mirror of
https://github.com/discourse/discourse.git
synced 2024-11-22 11:23:25 +08:00
SECURITY: Bump Handlebars to version 4.1.2
WS-2019-0064: Versions of handlebars prior to 4.0.14 are vulnerable to Prototype Pollution. Templates may alter an Objects prototype, thus allowing an attacker to execute arbitrary code on the server.
This commit is contained in:
parent
d902c4eb9f
commit
f0e73cb126
|
@ -12,7 +12,7 @@
|
|||
"bootstrap": "v3.4.1",
|
||||
"chart.js": "2.7.3",
|
||||
"favcount": "https://github.com/chrishunt/favcount",
|
||||
"handlebars": "^4.1.1",
|
||||
"handlebars": "^4.1.2",
|
||||
"highlight.js": "https://github.com/highlightjs/highlight.js",
|
||||
"htmlparser": "https://github.com/tautologistics/node-htmlparser",
|
||||
"intersection-observer": "^0.5.1",
|
||||
|
|
12
vendor/assets/javascripts/handlebars.js
vendored
12
vendor/assets/javascripts/handlebars.js
vendored
|
@ -1,7 +1,7 @@
|
|||
/**!
|
||||
|
||||
@license
|
||||
handlebars v4.1.1
|
||||
handlebars v4.1.2
|
||||
|
||||
Copyright (C) 2011-2017 by Yehuda Katz
|
||||
|
||||
|
@ -275,7 +275,7 @@ return /******/ (function(modules) { // webpackBootstrap
|
|||
|
||||
var _logger2 = _interopRequireDefault(_logger);
|
||||
|
||||
var VERSION = '4.1.1';
|
||||
var VERSION = '4.1.2';
|
||||
exports.VERSION = VERSION;
|
||||
var COMPILER_REVISION = 7;
|
||||
|
||||
|
@ -868,7 +868,13 @@ return /******/ (function(modules) { // webpackBootstrap
|
|||
|
||||
exports['default'] = function (instance) {
|
||||
instance.registerHelper('lookup', function (obj, field) {
|
||||
return obj && obj[field];
|
||||
if (!obj) {
|
||||
return obj;
|
||||
}
|
||||
if (field === 'constructor' && !obj.propertyIsEnumerable(field)) {
|
||||
return undefined;
|
||||
}
|
||||
return obj[field];
|
||||
});
|
||||
};
|
||||
|
||||
|
|
12
vendor/assets/javascripts/handlebars.runtime.js
vendored
12
vendor/assets/javascripts/handlebars.runtime.js
vendored
|
@ -1,7 +1,7 @@
|
|||
/**!
|
||||
|
||||
@license
|
||||
handlebars v4.1.1
|
||||
handlebars v4.1.2
|
||||
|
||||
Copyright (C) 2011-2017 by Yehuda Katz
|
||||
|
||||
|
@ -207,7 +207,7 @@ return /******/ (function(modules) { // webpackBootstrap
|
|||
|
||||
var _logger2 = _interopRequireDefault(_logger);
|
||||
|
||||
var VERSION = '4.1.1';
|
||||
var VERSION = '4.1.2';
|
||||
exports.VERSION = VERSION;
|
||||
var COMPILER_REVISION = 7;
|
||||
|
||||
|
@ -800,7 +800,13 @@ return /******/ (function(modules) { // webpackBootstrap
|
|||
|
||||
exports['default'] = function (instance) {
|
||||
instance.registerHelper('lookup', function (obj, field) {
|
||||
return obj && obj[field];
|
||||
if (!obj) {
|
||||
return obj;
|
||||
}
|
||||
if (field === 'constructor' && !obj.propertyIsEnumerable(field)) {
|
||||
return undefined;
|
||||
}
|
||||
return obj[field];
|
||||
});
|
||||
};
|
||||
|
||||
|
|
|
@ -1051,10 +1051,10 @@ graceful-fs@^4.1.2:
|
|||
resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.1.15.tgz#ffb703e1066e8a0eeaa4c8b80ba9253eeefbfb00"
|
||||
integrity sha512-6uHUhOPEBgQ24HM+r6b/QwWfZq+yiFcipKFrOFiBEnWdy5sdzYoi+pJeQaPI5qOLRFqWmAXUPQNsielzdLoecA==
|
||||
|
||||
handlebars@^4.1.1:
|
||||
version "4.1.1"
|
||||
resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.1.1.tgz#6e4e41c18ebe7719ae4d38e5aca3d32fa3dd23d3"
|
||||
integrity sha512-3Zhi6C0euYZL5sM0Zcy7lInLXKQ+YLcF/olbN010mzGQ4XVm50JeyBnMqofHh696GrciGruC7kCcApPDJvVgwA==
|
||||
handlebars@^4.1.2:
|
||||
version "4.1.2"
|
||||
resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.1.2.tgz#b6b37c1ced0306b221e094fc7aca3ec23b131b67"
|
||||
integrity sha512-nvfrjqvt9xQ8Z/w0ijewdD/vvWDTOweBUm96NTr66Wfvo1mJenBLwcYmPs3TIBP5ruzYGD7Hx/DaM9RmhroGPw==
|
||||
dependencies:
|
||||
neo-async "^2.6.0"
|
||||
optimist "^0.6.1"
|
||||
|
|
Loading…
Reference in New Issue
Block a user