[Snyk] Upgrade express-handlebars from 4.0.4 to 4.0.6

[snyk-bot]

Snyk has created this PR to upgrade express-handlebars from 4.0.4 to 4.0.6.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 2 versions ahead of your current version.
• The recommended version was released a year ago, on 2020-07-06.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	387/1000 Why? Proof of Concept exploit, CVSS 5.6	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	387/1000 Why? Proof of Concept exploit, CVSS 5.6	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: express-handlebars

• 4.0.6 - 2020-07-06
  

  4.0.6 (2020-07-06)

  Bug Fixes

  • add runtimeOptions (b64284f)
• 4.0.5 - 2020-07-03
  

  4.0.5 (2020-07-03)

  Bug Fixes

  • overwrite past settings.views (c27f1b0)
  • renderView returns promise when no callback given (c39ed87)
• 4.0.4 - 2020-04-29
  

  4.0.4 (2020-04-29)

  Bug Fixes

  • deps: update dependency graceful-fs to ^4.2.4 (c01661b)

from express-handlebars GitHub release notes

Commit messages

Package name: express-handlebars

• e65789d chore(release): 4.0.6 [skip ci]
• f8815e1 Merge pull request #53 from UziTech/runtimeoptions
• 5a63c29 chore(readme): add runtimeOptions to readme
• b64284f fix: add runtimeOptions
• dd5b9d2 chore(deps): update devdependency eslint to ^7.4.0
• 8ce9f28 chore(release): 4.0.5 [skip ci]
• 41ff395 Merge pull request #51 from UziTech/pull/29
• 9299158 test: test overwriting past settings.views
• c27f1b0 fix: overwrite past settings.views
• c3843dc Merge pull request #50 from UziTech/tests
• fa0b6d1 test: fix windows tests
• 405f787 chore: remove utils
• c8a6bfa test: write tests
• c39ed87 fix: renderView returns promise when no callback given
• 608e5ab chore(deps): update devdependency eslint-plugin-import to ^2.22.0
• 4e2f3dd chore(deps): update devdependency semantic-release to ^17.1.1
• 4a8c603 chore(deps): update devdependency jest-cli to ^26.1.0
• 38c67fe chore(deps): update devdependency eslint to ^7.3.1
• 95c5b74 chore(deps): update devdependency semantic-release to ^17.1.0
• fe88e86 chore(deps): update devdependency eslint to ^7.3.0
• afc9c4c chore(deps): update devdependency eslint-plugin-import to ^2.21.2
• c7466f9 chore(deps): update devdependency eslint-plugin-import to ^2.21.1
• 9c0f811 chore(deps): update devdependency eslint to ^7.2.0
• 1a5f6b4 chore(readme): Fix typo in README.md (#36)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs