Update vulnerable handlebars #921

Author: lcharette

CHANGELOG.md

@@ -20,6 +20,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Updated league/csv to 9.2.1
 - Updated symfony/console to 4.3
 - Updated vlucas/phpdotenv to 3.4.0
+- [Frontend] Updated handlebar from 3.0.x to 4.1.2
 
 ### Added
 - Separated `BakeCommand` class into multiple methods to make it easier for sprinkle to add custom command to the `bake` command.
@@ -28,6 +29,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Fix
 - `bake` command return error if account sprinkle is not included ([#944])
 - Email is case-sensitive ([#881]; [#1012])
+- Update vulnerable handlebars@^3.0.3 to ^4.0.12 ([#921])
 
 ### Changed
 - Account sprinkle now extend the Core `BakeCommand` class to add the `create-admin` to the general bake command. Any sprinkle already extending the Core `BakeCommand` might need adjustments.
@@ -793,6 +795,7 @@ See [http://learn.userfrosting.com/upgrading/40-to-41](Upgrading 4.0.x to 4.1.x
 [#888]: https://github.com/userfrosting/UserFrosting/issues/888
 [#893]: https://github.com/userfrosting/UserFrosting/issues/893
 [#919]: https://github.com/userfrosting/UserFrosting/issues/919
+[#921]: https://github.com/userfrosting/UserFrosting/issues/921
 [#940]: https://github.com/userfrosting/UserFrosting/issues/940
 [#950]: https://github.com/userfrosting/UserFrosting/issues/950
 [#951]: https://github.com/userfrosting/UserFrosting/issues/951

app/sprinkles/core/package.json

@@ -4,7 +4,7 @@
     "bootstrap": "^3.3.6",
     "clipboard": "^1.5.16",
     "font-awesome": "^4.7.0",
-    "handlebars": "^3.0.3",
+    "handlebars": "^4.1.2",
     "jquery": "^3.2.1",
     "jquery-ui": "^1.12.0",
     "jquery-validation": "~1.14.0",