mirror of
https://github.com/twentyhq/twenty.git
synced 2026-04-18 05:54:42 -04:00
2ae6a9bb98
## Summary - Bumps `handlebars` from `^4.7.8` to `^4.7.9` in `packages/twenty-shared` ## Why - **CVE-2026-33937** — Prototype pollution via crafted template input - **GHSA-2w6w-674q-4c4q** — Related handlebars security advisory - Severity: **Critical** (CVSS 9.8) - Detected by Trivy and Grype scanning `twentycrm/twenty:v1.20.0` ## What changed - `packages/twenty-shared/package.json`: `"handlebars": "^4.7.8"` → `"^4.7.9"` - `yarn.lock`: updated accordingly ## Impact `handlebars` is used in `packages/twenty-shared` for template evaluation. The fix patches the prototype pollution vector without any API changes. ## Test plan - [ ] `yarn build` passes - [ ] `yarn test` passes in twenty-shared - [ ] Template evaluation works as before --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Abdullah <125115953+mabdullahabaid@users.noreply.github.com>
175 lines
4.2 KiB
JSON
175 lines
4.2 KiB
JSON
{
|
|
"name": "twenty-shared",
|
|
"private": true,
|
|
"sideEffects": false,
|
|
"main": "dist/index.cjs",
|
|
"module": "dist/index.mjs",
|
|
"types": "dist/index.d.ts",
|
|
"license": "AGPL-3.0",
|
|
"scripts": {
|
|
"build": "npx vite build"
|
|
},
|
|
"engines": {
|
|
"node": "^24.5.0",
|
|
"npm": "please-use-yarn",
|
|
"yarn": "^4.0.2"
|
|
},
|
|
"devDependencies": {
|
|
"@babel/preset-env": "^7.26.9",
|
|
"@lingui/core": "^5.1.2",
|
|
"@prettier/sync": "^0.5.2",
|
|
"@types/babel__preset-env": "^7",
|
|
"@types/handlebars": "^4.1.0",
|
|
"babel-plugin-module-resolver": "^5.0.2",
|
|
"glob": "^11.1.0",
|
|
"tsx": "^4.19.3",
|
|
"typescript": "^5.9.2",
|
|
"vite": "^7.0.0",
|
|
"vite-plugin-dts": "3.8.1",
|
|
"vite-tsconfig-paths": "^4.2.1"
|
|
},
|
|
"dependencies": {
|
|
"@sniptt/guards": "^0.2.0",
|
|
"class-validator": "^0.14.0",
|
|
"expr-eval-fork": "3.0.3",
|
|
"handlebars": "^4.7.9",
|
|
"libphonenumber-js": "^1.10.26",
|
|
"lodash.camelcase": "^4.3.0",
|
|
"qs": "^6.11.2",
|
|
"react-router-dom": "^6.4.4",
|
|
"transliteration": "^2.3.5",
|
|
"zod": "^4.1.11"
|
|
},
|
|
"exports": {
|
|
".": {
|
|
"types": "./dist/index.d.ts",
|
|
"import": "./dist/index.mjs",
|
|
"require": "./dist/index.cjs"
|
|
},
|
|
"./ai": {
|
|
"types": "./dist/ai/index.d.ts",
|
|
"import": "./dist/ai.mjs",
|
|
"require": "./dist/ai.cjs"
|
|
},
|
|
"./application": {
|
|
"types": "./dist/application/index.d.ts",
|
|
"import": "./dist/application.mjs",
|
|
"require": "./dist/application.cjs"
|
|
},
|
|
"./constants": {
|
|
"types": "./dist/constants/index.d.ts",
|
|
"import": "./dist/constants.mjs",
|
|
"require": "./dist/constants.cjs"
|
|
},
|
|
"./database-events": {
|
|
"types": "./dist/database-events/index.d.ts",
|
|
"import": "./dist/database-events.mjs",
|
|
"require": "./dist/database-events.cjs"
|
|
},
|
|
"./logic-function": {
|
|
"types": "./dist/logic-function/index.d.ts",
|
|
"import": "./dist/logic-function.mjs",
|
|
"require": "./dist/logic-function.cjs"
|
|
},
|
|
"./metadata": {
|
|
"types": "./dist/metadata/index.d.ts",
|
|
"import": "./dist/metadata.mjs",
|
|
"require": "./dist/metadata.cjs"
|
|
},
|
|
"./testing": {
|
|
"types": "./dist/testing/index.d.ts",
|
|
"import": "./dist/testing.mjs",
|
|
"require": "./dist/testing.cjs"
|
|
},
|
|
"./translations": {
|
|
"types": "./dist/translations/index.d.ts",
|
|
"import": "./dist/translations.mjs",
|
|
"require": "./dist/translations.cjs"
|
|
},
|
|
"./types": {
|
|
"types": "./dist/types/index.d.ts",
|
|
"import": "./dist/types.mjs",
|
|
"require": "./dist/types.cjs"
|
|
},
|
|
"./utils": {
|
|
"types": "./dist/utils/index.d.ts",
|
|
"import": "./dist/utils.mjs",
|
|
"require": "./dist/utils.cjs"
|
|
},
|
|
"./vite": {
|
|
"types": "./dist/vite/index.d.ts",
|
|
"import": "./dist/vite.mjs",
|
|
"require": "./dist/vite.cjs"
|
|
},
|
|
"./workflow": {
|
|
"types": "./dist/workflow/index.d.ts",
|
|
"import": "./dist/workflow.mjs",
|
|
"require": "./dist/workflow.cjs"
|
|
},
|
|
"./workspace": {
|
|
"types": "./dist/workspace/index.d.ts",
|
|
"import": "./dist/workspace.mjs",
|
|
"require": "./dist/workspace.cjs"
|
|
}
|
|
},
|
|
"files": [
|
|
"dist",
|
|
"ai",
|
|
"application",
|
|
"constants",
|
|
"database-events",
|
|
"logic-function",
|
|
"metadata",
|
|
"testing",
|
|
"translations",
|
|
"types",
|
|
"utils",
|
|
"vite",
|
|
"workflow",
|
|
"workspace"
|
|
],
|
|
"typesVersions": {
|
|
"*": {
|
|
"ai": [
|
|
"dist/ai/index.d.ts"
|
|
],
|
|
"application": [
|
|
"dist/application/index.d.ts"
|
|
],
|
|
"constants": [
|
|
"dist/constants/index.d.ts"
|
|
],
|
|
"database-events": [
|
|
"dist/database-events/index.d.ts"
|
|
],
|
|
"logic-function": [
|
|
"dist/logic-function/index.d.ts"
|
|
],
|
|
"metadata": [
|
|
"dist/metadata/index.d.ts"
|
|
],
|
|
"testing": [
|
|
"dist/testing/index.d.ts"
|
|
],
|
|
"translations": [
|
|
"dist/translations/index.d.ts"
|
|
],
|
|
"types": [
|
|
"dist/types/index.d.ts"
|
|
],
|
|
"utils": [
|
|
"dist/utils/index.d.ts"
|
|
],
|
|
"vite": [
|
|
"dist/vite/index.d.ts"
|
|
],
|
|
"workflow": [
|
|
"dist/workflow/index.d.ts"
|
|
],
|
|
"workspace": [
|
|
"dist/workspace/index.d.ts"
|
|
]
|
|
}
|
|
}
|
|
}
|