refactor: Bump handlebars from 4.7.8 to 4.7.9

[dependabot]

Bumps handlebars from 4.7.8 to 4.7.9.

Release notes

Sourced from handlebars's releases.

v4.7.9

• fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2
• fix type "RuntimeOptions" also accepting string partials - eab1d14
• feat(types): set hash to be a Record<string, any> - de4414d
• fix non-contiguous program indices - 4512766
• refactor: rename i to startPartIndex - e497a35
• security: fix security issues - 68d8df5
  • GHSA-2w6w-674q-4c4q
  • GHSA-3mfm-83xf-c92r
  • GHSA-xhpv-hc6g-r9c6
  • GHSA-xjpj-3mr7-gcpf
  • GHSA-9cx6-37pm-9jff
  • GHSA-2qvq-rjwj-gvw9
  • GHSA-7rx3-28cr-v5wh
  • GHSA-442j-39wm-28r2

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.9 - March 26th, 2026

• fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2
• fix type "RuntimeOptions" also accepting string partials - eab1d14
• feat(types): set hash to be a Record<string, any> - de4414d
• fix non-contiguous program indices - 4512766
• refactor: rename i to startPartIndex - e497a35
• security: fix security issues - 68d8df5

Commits

Commits

• dce542c v4.7.9
• 8a41389 Update release notes
• 68d8df5 Fix security issues
• b2a0831 Fix browser tests
• 9f98c16 Fix release script
• 45443b4 Revert "Improve partial indenting performance"
• 8841a5f Fix CI errors with linting
• e0137c2 fix: enable shell mode for spawn to resolve Windows EINVAL issue
• e914d60 Improve rendering performance
• 7de4b41 Upgrade GitHub Actions checkout and setup-node on 4.x branch
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Summary by CodeRabbit

• Chores
  • Updated handlebars dependency to version 4.7.9.

[parse-github-assistant]

I will reformat the title to use the proper commit message syntax.

[parseplatformorg]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[mtrezza]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 88a42ecc-f7e6-4b29-9569-76a3941205ca

📥 Commits

Reviewing files that changed from the base of the PR and between 6da62a9 and 5312f0c.

📒 Files selected for processing (1)

• package-lock.json

👮 Files not reviewed due to content moderation or server errors (1)

• package-lock.json

---

📝 Walkthrough

Walkthrough

The handlebars package dependency is updated from version 4.7.8 to 4.7.9 in the package-lock.json file. The corresponding resolved URL and integrity hash are updated to reflect the new version.

Changes

Cohort / File(s)	Summary
Dependency Update package-lock.json	Updated handlebars from v4.7.8 to v4.7.9, including resolved tarball URL and integrity hash.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is missing required sections from the template (Issue and Approach) and lacks custom context beyond the auto-generated Dependabot content.	Add Issue and Approach sections to explain the motivation and specific changes being made beyond the auto-generated Dependabot summary.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: bumping the handlebars dependency from version 4.7.8 to 4.7.9.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/npm_and_yarn/handlebars-4.7.9

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[mtrezza]

@coderabbitai why is the "CodeRabbit Review" CI job missing in the CI list, even though CodeRabbit is enabled this repository

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

@mtrezza: The "CodeRabbit Review" CI status check is a feature that needs to be explicitly enabled — it is not shown by default even when CodeRabbit is enabled on a repository. Here's a breakdown:

1. CodeRabbit is a GitHub App, not a GitHub Action. It is a GitHub App, which means it starts reviewing pull requests automatically after installation — there is no YAML to write, no secrets to configure, and no Actions minutes consumed. Because of this, it does not automatically appear as a CI job in the checks list unless the status check feature is explicitly turned on.

2. Enabling the CI status check: The "CodeRabbit Review" status check (which shows up in the GitHub CI checks list) can be enabled via your repository's CodeRabbit settings. You can turn it on either:

   • In the CodeRabbit UI under repository settings → enable the "Review Status" / "Commit Status" option.
   • Or in your .coderabbit.yaml file by setting:

     reviews:
       review_status: true

3. Dependabot PRs: Additionally, note that CodeRabbit by default may not automatically review bot-created PRs (like those from dependabot). The review on this PR was manually triggered by your @coderabbitai review command, which is why you see the review comment but not a CI status check entry.

To confirm the exact current configuration for this repository and get the most accurate guidance, I'm fetching the current CodeRabbit config now:

---

🛠 Debug Information Gathered

---

[parseplatformorg]

🎉 This change has been released in version 8.4.0