Skip to content

fix(deps): update dependency ejs to v3 [security]#54

Open
renovate[bot] wants to merge 1 commit intomasterfrom
renovate/npm-ejs-vulnerability
Open

fix(deps): update dependency ejs to v3 [security]#54
renovate[bot] wants to merge 1 commit intomasterfrom
renovate/npm-ejs-vulnerability

Conversation

@renovate
Copy link

@renovate renovate bot commented Sep 6, 2022
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
ejs ^2.5.7^3.1.10 age confidence

GitHub Vulnerability Alerts

CVE-2022-29078

The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).

CVE-2024-33883

The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.

Release Notes

mde/ejs (ejs)

v3.1.10

Compare Source

Version 3.1.10

v3.1.9

Compare Source

Version 3.1.9

v3.1.8

Compare Source

Version 3.1.8

v3.1.7

Compare Source

Version 3.1.7

v3.1.6

Compare Source

Version 3.1.6

v3.1.5

Version 3.1.5

v3.1.3

Compare Source

v3.1.2

Compare Source

v3.0.2

Compare Source

v3.0.1

Compare Source

v2.7.4

Compare Source

Bug fixes

v2.7.3

Compare Source

Bug fixes

v2.7.2

Compare Source

Features
Bug Fixes

v2.7.1

Compare Source

Deprecated:
  • Added deprecation notice for use of require.extensions (@​mde)

v2.6.2

Compare Source

v2.6.1

Compare Source

v2.5.9

Compare Source

v2.5.8

Compare Source

  • Add filename to error when include file cannot be found (@​Leon)
  • Node v9 in CI (@​Thomas)
  • Fixed special case for Express caching (@​mde)
  • Added Promise/async-await support to renderFile (@​mde)
  • Added notes on IDE support to README (@​Betanu701)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the maintenance label Sep 6, 2022
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 4c3c738 to 5722bcf Compare June 7, 2023 05:59
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 3 times, most recently from 428cd76 to c6f4d53 Compare June 15, 2023 23:51
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 924f5a2 to c0e815d Compare June 23, 2023 05:16
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from b9b4fe6 to 3a70d77 Compare July 1, 2023 01:08
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 4 times, most recently from f5aa69e to f913b9c Compare July 11, 2023 06:00
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 33acc89 to ab82d79 Compare July 20, 2023 02:44
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 4 times, most recently from ffc527e to 905ef40 Compare August 3, 2023 02:40
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 18ac56e to 1b3b8b5 Compare August 11, 2023 02:47
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 4 times, most recently from 88a5ec7 to b32de9f Compare August 29, 2023 17:47
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from ac382c4 to 780f91f Compare September 20, 2023 09:02
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 0953f8a to 3dde44e Compare September 28, 2023 04:54
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch from ee1a7d9 to c2a197e Compare June 8, 2025 11:09
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch from c2a197e to e14946f Compare June 22, 2025 12:05
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch from e14946f to 9352ba1 Compare July 13, 2025 08:00
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 47ecc68 to f93e064 Compare August 16, 2025 03:52
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 6086436 to 91ae287 Compare August 24, 2025 16:12
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 5323197 to f340c92 Compare September 2, 2025 03:28
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 0de3ca7 to 8317f78 Compare September 27, 2025 03:39
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 1025b2d to fc8ebab Compare October 26, 2025 23:46
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 0e4c7c6 to 49a8773 Compare November 20, 2025 07:59
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from d1350c4 to f3d66cf Compare December 5, 2025 15:51
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 4e89b32 to ad9f64d Compare January 2, 2026 03:50
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from e8e76d1 to 9d66774 Compare January 10, 2026 07:13
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch from 9d66774 to 728a379 Compare January 20, 2026 00:00
@renovate renovate bot changed the title fix(deps): update dependency ejs to v3 [security] fix(deps): update dependency ejs to v4 [security] Jan 20, 2026
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch from 728a379 to ec69d7c Compare January 20, 2026 16:11
@renovate renovate bot changed the title fix(deps): update dependency ejs to v4 [security] fix(deps): update dependency ejs to v3 [security] Jan 20, 2026
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch from ec69d7c to cde03e4 Compare February 3, 2026 07:54
@renovate renovate bot changed the title fix(deps): update dependency ejs to v3 [security] fix(deps): update dependency ejs to v4 [security] Feb 3, 2026
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch from cde03e4 to 2e387b6 Compare February 4, 2026 20:05
@renovate renovate bot changed the title fix(deps): update dependency ejs to v4 [security] fix(deps): update dependency ejs to v3 [security] Feb 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

maintenance

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants