Skip to content

chore(deps): update dependency ejs to 3.1.7 [security]#50

Merged
justinhynes merged 1 commit intomasterfrom
renovate/npm-ejs-vulnerability
Mar 9, 2023
Merged

chore(deps): update dependency ejs to 3.1.7 [security]#50
justinhynes merged 1 commit intomasterfrom
renovate/npm-ejs-vulnerability

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate bot commented Jul 6, 2022
edited by justinhynes
Loading

Mend Renovate

This PR contains the following updates:

Package Change
ejs 2.7.4 -> 3.1.7

GitHub Vulnerability Alerts

CVE-2022-29078

The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).

Configuration

📅 Schedule: Branch creation - "" in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 7 times, most recently from 8803788 to 847a663 Compare July 18, 2022 10:30
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 5 times, most recently from 1ecfab6 to 4bf4ad0 Compare July 25, 2022 19:54
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 8 times, most recently from 7b4ae2e to 5efdb54 Compare August 5, 2022 12:14
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 4 times, most recently from af53892 to 4856d3a Compare August 12, 2022 01:09
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 5 times, most recently from 045c035 to 0c099ca Compare August 19, 2022 15:19
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch from 0c099ca to 7de2538 Compare August 22, 2022 10:28
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 5 times, most recently from 2b7ecac to b333dec Compare September 24, 2022 01:09
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 4 times, most recently from 2aa529d to a4d6ff6 Compare October 2, 2022 20:00
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 5 times, most recently from c1b53a0 to f2dc41b Compare October 6, 2022 21:04
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 4 times, most recently from 702f804 to 66224f4 Compare October 17, 2022 07:59
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 4 times, most recently from f1289a3 to e598730 Compare October 24, 2022 07:16
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from a05dcfd to bb941b1 Compare October 28, 2022 12:32
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from bba27da to b4414e8 Compare November 7, 2022 11:44
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch from b4414e8 to e4d6f07 Compare November 14, 2022 08:50
@renovate @justinhynes
chore(deps): update dependency ejs to 3.1.7 [security]
a2b2d55 
* ignore lint errors (for now) to prioritize getting an updated version of the Comms MFE out with a compromised dependency
@codecov
Copy link
Copy Markdown

codecov bot commented Mar 9, 2023

Codecov Report

Patch and project coverage have no change.

Comparison is base (fca2cce) 82.32% compared to head (a2b2d55) 82.32%.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master      #50   +/-   ##
=======================================
  Coverage   82.32%   82.32%           
=======================================
  Files          46       46           
  Lines         679      679           
  Branches      132      132           
=======================================
  Hits          559      559           
  Misses        120      120
Impacted Files Coverage Δ
.../bulk-email-tool/bulk-email-form/BulkEmailForm.jsx 89.76% <ø> (ø)
...led-emails-table/BulkEmailScheduledEmailsTable.jsx 95.74% <ø> (ø)
src/components/page-container/PageContainer.jsx 90.47% <ø> (ø)
src/utils/useMobileResponsive.js 100.00% <ø> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@justinhynes justinhynes justinhynes approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@justinhynes