fix(cve-2023-29827): replace EJS with Handlebars to resolve security warning #219
Conversation
KalleV
force-pushed
the
KalleV-replace-ejs-with-handlebars
branch
from
92d22b3
to
37fefdc
Compare
|
@KalleV, sorry about the late response. Your changes LGTM. I'd like to have at least one more approval before merging. Thanks. |
|
@KalleV, there's a conflict in package-lock.json. Could you please look into it? Thanks. |
|
@dhmlau Certainly! I'll take care of that today. |
|
@KalleV, sorry that it seems like your branch is out of date again, because the renovate bot has merged some dependency update PR. I've set the branch to require at least one approval now, so could you please rebase your branch and we'll make sure we'll merge your PR before the bot ones? Thanks! |
KalleV
force-pushed
the
KalleV-replace-ejs-with-handlebars
branch
from
f5af316
to
7220058
Compare
No problem! Sure, I rebased it again. |
|
Kicked off CI. Hopefully it'll all pass 🤞 |
…warning Relates to: loopbackio/loopback-next#9867 Signed-off-by: KalleV <[email protected]>
KalleV
force-pushed
the
KalleV-replace-ejs-with-handlebars
branch
from
7220058
to
374f0a7
Compare
😅 Another conflict on the package-lock.json. I rebased it again. |
|
@achrinza, I'm trying to update the branch protection rules so that we can merge this PR. But multiple attempts didn't seem to work. Any idea? Thanks. |
|
@dhmlau Apologies, that was on my end - I had converted this Github repository's Github Branch Protection Rules rule to the newer GitHub Repository Rules ruleset. Required to allow the OSSF Scorecard Action to have visibility into our branch protection posture without additional permissions, part of #252. Disabling "restrict updates" seems to have fixed the problem. edit: I've created loopbackio/security#38 to formally track this migration. |
|
Thanks for your contributions, @KalleV! They've been merged 🎉 |
Description
Migrate to handlebars to resolve security warning related to EJS dependency.
Related issues
Checklist
guide