Skip to content

Update handlebars dep to patch vulnerability#7083

Merged
asdf2014 merged 1 commit intoapache:masterfrom
jon-wei:fix_handlebars
Feb 18, 2019
Merged

Update handlebars dep to patch vulnerability#7083
asdf2014 merged 1 commit intoapache:masterfrom
jon-wei:fix_handlebars

Conversation

@jon-wei
Copy link
Copy Markdown
Contributor

@jon-wei jon-wei commented Feb 16, 2019

I saw the following message during a build:

[INFO] added 1153 packages from 1222 contributors and audited 91849 packages in 10.626s
[INFO] found 1 high severity vulnerability
[INFO]   run `npm audit fix` to fix them, or `npm audit` for details

npm audit reports the following:

$ npm audit
                                                                                
                       === npm audit security report ===                        
                                                                                
# Run  npm update handlebars --depth 5  to resolve 1 vulnerability
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High          │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ handlebars                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ jest [dev]                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ jest > jest-cli > istanbul-api > istanbul-reports >          │
│               │ handlebars                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://nodesecurity.io/advisories/755                       │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 high severity vulnerability in 91849 scanned packages
  run `npm audit fix` to fix 1 of them.

This patch is the fix applied by npm audit fix.

@jon-wei jon-wei added this to the 0.14.0 milestone Feb 16, 2019
clintropolis
clintropolis approved these changes Feb 16, 2019
View reviewed changes
Copy link
Copy Markdown
Member

@clintropolis clintropolis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍 at least this is only a dev dependency, so impact is probably minor if any, but still good to fix.

@asdf2014 asdf2014 merged commit 61272d6 into apache:master Feb 18, 2019
jon-wei added a commit to jon-wei/druid that referenced this pull request Feb 28, 2019
@jon-wei
Update handlebars dep to patch vulnerability (apache#7083)
6f43a71
@jon-wei jon-wei mentioned this pull request Feb 28, 2019
Merged
clintropolis pushed a commit that referenced this pull request Mar 1, 2019
@jon-wei @clintropolis
Update handlebars dep to patch vulnerability (#7083) (#7164)
8ee9747
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@clintropolis clintropolis clintropolis approved these changes

@drcrallen drcrallen drcrallen approved these changes

Assignees

No one assigned

Labels

Bug Security

Projects

None yet

Milestone

0.14.0

Development

Successfully merging this pull request may close these issues.

4 participants

@jon-wei @clintropolis @drcrallen @asdf2014