Update dependency ejs to 3.1.7 [SECURITY] (!65) · 合并请求 · ccknbc / blog-nav

CC康纳百川请求将renovate/npm-ejs-vulnerability合并到master 5月 19, 2022

Created by: renovate[bot]

This PR contains the following updates:

Package	Change
ejs	`2.5.6` -> `3.1.7`

GitHub Vulnerability Alerts

CVE-2022-29078

The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).

Configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

Update dependency ejs to 3.1.7 [SECURITY]

GitHub Vulnerability Alerts

CVE-2022-29078

Configuration

合并请求报告