Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bumped handlebars-source version to 4.0.5. #42

Merged
merged 2 commits into from
Jan 27, 2016
Merged

Bumped handlebars-source version to 4.0.5. #42

merged 2 commits into from
Jan 27, 2016

Conversation

watsonarw
Copy link
Contributor

Handlebars source has an XSS vulnerability in versions prior to 4.0.0.
See: https://gemnasium.com/cowboyd/handlebars.rb/alerts

By bumping handlebars-source to the latest version, we should resolve this vulnerability.

Also adding a step to update bundler in travis as recommended by travis-ci/travis-ci#3531 as a workaround for bundler issue rubygems/bundler#3558

Bumped handlebars-source version to 4.0.5.
351b149 
Handlebars source has an XSS vulnerability in versions prior to 4.0.0.
See: https://gemnasium.com/cowboyd/handlebars.rb/alerts

By bumping handlebars-source to the latest version, we should resolve this
vulnerability.
@watsonarw watsonarw changed the title Bumped handlebars-source version to 4.0.5. WIP: Bumped handlebars-source version to 4.0.5. Dec 21, 2015
Update bundler before install.
048cb04 
There is an issue with bundler installing from ruby_head in older
versions of bundler. rubygems/bundler#3558

TravisCI recommends updating bundler before installing gems as a
workaround. travis-ci/travis-ci#3531
@watsonarw watsonarw changed the title WIP: Bumped handlebars-source version to 4.0.5. Bumped handlebars-source version to 4.0.5. Dec 21, 2015
@watsonarw
Copy link
Contributor Author

@hypomodern @cowboyd

Looking to bump the version of handlebars-source to 4.0.5 (currently latest) to bring in fixes to XSS vulnerability https://gemnasium.com/cowboyd/handlebars.rb/alerts

cowboyd added a commit that referenced this pull request Jan 27, 2016
@cowboyd
Merge pull request #42 from redbubble/handlebars-v4
77bd6a4 
Bumped handlebars-source version to 4.0.5.
@cowboyd cowboyd merged commit 77bd6a4 into cowboyd:master Jan 27, 2016
@Lassi Lassi deleted the handlebars-v4 branch September 26, 2016 06:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@watsonarw @cowboyd