dependencies updates

[rlsf]

hello,
i've just opened a PR for updating a lot of dependencies that are outdated: #1841
please merge it and release a new version, as currently handlebars suffers from a critical CVE originating from minimist, see here: GHSA-xvch-5gv4-984h

on the same subject, i think degradation of the package-lock file can be avoided or at least be minimal by applying dependabot to this repo, to help keep dependencies in sync.

[jaylinski]

See #1841 (comment).

Thanks for the suggestion on dependabot, but we already get notified about security issues by GitHub.

[rlsf]

@jaylinski are you updating the code only in case of security issues or also when new versions of packages are available?
dependabot creates PRs automatically for any new version of a dependency package.
it is up to the maintainer to decide whether they want to merge it into the repo or not.
it also serves as a easy tool to update security issues, but not only for that.

[jaylinski]

are you updating the code only in case of security issues?

if there is a security issue with handlebars or its dependencies, we update our code as soon as possible.

[dpeger]

Is there going to be a new release with the updated dependencies in the near future?

[jaylinski]

yes