Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Low security on minimist #189

Closed
badrddinb opened this issue Mar 23, 2020 · 3 comments
Closed

Low security on minimist #189

badrddinb opened this issue Mar 23, 2020 · 3 comments

Comments

@badrddinb
Copy link

Low: Prototype Pollution
Package: minimist
Patched in: >=0.2.1 <1.0.0 || >=1.2.3
Dependency of: hbs
Path: hbs>handlebars>optimist>minimist
More info: https://npmjs.com/advisories/1179
@dougwilson
Copy link
Contributor

Looks like there is no quick fix. The 4.x series of handlebars has no solution unless their sub dependency updates (optimist), though it is gone in handlebars 5.x. What the major upgrade will entail needs to be evaluated and likely will require a major upgrade here and then in consumers of this module.

If you are looking for a quick resolution, a new optimist module would fix it.

@dougwilson
Copy link
Contributor

Also looks like handlebars 4.x has ongoing work to provide a 4.x release without the issue: handlebars-lang/handlebars.js#1662

@badrddinb
Copy link
Author

So I think the best option to switch to another view-engine till handlebars fix this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dougwilson @badrddinb