Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #47554 handlebars: 4.7.8 -> 4.7.9
    Infos
    #47554
    Joris MASSON (jmasson)
    2026-03-27 18:05
    2026-03-27 17:50
    49277
    Details
    handlebars: 4.7.8 -> 4.7.9

    Fixes CVE-2026-33916. See the advisory: https://github.com/advisories/GHSA-2qvq-rjwj-gvw9

    Tuleap itself is not affected, it is a transitive dependency of ts-jest which is used while running tests, and it causes a prototype pollution. handlebars is used while creating an initial configuration through the CLI of ts-jest, which we never use, even in dev.

    Release: https://github.com/handlebars-lang/handlebars.js/releases/tag/v4.7.9

    Dev tools
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Joris MASSON (jmasson)
    Closed
    2026-03-27
    Attachments
    Empty
    References
    Referenced by request #47554

    Artifact

    request #47553 handlebars: 4.7.8 -> 4.7.9

    Other

    gerrit #37243
    Display settings

    Follow-ups