New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update handlebars to version 4.7.1 #2802
Update handlebars to version 4.7.1 #2802
Comments
A $200 bounty was attached to this issue. Anyone submitting a Pull Request will be rewarded with $200 when the Pull Request is reviewed, accepted and merged. More info This bounty is currently reserved to participants of the Open Source Festival event. If not completed there, it will be later open to everyone. |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This bounty is open to everyone. Please be aware of the warning, you need to take care properly of the security aspects of this issue. If you don't understand what that means, please pass. We will not give feedback or help unless you did your own research and prove you have a clear understanding of the security implications. |
I have an idea on how to resolve this. Is it okay if I resolve this issue? |
Sorry @bolariin , I've already started work on this. |
Hi again @bolariin or anyone interested, looks like I won't be able to sort this out to completion over the next week. Unassigning myself, feel free to resolve it. My possible solutions most revolved around adding the Also, solutions were based on the assumption that all handlebar templates would be authored/ reviewed by a core contributor as per OC needs/requirements and not added by end-users. (@znarf would this be safe to assume ?) Will still follow this to see how its resolved as I'm interested to see how fresh eyes on this would think of it. |
🏆 This issue has been completed by @bolariin To claim the $200 bounty, you can either:
|
See: opencollective/opencollective-api#3176
handlebars
has some breaking changes in version 4.6, this is related to security issues.See the comment from @Betree:
And the follow up comment from the library author:
We now want to upgrade in a way that is taking care of security concerns.
Warning: Before submitting a contribution, make sure you understand the security aspects and you take care of it in your implementation.
The text was updated successfully, but these errors were encountered: