[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: handlebars

The new version differs by 166 commits.

• 698c8a9 v3.0.4
• 12cd4ef Update release notes
• ed9e301 chore: add [email protected] to devDependencies
• bbe684b chore: remove TODO comment line
• f8d7b38 docs: update CONTRIBUTING.md from master and add text about 3.x
• 4cd5305 Further relax uglify dependency
• d97c2e6 Update uglify-js to avoid vulnerability
• 1c863e3 Escape = in HTML content
• 891f48b v3.0.3
• 0bf79ea Update release notes
• 972f521 Move noConflict implementation to module
• 4a40fc8 NPM ignore log files
• fc13400 Remove jshint completely
• 6ecf509 Merge pull request #1008 from shannonmoeller/patch-1
• d945089 Added handlebars-layouts to the in-the-wild list
• 2f0b866 v3.0.2
• d48e840 Update release notes
• 4bed826 Update for let and optional parameters
• 0263aa4 Run the precompiler module through es6 toolchain
• ecf60ab Enable additional es6 features in eslint
• c6ab044 Merge pull request #998 from wycats/babel
• fdc9420 Fix UMD build target generation
• e3d3eda Add full support for es6
• 2a02261 Fix IE test freakout

See the full diff

Package name: npm

The new version differs by 250 commits.

• 1569304 3.0.0
• d67d437 [email protected]
• 2becdc3 [email protected]
• 3501f22 src: Fix one last standard style issue
• 0772c95 changelog: Add two more known bugs
• 283eef4 changelog: minor tweaks that didn't make it in prior to merging
• 064d62c changelog for 3.0.0
• a306446 test: more descriptive assertions + assertion label
• 6aa6754 uninstall: Support "no arguments"=global action semantics
• a526b60 gitignore: Ignore dev subdep unpipe
• 57328de test: Only run standard once regardless of how we invoke tests
• 65cc653 pack: fix infinite loop when packing w/ node_modules w/ dep cycles
• 532dfc1 [email protected]
• b50be6a src: make the npm source comply with `standard`
• 7c5ebe0 ls: Don't error on missing optional deps
• ae1f202 travis: Use the version of npm being tested
• 231a582 building npm: Yell if you try to package npm@3 with npm@2
• 2da0ce8 install: Run top level lifecycles AFTER rolling back failed optdeps
• 8a814a6 recalculate-metadata: don't compute missing dev deps for subdeps
• 1b71c55 install: save: Don't sort the top level package.json keys
• bc46ca9 install: Make shrinkwrap extraction work in 0.8
• 8fb8b4a install: Move more npm config into the installer object
• 3cdbce3 install: Refactor --link to behave better
• 9e030f7 publish: Throw an error if the bundled deps package.json entry is invalid

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution