bug #975 Resolve security issue CVE-2021-23369 (elghailani)

weaverryan · weaverryan · commit 2dc37ae9e618 · 2021-05-07T09:36:53.000-04:00
This PR was squashed before being merged into the main branch. Discussion ---------- Resolve security issue CVE-2021-23369 This PR resolve the newly published critical security issue [CVE-2021-23369 : Remote code execution in handlebars when compiling templates](GHSA-f2jv-r9rf-7988) Commits ------- 8a308c0 Resolve security issue CVE-2021-23369
diff --git a/package.json b/package.json
@@ -74,7 +74,7 @@
     "file-loader": "^6.0.0",
     "fork-ts-checker-webpack-plugin": "^5.0.0 || ^6.0.0",
     "fs-extra": "^9.0.0",
-    "handlebars": "^4.0.11",
+    "handlebars": "^4.7.7",
     "handlebars-loader": "^1.7.0",
     "http-server": "^0.12.3",
     "less": "^4.0.0",
diff --git a/yarn.lock b/yarn.lock
@@ -3694,7 +3694,7 @@ handlebars-loader@^1.7.0:
     loader-utils "1.0.x"
     object-assign "^4.1.0"
 
-handlebars@^4.0.11:
+handlebars@^4.7.7:
   version "4.7.7"
   resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.7.7.tgz#9ce33416aad02dbd6c8fafa8240d5d98004945a1"
   integrity sha512-aAcXm5OAfE/8IXkcZvCepKU3VzW1/39Fb5ZuqMtgI/hT8X2YgoMvBY5dLhq/cpOvw7Lk1nK/UF71aLG/ZnVYRA==
