"The handlebars dependency defined in package-lock.json has a known moderate severity security vulnerability in version range < 4.0.0 and should be updated."

### Versions
```
Output from: `ng --version`:
Angular CLI: 1.5.2
Node: 6.11.3
OS: win32 x64
Angular: 5.0.2
... animations, common, compiler, compiler-cli, core, forms
... http, language-service, platform-browser
... platform-browser-dynamic, router

@angular/cli: 1.5.2
@angular-devkit/build-optimizer: 0.0.33
@angular-devkit/core: 0.0.20
@angular-devkit/schematics: 0.0.36
@ngtools/json-schema: 1.1.0
@ngtools/webpack: 1.8.2
@schematics/angular: 0.1.5
typescript: 2.4.2
webpack: 3.8.1
```

### Repro steps
```
Step 1: Run `ng new <ExampleName>`
Step 2: View handlebars.js version 1.3.0 dependency in package-lock.json
```

### Observed behavior
```
Github flags this as a vulnerable dependency.
```

### Desired behavior
```
Update handlebars.js version dependency from 1.3.0 to 4.0.11
Reduce vulnerability out of the box.
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

"The handlebars dependency defined in package-lock.json has a known moderate severity security vulnerability in version range < 4.0.0 and should be updated." #8544

Versions

Repro steps

Observed behavior

Desired behavior

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

"The handlebars dependency defined in package-lock.json has a known moderate severity security vulnerability in version range < 4.0.0 and should be updated." #8544

Description

Versions

Repro steps

Observed behavior

Desired behavior

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions