Skip to content

Add Socket patch for CVE-2026-33937 in pkg:npm/handlebars@4.7.8#23

Closed
socket-security[bot] wants to merge 2 commits into
mainfrom
socket/autopatch-1782916212935-7c09406f
Closed

Add Socket patch for CVE-2026-33937 in pkg:npm/handlebars@4.7.8#23
socket-security[bot] wants to merge 2 commits into
mainfrom
socket/autopatch-1782916212935-7c09406f

Conversation

@socket-security

Copy link
Copy Markdown

Summary

This PR updates Socket security patches for your dependencies.

Changes

  • Added: CVE-2026-33937 in pkg:npm/handlebars@4.7.8 (Socket Patch)
    • Severity: CRITICAL
    • Summary: Handlebars.js has JavaScript Injection via AST Type Confusion

📦 Package.json Updates

This PR automatically configures your postinstall script to apply Socket patches:

  • Updated: 1 file
    • package.json

After merging, patches will automatically apply on npm install.

Testing

Review the patches and test your application to ensure compatibility.


🔒 Powered by Socket Security

socket-security Bot added 2 commits July 1, 2026 14:30
Updates:
- 8 blob(s) added
- 0 blob(s) removed
- Manifest updated
Configures package.json postinstall scripts to automatically apply Socket security patches.
@vercel

vercel Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
merch Error Error Jul 1, 2026 2:31pm

Request Review

@NyanKiyoshi NyanKiyoshi closed this Jul 1, 2026
@NyanKiyoshi NyanKiyoshi deleted the socket/autopatch-1782916212935-7c09406f branch July 1, 2026 14:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant