[Snyk] Fix for 10 vulnerabilities

[philvarner-snyk]

Snyk has created this PR to fix 10 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-HANDLEBARS-15803084	276
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-HANDLEBARS-15803082	254
	Arbitrary Code Injection SNYK-JS-LODASH-15869625	243
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-HANDLEBARS-15803086	180
	Improper Check for Unusual or Exceptional Conditions SNYK-JS-HANDLEBARS-15807042	169
	Improper Encoding or Escaping of Output SNYK-JS-HANDLEBARS-15807040	165
	Prototype Pollution SNYK-JS-LODASH-15053838	144
	Prototype Pollution SNYK-JS-LODASH-15869619	117
	Prototype Pollution SNYK-JS-HANDLEBARS-15789775	98
	Time-of-check Time-of-use (TOCTOU) Race Condition SNYK-JS-HANDLEBARS-15813000	62

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Access of Resource Using Incompatible Type ('Type Confusion')
🦉 Improper Encoding or Escaping of Output
🦉 More lessons are available in Snyk Learn

[philvarner-snyk]

This set of upgrades includes a major and high-risk update to the tap testing framework, alongside two low-risk updates.

tap@11.1.5 → tap@18.0.0 (HIGH RISK)

This is a significant multi-version upgrade for the tap testing framework, introducing numerous breaking changes that require developer action.

Key Breaking Changes:

• Coverage Enforcement: Test coverage is now enabled by default and requires 100% coverage. Builds will fail if this threshold is not met. This can be disabled via configuration but is a major behavioral change. [4]
• Node.js Support: Support for Node.js versions below 10 has been dropped. [3]
• Configuration: Configuration files have changed significantly. For example, test-regexp and test-ignore have been replaced with include and exclude glob patterns. [4]
• API Changes: Asynchronous functions like beforeEach and afterEach no longer accept callbacks and must return a promise. [7] Assertion aliases have also been removed.

Recommendation:
Developers must review their tap configuration and test suite for compatibility. Specifically, address the new default coverage requirement, update Node.js versions if necessary, and migrate any legacy configuration options or APIs.

Source: Changelog, Upgrading Guide

Other Upgrades

• hbs@4.0.4 → hbs@4.2.1 (Low Risk): This is a minor version update that includes new non-breaking features and bug fixes. No breaking changes are documented. [13]
• lodash@4.17.4 → lodash@4.17.23 (Low Risk): This is a patch-level update containing security fixes and performance improvements with no breaking changes. [1]

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[philvarner-snyk]

⛔ Snyk checks have failed. 8 issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (8)
⛔	Open Source Security	0	4	4	0	8 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.