[Snyk] Fix for 10 vulnerabilities

[nirw-snyk]

Snyk has created this PR to fix 10 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-HANDLEBARS-15803084	276
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-HANDLEBARS-15803082	254
	Arbitrary Code Injection SNYK-JS-LODASH-15869625	243
	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-HANDLEBARS-15803086	180
	Improper Check for Unusual or Exceptional Conditions SNYK-JS-HANDLEBARS-15807042	169
	Improper Encoding or Escaping of Output SNYK-JS-HANDLEBARS-15807040	165
	Prototype Pollution SNYK-JS-LODASH-15053838	144
	Prototype Pollution SNYK-JS-LODASH-15869619	117
	Prototype Pollution SNYK-JS-HANDLEBARS-15789775	98
	Time-of-check Time-of-use (TOCTOU) Race Condition SNYK-JS-HANDLEBARS-15813000	62

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Access of Resource Using Incompatible Type ('Type Confusion')
🦉 Improper Encoding or Escaping of Output
🦉 More lessons are available in Snyk Learn

[nirw-snyk]

This set of upgrades includes a major and high-risk update to the tap testing framework, alongside low-risk updates for lodash and hbs.

tap: 11.1.5 → 18.0.0 (HIGH RISK)

This is a significant upgrade, spanning seven major versions with numerous breaking changes. Migrating will require substantial effort.

Key Breaking Changes:

• Node.js Version: Support for Node.js versions below 12 has been dropped. Version 14 dropped support for Node <10, and v16 requires Node 12+.
• ESM & TypeScript: As of v15, tap uses native ES Modules instead of @std/esm. As of v18, the entire library is rewritten in TypeScript, which is no longer included by default and must be installed separately if needed.
• Coverage: Coverage is now enabled by default as of v18 and uses c8 instead of nyc. --check-coverage is on by default since v14, and missing coverage is treated as a test failure. Several CLI flags related to coverage have been removed.
• API & CLI Changes:
  • Assertion aliases (like t.notOk()) were deprecated and moved to an optional @tapjs/synonyms plugin.
  • Callbacks have been removed from t.beforeEach and t.afterEach in favor of returning a promise.
  • The t.has and t.match assertions have been separated and are distinct.
  • Numerous CLI flags have been removed or replaced. For example, tap repl replaces tap --watch.

Recommendation: This upgrade will require a significant refactoring of your test suite. It is strongly advised to handle this migration in a separate, dedicated effort. Review the official upgrading guide for details.

Other Upgrades

• lodash 4.17.4 → 4.18.1 (Low Risk): This is a patch update that includes important security and bug fixes, including for prototype pollution vulnerabilities.
• hbs 4.0.4 → 4.2.1 (Low Risk): This is a minor update with no documented breaking changes.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[snyk-io]

⛔ Snyk checks have failed. 8 issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (8)
⛔	Open Source Security	0	4	4	0	8 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[snyk-io-au]

⛔ Snyk checks have failed. 8 issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (8)
⛔	Open Source Security	0	4	4	0	8 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[nirw-snyk]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.