Skip to content

[Snyk] Upgrade express-handlebars from 3.0.0 to 3.1.0#3

Open
snyk-bot wants to merge 1 commit into
masterfrom
snyk-upgrade-8acd1798e97bdbd7693be6ee7813d0db
Open

[Snyk] Upgrade express-handlebars from 3.0.0 to 3.1.0#3
snyk-bot wants to merge 1 commit into
masterfrom
snyk-upgrade-8acd1798e97bdbd7693be6ee7813d0db

Conversation

@snyk-bot

@snyk-bot snyk-bot commented Aug 7, 2021

Copy link
Copy Markdown

Snyk has created this PR to upgrade express-handlebars from 3.0.0 to 3.1.0.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 3 versions ahead of your current version.
  • The recommended version was released 2 years ago, on 2019-05-14.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-HANDLEBARS-534988
490/1000
Why? CVSS 9.8
No Known Exploit
Arbitrary Code Execution
SNYK-JS-HANDLEBARS-534478
490/1000
Why? CVSS 9.8
No Known Exploit
Denial of Service (DoS)
SNYK-JS-HANDLEBARS-480388
490/1000
Why? CVSS 9.8
No Known Exploit
Prototype Pollution
SNYK-JS-HANDLEBARS-469063
490/1000
Why? CVSS 9.8
No Known Exploit
Prototype Pollution
SNYK-JS-HANDLEBARS-174183
490/1000
Why? CVSS 9.8
No Known Exploit
Prototype Pollution
SNYK-JS-HANDLEBARS-173692
490/1000
Why? CVSS 9.8
No Known Exploit
Prototype Pollution
SNYK-JS-MINIMIST-559764
490/1000
Why? CVSS 9.8
Proof of Concept
Prototype Pollution
SNYK-JS-HANDLEBARS-567742
490/1000
Why? CVSS 9.8
Proof of Concept
Prototype Pollution
SNYK-JS-HANDLEBARS-1279029
490/1000
Why? CVSS 9.8
Proof of Concept
Remote Code Execution (RCE)
SNYK-JS-HANDLEBARS-1056767
490/1000
Why? CVSS 9.8
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: express-handlebars from express-handlebars GitHub release notes
Commit messages
Package name: express-handlebars
  • 5729018 v3.1.0
  • 588646f bump handlebars to 4.1.2 to fix vulnerability issue
  • eac8710 Merge pull request #249 from jfbrennan/master
  • 87f7c11 Update README.md
  • e7e1194 Update README.md
  • 3334f4f Update README.md
  • ebbb003 Update server.js
  • cf09e20 Update server.js
  • 489e8d8 Update express-handlebars.js
  • d489794 Update express-handlebars.js
  • 6ce977a 3.0.2
  • 9e6df75 Merge pull request #245 from JaylanChen/bug-fix-#244
  • b0e1e62 bug fix #244
  • 5d27bb5 Update package.json
  • 6c2d279 Merge pull request #243 from asos-albinotonnina/patch-1
  • 2968603 🚨🚨 Security Update: Handlebars dependency
  • ba0f0d7 Merge pull request #191 from JosephUz/master
  • a78b2f0 Merge pull request #192 from GeekG1rl/patch-1
  • c8a1071 Merge pull request #234 from knoxcard/patch-1
  • 6f97997 Merge pull request #237 from feygon/patch-1
  • 32f6b04 Merge pull request #241 from erikeckhardt/erikeckhardt-patch-1
  • 73eed8e Fix typo
  • f755e50 fixed a typo
  • d71cd4f bump glob, handlebars, object.assign and promise

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant