Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Please update "ejs": Security vulnerability, template injection.
See original GitHub issueAfter running the npm audit, the report shows 2 high-security vulnerabilities for version 3.1.6 of ejs that gluegun depends on. It requires version ^3.1.7
npm audit report
ejs ❤️.1.7
Severity: high
Template injection in ejs -https://github.com/advisories/GHSA-phwq-j96m-2c2q
fix available via npm audit fix --force
Will install gluegun@0.0.1, which is a breaking change
node_modules/ejs
gluegun >=0.3.0
Depends on vulnerable versions of ejs
node_modules/gluegun
2 high severity vulnerabilities
Issue Analytics
- State:
- Created a year ago
- Comments:5
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Not sure why the original was closed but I’ve opened #764 to bump ejs to 3.1.8.
I second that. Please update gluegun’s ejs dependency version to 3.1.7.
Added a pull request for that: https://github.com/infinitered/gluegun/pull/759