Bump handlebars version to ^4.0.0

[John-Steidley]

This includes a downstream bump to the uglify version (to 2.4.24) which fixes a vulnerability reported by the Node security project. See https://nodesecurity.io/advisories/uglifyjs_incorrectly_handles_non-boolean_comparisons for more information.

To see the compatibility notes for Handlebars 4, please go to https://github.com/wycats/handlebars.js/blob/master/release-notes.md

Thank you for your time. :)

[stephanbakker]

👍 same here, it breaks our build

[ericf]

Thanks for doing this, I'll have to spend some time to understand the Handlebars v4 changes. In the meantime you can always pass handlebars as a config option to Express Handlebars.

[John-Steidley]

@ericf, Any recent news?

[kara-ryli]

@ericf just want to bump this. We're manually passing in a handlebars config parameter, but our security checks are alerting on handlebars-lang/handlebars.js#1084 and I would love to squelch the false positive.

[chiefy]

👍 LGTM!

[andrewpmckenzie]

👍 this would be really helpful

[John-Steidley]

Oops. Didn't mean to close this temporarily.

[stephanbakker]

@ericf, would love this one to be merged. Is it still on the radar?

[mikermcneil]

@ericf let me know if there's any way I can help-- I'd like to get this patched in Sails if possible.

[sgress454]

Thanks @sahat -- don't forget to npm publish as well!