From 11f5d796c98710d4b7d1ee51577067909f6ab6bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D5=A1=C9=A8=D5=BC=C9=A2=D3=84=D5=A1=D6=85=D5=BC=C9=A2?= Date: Sat, 27 Jan 2024 13:02:54 +0800 Subject: [PATCH] fix(deps): prototype pollution in handlebars --- packages/nocodb/package.json | 2 +- pnpm-lock.yaml | 18 ++---------------- 2 files changed, 3 insertions(+), 17 deletions(-) diff --git a/packages/nocodb/package.json b/packages/nocodb/package.json index 12e6711036..548bb1700c 100644 --- a/packages/nocodb/package.json +++ b/packages/nocodb/package.json @@ -105,7 +105,7 @@ "graphql": "^15.3.0", "graphql-depth-limit": "^1.1.0", "graphql-type-json": "^0.3.2", - "handlebars": "^4.7.6", + "handlebars": "^4.7.8", "html-to-json-parser": "^2.0.0", "import-fresh": "^3.3.0", "inflection": "^1.12.0", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index fc54b1c3cf..2a99f643a2 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -590,8 +590,8 @@ importers: specifier: ^0.3.2 version: 0.3.2(graphql@15.3.0) handlebars: - specifier: ^4.7.6 - version: 4.7.6 + specifier: ^4.7.8 + version: 4.7.8 html-to-json-parser: specifier: ^2.0.0 version: 2.0.0 @@ -16496,19 +16496,6 @@ packages: unenv: 1.9.0 dev: true - /handlebars@4.7.6: - resolution: {integrity: sha512-1f2BACcBfiwAfStCKZNrUCgqNZkGsAT7UM3kkYtXuLo0KnaVfjKOyf7PRzB6++aK9STyT1Pd2ZCPe3EGOXleXA==} - engines: {node: '>=0.4.7'} - hasBin: true - dependencies: - minimist: 1.2.8 - neo-async: 2.6.2 - source-map: 0.6.1 - wordwrap: 1.0.0 - optionalDependencies: - uglify-js: 3.17.4 - dev: false - /handlebars@4.7.8: resolution: {integrity: sha512-vafaFqs8MZkRrSX7sFVUdo3ap/eNiLnb4IakshzvP56X5Nr1iGKAIqdX6tMlm6HcNRIkr6AxO5jFEoJzzpT8aQ==} engines: {node: '>=0.4.7'} @@ -16520,7 +16507,6 @@ packages: wordwrap: 1.0.0 optionalDependencies: uglify-js: 3.17.4 - dev: true /happy-dom@6.0.4: resolution: {integrity: sha512-b+ID23Ms0BY08UNLymsOMG7EI2jSlwEt4cbJs938GZfeNAg+fqgkSO3TokQMgSOFoHznpjWmpVjBUL5boJ9PWw==}