Dependancy webfonts-generator has been archived and has vulnerabilities
sn3p opened this issue · 1 comments
sn3p commented
Dependancy webfonts-loader has been archived and will probably not be updated anymore.
We're receiving a security warning for the handlebars dependancy:
https://www.npmjs.com/advisories/755
Prototype Pollusion
All versions ofhandlebarsare vulnerable to Prototype Pollusion. Templates may alter an Objects' > prototype, thus allowing an attacker to execute arbitrary code on the server.Affected versions: <=4.0.12
We're not using handlebars, just like to bring it to your attention.
github-actions commented
Stale issue message