[Snyk] Fix for 9 vulnerabilities

[snyk-rfrazier]

Snyk has created this PR to fix 9 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-HANDLEBARS-15803084	276
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-HANDLEBARS-15803082	254
	Arbitrary Code Injection SNYK-JS-LODASH-15869625	243
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-HANDLEBARS-15803086	180
	Improper Check for Unusual or Exceptional Conditions SNYK-JS-HANDLEBARS-15807042	169
	Improper Encoding or Escaping of Output SNYK-JS-HANDLEBARS-15807040	165
	Prototype Pollution SNYK-JS-LODASH-15869619	117
	Prototype Pollution SNYK-JS-HANDLEBARS-15789775	98
	Time-of-check Time-of-use (TOCTOU) Race Condition SNYK-JS-HANDLEBARS-15813000	62

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Access of Resource Using Incompatible Type ('Type Confusion')
🦉 Improper Encoding or Escaping of Output
🦉 More lessons are available in Snyk Learn

[snyk-rfrazier]

This upgrade includes a major version jump for the tap testing framework from v11 to v18, which introduces significant breaking changes. The upgrade for hbs is minor.

tap@11.1.5 → tap@18.0.0

Risk: HIGH

This is a very large upgrade spanning seven major versions and includes a complete rewrite of the library in TypeScript. Significant effort will be required to migrate.

Key Breaking Changes:

• Node.js Support: Support for Node.js versions older than 10 has been dropped. [1]
• ESM & TypeScript: The library was rewritten in TypeScript and now has first-class support for native ES Modules (ESM). [10] This may require changes to test file syntax and project configuration.
• Coverage Enforcement: Test coverage is now enabled by default and 100% coverage is enforced. [1, 3] Missing coverage will cause tests to fail. New flags like --allow-incomplete-coverage must be used to relax this. The underlying coverage engine has also switched from nyc to c8. [4]
• API & CLI Changes: Numerous APIs and CLI commands have been changed, removed, or replaced by a new plugin-based architecture. [1] For example, t.beforeEach() and t.afterEach() no longer accept a callback argument, and the behavior of t.test() promises has changed. [1, 8]

Recommendation: This upgrade cannot be merged without a dedicated migration effort. Developers must review the extensive changelogs for versions 12 through 18 to identify all necessary code and configuration changes.

Source: Tap Changelog

hbs@4.0.4 → hbs@4.2.1

Risk: LOW

This is a minor version upgrade. No official breaking changes were documented for this specific version range. The underlying handlebars engine had some potentially breaking changes related to prototype access in later versions, but these are unlikely to impact standard usage of hbs. [12]

Source: Package documentation

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[snyk-rfrazier]

⛔ Snyk checks have failed. 8 issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (8)
⛔	Open Source Security	0	4	4	0	8 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.