[Snyk] Fix for 2 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	621/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6	Prototype Pollution SNYK-JS-JSONPOINTER-596925	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: handlebars

The new version differs by 215 commits.

• 8d22e6f v4.0.12
• 3c970cc Update release notes
• abba3c7 Update release notes
• 4bf1c4f Update release notes
• 41b6a11 Merge branch '4.x' of github.com:wycats/handlebars.js into 4.x
• 2d28f92 bump grunt-plugin-dependencies to 1.x versions
• 29b1744 style: omit linting error caused by removing "if"
• d130ed2 chore: bump various dependencies
• 2145c14 bump grunt-plugin-dependencies to 1.x versions
• 8359722 style: omit linting error caused by removing "if"
• a1d864d chore: bump various dependencies
• 0ddff8b unnecessary check
• 288e986 Docs: Document branches in the CONTRIBUTING guide
• 30df8a1 Testcase for accessing @ root from a partial-block
• cda544b Add package.json to components shim
• 69c6ca5 Use `files` field
• a4e39bd Fix release-notes (links to contributors` pages)
• b86b918 Fix release-notes (links to github-repo)
• d3d3942 upgrade uglify-js
• 73d5637 Update dependencies "async" to 2.5.0 and "source-map" to 0.6.1
• 7729aa9 Update grunt-eslint to 20.1.0
• 8947dd0 Update jsfiddle to 4.0.11
• 1e954dd v4.0.11
• 1ac131e Update release notes

See the full diff

Package name: json-pointer

The new version differs by 28 commits.

• 9b5ea8e Release 0.6.1
• 1dbd1ed Merge pull request #34 from AdamGold/master
• 8c998b5 test: 💍 test the prototype pollution fix
• ee4b8e7 fix: 🐛 fix prototype pollution
• 018e488 docs: svg travis badge
• 9d71bc3 Merge pull request #26 from manuelstofer/npm-badge
• 2a89632 docs: code coverage badge
• 9fa928a Merge pull request #27 from manuelstofer/code-coverage
• 04238f7 test: nyc coverage reporting options
• 5d28d47 test: code coverage
• 1e1c914 docs: npm badge; travis badge for master branch only
• 322eb1e Merge pull request #24 from APIs-guru/master
• 76ca03b Throw when try to set the root object
• daca211 Release 0.6.0
• a68aac9 Remove component.json
• cbf06fb Merge pull request #23 from APIs-guru/master
• 528127b Update tests to cover remove from array
• ae22861 Correctly handle remove from array
• 1189b27 Fix "remove" test
• 6355037 Release 0.5.0
• 495e372 Merge pull request #22 from APIs-guru/master
• 89ac53f Don't mutate pointer array. Performance speedup.
• c413470 Add sudo: false to .travis.yml
• 5f680d0 Release 0.4.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic