Skip to content
This repository was archived by the owner on Sep 21, 2022. It is now read-only.

Update dependency express-handlebars to v5 [SECURITY]#507

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-express-handlebars-vulnerability
Open

Update dependency express-handlebars to v5 [SECURITY]#507
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-express-handlebars-vulnerability

Conversation

@renovate
Copy link
Copy Markdown

@renovate renovate bot commented Feb 11, 2022
edited
Loading

WhiteSource Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
express-handlebars ^4.0.4 -> ^5.0.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2021-32820

Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability is somewhat restricted in that only files with existing extentions (i.e. file.extension) can be included, files that lack an extension will have .handlebars appended to them. For complete details refer to the referenced GHSL-2021-018 report. Notes in documentation have been added to help users avoid this potential information exposure vulnerability.

A fix is discussed in https://github.com/express-handlebars/express-handlebars/pull/163

Release Notes

express-handlebars/express-handlebars

v5.3.1

Compare Source

Bug Fixes
  • add note about security (78c47a2)

v5.3.0

Compare Source

Features

5.2.1 (2021-02-16)

Bug Fixes
  • deps: update dependency handlebars to ^4.7.7 (1930523)

v5.2.1

Compare Source

Bug Fixes
  • deps: update dependency handlebars to ^4.7.7 (1930523)

v5.2.0

Compare Source

Features
  • allow views to be an array (a9f4aaa)

v5.1.0

Compare Source

Features

v5.0.0

Compare Source

Bug Fixes
BREAKING CHANGES
  • Drop support for node versions below v10

4.0.6 (2020-07-06)

Bug Fixes

4.0.5 (2020-07-03)

Bug Fixes
  • overwrite past settings.views (c27f1b0)
  • renderView returns promise when no callback given (c39ed87)

4.0.4 (2020-04-29)

Bug Fixes
  • deps: update dependency graceful-fs to ^4.2.4 (c01661b)

4.0.3 (2020-04-05)

Bug Fixes
  • deps: update dependency handlebars to ^4.7.6 (2aa29ab)

4.0.2 (2020-04-03)

Bug Fixes
  • deps: update dependency handlebars to ^4.7.5 (#​6) (e597254)

Configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

@renovate renovate bot requested a review from a team as a code owner February 11, 2022 00:26
@next-team next-team temporarily deployed to google-amp-renovate-npm-lyc1tb February 11, 2022 00:27 Inactive
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from 6700671 to e0ca83d Compare February 11, 2022 02:12
@renovate renovate bot changed the title Update dependency express-handlebars to v6 [SECURITY] Update dependency express-handlebars to v5 [SECURITY] Feb 11, 2022
@next-team next-team temporarily deployed to google-amp-renovate-npm-lyc1tb February 11, 2022 02:12 Inactive
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from e0ca83d to 57a0644 Compare February 11, 2022 08:01
@renovate renovate bot changed the title Update dependency express-handlebars to v5 [SECURITY] Update dependency express-handlebars to v6 [SECURITY] Feb 11, 2022
@next-team next-team temporarily deployed to google-amp-renovate-npm-lyc1tb February 11, 2022 08:01 Inactive
@renovate renovate bot changed the title Update dependency express-handlebars to v6 [SECURITY] Update dependency express-handlebars to v5 [SECURITY] Feb 11, 2022
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from 57a0644 to e09db59 Compare February 11, 2022 09:51
@next-team next-team temporarily deployed to google-amp-renovate-npm-lyc1tb February 11, 2022 09:51 Inactive
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from e09db59 to 3de95ff Compare February 13, 2022 10:15
@renovate renovate bot changed the title Update dependency express-handlebars to v5 [SECURITY] Update dependency express-handlebars to v6 [SECURITY] Feb 13, 2022
@next-team next-team temporarily deployed to google-amp-renovate-npm-gds5yc February 13, 2022 10:16 Inactive
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from 3de95ff to 4240e2f Compare February 13, 2022 11:57
@renovate renovate bot changed the title Update dependency express-handlebars to v6 [SECURITY] Update dependency express-handlebars to v5 [SECURITY] Feb 13, 2022
@next-team next-team temporarily deployed to google-amp-renovate-npm-gds5yc February 13, 2022 11:57 Inactive
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from 4240e2f to a5a8939 Compare February 15, 2022 12:28
@renovate renovate bot changed the title Update dependency express-handlebars to v5 [SECURITY] Update dependency express-handlebars to v6 [SECURITY] Feb 15, 2022
@next-team next-team temporarily deployed to google-amp-renovate-npm-xkijzr February 15, 2022 12:31 Inactive
@renovate renovate bot changed the title Update dependency express-handlebars to v6 [SECURITY] Update dependency express-handlebars to v5 [SECURITY] Feb 15, 2022
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from a5a8939 to c57a4e6 Compare February 15, 2022 14:13
@next-team next-team temporarily deployed to google-amp-renovate-npm-xkijzr February 15, 2022 14:13 Inactive
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from c57a4e6 to db1bd59 Compare February 16, 2022 09:32
@renovate renovate bot changed the title Update dependency express-handlebars to v5 [SECURITY] Update dependency express-handlebars to v6 [SECURITY] Feb 16, 2022
@next-team next-team temporarily deployed to google-amp-renovate-npm-xkijzr February 16, 2022 09:32 Inactive
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from db1bd59 to f588473 Compare February 16, 2022 11:41
@renovate renovate bot changed the title Update dependency express-handlebars to v6 [SECURITY] Update dependency express-handlebars to v5 [SECURITY] Feb 16, 2022
@next-team next-team temporarily deployed to google-amp-renovate-npm-xkijzr February 16, 2022 11:41 Inactive
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from f588473 to 30ba040 Compare February 17, 2022 09:12
@renovate renovate bot changed the title Update dependency express-handlebars to v5 [SECURITY] Update dependency express-handlebars to v6 [SECURITY] Feb 23, 2022
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from 3a24feb to 791930f Compare February 23, 2022 13:58
@next-team next-team temporarily deployed to google-amp-renovate-npm-2qxi5c February 23, 2022 14:00 Inactive
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from 791930f to f7fe660 Compare February 23, 2022 15:41
@renovate renovate bot changed the title Update dependency express-handlebars to v6 [SECURITY] Update dependency express-handlebars to v5 [SECURITY] Feb 23, 2022
@next-team next-team temporarily deployed to google-amp-renovate-npm-2qxi5c February 23, 2022 15:41 Inactive
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from f7fe660 to 8bb6358 Compare February 23, 2022 21:53
@renovate renovate bot changed the title Update dependency express-handlebars to v5 [SECURITY] Update dependency express-handlebars to v6 [SECURITY] Feb 23, 2022
@next-team next-team temporarily deployed to google-amp-renovate-npm-2qxi5c February 23, 2022 21:54 Inactive
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from 8bb6358 to 125a785 Compare February 23, 2022 23:50
@renovate renovate bot changed the title Update dependency express-handlebars to v6 [SECURITY] Update dependency express-handlebars to v5 [SECURITY] Feb 23, 2022
@next-team next-team temporarily deployed to google-amp-renovate-npm-2qxi5c February 23, 2022 23:50 Inactive
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from 125a785 to 83b4a5a Compare February 24, 2022 18:21
@renovate renovate bot changed the title Update dependency express-handlebars to v5 [SECURITY] Update dependency express-handlebars to v6 [SECURITY] Feb 24, 2022
@next-team next-team temporarily deployed to google-amp-renovate-npm-2qxi5c February 24, 2022 18:21 Inactive
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from 83b4a5a to 0420d39 Compare February 24, 2022 20:35
@renovate renovate bot changed the title Update dependency express-handlebars to v6 [SECURITY] Update dependency express-handlebars to v5 [SECURITY] Feb 24, 2022
@next-team next-team temporarily deployed to google-amp-renovate-npm-2qxi5c February 24, 2022 20:36 Inactive
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from 0420d39 to 7d4178e Compare February 27, 2022 09:12
@renovate renovate bot changed the title Update dependency express-handlebars to v5 [SECURITY] Update dependency express-handlebars to v6 [SECURITY] Feb 27, 2022
@next-team next-team temporarily deployed to google-amp-renovate-npm-dfy49h February 27, 2022 09:14 Inactive
@renovate renovate bot changed the title Update dependency express-handlebars to v6 [SECURITY] Update dependency express-handlebars to v5 [SECURITY] Feb 27, 2022
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from 7d4178e to cf12de3 Compare February 27, 2022 11:02
@next-team next-team temporarily deployed to google-amp-renovate-npm-dfy49h February 27, 2022 11:02 Inactive
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from cf12de3 to 747e6a8 Compare February 27, 2022 12:47
@renovate renovate bot changed the title Update dependency express-handlebars to v5 [SECURITY] Update dependency express-handlebars to v6 [SECURITY] Feb 27, 2022
@next-team next-team temporarily deployed to google-amp-renovate-npm-dfy49h February 27, 2022 12:47 Inactive
@renovate renovate bot changed the title Update dependency express-handlebars to v6 [SECURITY] Update dependency express-handlebars to v5 [SECURITY] Feb 27, 2022
@renovate renovate bot force-pushed the renovate/npm-express-handlebars-vulnerability branch from 747e6a8 to ef7a013 Compare February 27, 2022 14:19
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@next-team @renovate-bot