fix: update handlebars due to critical cve

[pepol]

Summary by CodeRabbit

• Chores
  • Updated package dependency configurations to pin specific versions, improving consistency and stability across development and production environments.

Checklist

• I have discussed my proposed changes in an issue and have received approval to proceed.
• I have followed the coding standards of the project.
• Tests or benchmarks have been added or updated.
• Documentation has been updated on https://github.com/wundergraph/docs-website.
• I have read the Contributors Guide.

Open Source AI Manifesto

This project follows the principles of the Open Source AI Manifesto. Please ensure your contribution aligns with its principles.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 036ec777-b9c7-433b-8054-07bf76afa99b

📥 Commits

Reviewing files that changed from the base of the PR and between 2326f9c and 165ec1e.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (1)

• package.json

---

Walkthrough

A handlebars dependency override (version 4.7.9) was added to the pnpm.overrides section in package.json to pin a transitive dependency version.

Changes

Cohort / File(s)	Summary
Dependency Override package.json	Added handlebars version override (4.7.9) to pnpm.overrides configuration.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• fix: prevent vulnerable peer dependencies #2195: Extends pnpm.overrides in package.json by pinning multiple transitive dependencies, similar pattern of dependency version management.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: updating the handlebars dependency to fix a critical CVE, which directly corresponds to the package.json modification adding handlebars 4.7.9.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 46.96%. Comparing base (09e4653) to head (af3b910).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff             @@
##             main    #2744       +/-   ##
===========================================
- Coverage   63.46%   46.96%   -16.50%     
===========================================
  Files         251     1055      +804     
  Lines       26767   143572   +116805     
  Branches        0     9628     +9628     
===========================================
+ Hits        16987    67431    +50444     
- Misses       8416    74378    +65962     
- Partials     1364     1763      +399     

see 816 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

Router image scan passed

✅ No security vulnerabilities found in image:

ghcr.io/wundergraph/cosmo/router:sha-e5b79e19b7fe35f13fc57422e69112aec480cec4

[StarpTech]

LGTM