hammy2899 / o / 140
100%
master: 100%

LAST BUILD BRANCH: dependabot/npm_and_yarn/json5-2.2.3
DEFAULT BRANCH: master
Ran
Jobs 1
Files 29
Run time 6s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
140

push

travis-ci

Sean 
build(deps): [security] bump handlebars from 4.0.12 to 4.1.0

Bumps [handlebars](https://github.com/wycats/handlebars.js) from 4.0.12 to 4.1.0. **This update includes security fixes.**
<details>
<summary>Vulnerabilities fixed</summary>

*Sourced from [The npm Advisory Database](https://npmjs.com/advisories/755).*

> **Prototype Pollusion**
> All versions of `handlebars` are vulnerable to Prototype Pollusion. Templates may alter an Objects' prototype, thus allowing an attacker to execute arbitrary code on the server.
> 
> Affected versions: <=4.0.12

</details>
<details>
<summary>Changelog</summary>

*Sourced from [handlebars's changelog](https://github.com/wycats/handlebars.js/blob/v4.1.0/release-notes.md).*

> ## v4.1.0 - February 7th, 2019
> New Features
> 
> - import TypeScript typings - 27ac1ee
> 
> Security fixes:
> 
> - disallow access to the constructor in templates to prevent RCE - 42841c4, [#1495](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1495)
> 
> Housekeeping
> 
> - chore: fix components/handlebars package.json and auto-update on release - bacd473
> - chore: Use node 10 to build handlebars - 78dd89c
> - chore/doc: Add more release docs - 6b87c21
> 
> Compatibility notes:
> 
> Access to class constructors (i.e. `({}).constructor`) is now prohibited to prevent
> Remote Code Execution. This means that following construct will no work anymore:
> 
> ```
> class SomeClass {
> }
> 
> SomeClass.staticProperty = 'static'
> 
> var template = Handlebars.compile('{{constructor.staticProperty}}');
> document.getElementById('output').innerHTML = template(new SomeClass());
> // expected: 'static', but now this is empty.
> ```
> 
> This kind of access is not the intended use of Handlebars and leads to the vulnerability described in [#1495](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1495). We will **not** increase the major version, because such use is not inte... (continued)

213 of 213 branches covered (100.0%)

Branch coverage included in aggregate %.

232 of 232 relevant lines covered (100.0%)

22.45 hits per line

Jobs
ID Job ID Ran Files Coverage
1 140.1 0
100.0
 Travis Job 140.1
Source Files on build 140
Detailed source file information is not available for this build.