cli
cli copied to clipboard
snyk
[Snyk-dev] Security upgrade handlebars from 2.0.0 to 4.7.7
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- test/fixtures/hbs-demo/package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7 |
Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767 |
Yes | Proof of Concept |
 |
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6 |
Prototype Pollution SNYK-JS-HANDLEBARS-1279029 |
Yes | Proof of Concept |
|
579/1000 Why? Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-HANDLEBARS-173692 |
Yes | No Known Exploit |
|
579/1000 Why? Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-HANDLEBARS-469063 |
Yes | No Known Exploit |
|
619/1000 Why? Has a fix available, CVSS 8.1 |
Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478 |
Yes | No Known Exploit |
 |
704/1000 Why? Has a fix available, CVSS 9.8 |
Prototype Pollution SNYK-JS-HANDLEBARS-534988 |
Yes | No Known Exploit |
|
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5 |
Prototype Pollution SNYK-JS-HANDLEBARS-567742 |
Yes | Proof of Concept |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251 |
Yes | No Known Exploit |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Cross-site Scripting (XSS) npm:handlebars:20151207 |
Yes | No Known Exploit |
|
629/1000 Why? Has a fix available, CVSS 8.3 |
Improper minification of non-boolean comparisons npm:uglify-js:20150824 |
Yes | No Known Exploit |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) npm:uglify-js:20151024 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: handlebars
The new version differs by 250 commits.- a9a8e40 v4.7.7
- e66aed5 Update release notes
- 7d4d170 disable IE in Saucelabs tests
- eb860c0 fix weird error in integration tests
- b6d3de7 fix: check prototype property access in strict-mode (#1736)
- f058970 fix: escape property names in compat mode (#1736)
- 77825f8 refator: In spec tests, use expectTemplate over equals and shouldThrow (#1683)
- 3789a30 chore: start testing on Node.js 12 and 13
- e6ad93e v4.7.6
- 2bf4fc6 Update release notes
- b64202b Update release-notes.md
- c2f1e62 Switch cmd parser to latest minimist
- 08e9a11 Revert "chore: set Node.js compatibility to v6+"
- 1fd2ede v4.7.5
- 3c9c2f5 Update release notes
- 16487a0 chore: downgrade yargs to v14
- 309d2b4 chore: set Node.js compatibility to v6+
- 645ac73 test: fix integration tests
- b454b02 docs: update release-docs in CONTRIBUTING.md
- 7adc19a v4.7.4
- 9dd8d10 Update release notes
- 4671c4b Use tmp directory for files written during tests
- e46baa1 tasks/test-bin.js: Delete duplicate test
- c491b4e Revert "Update release-notes.md"
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Remote Code Execution (RCE) 🦉 Prototype Pollution 🦉 Arbitrary Code Execution 🦉 More lessons are available in Snyk Learn
