Depends on handlebars v4.0.1 which has a severe security vulnerability

Question

Depends on handlebars v4.0.1 which has a severe security vulnerability

IanKemp opened this issue 5 years ago · 3 comments

IanKemp commented 5 years ago

Please see https://www.npmjs.com/advisories/1164

mailmrmanoj commented 5 years ago

+1

Answer 1 · 2019-10-10T07:17:39.000Z

Also see: https://app.snyk.io/vuln/npm:istanbul

@gotwarlost , any ETA on this?

Answer 2 · 2019-10-10T07:55:30.000Z

BTW, I'm fully aware that this package is deprecated, but a lot of projects still depend on it, hence why I think a release just to update the dependencies would be justified.