From f2530f6d59a148d87dfa0babc4db3430d8da692d Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 10 Apr 2026 04:52:48 -0500
Subject: [PATCH] chore(deps): update dependency @types/handlebars to v4.1.0
 (#423)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [@types/handlebars](https://redirect.github.com/wycats/handlebars.js)
| [`4.0.40` →
`4.1.0`](https://renovatebot.com/diffs/npm/@types%2fhandlebars/4.0.40/4.1.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fhandlebars/4.1.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fhandlebars/4.0.40/4.1.0?slim=true)
|

---

### Release Notes

<details>
<summary>wycats/handlebars.js (@&#8203;types/handlebars)</summary>

###
[`v4.1.0`](https://redirect.github.com/wycats/handlebars.js/blob/HEAD/release-notes.md#v410---February-7th-2019)

New Features

- import TypeScript typings -
[`27ac1ee`](https://redirect.github.com/wycats/handlebars.js/commit/27ac1ee)

Security fixes:

- disallow access to the constructor in templates to prevent RCE -
[`42841c4`](https://redirect.github.com/wycats/handlebars.js/commit/42841c4),
[#&#8203;1495](https://redirect.github.com/wycats/handlebars.js/issues/1495)

Housekeeping

- chore: fix components/handlebars package.json and auto-update on
release -
[`bacd473`](https://redirect.github.com/wycats/handlebars.js/commit/bacd473)
- chore: Use node 10 to build handlebars -
[`78dd89c`](https://redirect.github.com/wycats/handlebars.js/commit/78dd89c)
- chore/doc: Add more release docs -
[`6b87c21`](https://redirect.github.com/wycats/handlebars.js/commit/6b87c21)

Compatibility notes:

Access to class constructors (i.e. `({}).constructor`) is now prohibited
to prevent
Remote Code Execution. This means that following construct will no work
anymore:

```
class SomeClass {
}

SomeClass.staticProperty = 'static'

var template = Handlebars.compile('{{constructor.staticProperty}}');
document.getElementById('output').innerHTML = template(new SomeClass());
// expected: 'static', but now this is empty.
```

This kind of access is not the intended use of Handlebars and leads to
the vulnerability described in
[#&#8203;1495](https://redirect.github.com/wycats/handlebars.js/issues/1495).
We will **not** increase the major version, because such use is not
intended or documented, and because of the potential impact of the issue
(we fear that most people won't use a new major version and the issue
may not be resolved on many systems).


[Commits](https://redirect.github.com/handlebars-lang/handlebars.js/compare/v4.0.12...v4.1.0)

</details>

---

### Configuration

📅 **Schedule**: (in timezone America/Chicago)

- Branch creation
  - Only on Friday (`* * * * 5`)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled because a matching PR was automerged
previously.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jdx/mise-action).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTAuMiIsInVwZGF0ZWRJblZlciI6IjQzLjExMC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 1f249d2..40e36ed 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1906,10 +1906,14 @@
       "license": "MIT"
     },
     "node_modules/@types/handlebars": {
-      "version": "4.0.40",
-      "resolved": "https://registry.npmjs.org/@types/handlebars/-/handlebars-4.0.40.tgz",
-      "integrity": "sha512-sGWNtsjNrLOdKha2RV1UeF8+UbQnPSG7qbe5wwbni0mw4h2gHXyPFUMOC+xwGirIiiydM/HSqjDO4rk6NFB18w==",
-      "license": "MIT"
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/@types/handlebars/-/handlebars-4.1.0.tgz",
+      "integrity": "sha512-gq9YweFKNNB1uFK71eRqsd4niVkXrxHugqWFQkeLRJvGjnxsLr16bYtcsG4tOFwmYi0Bax+wCkbf1reUfdl4kA==",
+      "deprecated": "This is a stub types definition. handlebars provides its own type definitions, so you do not need this installed.",
+      "license": "MIT",
+      "dependencies": {
+        "handlebars": "*"
+      }
     },
     "node_modules/@types/istanbul-lib-coverage": {
       "version": "2.0.6",