Security: npm audit reports high vulnerability for handlebars package #367
Comments
|
Here are the guides for contributors: http://karma-runner.github.io/3.0/dev/contributing.html |
|
For others who are waiting for this to be sorted out in this module, take a look at this handy module for forcing the resolution of specific versions of transitive dependencies. https://www.npmjs.com/package/npm-force-resolutions Handy for cases where there is a security vulnerability and the maintainers might take some time to resolve them |
|
Is there a chance to get a new release with updated dependencies? What is blocking or missing? |
|
There is a PR #377 to update the vulnerable package. We can help testing and merging the PR to fix this issue 😉 |
|
Looks like a new release would close this issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Here is the report of the npm audit
Run npm update handlebars --depth 3 to resolve 1 vulnerability
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Prototype Pollusion │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ handlebars │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ karma-coverage [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ karma-coverage > istanbul > handlebars │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/755
The text was updated successfully, but these errors were encountered: