build(deps): bump handlebars and jsdoc-to-markdown

[dependabot]

Bumps handlebars to 4.7.9 and updates ancestor dependency jsdoc-to-markdown. These dependencies need to be updated together.

Updates handlebars from 4.5.3 to 4.7.9

Release notes

Sourced from handlebars's releases.

v4.7.9

• fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2
• fix type "RuntimeOptions" also accepting string partials - eab1d14
• feat(types): set hash to be a Record<string, any> - de4414d
• fix non-contiguous program indices - 4512766
• refactor: rename i to startPartIndex - e497a35
• security: fix security issues - 68d8df5
  • GHSA-2w6w-674q-4c4q
  • GHSA-3mfm-83xf-c92r
  • GHSA-xhpv-hc6g-r9c6
  • GHSA-xjpj-3mr7-gcpf
  • GHSA-9cx6-37pm-9jff
  • GHSA-2qvq-rjwj-gvw9
  • GHSA-7rx3-28cr-v5wh
  • GHSA-442j-39wm-28r2

Commits

v4.7.8

• Make library compatible with workers (#1894) - 3d3796c
• Don't rely on Node.js global object (#1776) - 2954e7e
• Fix compiling of each block params in strict mode (#1855) - 30dbf04
• Fix rollup warning when importing Handlebars as ESM - 03d387b
• Fix bundler issue with webpack 5 (#1862) - c6c6bbb
• Use https instead of git for mustache submodule - 88ac068

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.9 - March 26th, 2026

• fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2
• fix type "RuntimeOptions" also accepting string partials - eab1d14
• feat(types): set hash to be a Record<string, any> - de4414d
• fix non-contiguous program indices - 4512766
• refactor: rename i to startPartIndex - e497a35
• security: fix security issues - 68d8df5

Commits

v4.7.8 - July 27th, 2023

• Make library compatible with workers (#1894) - 3d3796c
• Don't rely on Node.js global object (#1776) - 2954e7e
• Fix compiling of each block params in strict mode (#1855) - 30dbf04
• Fix rollup warning when importing Handlebars as ESM - 03d387b
• Fix bundler issue with webpack 5 (#1862) - c6c6bbb
• Use https instead of git for mustache submodule - 88ac068

Commits

v4.7.7 - February 15th, 2021

• fix weird error in integration tests - eb860c0
• fix: check prototype property access in strict-mode (#1736) - b6d3de7
• fix: escape property names in compat mode (#1736) - f058970
• refactor: In spec tests, use expectTemplate over equals and shouldThrow (#1683) - 77825f8
• chore: start testing on Node.js 12 and 13 - 3789a30

(POSSIBLY) BREAKING CHANGES:

• the changes from version 4.6.0 now also apply in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.

That is why we only bump the patch version despite mentioning breaking changes.

Commits

v4.7.6 - April 3rd, 2020

Chore/Housekeeping:

• #1672 - Switch cmd parser to latest minimist (@​dougwilson

Compatibility notes:

• Restored Node.js compatibility

... (truncated)

Commits

• dce542c v4.7.9
• 8a41389 Update release notes
• 68d8df5 Fix security issues
• b2a0831 Fix browser tests
• 9f98c16 Fix release script
• 45443b4 Revert "Improve partial indenting performance"
• 8841a5f Fix CI errors with linting
• e0137c2 fix: enable shell mode for spawn to resolve Windows EINVAL issue
• e914d60 Improve rendering performance
• 7de4b41 Upgrade GitHub Actions checkout and setup-node on 4.x branch
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jaylinski, a new releaser for handlebars since your current version.

Updates jsdoc-to-markdown from 2.0.1 to 9.1.3

Release notes

Sourced from jsdoc-to-markdown's releases.

v9.1.3

Non-breaking change since v9.1.2

• Removed deprecated lodash.omit package. jsdoc2md/jsdoc-parse#43

v9.1.2

Regression fix since v9.1.1

Previously, you could manually render files in a specific order. For example, in the output this code would render docs for two.js before one.js.

const output = await jsdoc2md.render({ files: ['src/two.js', 'src/one.js'] })

This behaviour was broken by the jsdoc-api v9.0.0 release - instead, that version first sorted the files into alphabetical order, thus rendering one.js before two.js.

Jsdoc-api v9.3.5 (used internally by jsdoc2md) fixes that regression - previous behaviour restored.

v9.1.1

Non-breaking changes since v9.1.0

• Amended the fix for #90 so that @link, @linkcode and @linkplain tags are resolved in the @deprecated tag text.

v9.1.0

New feature since v9.0.5

• Any text passed to the @deprecated tag is now displayed. #90

Upgrade notes

See this testbed directory for example source code and output.

Previously, the tag @deprecated This method has been deprecated since v2.0.0 would simply print ***Deprecated*** in the output, ignoring the deprecation text. The new behaviour:

• For an empty @deprecated tag with no text, display ***Deprecated*** (same as before).
• If the tag has text, e.g. @deprecated This method has been deprecated since v2.0.0, then the full text line will be printed as written
  • This will replace the previous ***Deprecated*** line with ***This method has been deprecated since v2.0.0***.
  • This approach gives you full control over the text displayed (without assuming you want the line to begin with "Deprecated").

v9.0.5

Non-breaking changes since v9.0.4

• Fixed a regression where spaces in the jsdoc binary path caused jsdoc2md to fail. #307

v9.0.4

Non-breaking change

• Implemented a permanent fix for the critical util.isRegExp is not a function issue in Node v23, replacing the previous temporary workaround. #306

... (truncated)

Commits

• 21798ef 9.1.3
• 8cccbda Remove deprecated lodash.omit package
• defb5c7 9.1.2
• 3964f2b update copyright dates
• 53fb496 Fix regression where files passed directly to jsdoc2md.render() were sorted u...
• a6b2309 Merge pull request #311 from Fdawgs/patch-1
• d2d1bcb Replace node 23 with 24 in ci test matrix
• bc77277 9.1.1
• 7574e44 Amended the fix for #90 so that @​link, @​linkcode and @​linkplain tags are reso...
• f2719e3 9.1.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.