Release for handlebars dependency

[kevindb]

I use grunt-githooks as a dev-dependency in jquery-form. Github is now alerting me to a moderate severity security vulnerability in handlebars < 4.0.0. I see that PR #65 updated handlebars in dev, and it tagged for release 0.7.0. Would it be possible to release 0.7.0, even if it's just for updating handlebars?
Thank you

[franz-josef-kaiser]

@kevindb Have you tested it? (It's the dev-Branch).

[kevindb]

I see on the PR that the TravisCI build passed. But no, I have not tested it in jquery-form. I'm not aware of a way I can use grunt-githooks's dev branch via npm.

[franz-josef-kaiser]

@kevindb Thats easy: https://stackoverflow.com/a/39732501

Please give it a try!

[Rudloff]

Any news on this?
Handlebars 1 has several vulnerabilities:

• https://nvd.nist.gov/vuln/detail/CVE-2015-8861
• https://nvd.nist.gov/vuln/detail/CVE-2015-8861

[franz-josef-kaiser]

@Rudloff this repo is not under active development, but I am happy to merge any PR to fix vulnerabilities. In case you can at least provide a fix, code samples or would be willing to test an update, I am happy to update and release a new version including the fix. Works for you?

[Rudloff]

I force-upgraded handlebars in one of my projects and it seems to work correctly.
However, I am not using a custom template so I might not be the best person to test this.