New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade express-handlebars from 3.0.0 to 3.1.0 #2

Open

snyk-bot wants to merge 1 commit into master from snyk-upgrade-24a14cda32e67596b7cdd6dc4fdcb6c2

snyk-bot commented Mar 23, 2020

Snyk has created this PR to upgrade express-handlebars from 3.0.0 to 3.1.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 3 versions ahead of your current version.
The recommended version was released 10 months ago, on 2019-05-14.

The recommended version fixes:

Severity	Issue	Exploit Maturity
	Prototype Pollution SNYK-JS-HANDLEBARS-534988	No Known Exploit
	Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	No Known Exploit
	Denial of Service (DoS) SNYK-JS-HANDLEBARS-480388	No Known Exploit
	Prototype Pollution SNYK-JS-HANDLEBARS-469063	No Known Exploit
	Prototype Pollution SNYK-JS-HANDLEBARS-174183	No Known Exploit
	Prototype Pollution SNYK-JS-HANDLEBARS-173692	No Known Exploit

Release notes

Package name: express-handlebars

3.1.0 - 2019-05-14
- defaultLayout defaults to main #249
- Upgrade Handlebars to v4.1.2 #250
3.0.2 - 2019-02-24
Fixes #244
3.0.1 - 2019-02-21
Update package.json

updated dependencies that are long over due
3.0.0 - 2016-01-26
Bump package version to 3.0

from express-handlebars GitHub release notes

Commit messages

Package name: express-handlebars

5729018 v3.1.0
588646f bump handlebars to 4.1.2 to fix vulnerability issue
eac8710 Merge pull request #249 from jfbrennan/master
87f7c11 Update README.md
e7e1194 Update README.md
3334f4f Update README.md
ebbb003 Update server.js
cf09e20 Update server.js
489e8d8 Update express-handlebars.js
d489794 Update express-handlebars.js
6ce977a 3.0.2
9e6df75 Merge pull request #245 from JaylanChen/bug-fix-#244
b0e1e62 bug fix #244
5d27bb5 Update package.json
6c2d279 Merge pull request #243 from asos-albinotonnina/patch-1
2968603 🚨🚨 Security Update: Handlebars dependency
ba0f0d7 Merge pull request #191 from JosephUz/master
a78b2f0 Merge pull request #192 from GeekG1rl/patch-1
c8a1071 Merge pull request #234 from knoxcard/patch-1
6f97997 Merge pull request #237 from feygon/patch-1
32f6b04 Merge pull request #241 from erikeckhardt/erikeckhardt-patch-1
73eed8e Fix typo
f755e50 fixed a typo
d71cd4f bump glob, handlebars, object.assign and promise

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs


          fix: upgrade express-handlebars from 3.0.0 to 3.1.0

33abedc

Snyk has created this PR to upgrade express-handlebars from 3.0.0 to 3.1.0.

See this package in NPM:
https://www.npmjs.com/package/express-handlebars

See this project in Snyk:
https://app.snyk.io/org/test-group-organization/project/c017f7b4-7acb-4bac-9d59-1b19a4669ff6?utm_source=github&utm_medium=upgrade-pr

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment