the fix: https://www.npmjs.com/package/helpers-for-handlebars

jonathas avatar May 19 '22 10:05 jonathas

Thank you @jonathas

damianobarbati avatar May 19 '22 10:05 damianobarbati