Skip to content
This repository was archived by the owner on Sep 21, 2022. It is now read-only.

Update dependency express-handlebars to v5 [SECURITY]#507

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-express-handlebars-vulnerability
Open

Update dependency express-handlebars to v5 [SECURITY]#507
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-express-handlebars-vulnerability

Conversation

@renovate
Copy link

@renovate renovate bot commented Feb 11, 2022
edited
Loading

WhiteSource Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
express-handlebars ^4.0.4 -> ^5.0.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2021-32820

Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability is somewhat restricted in that only files with existing extentions (i.e. file.extension) can be included, files that lack an extension will have .handlebars appended to them. For complete details refer to the referenced GHSL-2021-018 report. Notes in documentation have been added to help users avoid this potential information exposure vulnerability.

A fix is discussed in https://github.com/express-handlebars/express-handlebars/pull/163

Release Notes

express-handlebars/express-handlebars

v5.3.1

Compare Source

Bug Fixes
  • add note about security (78c47a2)

v5.3.0

Compare Source

Features

5.2.1 (2021-02-16)

Bug Fixes
  • deps: update dependency handlebars to ^4.7.7 (1930523)

v5.2.1

Compare Source

Bug Fixes
  • deps: update dependency handlebars to ^4.7.7 (1930523)

v5.2.0

Compare Source

Features
  • allow views to be an array (a9f4aaa)

v5.1.0

Compare Source

Features

v5.0.0

Compare Source

Bug Fixes
BREAKING CHANGES
  • Drop support for node versions below v10

4.0.6 (2020-07-06)

Bug Fixes

4.0.5 (2020-07-03)

Bug Fixes
  • overwrite past settings.views (c27f1b0)
  • renderView returns promise when no callback given (c39ed87)

4.0.4 (2020-04-29)

Bug Fixes
  • deps: update dependency graceful-fs to ^4.2.4 (c01661b)

4.0.3 (2020-04-05)

Bug Fixes
  • deps: update dependency handlebars to ^4.7.6 (2aa29ab)

4.0.2 (2020-04-03)

Bug Fixes
  • deps: update dependency handlebars to ^4.7.5 (#​6) (e597254)

Configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

@renovate renovate bot requested a review from a team as a code owner February 11, 2022 00:26
@next-team next-team temporarily deployed to google-amp-renovate-npm-lyc1tb February 11, 2022 00:27 Inactive
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from 6700671 to e0ca83d Compare February 11, 2022 02:12
@renovate renovate bot changed the title Update dependency express-handlebars to v6 [SECURITY] Update dependency express-handlebars to v5 [SECURITY] Feb 11, 2022
@next-team next-team temporarily deployed to google-amp-renovate-npm-lyc1tb February 11, 2022 02:12 Inactive
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from e0ca83d to 57a0644 Compare February 11, 2022 08:01
@renovate renovate bot changed the title Update dependency express-handlebars to v5 [SECURITY] Update dependency express-handlebars to v6 [SECURITY] Feb 11, 2022
@next-team next-team temporarily deployed to google-amp-renovate-npm-lyc1tb February 11, 2022 08:01 Inactive
@renovate renovate bot changed the title Update dependency express-handlebars to v6 [SECURITY] Update dependency express-handlebars to v5 [SECURITY] Feb 11, 2022
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from 57a0644 to e09db59 Compare February 11, 2022 09:51
@next-team next-team temporarily deployed to google-amp-renovate-npm-lyc1tb February 11, 2022 09:51 Inactive
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from e09db59 to 3de95ff Compare February 13, 2022 10:15
@renovate renovate bot changed the title Update dependency express-handlebars to v5 [SECURITY] Update dependency express-handlebars to v6 [SECURITY] Feb 13, 2022
@next-team next-team temporarily deployed to google-amp-renovate-npm-gds5yc February 13, 2022 10:16 Inactive
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from 3de95ff to 4240e2f Compare February 13, 2022 11:57
@renovate renovate bot changed the title Update dependency express-handlebars to v6 [SECURITY] Update dependency express-handlebars to v5 [SECURITY] Feb 13, 2022
@next-team next-team temporarily deployed to google-amp-renovate-npm-gds5yc February 13, 2022 11:57 Inactive
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from 4240e2f to a5a8939 Compare February 15, 2022 12:28
@renovate renovate bot changed the title Update dependency express-handlebars to v5 [SECURITY] Update dependency express-handlebars to v6 [SECURITY] Feb 15, 2022
@next-team next-team temporarily deployed to google-amp-renovate-npm-xkijzr February 15, 2022 12:31 Inactive
@renovate renovate bot changed the title Update dependency express-handlebars to v6 [SECURITY] Update dependency express-handlebars to v5 [SECURITY] Feb 15, 2022
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from a5a8939 to c57a4e6 Compare February 15, 2022 14:13
@next-team next-team temporarily deployed to google-amp-renovate-npm-xkijzr February 15, 2022 14:13 Inactive
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from c57a4e6 to db1bd59 Compare February 16, 2022 09:32
@renovate renovate bot changed the title Update dependency express-handlebars to v5 [SECURITY] Update dependency express-handlebars to v6 [SECURITY] Feb 16, 2022
@next-team next-team temporarily deployed to google-amp-renovate-npm-xkijzr February 16, 2022 09:32 Inactive
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from db1bd59 to f588473 Compare February 16, 2022 11:41
@renovate renovate bot changed the title Update dependency express-handlebars to v6 [SECURITY] Update dependency express-handlebars to v5 [SECURITY] Feb 16, 2022
@next-team next-team temporarily deployed to google-amp-renovate-npm-xkijzr February 16, 2022 11:41 Inactive
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from f588473 to 30ba040 Compare February 17, 2022 09:12
@next-team next-team temporarily deployed to google-amp-renovate-npm-caffda April 14, 2022 20:48 Inactive
@renovate renovate bot changed the title Update dependency express-handlebars to v5 [SECURITY] Update dependency express-handlebars to v6 [SECURITY] Apr 21, 2022
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from 19a4f9d to 697a4db Compare April 21, 2022 21:50
@renovate renovate bot changed the title Update dependency express-handlebars to v6 [SECURITY] Update dependency express-handlebars to v5 [SECURITY] Apr 22, 2022
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from 697a4db to 45d3505 Compare April 22, 2022 14:08
@renovate renovate bot changed the title Update dependency express-handlebars to v5 [SECURITY] Update dependency express-handlebars to v6 [SECURITY] Apr 23, 2022
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch 2 times, most recently from 6c7aa97 to 71f540b Compare April 24, 2022 01:00
@renovate renovate bot changed the title Update dependency express-handlebars to v6 [SECURITY] Update dependency express-handlebars to v5 [SECURITY] Apr 24, 2022
@renovate renovate bot changed the title Update dependency express-handlebars to v5 [SECURITY] Update dependency express-handlebars to v6 [SECURITY] Apr 29, 2022
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from 71f540b to ce42dbf Compare April 29, 2022 10:57
@renovate renovate bot changed the title Update dependency express-handlebars to v6 [SECURITY] Update dependency express-handlebars to v5 [SECURITY] Apr 29, 2022
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch 2 times, most recently from 9fc90ca to 4ea3b9b Compare May 3, 2022 14:43
@renovate renovate bot changed the title Update dependency express-handlebars to v5 [SECURITY] Update dependency express-handlebars to v6 [SECURITY] May 3, 2022
@renovate renovate bot changed the title Update dependency express-handlebars to v6 [SECURITY] Update dependency express-handlebars to v5 [SECURITY] May 3, 2022
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from 4ea3b9b to 70bbe6b Compare May 3, 2022 17:12
@renovate renovate bot changed the title Update dependency express-handlebars to v5 [SECURITY] Update dependency express-handlebars to v6 [SECURITY] May 6, 2022
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from 70bbe6b to 146026f Compare May 6, 2022 11:04
@renovate renovate bot changed the title Update dependency express-handlebars to v6 [SECURITY] Update dependency express-handlebars to v5 [SECURITY] May 6, 2022
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from 146026f to 3f3418c Compare May 6, 2022 12:56
@renovate renovate bot changed the title Update dependency express-handlebars to v5 [SECURITY] Update dependency express-handlebars to v6 [SECURITY] May 7, 2022
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from 3f3418c to c5064ab Compare May 7, 2022 16:21
@renovate renovate bot changed the title Update dependency express-handlebars to v6 [SECURITY] Update dependency express-handlebars to v5 [SECURITY] May 7, 2022
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch 2 times, most recently from d253c1f to 358d7fd Compare May 11, 2022 10:05
@renovate renovate bot changed the title Update dependency express-handlebars to v5 [SECURITY] Update dependency express-handlebars to v6 [SECURITY] May 11, 2022
@renovate renovate bot changed the title Update dependency express-handlebars to v6 [SECURITY] Update dependency express-handlebars to v5 [SECURITY] May 11, 2022
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from 358d7fd to 19931f6 Compare May 11, 2022 14:33
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@next-team @renovate-bot