[Snyk] Fix for 9 vulnerabilities

[snyk-io]

Snyk has created this PR to fix 9 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-HANDLEBARS-15803084	276
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-HANDLEBARS-15803082	254
	Arbitrary Code Injection SNYK-JS-LODASH-15869625	243
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-HANDLEBARS-15803086	180
	Improper Check for Unusual or Exceptional Conditions SNYK-JS-HANDLEBARS-15807042	169
	Improper Encoding or Escaping of Output SNYK-JS-HANDLEBARS-15807040	165
	Prototype Pollution SNYK-JS-LODASH-15869619	117
	Prototype Pollution SNYK-JS-HANDLEBARS-15789775	98
	Time-of-check Time-of-use (TOCTOU) Race Condition SNYK-JS-HANDLEBARS-15813000	62

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Access of Resource Using Incompatible Type ('Type Confusion')
🦉 Improper Encoding or Escaping of Output
🦉 More lessons are available in Snyk Learn

[snyk-io]

This release includes a major upgrade for the tap testing framework, which introduces significant breaking changes. The other upgrades are minor and carry low risk.

Highlights

• tap (11.1.5 → 18.0.0) - HIGH RISK: This is a substantial upgrade across 7 major versions, introducing fundamental changes to how tests are run and configured. Developer action is required.
• sanitize-html (1.4.2 → 1.7.1) - LOW RISK: This minor upgrade adds new, non-breaking features and improves dependencies.
• hbs (4.0.4 → 4.2.1) - LOW RISK: This is a minor patch release with no documented breaking changes.

Detailed Analysis

tap (11.1.5 → 18.0.0)

This upgrade modernizes the tap library but requires significant attention. The entire library was rewritten in TypeScript, and many core behaviors have changed.

Key Breaking Changes:

• Coverage Enforcement: Test coverage is now enabled and enforced at 100% by default. Missing or incomplete coverage will cause the test suite to fail. This is the most critical change and may require adding tests or adjusting configuration to lower the threshold.
• Node.js Version: Support for Node.js versions below 12 has been dropped.
• CLI & Configuration: Many command-line flags have been removed or replaced. For example, --check-coverage is removed because it's now the default behavior, and nyc is no longer used for coverage.
• API Changes: Assertion synonyms (e.g., t.not()) have been moved to an optional plugin, @tapjs/synonyms, which must be installed separately if needed.

Recommendation: Review your entire test suite to ensure it meets the new 100% coverage requirement. Update CI scripts to use the new CLI flags and configuration. Install @tapjs/synonyms if your tests rely on deprecated assertion aliases.

Source: Release notes

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[snyk-io]

⛔ Snyk checks have failed. 4 issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (4)
⛔	Open Source Security	0	4	0	0	4 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.