Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Security - dev] Bump handlebars from 4.1.2 to 4.7.3 (#235)
Bumps [handlebars](https://github.com/wycats/handlebars.js) from 4.1.2 to 4.7.3. **This update includes a security fix.** - [Release notes](https://github.com/wycats/handlebars.js/releases) - [Changelog](https://github.com/wycats/handlebars.js/blob/master/release-notes.md) - [Commits](handlebars-lang/handlebars.js@v4.1.2...v4.7.3) NOTES from @brodybits: This is a workaround solution until this project is ready to use Jest 25 as proposed in PR #240. This seems to be the equivalent to adding Yarn resolutions as follows (then removing after Yarn update): diff --git a/package.json b/package.json index 59ab6c9..5b31113 100644 --- a/package.json +++ b/package.json @@ -63,5 +63,9 @@ "eslint-plugin-standard": "^4.0.1", "jest": "^24.9.0", "recursive-readdir": "^2.2.2" + }, + "resolutions": { + "handlebars": "4.7.3", + "uglify-js": "^3.7.7" } } Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: @brodybits (Christopher J. Brody) <chris.brody+brodybits@gmail.com>
- Loading branch information