Commit 2a0662f
authored
fix(deps): bump handlebars 4.7.8 → 4.7.9 (CVE-2026-33937) (#164)
Resolves CVE-2026-33937 (CVSS 9.8 Critical): JavaScript Injection via AST
Type Confusion in Handlebars.js. handlebars was a transitive dependency via
semantic-release → conventional-changelog-writer@7.0.1, which already
specifies ^4.7.7. Updated pnpm-lock.yaml to resolve to 4.7.9.1 parent da78d4d commit 2a0662f
1 file changed
Lines changed: 4 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
0 commit comments