From aed36ff89245bfbd11c2e7a469e0f589c023dbf6 Mon Sep 17 00:00:00 2001
From: "kiloconnect-development[bot]"
 <242397087+kiloconnect-development[bot]@users.noreply.github.com>
Date: Wed, 10 Jun 2026 13:44:14 +0000
Subject: [PATCH] fix: upgrade handlebars to 4.7.7 to remediate CVE-2021-23383
 (GHSA-765h-qjxv-5f44)

Prototype Pollution vulnerability in handlebars < 4.7.7.
Upgrades from 4.7.6 to 4.7.7 which contains the security patch.
---
 package-lock.json | 44 ++++----------------------------------------
 package.json      |  2 +-
 2 files changed, 5 insertions(+), 41 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 1cde3c1..ead24ff 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -26,7 +26,7 @@
         "follow-redirects": "1.14.7",
         "glob-parent": "5.1.1",
         "got": "11.8.2",
-        "handlebars": "4.7.6",
+        "handlebars": "4.7.7",
         "helmet": "4.6.0",
         "highlight.js": "10.4.0",
         "ip": "1.1.8",
@@ -369,9 +369,6 @@
       "cpu": [
         "arm64"
       ],
-      "libc": [
-        "glibc"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -388,9 +385,6 @@
       "cpu": [
         "arm64"
       ],
-      "libc": [
-        "musl"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -407,9 +401,6 @@
       "cpu": [
         "x64"
       ],
-      "libc": [
-        "glibc"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -426,9 +417,6 @@
       "cpu": [
         "x64"
       ],
-      "libc": [
-        "musl"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -1061,9 +1049,6 @@
         "arm64"
       ],
       "dev": true,
-      "libc": [
-        "glibc"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -1078,9 +1063,6 @@
         "arm64"
       ],
       "dev": true,
-      "libc": [
-        "musl"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -1095,9 +1077,6 @@
         "ppc64"
       ],
       "dev": true,
-      "libc": [
-        "glibc"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -1112,9 +1091,6 @@
         "riscv64"
       ],
       "dev": true,
-      "libc": [
-        "glibc"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -1129,9 +1105,6 @@
         "riscv64"
       ],
       "dev": true,
-      "libc": [
-        "musl"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -1146,9 +1119,6 @@
         "s390x"
       ],
       "dev": true,
-      "libc": [
-        "glibc"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -1163,9 +1133,6 @@
         "x64"
       ],
       "dev": true,
-      "libc": [
-        "glibc"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -1180,9 +1147,6 @@
         "x64"
       ],
       "dev": true,
-      "libc": [
-        "musl"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -4579,9 +4543,9 @@
       "license": "ISC"
     },
     "node_modules/handlebars": {
-      "version": "4.7.6",
-      "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.6.tgz",
-      "integrity": "sha512-1f2BACcBfiwAfStCKZNrUCgqNZkGsAT7UM3kkYtXuLo0KnaVfjKOyf7PRzB6++aK9STyT1Pd2ZCPe3EGOXleXA==",
+      "version": "4.7.7",
+      "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.7.tgz",
+      "integrity": "sha512-aAcXm5OAfE/8IXkcZvCepKU3VzW1/39Fb5ZuqMtgI/hT8X2YgoMvBY5dLhq/cpOvw7Lk1nK/UF71aLG/ZnVYRA==",
       "license": "MIT",
       "dependencies": {
         "minimist": "^1.2.5",
diff --git a/package.json b/package.json
index 27f2b81..617238f 100644
--- a/package.json
+++ b/package.json
@@ -74,7 +74,7 @@
     "luxon": "2.3.0",
     "async": "3.2.0",
     "request": "2.88.2",
-    "handlebars": "4.7.6",
+    "handlebars": "4.7.7",
     "ejs": "3.1.6",
     "pug": "3.0.0",
     "webpack": "5.64.0",