[JENKINS-68926] update handlebars

[scherler]

Signed-off-by: Thorsten Scherler scherler@gmail.com

See JENKINS-68926.

See the handlebars changelog for details of changes since handlebars 4.0.

Proposed changelog entries

• Update handlebars from 3.0.8 to 4.7.7

Proposed upgrade guidelines

N/A

Submitter checklist

• (If applicable) Jira issue is well described
• Changelog entries and upgrade guidelines are appropriate for the audience affected by the change (users or developer, depending on the change) and are in the imperative mood. Examples
  • Fill-in the Proposed changelog entries section only if there are breaking changes or other changes which may require extra steps from users during the upgrade
• Appropriate autotests or explanation to why this change has no tests
• New public classes, fields, and methods are annotated with @Restricted or have @since TODO Javadoc, as appropriate.
• New deprecations are annotated with @Deprecated(since = "TODO") or @Deprecated(forRemoval = true, since = "TODO") if applicable.
• New or substantially changed JavaScript is not defined inline and does not call eval to ease future introduction of Content-Security-Policy directives (see documentation on jenkins.io).
• For dependency updates: links to external changelogs and, if possible, full diffs

Desired reviewers

@mention

Maintainer checklist

Before the changes are marked as ready-for-merge:

• There are at least 2 approvals for the pull request and no outstanding requests for change
• Conversations in the pull request are over OR it is explicit that a reviewer does not block the change
• Changelog entries in the PR title and/or Proposed changelog entries are accurate, human-readable, and in the imperative mood
• Proper changelog labels are set so that the changelog can be generated automatically
• If the change needs additional upgrade steps from users, upgrade-guide-needed label is set and there is a Proposed upgrade guidelines section in the PR title. (example)
• If it would make sense to backport the change to LTS, a Jira issue must exist, be a Bug or Improvement, and be labeled as lts-candidate to be considered (see query).

[daniel-beck]

[basil]

We already did the due diligence to ensure that no plugins are using this code in #6753 (comment) 👍

According to JENKINS-68926 apparently at one point there were errors like

Handlebars: Access has been denied to resolve the property "installWizard_welcomePanel_title" because it is not an "own property" of its parent.

However, I confirmed those errors no longer occur on trunk as of this PR. Note that we recently ripped out a number of legacy tests in #6908, so it is very possible that the "Access has been denied" errors were only being printed from an (unrealistic!) test scenario that no longer exists.

I tested this interactively in the UI and verified that the setup wizard and "Available Plugins" page worked as expected and no errors were printed to the browser console logs or backend log.

From my perspective this is ready to land.

[basil]

Optional suggestion for your consideration: Local testing shows that the dependency tree in yarn.lock can be simplified after these changes by running yarn dedupe. If you can do that as part of this PR that would be appreciated. If that is asking too much, I will do it in a follow-up PR.

[basil]

I also took the liberty of pushing commit b184a98 to allow Renovate to update this package automatically in the future.

[daniel-beck]

Tested setup wizard and plugin manager available tab, both worked fine (well, nothing broke that I would consider caused by this change).

[basil]

This PR is now ready for merge. We will merge it after approximately 24 hours if there is no negative feedback. Please see the merge process documentation for more information about the merge process. Thanks!

[NotMyFault]

Nice one!

I'm taking a wild guess and assume the prior error was down to an other ancient dependency, but nice to see it gone.

I went ahead and pinned handlebars on here, otherwise Renovate picks it up afterwards.