starred/webapp
1
0
Fork 0
mirror of https://github.com/netbootxyz/webapp.git synced 2026-04-25 15:15:59 +03:00
Code Issues 42 Projects Releases 10 Packages Wiki Activity

[PR #33] [CLOSED] Update dependency ejs to v3.1.7 [SECURITY] - autoclosed #166

New issue
Closed
opened 2026-03-01 18:43:58 +03:00 by kerem · 0 comments
kerem commented 2026-03-01 18:43:58 +03:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/netbootxyz/webapp/pull/33
Author: @renovate[bot]
Created: 10/21/2023
Status: Closed

Base: masterHead: renovate/npm-ejs-vulnerability

📝 Commits (1)

  • e4d7808 Update dependency ejs to v3.1.7 [SECURITY]

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 package.json (+1 -1)

📄 Description

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
ejs 3.1.6 -> 3.1.7 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-29078

The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).

Release Notes

mde/ejs (ejs)

v3.1.7

Compare Source

Version 3.1.7

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/netbootxyz/webapp/pull/33 **Author:** [@renovate[bot]](https://github.com/apps/renovate) **Created:** 10/21/2023 **Status:** ❌ Closed **Base:** `master` ← **Head:** `renovate/npm-ejs-vulnerability` --- ### 📝 Commits (1) - [`e4d7808`](https://github.com/netbootxyz/webapp/commit/e4d7808a7369eae999d33c9aa2c6a5574436fd0c) Update dependency ejs to v3.1.7 [SECURITY] ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `package.json` (+1 -1) </details> ### 📄 Description [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [ejs](https://togithub.com/mde/ejs) | [`3.1.6` -> `3.1.7`](https://renovatebot.com/diffs/npm/ejs/3.1.6/3.1.7) | [![age](https://developer.mend.io/api/mc/badges/age/npm/ejs/3.1.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/ejs/3.1.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/ejs/3.1.6/3.1.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/ejs/3.1.6/3.1.7?slim=true)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2022-29078](https://nvd.nist.gov/vuln/detail/CVE-2022-29078) The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation). --- ### Release Notes <details> <summary>mde/ejs (ejs)</summary> ### [`v3.1.7`](https://togithub.com/mde/ejs/releases/tag/v3.1.7) [Compare Source](https://togithub.com/mde/ejs/compare/v3.1.6...v3.1.7) Version 3.1.7 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/netbootxyz/webapp). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xOS4yIiwidXBkYXRlZEluVmVyIjoiMzcuMTkuMiIsInRhcmdldEJyYW5jaCI6Im1hc3RlciJ9--> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
kerem 2026-03-01 18:43:58 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
renovate/alpine-3.x
renovate/ejs-5.x
renovate/codecov-codecov-action-6.x
renovate/systeminformation-5.x
renovate/readdirp-5.x
renovate/isbinaryfile-6.x
renovate/express-5.x
renovate/actions-setup-node-6.x
renovate/node-downloader-helper-2.x
renovate/isbinaryfile-5.x
fix/isbinaryfile-esm-mock
fix/nock-unhandled-error
antonym/add-dark-mode
0.7.6
0.7.5
0.7.4
0.7.3
0.7.2
0.7.1
0.7.0
0.6.9
0.6.8
0.6.7
0.6.6
0.6.5
0.6.4
0.6.3
0.6.2
0.6.1
0.6.0
0.5.3
0.5.2
0.5.1
Labels
Clear labels   
Hacktoberfest

   
bug

   
enhancement

   
no-issue-activity

   
pull-request

Mirrored from GitHub Pull Request

No labels
Hacktoberfest
bug
enhancement
no-issue-activity
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/webapp#166
No description provided.