Skip to content
This repository has been archived by the owner on Feb 6, 2023. It is now read-only.

[Security] Bump handlebars from 4.5.1 to 4.7.6 #2428

Closed
wants to merge 1 commit into from
Closed

[Security] Bump handlebars from 4.5.1 to 4.7.6 #2428

wants to merge 1 commit into from

Conversation

dependabot-preview[bot]
Copy link
Contributor

Bumps handlebars from 4.5.1 to 4.7.6. This update includes a security fix.

Vulnerabilities fixed

Sourced from The Node Security Working Group.

Denial of Service Crash Node.js process from handlebars using a small and simple source

Affected versions: <4.6.0

Changelog

Sourced from handlebars's changelog.

v4.7.6 - April 3rd, 2020

Chore/Housekeeping:

Compatibility notes:

  • Restored Node.js compatibility

Commits

v4.7.5 - April 2nd, 2020

Chore/Housekeeping:

  • Node.js version support has been changed to v6+ Reverted in 4.7.6

Compatibility notes:

  • Node.js < v6 is no longer supported Reverted in 4.7.6

Commits

v4.7.4 - April 1st, 2020

Chore/Housekeeping:

Compatibility notes:

  • No incompatibilities are to be expected

Commits

v4.7.3 - February 5th, 2020

Chore/Housekeeping:

  • #1644 - Download links to aws broken on handlebarsjs.com - access denied (@Tea56)
  • Fix spelling and punctuation in changelog - d78cc73

Bugfixes:

  • Add Type Definition for Handlebars.VERSION, Fixes #1647 - 4de51fe
  • Include Type Definition for runtime.js in Package - a32d05f

Compatibility notes:

... (truncated)
Commits
Maintainer changes

This version was pushed to npm by erisds, a new releaser for handlebars since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in the .dependabot/config.yml file in this repo:

  • Update frequency
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

@dependabot-preview
[Security] Bump handlebars from 4.5.1 to 4.7.6
531ce45 
Bumps [handlebars](https://github.com/wycats/handlebars.js) from 4.5.1 to 4.7.6. **This update includes a security fix.**
- [Release notes](https://github.com/wycats/handlebars.js/releases)
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md)
- [Commits](handlebars-lang/handlebars.js@v4.5.1...v4.7.6)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
@dependabot-preview dependabot-preview bot added dependencies Pull requests that update a dependency file security Security issues with Draft.js or its dependencies labels May 14, 2020
@mrkev mrkev mentioned this pull request May 20, 2020
Closed
@dependabot-preview
Copy link
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@facebook-github-bot
Copy link

@mrkev merged this pull request in 9ac399c.

vilemj-Viclick pushed a commit to kontent-ai/draft-js that referenced this pull request Jul 16, 2020
@mrkev @vilemj-Viclick
Upgrade jest and flow-bin deps (facebookarchive#2435)
bceee44 
Summary:
`handlebars` was a dependency of `jest` but has since been removed, so this should also close facebookarchive#2428.
Pull Request resolved: facebookarchive#2435

Test Plan: `npm run jest` && `npm run flow`

Reviewed By: kedromelon

Differential Revision: D21653714

Pulled By: mrkev

fbshipit-source-id: 7b2139663b48d9ec674254f6c5dfd1a68f60a3b0
alicayan008 pushed a commit to alicayan008/draft-js that referenced this pull request Jul 4, 2023
@mrkev @facebook-github-bot
Upgrade jest and flow-bin deps (#2435)
559f7e0 
Summary:
`handlebars` was a dependency of `jest` but has since been removed, so this should also close facebookarchive/draft-js#2428.
Pull Request resolved: facebookarchive/draft-js#2435

Test Plan: `npm run jest` && `npm run flow`

Reviewed By: kedromelon

Differential Revision: D21653714

Pulled By: mrkev

fbshipit-source-id: 7b2139663b48d9ec674254f6c5dfd1a68f60a3b0
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
CLA Signed dependencies Pull requests that update a dependency file Merged security Security issues with Draft.js or its dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@facebook-github-bot