[Snyk] Fix for 11 vulnerabilities

[Robthreefold]

Snyk has created this PR to fix 11 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-HANDLEBARS-15803084	276
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-HANDLEBARS-15803082	254
	Arbitrary Code Injection SNYK-JS-LODASH-15869625	240
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-HANDLEBARS-15803086	180
	Improper Check for Unusual or Exceptional Conditions SNYK-JS-HANDLEBARS-15807042	169
	Improper Encoding or Escaping of Output SNYK-JS-HANDLEBARS-15807040	165
	Prototype Pollution SNYK-JS-LODASH-15053838	144
	Prototype Pollution SNYK-JS-LODASH-15869619	115
	Prototype Pollution SNYK-JS-HANDLEBARS-15789775	98
	Prototype Pollution SNYK-JS-HANDLEBARS-15813031	78
	Time-of-check Time-of-use (TOCTOU) Race Condition SNYK-JS-HANDLEBARS-15813000	62

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Access of Resource Using Incompatible Type ('Type Confusion')
🦉 Improper Encoding or Escaping of Output
🦉 More lessons are available in Snyk Learn

[Robthreefold]

This set of upgrades includes a major, high-risk update to tap and low-risk patch updates for hbs and lodash.

High Risk

tap from 11.1.5 to 18.0.0

This is a significant multi-version upgrade for the tap testing framework, introducing numerous breaking changes that will require developer action. The framework has been substantially modernized.

Key Breaking Changes:

• Coverage Enforcement: Test coverage is now enabled by default and enforced at 100%. Incomplete coverage will cause tests to fail. The --check-coverage and --no-cov flags have been removed. [1, 4, 9]
• ESM and TypeScript: The library is rewritten in TypeScript and now supports both CommonJS and ESM. This may require updating import or require statements. [4]
• Async Hooks: beforeEach and afterEach no longer accept callbacks. For asynchronous operations, you must now return a Promise. [1, 3]
• API and CLI Changes: Several assertion synonyms (e.g., t.not()) have been removed and moved to an optional plugin (@tapjs/synonyms). [9] Many command-line options have also been removed or replaced. [1]

Recommendation: Developers must review their existing tap tests and configuration. Key actions include: updating asynchronous hooks to use Promises, ensuring test suites meet the new 100% coverage requirement (or explicitly configuring a lower threshold), and verifying that module imports work correctly.

Source: Tap Changelog [1]

Low Risk

• lodash from 4.17.4 to 4.18.1: This is a minor update that includes security patches for prototype pollution and code injection. A behavioral change in _.unset and _.omit was made to fix a vulnerability, but it is unlikely to affect typical usage. [5, 6]
• hbs from 4.2.0 to 4.2.1: This is a patch release containing minor bug fixes and type definition updates. No breaking changes are expected. [11, 14]

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[Robthreefold]

⛔ Snyk checks have failed. 8 issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (8)
⛔	Open Source Security	0	4	4	0	8 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[Robthreefold]

⛔ Snyk checks have failed. 8 issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (8)
⛔	Open Source Security	0	4	4	0	8 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[Robthreefold]

⛔ Snyk checks have failed. 8 issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (8)
⛔	Open Source Security	0	4	4	0	8 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[Robthreefold]

⛔ Snyk checks have failed. 8 issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (8)
⛔	Open Source Security	0	4	4	0	8 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[Robthreefold]

⛔ Snyk checks have failed. 8 issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (8)
⛔	Open Source Security	0	4	4	0	8 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[Robthreefold]

⛔ Snyk checks have failed. 8 issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (8)
⛔	Open Source Security	0	4	4	0	8 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.