From 256a335972404d7b9759c53946de5eee6adcdf64 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Sun, 29 Mar 2026 09:13:34 +0000 Subject: [PATCH] fix: web/package.json & web/yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-15803084 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-15803082 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-15807042 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-15807040 - https://snyk.io/vuln/SNYK-JS-HANDLEBARS-15803086 --- web/package.json | 2 +- web/yarn.lock | 15 ++++++++++----- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/web/package.json b/web/package.json index cc7025c3..6f1d5ac9 100644 --- a/web/package.json +++ b/web/package.json @@ -23,7 +23,7 @@ "brace": "^0.11.1", "dompurify": "3.2.4", "esprima": "^4.0.1", - "handlebars": "4.7.7", + "handlebars": "4.7.9", "jsonpointer": "4.1.0", "lodash": "4.17.21", "moment": "^2.29.4", diff --git a/web/yarn.lock b/web/yarn.lock index d66a2562..41a0c885 100644 --- a/web/yarn.lock +++ b/web/yarn.lock @@ -5231,13 +5231,13 @@ handle-thing@^2.0.0: resolved "https://registry.yarnpkg.com/handle-thing/-/handle-thing-2.0.0.tgz#0e039695ff50c93fc288557d696f3c1dc6776754" integrity sha512-d4sze1JNC454Wdo2fkuyzCr6aHcbL6PGGuFAz0Li/NcOm1tCHGnWDRmJP85dh9IhQErTc2svWFEX5xHIOo//kQ== -handlebars@4.7.7: - version "4.7.7" - resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.7.7.tgz#9ce33416aad02dbd6c8fafa8240d5d98004945a1" - integrity sha512-aAcXm5OAfE/8IXkcZvCepKU3VzW1/39Fb5ZuqMtgI/hT8X2YgoMvBY5dLhq/cpOvw7Lk1nK/UF71aLG/ZnVYRA== +handlebars@4.7.9: + version "4.7.9" + resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.7.9.tgz#6f139082ab58dc4e5a0e51efe7db5ae890d56a0f" + integrity sha512-4E71E0rpOaQuJR2A3xDZ+GM1HyWYv1clR58tC8emQNeQe3RH7MAzSbat+V0wG78LQBo6m6bzSG/L4pBuCsgnUQ== dependencies: minimist "^1.2.5" - neo-async "^2.6.0" + neo-async "^2.6.2" source-map "^0.6.1" wordwrap "^1.0.0" optionalDependencies: @@ -7655,6 +7655,11 @@ neo-async@^2.5.0, neo-async@^2.6.0: resolved "https://registry.yarnpkg.com/neo-async/-/neo-async-2.6.0.tgz#b9d15e4d71c6762908654b5183ed38b753340835" integrity sha512-MFh0d/Wa7vkKO3Y3LlacqAEeHK0mckVqzDieUKTT+KGxi+zIpeVsFxymkIiRpbpDziHc290Xr9A1O4Om7otoRA== +neo-async@^2.6.2: + version "2.6.2" + resolved "https://registry.yarnpkg.com/neo-async/-/neo-async-2.6.2.tgz#b4aafb93e3aeb2d8174ca53cf163ab7d7308305f" + integrity sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw== + nice-try@^1.0.4: version "1.0.5" resolved "https://registry.yarnpkg.com/nice-try/-/nice-try-1.0.5.tgz#a3378a7696ce7d223e88fc9b764bd7ef1089e366"