Update dependency ejs to v3 [SECURITY] #26

renovate · 2024-05-03T01:01:46Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
ejs	`^2.5.6` -> `^3.1.10`

GitHub Vulnerability Alerts

CVE-2024-33883

The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.

Release Notes

mde/ejs (ejs)

`v3.1.10`

Compare Source

Version 3.1.10

`v3.1.9`

Compare Source

Version 3.1.9

`v3.1.8`

Compare Source

Version 3.1.8

`v3.1.7`

Compare Source

Version 3.1.7

`v3.1.6`

Compare Source

Version 3.1.6

`v3.1.5`

Version 3.1.5

Bug fixes

Fixed Node 4 support, which broke in v2.7.3 (mde/ejs@5e42d6c, @mde)

`v2.7.3`

Compare Source

Bug fixes

Made the post-install message more discreet by following the example of opencollective-postinstall (mde/ejs@228d8e4, @mde)

`v2.7.2`

Compare Source

Features

Added support for destructuring locals (#452, @ExE-Boss)
Added support for disabling legacy include directives (#458, #459, @ExE-Boss)
Compiled functions are now shown in the debugger (#456, @S2-)
function.name is now set to the file base name in environments that support this (#466, @ExE-Boss)

Bug Fixes

The error message when async != true now correctly mention the existence of the async option (#460, @ExE-Boss)
Improved performance of HTML output generation (#470, @nwoltman)

`v2.7.1`

Compare Source

Deprecated:

Added deprecation notice for use of require.extensions (@mde)

`v2.6.2`

Compare Source

Correctly pass custom escape function to includes (@alecgibson)
- Fixes for rmWhitespace (@nwoltman)
- Examples for client-side EJS compiled with Express middleware (@mjgs)
- Make Template constructor public (@ThisNameWasTaken)
- Added remove function to cache (@S2-)
- Recognize both 'Nix and Windows absolute paths (@mde)

`v2.6.1`

Compare Source

`v2.5.9`

Compare Source

`v2.5.8`

Compare Source

Add filename to error when include file cannot be found (@Leon)
Node v9 in CI (@Thomas)

Fixed special case for Express caching (@mde)

Added Promise/async-await support to renderFile (@mde)
Added notes on IDE support to README (@Betanu701)

`v2.5.7`

Compare Source

Pass configured escape function to rethrow (@straker)

Added vulnerabilities info into README (@mde)

Avoid creating function object in hot execution path (@User4martin)

Added benchmark (@User4martin)
Tests for looped includes (@User4martin)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 3 times, most recently from 1db25ae to d516a3e Compare May 9, 2024 14:24

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from e5c269c to 07494eb Compare May 16, 2024 00:25

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 9ca0958 to 92cb0a5 Compare June 4, 2024 16:34

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 98c593e to a5a5b93 Compare June 27, 2024 11:16

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 7d69b5a to 1669a27 Compare July 14, 2024 12:51

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from a7f4088 to a0f0a93 Compare July 21, 2024 15:23

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 3dcb38e to ff8b964 Compare July 28, 2024 19:23

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 0f976e0 to 53bb73e Compare October 9, 2024 09:51

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 5545bf7 to 639b531 Compare October 28, 2024 16:52

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from b44f2a2 to f4bbc80 Compare December 2, 2024 13:57

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 4 times, most recently from db37ab2 to 6e2805f Compare December 22, 2024 19:53

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 5 times, most recently from 62ff928 to d902d46 Compare January 14, 2025 21:11

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch from d902d46 to 19f9253 Compare January 15, 2025 02:34

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from ce01490 to 4660c9c Compare January 23, 2025 20:59

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from c0c1b1e to 49e5fe2 Compare January 30, 2025 22:01

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch from 49e5fe2 to 0e5c83e Compare February 9, 2025 16:41

Update dependency ejs to v3 [SECURITY]

494a020

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch from 0e5c83e to 494a020 Compare February 9, 2025 21:11

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency ejs to v3 [SECURITY] #26

Update dependency ejs to v3 [SECURITY] #26

renovate bot commented May 3, 2024 •

edited

Loading

Update dependency ejs to v3 [SECURITY] #26

Are you sure you want to change the base?

Update dependency ejs to v3 [SECURITY] #26

Conversation

renovate bot commented May 3, 2024 • edited Loading

GitHub Vulnerability Alerts

Release Notes

Bug fixes

Bug fixes

Features

Bug Fixes

Deprecated:

Configuration

renovate bot commented May 3, 2024 •

edited

Loading