Vulnerability issue reported in hbs package

[sanjeev3094]

Vulnerability issue reported in hbs package: GHSA-7f5c-rpf4-86p8.
I tried to open an issue in hbs github repo but it got closed and not showing up.
Is there possibilty to move to some other alternate package.

Thanks

[welcome]

Thanks for opening this issue. A contributor should be by to give feedback soon. In the meantime, please check out the contributing guidelines and explore other ways you can get involved.

[AaronDewes]

While this is a vulnerability,it doesn't seem to affect Probot, does it?

[gr2m]

I'm not sure. We do use the hbs middleware for the /probot endpoint, so if you use the probot server your app might be affected. I don't have the time to look into it in more detail myself right now, the CVE is not very detailed

[aasiddiq]

Checking in to see if there are any plans to move away from hbs since there has been no response from them about the vulnerability.

[aasiddiq]

@gr2m I have created #1659 to replace hbs with express-handlebars. Could have a look in this?
If all is good can we plan for a release for this soon? It will help us meet the project fundamental guidelines.

[github-actions]

🎉 This issue has been resolved in version 12.2.2 🎉

The release is available on:

• GitHub release
• npm package (@latest dist-tag)

Your semantic-release bot 📦🚀