Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
"The handlebars dependency defined in package-lock.json has a known moderate severity security vulnerability in version range < 4.0.0 and should be updated."
See original GitHub issueVersions
Output from: `ng --version`:
Angular CLI: 1.5.2
Node: 6.11.3
OS: win32 x64
Angular: 5.0.2
... animations, common, compiler, compiler-cli, core, forms
... http, language-service, platform-browser
... platform-browser-dynamic, router
@angular/cli: 1.5.2
@angular-devkit/build-optimizer: 0.0.33
@angular-devkit/core: 0.0.20
@angular-devkit/schematics: 0.0.36
@ngtools/json-schema: 1.1.0
@ngtools/webpack: 1.8.2
@schematics/angular: 0.1.5
typescript: 2.4.2
webpack: 3.8.1
Repro steps
Step 1: Run `ng new <ExampleName>`
Step 2: View handlebars.js version 1.3.0 dependency in package-lock.json
Observed behavior
Github flags this as a vulnerable dependency.
Desired behavior
Update handlebars.js version dependency from 1.3.0 to 4.0.11
Reduce vulnerability out of the box.
Issue Analytics
- State:
- Created 6 years ago
- Reactions:9
- Comments:11 (2 by maintainers)
Top Results From Across the Web
github - Proper way to fix potential security vulnerability in a ...
A dependency defined in ./package-lock.json has known security vulnerabilities and should be updated. The dependency is not defined in our ...
Read more >Handlebars vulnerability #4695 | Support Center
The handlebars dependency defined in package-lock.json has a known moderate severity security vulnerability in version range < 4.0.0 and ...
Read more >package-locks - npm Docs
A dependency of one of your dependencies may have published a new version, which will update even if you used pinned dependency specifiers...
Read more >A comparative study of vulnerability reporting by ... - arXiv
The count of reported vulnerable dependencies ranges from 17 to 332 for Maven and from 32 to 239 for npm projects across the...
Read more >On Resolution of Vulnerable Dependencies with Dependabot ...
quantitative and qualitative techniques to analyse security updates in mature and ... dependency constraint, [z, k] defines the range of the vulnerable ......
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@angular/cli 1.5.3 fixes it. https://github.com/angular/angular-cli/commits/v1.5.3
node_modulesnpm i -D @angular/cli@1.5.3npm ihttps://github.com/brunolm/angular-how-to/pull/8
I updated @angular/cli to 1.5.2, removed node_modules, installed all again, still installed old handlebars version.
Is there an workaround for now?