StuMason/coolify-mcp
TypeScript
Pull Request Opened
PR #148 opened: fix(security): update handlebars to 4.7.9 (CRITICAL CVE-2026-33937)
Security Update
Updates handlebars to ^4.7.9 via npm overrides to resolve the following vulnerabilities:
- CVE-2026-33937 (CRITICAL) — JavaScript Injection via AST Type Confusion
- CVE-2026-33938 (HIGH)
- CVE-2026-33939 (HIGH)
- CVE-2026-33940 (HIGH)
- CVE-2026-33941 (HIGH)
Handlebars is a transitive dependency, so this uses the overrides field in package.json to force the patched version.
+6
additions
-3
deletions
2
files changed