Hello, After discussing a bit with Yadd (CC'ed here), it seems that CVE-2021-23369 affecting node-handlebars for buster and libjs-handlebars for stretch and jessie is a bit too intrusive and difficult to fix for all the mentioned suites and therefore I am marking them as no-dsa (Too intrusive to fix) at the moment.
Please let me know if I shouldn't or something. - u
