fix(deps): update dependency ejs to v3 [security] #54

renovate · 2022-09-06T02:20:10Z

This PR contains the following updates:

Package	Change	Age	Confidence
ejs	`^2.5.7` → `^3.1.10`

GitHub Vulnerability Alerts

CVE-2022-29078

The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).

CVE-2024-33883

The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.

Release Notes

mde/ejs (ejs)

`v3.1.10`

Compare Source

Version 3.1.10

`v3.1.9`

Compare Source

Version 3.1.9

`v3.1.8`

Compare Source

Version 3.1.8

`v3.1.7`

Compare Source

Version 3.1.7

`v3.1.6`

Compare Source

Version 3.1.6

`v3.1.5`

Version 3.1.5

Bug fixes

Fixed Node 4 support, which broke in v2.7.3 (5e42d6c, @mde)

`v2.7.3`

Compare Source

Bug fixes

Made the post-install message more discreet by following the example of opencollective-postinstall (228d8e4, @mde)

`v2.7.2`

Compare Source

Features

Added support for destructuring locals (#452, @ExE-Boss)
Added support for disabling legacy include directives (#458, #459, @ExE-Boss)
Compiled functions are now shown in the debugger (#456, @S2-)
function.name is now set to the file base name in environments that support this (#466, @ExE-Boss)

Bug Fixes

The error message when async != true now correctly mention the existence of the async option (#460, @ExE-Boss)
Improved performance of HTML output generation (#470, @nwoltman)

`v2.7.1`

Compare Source

Deprecated:

Added deprecation notice for use of require.extensions (@mde)

`v2.6.2`

Compare Source

Correctly pass custom escape function to includes (@alecgibson)
- Fixes for rmWhitespace (@nwoltman)
- Examples for client-side EJS compiled with Express middleware (@mjgs)
- Make Template constructor public (@ThisNameWasTaken)
- Added remove function to cache (@S2-)
- Recognize both 'Nix and Windows absolute paths (@mde)

`v2.6.1`

Compare Source

`v2.5.9`

Compare Source

`v2.5.8`

Compare Source

Add filename to error when include file cannot be found (@Leon)
Node v9 in CI (@Thomas)

Fixed special case for Express caching (@mde)

Added Promise/async-await support to renderFile (@mde)
Added notes on IDE support to README (@Betanu701)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate bot added the maintenance label Sep 6, 2022

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 4c3c738 to 5722bcf Compare June 7, 2023 05:59

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 3 times, most recently from 428cd76 to c6f4d53 Compare June 15, 2023 23:51

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 924f5a2 to c0e815d Compare June 23, 2023 05:16

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from b9b4fe6 to 3a70d77 Compare July 1, 2023 01:08

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 4 times, most recently from f5aa69e to f913b9c Compare July 11, 2023 06:00

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 33acc89 to ab82d79 Compare July 20, 2023 02:44

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 4 times, most recently from ffc527e to 905ef40 Compare August 3, 2023 02:40

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 18ac56e to 1b3b8b5 Compare August 11, 2023 02:47

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 4 times, most recently from 88a5ec7 to b32de9f Compare August 29, 2023 17:47

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from ac382c4 to 780f91f Compare September 20, 2023 09:02

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 0953f8a to 3dde44e Compare September 28, 2023 04:54

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch from 134a610 to 38ef43e Compare April 29, 2025 04:11

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 3 times, most recently from 805305c to c835760 Compare May 17, 2025 07:59

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 8e46473 to b1c4fa8 Compare May 24, 2025 15:59

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 3 times, most recently from 45ca2a6 to 048879b Compare June 1, 2025 15:44

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from ee1a7d9 to c2a197e Compare June 8, 2025 11:09

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch from c2a197e to e14946f Compare June 22, 2025 12:05

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch from e14946f to 9352ba1 Compare July 13, 2025 08:00

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 47ecc68 to f93e064 Compare August 16, 2025 03:52

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 6086436 to 91ae287 Compare August 24, 2025 16:12

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 5323197 to f340c92 Compare September 2, 2025 03:28

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 0de3ca7 to 8317f78 Compare September 27, 2025 03:39

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 1025b2d to fc8ebab Compare October 26, 2025 23:46

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 0e4c7c6 to 49a8773 Compare November 20, 2025 07:59

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from d1350c4 to f3d66cf Compare December 5, 2025 15:51

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch from f3d66cf to 4e89b32 Compare December 30, 2025 19:43

fix(deps): update dependency ejs to v3 [security]

ad9f64d

renovate bot force-pushed the renovate/npm-ejs-vulnerability branch from 4e89b32 to ad9f64d Compare January 2, 2026 03:50

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix(deps): update dependency ejs to v3 [security] #54

fix(deps): update dependency ejs to v3 [security] #54

Uh oh!

renovate bot commented Sep 6, 2022 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

fix(deps): update dependency ejs to v3 [security] #54

Are you sure you want to change the base?

fix(deps): update dependency ejs to v3 [security] #54

Uh oh!

Conversation

renovate bot commented Sep 6, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

GitHub Vulnerability Alerts

Release Notes

Bug fixes

Bug fixes

Features

Bug Fixes

Deprecated:

Configuration

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

renovate bot commented Sep 6, 2022 •

edited

Loading