osr-plastic/osr-discourse-src
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

SECURITY: Bump Handlebars to version 4.1.2

Browse Source 
WS-2019-0064: Versions of handlebars prior to 4.0.14 are vulnerable to Prototype Pollution. Templates may alter an Objects prototype, thus allowing an attacker to execute arbitrary code on the server.
This commit is contained in:
Penar Musaraj 2019-06-05 13:54:52 -04:00
parent 9a9b0a6847
commit 3f2c8dcc2a
4 changed files with 23 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package.json
View File

@ -12,7 +12,7 @@
"bootstrap": "v3.4.1",
"chart.js": "2.7.3",
"favcount": "https://github.com/chrishunt/favcount",
"handlebars": "^4.1.1",
"handlebars": "^4.1.2",
"highlight.js": "https://github.com/highlightjs/highlight.js",
"htmlparser": "https://github.com/tautologistics/node-htmlparser",
"intersection-observer": "^0.5.1",

12
vendor/assets/javascripts/handlebars.js vendored
View File

@ -1,7 +1,7 @@
/**!
@license
handlebars v4.1.1
handlebars v4.1.2
Copyright (C) 2011-2017 by Yehuda Katz
@ -275,7 +275,7 @@ return /******/ (function(modules) { // webpackBootstrap
var _logger2 = _interopRequireDefault(_logger);
var VERSION = '4.1.1';
var VERSION = '4.1.2';
exports.VERSION = VERSION;
var COMPILER_REVISION = 7;
@ -868,7 +868,13 @@ return /******/ (function(modules) { // webpackBootstrap
exports['default'] = function (instance) {
instance.registerHelper('lookup', function (obj, field) {
return obj && obj[field];
if (!obj) {
return obj;
}
if (field === 'constructor' && !obj.propertyIsEnumerable(field)) {
return undefined;
}
return obj[field];
});
};

12
vendor/assets/javascripts/handlebars.runtime.js vendored
View File

@ -1,7 +1,7 @@
/**!
@license
handlebars v4.1.1
handlebars v4.1.2
Copyright (C) 2011-2017 by Yehuda Katz
@ -207,7 +207,7 @@ return /******/ (function(modules) { // webpackBootstrap
var _logger2 = _interopRequireDefault(_logger);
var VERSION = '4.1.1';
var VERSION = '4.1.2';
exports.VERSION = VERSION;
var COMPILER_REVISION = 7;
@ -800,7 +800,13 @@ return /******/ (function(modules) { // webpackBootstrap
exports['default'] = function (instance) {
instance.registerHelper('lookup', function (obj, field) {
return obj && obj[field];
if (!obj) {
return obj;
}
if (field === 'constructor' && !obj.propertyIsEnumerable(field)) {
return undefined;
}
return obj[field];
});
};

8
yarn.lock
View File

@ -1051,10 +1051,10 @@ graceful-fs@^4.1.2:
resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.1.15.tgz#ffb703e1066e8a0eeaa4c8b80ba9253eeefbfb00"
integrity sha512-6uHUhOPEBgQ24HM+r6b/QwWfZq+yiFcipKFrOFiBEnWdy5sdzYoi+pJeQaPI5qOLRFqWmAXUPQNsielzdLoecA==
handlebars@^4.1.1:
version "4.1.1"
resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.1.1.tgz#6e4e41c18ebe7719ae4d38e5aca3d32fa3dd23d3"
integrity sha512-3Zhi6C0euYZL5sM0Zcy7lInLXKQ+YLcF/olbN010mzGQ4XVm50JeyBnMqofHh696GrciGruC7kCcApPDJvVgwA==
handlebars@^4.1.2:
version "4.1.2"
resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.1.2.tgz#b6b37c1ced0306b221e094fc7aca3ec23b131b67"
integrity sha512-nvfrjqvt9xQ8Z/w0ijewdD/vvWDTOweBUm96NTr66Wfvo1mJenBLwcYmPs3TIBP5ruzYGD7Hx/DaM9RmhroGPw==
dependencies:
neo-async "^2.6.0"
optimist "^0.6.1"