Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency ejs to v3 [security] #54

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Sep 6, 2022

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
ejs ^2.5.7 -> ^3.1.10 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-29078

The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).

CVE-2024-33883

The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.


Release Notes

mde/ejs (ejs)

v3.1.10

Compare Source

Version 3.1.10

v3.1.9

Compare Source

Version 3.1.9

v3.1.8

Compare Source

Version 3.1.8

v3.1.7

Compare Source

Version 3.1.7

v3.1.6

Compare Source

Version 3.1.6

v3.1.5

Version 3.1.5

v3.1.3

Compare Source

v3.1.2

Compare Source

v3.0.2

Compare Source

v3.0.1

Compare Source

v2.7.4

Compare Source

Bug fixes

v2.7.3

Compare Source

Bug fixes

v2.7.2

Compare Source

Features
Bug Fixes

v2.7.1

Compare Source

Deprecated:
  • Added deprecation notice for use of require.extensions (@​mde)

v2.6.2

Compare Source

v2.6.1

Compare Source

v2.5.9

Compare Source

v2.5.8

Compare Source

  • Add filename to error when include file cannot be found (@​Leon)
  • Node v9 in CI (@​Thomas)
  • Fixed special case for Express caching (@​mde)
  • Added Promise/async-await support to renderFile (@​mde)
  • Added notes on IDE support to README (@​Betanu701)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the maintenance label Sep 6, 2022
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 4c3c738 to 5722bcf Compare June 7, 2023 05:59
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 3 times, most recently from 428cd76 to c6f4d53 Compare June 15, 2023 23:51
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 924f5a2 to c0e815d Compare June 23, 2023 05:16
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from b9b4fe6 to 3a70d77 Compare July 1, 2023 01:08
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 4 times, most recently from f5aa69e to f913b9c Compare July 11, 2023 06:00
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 33acc89 to ab82d79 Compare July 20, 2023 02:44
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 4 times, most recently from ffc527e to 905ef40 Compare August 3, 2023 02:40
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 18ac56e to 1b3b8b5 Compare August 11, 2023 02:47
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 4 times, most recently from 88a5ec7 to b32de9f Compare August 29, 2023 17:47
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from ac382c4 to 780f91f Compare September 20, 2023 09:02
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 0953f8a to 3dde44e Compare September 28, 2023 04:54
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 3 times, most recently from 3052f55 to d028616 Compare April 26, 2024 23:47
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 4118e94 to 5012b59 Compare May 3, 2024 02:09
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 2b68142 to 14f9610 Compare May 10, 2024 23:41
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 0afa56a to 9f69eec Compare May 24, 2024 02:28
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 35ff965 to 0f272e9 Compare June 6, 2024 02:45
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 07149b8 to 7814357 Compare June 28, 2024 05:37
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from ad0af07 to e655016 Compare July 15, 2024 17:42
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 4 times, most recently from 32cbd34 to bbb1c27 Compare July 30, 2024 08:41
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 8738d2e to 050ed37 Compare October 11, 2024 05:45
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 0947814 to 6a58bd6 Compare October 31, 2024 05:53
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 290bfa1 to 3c18be4 Compare December 6, 2024 05:40
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 3 times, most recently from ff9add7 to b794479 Compare December 24, 2024 08:58
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch from b794479 to e3c1e4a Compare December 25, 2024 08:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants