!2 fix CVE-2021-23383

From: @jackie_wu123
Reviewed-by: @wang_yue111,@zhengyuhanghans
Signed-off-by: @zhengyuhanghans

CVE-2021-23383.patch

@@ -0,0 +1,30 @@
+From 4f844f2b439aa94d88dae0567401c4880e53bfac Mon Sep 17 00:00:00 2001
+From: jackie_wu <wutao61@huawei.com>
+Date: Thu, 20 May 2021 16:21:57 +0800
+Subject: [PATCH] add2
+
+---
+ lib/handlebars/compiler/javascript-compiler.js | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/lib/handlebars/compiler/javascript-compiler.js b/lib/handlebars/compiler/javascript-compiler.js
+index ff98ad9..757b594 100644
+--- a/lib/handlebars/compiler/javascript-compiler.js
++++ b/lib/handlebars/compiler/javascript-compiler.js
+@@ -23,7 +23,12 @@ JavaScriptCompiler.prototype = {
+     }
+   },
+   depthedLookup: function(name) {
+-    return [this.aliasable('container.lookup'), '(depths, "', name, '")'];
++    return [
++      this.aliasable('container.lookup'),
++      '(depths, ',
++      JSON.stringify(name),
++      ')'
++    ];
+   },
+ 
+   compilerInfo: function() {
+-- 
+2.23.0
+

nodejs-handlebars.spec

@@ -3,11 +3,12 @@
 %global npm_name handlebars
 Name:		        nodejs-%{npm_name}
 Version:	        4.0.13
-Release:	        1
+Release:	        2
 Summary:	        Mustache extension for Node.js
 License:	        MIT
 URL:                    http://handlebarsjs.com/
 Source0:                https://registry.npmjs.org/handlebars/-/handlebars-%{version}.tgz
+Patch0:                 CVE-2021-23383.patch
 Requires:            	npm(uglify-js) 	npm(optimist)
 BuildRequires:       	npm(uglify-js) 	npm(optimist) 	nodejs-devel 	nodejs-packaging
 BuildArch:	        noarch
@@ -25,6 +26,7 @@ rm -rf node_modules
 %nodejs_fixdep optimist '0.x'
 %nodejs_fixdep source-map '^0.5.2'
 %nodejs_fixdep async
+%patch0 -p1
 
 %build
 
@@ -52,5 +54,8 @@ grunt
 %{_bindir}/handlebars
 
 %changelog
+* Fri May 21 2021 wutao <wutao61@huawei.com> - 4.0.13-2
+- fix CVE-2021-23383
+
 * Thu Aug 20 2020 Anan Fu <fuanan3@huawei.com> - 4.0.13-1
 - package init