I have a repository that use Handlebars. It is currently using version 4.7.7 as I can see it in the code and package.json file.
The Dependabot alerts still alert me to upgrade handlebars to version 4.7.7 or later.
Vulnerable versions: < 4.7.7
Patched version: 4.7.7
The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.
The file location is at
Is this Dependabot bug or what I have to do? because I’m already using the latest version of Handlebars