Update dependencies (fix `npm audit` failures); fix tests; update Travis build

[cjbarth]

This package had insecure and deprecated dependencies. This PR corrects that and fixes the test to keep working. One test (the Node module test) had to be disabled because I couldn't get it working across all versions of Node. I'm open to suggestions on that. Otherwise, perhaps we can land this and iterate on that as this package is causing npm audit failures for projects the depend on it.

[jsf-clabot]

All committers have signed the CLA.

[cjbarth]

@XhmikosR I wanted to ping you specifically on this PR because of your recent involvement with this project. This PR addresses a critical security vulnerability found in this package and I'd like to get some eyes on it. If you are the wrong person, might you suggest someone who I could get to help with this matter?

[XhmikosR]

Well, the PR has unrelated changes in it.

Also, 4.3.3 might not be the latest https://github.com/wycats/handlebars.js/issues/1563#issuecomment-535888536

So, just revert your changes and update only the needed stuff.

[cjbarth]

If you are talking about JSCS being unrelated, that is actually part of the problem. That is no longer maintained and eslint is the replacement. To get this package to clear npm audit I couldn't use JSCS. Are there other parts you're referring to? I really tried to keep this to a minimum change and get it to pass a build.

[cjbarth]

It does occur to me that with updating semver major versions of dependencies, perhaps this package should get a semver major bump too. Please let me know your thoughts.

[XhmikosR]

I can't review a PR with so many unrelated changes in it.

[cjbarth]

Ok, let's start this way; I'll make a different PR that just get's the build working again, so those will be a separate PR. I can't get anything to pass Travis without that working.

[XhmikosR]

First of all there's a procedure for things.

We have https://github.com/gruntjs/grunt-contrib-internal for some common stuff. JSCS I don't care about it personally and I would just drop it until we have a proper ESLint solution in the https://github.com/gruntjs/grunt-contrib-internal repo.

So, wait until https://github.com/gruntjs/grunt-contrib-internal/pull/40 is solved. The handlebars update can still be applied with npm audit.

[cjbarth]

Thank you for pointing me to that. I will try to incorporate that in here so we can leverage the common stuff with this grunt-contrib too. Thank you.

[XhmikosR]

I removed jscss in master. Please rebase and only keep the handlebars update + the test files.

[XhmikosR]

I went ahead and made #171, which updates everything and drops support for Node.js < 8.x. It will be a major version bump due to this.