Bump the npm_and_yarn group across 3 directories with 2 updates

[dependabot]

Bumps the npm_and_yarn group with 1 update in the /src/ProjectTemplates/Web.Spa.ProjectTemplates/content/React-CSharp/ClientApp directory: yaml.
Bumps the npm_and_yarn group with 1 update in the /src/ProjectTemplates/Web.Spa.ProjectTemplates/content/ReactRedux-CSharp/ClientApp directory: yaml.
Bumps the npm_and_yarn group with 1 update in the /src/SignalR/clients/ts/common directory: handlebars.

Updates yaml from 1.9.2 to 1.10.3

Release notes

Sourced from yaml's releases.

v1.10.2

• prettier/prettier#10510

v1.10.1

This release backports the following non-breaking fixes made during the work on yaml@2 on top of yaml@1.10.0:

• Support for __proto__ as mapping key & anchor identifier (#192)
• Fix broken TS type for BigInt toggle
• Dump long keys properly (#195)
• When folding highly indented lines, require at least minContentWidth chars on the first line (#196)
• Fix YAML.stringify() for certain null values (#197)
• Do not break escaped chars with escaped newlines (#237, awslabs/cdk8s8)
• Set type: "module" within browser/dist/ (#208)
• Use CommonJS for the browser endpoints yaml/types & yaml/util (#208)
• Always stringify non-Node object keys using explicit notation (#218)
• Specify node type of Document.Parsed.contents (#221)
• Add missing type for CST Node.rangeAsLinePos (#222)
• Prefer literal over folded block scalar when lineWidth=0 is set (#232)
• Allow for empty lines after node props (#242)
• Update dev dependencies

v1.10.0

This will probably be the last minor release of yaml@1. I'm aiming to release yaml@2 within a few months; prereleases of that will be published using the next dist-tag on npm. Patch releases for 1.10 may still happen, if necessary.

New Features

• Use Rollup for Node.js & browser builds (#165)
  • This removes most of the internal dist/ paths from the release. If you want/need to use a class or function that is no longer public, please file an issue and we can add it to the exports.
  • Drop dependency on @babel/runtime. After this, the package has 0 runtime dependencies. 🎉
  • Add exports { Alias, Collection, Merge, Node } to 'yaml/types'
• Document Schema.createPair() & make its ctx arg optional (#157)
• Always indent top-level scalars with lines starting with document markers or % directives (#162)
• Use double-space when forcing top-level block scalar indent, for clarity (#162)
• Add getNodes(): string[] method to Anchors (#166)
• Refactor Jest config, adding tests for compiled dist/ endpoints
• Rename & refactor source files. This should have no effect on the results, but lots of stuff moved around

Improved Errors & Warnings

• Throw more helpful error when setting Pair.commentBefore incorrectly (#157)
• Better errors for bad indents (#169)
• Drop incorrect error for flow mapping keys with length > 1024 chars
• Add errors for plain scalars that start with reserved indicators
• Add more explicit errors for block scalar values with bad indents
• Enable log prints during npm start debugging

Improved TypeScript declarations

• Fix/simplify export mapping of 'yaml/types' and 'yaml/util'
• Fix types, dropping AST.{AstNode,ScalarNode,CollectionNode} (#160)
• Add missing toString() methods to AST nodes (#159)
• Add directivesEndMarker to Document type (#167)

... (truncated)

Commits

• cfe8f04 1.10.3
• 7abcf45 fix: Catch stack overflow during CST composition
• a0252f8 chore: Add rules avoiding processing of tests/json-test-suite
• a5e83b0 style: Apply updates Prettier rules
• b8ddca0 chore: Refresh lockfile
• 395f892 ci: Use a different (working) submodule checkout
• 6fd2720 test-events: Add {} and [] indicators to flow maps & sequences
• 4cdcde6 1.10.2
• 7c0e083 Allow for unindented comment after node props (#242)
• 8ef0157 1.10.1
• Additional commits viewable in compare view

Updates yaml from 1.9.2 to 1.10.3

Release notes

Sourced from yaml's releases.

v1.10.2

• prettier/prettier#10510

v1.10.1

This release backports the following non-breaking fixes made during the work on yaml@2 on top of yaml@1.10.0:

• Support for __proto__ as mapping key & anchor identifier (#192)
• Fix broken TS type for BigInt toggle
• Dump long keys properly (#195)
• When folding highly indented lines, require at least minContentWidth chars on the first line (#196)
• Fix YAML.stringify() for certain null values (#197)
• Do not break escaped chars with escaped newlines (#237, awslabs/cdk8s8)
• Set type: "module" within browser/dist/ (#208)
• Use CommonJS for the browser endpoints yaml/types & yaml/util (#208)
• Always stringify non-Node object keys using explicit notation (#218)
• Specify node type of Document.Parsed.contents (#221)
• Add missing type for CST Node.rangeAsLinePos (#222)
• Prefer literal over folded block scalar when lineWidth=0 is set (#232)
• Allow for empty lines after node props (#242)
• Update dev dependencies

v1.10.0

This will probably be the last minor release of yaml@1. I'm aiming to release yaml@2 within a few months; prereleases of that will be published using the next dist-tag on npm. Patch releases for 1.10 may still happen, if necessary.

New Features

• Use Rollup for Node.js & browser builds (#165)
  • This removes most of the internal dist/ paths from the release. If you want/need to use a class or function that is no longer public, please file an issue and we can add it to the exports.
  • Drop dependency on @babel/runtime. After this, the package has 0 runtime dependencies. 🎉
  • Add exports { Alias, Collection, Merge, Node } to 'yaml/types'
• Document Schema.createPair() & make its ctx arg optional (#157)
• Always indent top-level scalars with lines starting with document markers or % directives (#162)
• Use double-space when forcing top-level block scalar indent, for clarity (#162)
• Add getNodes(): string[] method to Anchors (#166)
• Refactor Jest config, adding tests for compiled dist/ endpoints
• Rename & refactor source files. This should have no effect on the results, but lots of stuff moved around

Improved Errors & Warnings

• Throw more helpful error when setting Pair.commentBefore incorrectly (#157)
• Better errors for bad indents (#169)
• Drop incorrect error for flow mapping keys with length > 1024 chars
• Add errors for plain scalars that start with reserved indicators
• Add more explicit errors for block scalar values with bad indents
• Enable log prints during npm start debugging

Improved TypeScript declarations

• Fix/simplify export mapping of 'yaml/types' and 'yaml/util'
• Fix types, dropping AST.{AstNode,ScalarNode,CollectionNode} (#160)
• Add missing toString() methods to AST nodes (#159)
• Add directivesEndMarker to Document type (#167)

... (truncated)

Commits

• cfe8f04 1.10.3
• 7abcf45 fix: Catch stack overflow during CST composition
• a0252f8 chore: Add rules avoiding processing of tests/json-test-suite
• a5e83b0 style: Apply updates Prettier rules
• b8ddca0 chore: Refresh lockfile
• 395f892 ci: Use a different (working) submodule checkout
• 6fd2720 test-events: Add {} and [] indicators to flow maps & sequences
• 4cdcde6 1.10.2
• 7c0e083 Allow for unindented comment after node props (#242)
• 8ef0157 1.10.1
• Additional commits viewable in compare view

Updates handlebars from 4.1.2 to 4.7.9

Release notes

Sourced from handlebars's releases.

v4.7.9

• fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2
• fix type "RuntimeOptions" also accepting string partials - eab1d14
• feat(types): set hash to be a Record<string, any> - de4414d
• fix non-contiguous program indices - 4512766
• refactor: rename i to startPartIndex - e497a35
• security: fix security issues - 68d8df5
  • GHSA-2w6w-674q-4c4q
  • GHSA-3mfm-83xf-c92r
  • GHSA-xhpv-hc6g-r9c6
  • GHSA-xjpj-3mr7-gcpf
  • GHSA-9cx6-37pm-9jff
  • GHSA-2qvq-rjwj-gvw9
  • GHSA-7rx3-28cr-v5wh
  • GHSA-442j-39wm-28r2

Commits

v4.7.8

• Make library compatible with workers (#1894) - 3d3796c
• Don't rely on Node.js global object (#1776) - 2954e7e
• Fix compiling of each block params in strict mode (#1855) - 30dbf04
• Fix rollup warning when importing Handlebars as ESM - 03d387b
• Fix bundler issue with webpack 5 (#1862) - c6c6bbb
• Use https instead of git for mustache submodule - 88ac068

Commits

Changelog

Sourced from handlebars's changelog.

v4.7.9 - March 26th, 2026

• fix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2
• fix type "RuntimeOptions" also accepting string partials - eab1d14
• feat(types): set hash to be a Record<string, any> - de4414d
• fix non-contiguous program indices - 4512766
• refactor: rename i to startPartIndex - e497a35
• security: fix security issues - 68d8df5

Commits

v4.7.8 - July 27th, 2023

• Make library compatible with workers (#1894) - 3d3796c
• Don't rely on Node.js global object (#1776) - 2954e7e
• Fix compiling of each block params in strict mode (#1855) - 30dbf04
• Fix rollup warning when importing Handlebars as ESM - 03d387b
• Fix bundler issue with webpack 5 (#1862) - c6c6bbb
• Use https instead of git for mustache submodule - 88ac068

Commits

v4.7.7 - February 15th, 2021

• fix weird error in integration tests - eb860c0
• fix: check prototype property access in strict-mode (#1736) - b6d3de7
• fix: escape property names in compat mode (#1736) - f058970
• refactor: In spec tests, use expectTemplate over equals and shouldThrow (#1683) - 77825f8
• chore: start testing on Node.js 12 and 13 - 3789a30

(POSSIBLY) BREAKING CHANGES:

• the changes from version 4.6.0 now also apply in when using the compile-option "strict: true". Access to prototype properties is forbidden completely by default, specific properties or methods can be allowed via runtime-options. See #1633 for details. If you are using Handlebars as documented, you should not be accessing prototype properties from your template anyway, so the changes should not be a problem for you. Only the use of undocumented features can break your build.

That is why we only bump the patch version despite mentioning breaking changes.

Commits

v4.7.6 - April 3rd, 2020

Chore/Housekeeping:

• #1672 - Switch cmd parser to latest minimist (@​dougwilson

Compatibility notes:

• Restored Node.js compatibility

... (truncated)

Commits

• dce542c v4.7.9
• 8a41389 Update release notes
• 68d8df5 Fix security issues
• b2a0831 Fix browser tests
• 9f98c16 Fix release script
• 45443b4 Revert "Improve partial indenting performance"
• 8841a5f Fix CI errors with linting
• e0137c2 fix: enable shell mode for spawn to resolve Windows EINVAL issue
• e914d60 Improve rendering performance
• 7de4b41 Upgrade GitHub Actions checkout and setup-node on 4.x branch
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jaylinski, a new releaser for handlebars since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #5.