[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	673/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: handlebars

The new version differs by 71 commits.

• a9a8e40 v4.7.7
• e66aed5 Update release notes
• 7d4d170 disable IE in Saucelabs tests
• eb860c0 fix weird error in integration tests
• b6d3de7 fix: check prototype property access in strict-mode (#1736)
• f058970 fix: escape property names in compat mode (#1736)
• 77825f8 refator: In spec tests, use expectTemplate over equals and shouldThrow (#1683)
• 3789a30 chore: start testing on Node.js 12 and 13
• e6ad93e v4.7.6
• 2bf4fc6 Update release notes
• b64202b Update release-notes.md
• c2f1e62 Switch cmd parser to latest minimist
• 08e9a11 Revert "chore: set Node.js compatibility to v6+"
• 1fd2ede v4.7.5
• 3c9c2f5 Update release notes
• 16487a0 chore: downgrade yargs to v14
• 309d2b4 chore: set Node.js compatibility to v6+
• 645ac73 test: fix integration tests
• b454b02 docs: update release-docs in CONTRIBUTING.md
• 7adc19a v4.7.4
• 9dd8d10 Update release notes
• 4671c4b Use tmp directory for files written during tests
• e46baa1 tasks/test-bin.js: Delete duplicate test
• c491b4e Revert "Update release-notes.md"

See the full diff

Package name: newman

The new version differs by 250 commits.

• ba2b4df Merge branch 'release/5.2.3'
• c5aab0c Release v5.2.3
• c597871 Update dependencies
• 811d2d1 Merge pull request #2721 from Suhas-Gaikwad/patch-1
• dcc5b9b Create SECURITY.md
• 2a57036 Merge pull request #2692 from postmanlabs/dependabot/npm_and_yarn/postman-runtime-7.27.0
• a02f666 Chore(deps): bump postman-runtime from 7.26.10 to 7.27.0
• bc8dbe9 Merge pull request #2683 from postmanlabs/dependabot/npm_and_yarn/postman-collection-3.6.10
• d8565e0 Merge pull request #2684 from postmanlabs/dependabot/npm_and_yarn/sinon-10.0.0
• d16d0d4 Chore(deps): bump postman-collection from 3.6.9 to 3.6.10
• 6651ad9 Merge pull request #2689 from postmanlabs/dependabot/npm_and_yarn/y18n-4.0.1
• aa7785f Merge pull request #2693 from postmanlabs/dependabot/npm_and_yarn/semver-7.3.5
• 57bc14a Merge pull request #2686 from postmanlabs/dependabot/npm_and_yarn/commander-7.2.0
• 5a6cb9c Merge branch 'develop' into dependabot/npm_and_yarn/sinon-10.0.0
• 760475c Merge pull request #2682 from postmanlabs/dependabot/npm_and_yarn/postman-request-2.88.1-postman.29
• c814e15 Chore(deps): bump semver from 7.3.4 to 7.3.5
• 3de8d0e Merge branch 'develop' into dependabot/npm_and_yarn/y18n-4.0.1
• cfb1227 Merge pull request #2685 from postmanlabs/dependabot/npm_and_yarn/eslint-7.23.0
• 6871d37 Merge pull request #2687 from postmanlabs/dependabot/npm_and_yarn/jsdoc-to-markdown-7.0.1
• be037ab Merge branch 'develop' into dependabot/npm_and_yarn/postman-request-2.88.1-postman.29
• 712280b Merge pull request #2676 from postmanlabs/dependabot/npm_and_yarn/eslint-plugin-jsdoc-32.3.0
• 0ba1093 Merge pull request #2675 from postmanlabs/dependabot/npm_and_yarn/postman-collection-transformer-4.1.0
• 8eaf15b Merge pull request #2662 from postmanlabs/dependabot/npm_and_yarn/chai-4.3.4
• 291e7fb Merge pull request #2660 from postmanlabs/dependabot/npm_and_yarn/mocha-8.3.2

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic