Version
30.3.0
Steps to reproduce
- Download version 30.3.0
- Install with
yarn add --dev jest
- Run
yarn why handlebars
Expected behavior
Due to this vulnerability in handlebars 4.7.8, I was checking to see if the dependency has been upgraded yet.
Actual behavior
I got this back, saying that handlebars 4.7.8 was installed, which is vulnerable
├─ conventional-changelog-writer@npm:8.1.0
│ └─ handlebars@npm:4.7.8 (via npm:^4.7.7)
│
├─ ts-jest@npm:29.4.6
│ └─ handlebars@npm:4.7.8 (via npm:^4.7.8)
│
└─ ts-jest@npm:29.4.6 [ba422]
└─ handlebars@npm:4.7.8 (via npm:^4.7.8)
Additional context
No response
Environment
System:
OS: macOS 14.7.1
CPU: (10) arm64 Apple M1 Max
Binaries:
Node: 20.0.0 - /Users/blahblahblah/.nvm/versions/node/v20.0.0/bin/node
Yarn: 4.13.0 - /Users/blahblahblah/Library/pnpm/yarn
npm: 9.6.4 - /Users/blahblahblah/.nvm/versions/node/v20.0.0/bin/npm
npmPackages:
jest: workspace:^ => 30.3.0
Version
30.3.0
Steps to reproduce
yarn add --dev jestyarn why handlebarsExpected behavior
Due to this vulnerability in handlebars 4.7.8, I was checking to see if the dependency has been upgraded yet.
Actual behavior
I got this back, saying that
handlebars4.7.8 was installed, which is vulnerableAdditional context
No response
Environment
System: OS: macOS 14.7.1 CPU: (10) arm64 Apple M1 Max Binaries: Node: 20.0.0 - /Users/blahblahblah/.nvm/versions/node/v20.0.0/bin/node Yarn: 4.13.0 - /Users/blahblahblah/Library/pnpm/yarn npm: 9.6.4 - /Users/blahblahblah/.nvm/versions/node/v20.0.0/bin/npm npmPackages: jest: workspace:^ => 30.3.0