Skip to content

Bump handlebars from 4.7.8 to 4.7.9#2799

Merged
jribbink merged 1 commit into
masterfrom
dependabot/npm_and_yarn/handlebars-4.7.9
Jul 3, 2026
Merged

Bump handlebars from 4.7.8 to 4.7.9#2799
jribbink merged 1 commit into
masterfrom
dependabot/npm_and_yarn/handlebars-4.7.9

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 27, 2026

Copy link
Copy Markdown
Contributor

Bumps handlebars from 4.7.8 to 4.7.9.

Release notes

Sourced from handlebars's releases.

v4.7.9

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.9 - March 26th, 2026

  • fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2
  • fix type "RuntimeOptions" also accepting string partials - eab1d14
  • feat(types): set hash to be a Record<string, any> - de4414d
  • fix non-contiguous program indices - 4512766
  • refactor: rename i to startPartIndex - e497a35
  • security: fix security issues - 68d8df5

Commits

Commits
  • dce542c v4.7.9
  • 8a41389 Update release notes
  • 68d8df5 Fix security issues
  • b2a0831 Fix browser tests
  • 9f98c16 Fix release script
  • 45443b4 Revert "Improve partial indenting performance"
  • 8841a5f Fix CI errors with linting
  • e0137c2 fix: enable shell mode for spawn to resolve Windows EINVAL issue
  • e914d60 Improve rendering performance
  • 7de4b41 Upgrade GitHub Actions checkout and setup-node on 4.x branch
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 27, 2026
@dependabot dependabot Bot requested a review from a team as a code owner March 27, 2026 19:56
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 27, 2026
@changeset-bot

changeset-bot Bot commented Mar 27, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: 46d7d37

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@vercel

vercel Bot commented Mar 27, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
react-sdk-demo Ready Ready Preview, Comment Jul 3, 2026 12:10am

Request Review

@github-actions

github-actions Bot commented Mar 27, 2026

Copy link
Copy Markdown
Contributor

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/handlebars 4.7.9 🟢 5.3
Details
CheckScoreReason
Maintained🟢 56 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5
Code-Review🟢 8Found 14/17 approved changesets -- score normalized to 8
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • package-lock.json

@jribbink

jribbink commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

@dependabot rebase

@jribbink jribbink enabled auto-merge (squash) July 2, 2026 23:35
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/handlebars-4.7.9 branch from 5004ad6 to 3f9f794 Compare July 2, 2026 23:51
Bumps [handlebars](https://github.com/handlebars-lang/handlebars.js) from 4.7.8 to 4.7.9.
- [Release notes](https://github.com/handlebars-lang/handlebars.js/releases)
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md)
- [Commits](handlebars-lang/handlebars.js@v4.7.8...v4.7.9)

---
updated-dependencies:
- dependency-name: handlebars
  dependency-version: 4.7.9
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/handlebars-4.7.9 branch from 3f9f794 to 46d7d37 Compare July 3, 2026 00:08
@jribbink jribbink merged commit a25656f into master Jul 3, 2026
7 of 8 checks passed
@jribbink jribbink deleted the dependabot/npm_and_yarn/handlebars-4.7.9 branch July 3, 2026 00:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant