-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(cve-2023-29827): replace EJS with Handlebars to resolve security warning #219
fix(cve-2023-29827): replace EJS with Handlebars to resolve security warning #219
Conversation
92d22b3
to
37fefdc
Compare
@KalleV, sorry about the late response. Your changes LGTM. I'd like to have at least one more approval before merging. Thanks. |
@KalleV, there's a conflict in package-lock.json. Could you please look into it? Thanks. |
@dhmlau Certainly! I'll take care of that today. |
@KalleV, sorry that it seems like your branch is out of date again, because the renovate bot has merged some dependency update PR. I've set the branch to require at least one approval now, so could you please rebase your branch and we'll make sure we'll merge your PR before the bot ones? Thanks! |
f5af316
to
7220058
Compare
No problem! Sure, I rebased it again. |
Kicked off CI. Hopefully it'll all pass 🤞 |
…warning Relates to: loopbackio/loopback-next#9867 Signed-off-by: KalleV <kvirtaneva@gmail.com>
7220058
to
374f0a7
Compare
😅 Another conflict on the package-lock.json. I rebased it again. |
@achrinza, I'm trying to update the branch protection rules so that we can merge this PR. But multiple attempts didn't seem to work. Any idea? Thanks. |
@dhmlau Apologies, that was on my end - I had converted this Github repository's Github Branch Protection Rules rule to the newer GitHub Repository Rules ruleset. Required to allow the OSSF Scorecard Action to have visibility into our branch protection posture without additional permissions, part of #252. Disabling "restrict updates" seems to have fixed the problem. edit: I've created loopbackio/security#38 to formally track this migration. |
Thanks for your contributions, @KalleV! They've been merged 🎉 |
Description
Migrate to handlebars to resolve security warning related to EJS dependency.
Related issues
Checklist
guide