Dependabot alerts for wrong version?

I have a repository that use Handlebars. It is currently using version 4.7.7 as I can see it in the code and package.json file.
The Dependabot alerts still alert me to upgrade handlebars to version 4.7.7 or later.

CVE-2021-23369

critical severity

Vulnerable versions: < 4.7.7

Patched version: 4.7.7

The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.

The file location is at https://github.com/RundizBones/ModuleAdmin/blob/1c058545b05f7f903f0a9018e02e185c20d0eb55/assets/vendor/handlebars/handlebars.runtime.js

And package.json https://github.com/RundizBones/ModuleAdmin/blob/1c058545b05f7f903f0a9018e02e185c20d0eb55/package.json

Is this Dependabot bug or what I have to do? because I’m already using the latest version of Handlebars