fix(deps): update dependency handlebars to v4.7.7 [security] - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
handlebars (source)	4.7.6 -> 4.7.7

GitHub Vulnerability Alerts

CVE-2021-23383

The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.

---

Release Notes

handlebars-lang/handlebars.js (handlebars)

v4.7.7

Compare Source

• fix weird error in integration tests - eb860c0
• fix: check prototype property access in strict-mode (#​1736) - b6d3de7
• fix: escape property names in compat mode (#​1736) - f058970
• refactor: In spec tests, use expectTemplate over equals and shouldThrow (#​1683) - 77825f8
• chore: start testing on Node.js 12 and 13 - 3789a30

(POSSIBLY) BREAKING CHANGES:

• the changes from version 4.6.0 now also apply
  in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods
  can be allowed via runtime-options. See #​1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties
  from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.

That is why we only bump the patch version despite mentioning breaking changes.

Commits

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: yarn.lock

installing v2 tool yarn-slim v1.22.19
ERROR: npm v9.5.1 is known not to run on Node.js v12.22.12. You'll need to
upgrade to a newer Node.js version in order to use this version of npm. This
version of npm supports the following node versions: `^14.17.0 || ^16.13.0 ||
>=18.0.0`. You can find the latest version at https://nodejs.org/.

ERROR:
/opt/buildpack/tools/node/18.16.0/lib/node_modules/npm/lib/utils/exit-handler.js:21
  const hasLoadedNpm = npm?.config.loaded
                           ^

SyntaxError: Unexpected token '.'
    at wrapSafe (internal/modules/cjs/loader.js:915:16)
    at Module._compile (internal/modules/cjs/loader.js:963:27)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)
    at Module.load (internal/modules/cjs/loader.js:863:32)
    at Function.Module._load (internal/modules/cjs/loader.js:708:14)
    at Module.require (internal/modules/cjs/loader.js:887:19)
    at require (internal/modules/cjs/helpers.js:74:18)
    at module.exports (/opt/buildpack/tools/node/18.16.0/lib/node_modules/npm/lib/cli.js:81:23)
    at Object.<anonymous> (/opt/buildpack/tools/node/18.16.0/lib/node_modules/npm/bin/npm-cli.js:2:25)
    at Module._compile (internal/modules/cjs/loader.js:999:30)

[coveralls]

Coverage: 32.315%. Remained the same when pulling 5ebb6a4 on renovate/npm-handlebars-vulnerability into 424a858 on master.