Please update "ejs": Security vulnerability, template injection. #758
Comments
|
I second that. Please update gluegun's ejs dependency version to 3.1.7. Added a pull request for that: #759 |
|
Hey folks, Any plans to merge the PR? its been a while |
|
Also looking for this PR to get merged, if we can please. |
|
Hi folks, this high-security vulnerability still exists. Is it possible we can have the ejs dependency updated to 3.1.7 soon? Please note that the pull request #759 made for it was closed without a release. |
|
Not sure why the original was closed but I've opened #764 to bump ejs to 3.1.8. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
After running the npm audit, the report shows 2 high-security vulnerabilities for version 3.1.6 of ejs that gluegun depends on. It requires version ^3.1.7
npm audit report
ejs <3.1.7
Severity: high
Template injection in ejs -GHSA-phwq-j96m-2c2q
fix available via
npm audit fix --forceWill install [email protected], which is a breaking change
node_modules/ejs
gluegun >=0.3.0
Depends on vulnerable versions of ejs
node_modules/gluegun
2 high severity vulnerabilities
The text was updated successfully, but these errors were encountered: