You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm seeing a security vulnerability based on the version of this package's ejs dependency. It looks like ejs solved that in version 3.1.7. I tried updating ejs-compiled-loader to use 3.1.8 (the latest ejs), and did not run into problems the way I use it. Is this an update you can do please?
$npm audit
# npm audit report
ejs <3.1.7
Severity: critical
Template injection in ejs - https://github.com/advisories/GHSA-phwq-j96m-2c2q
No fix available
node_modules/ejs
ejs-compiled-loader *
Depends on vulnerable versions of ejs
node_modules/ejs-compiled-loader
The text was updated successfully, but these errors were encountered:
I'm seeing a security vulnerability based on the version of this package's
ejsdependency. It looks likeejssolved that in version3.1.7. I tried updatingejs-compiled-loaderto use3.1.8(the latest ejs), and did not run into problems the way I use it. Is this an update you can do please?The text was updated successfully, but these errors were encountered: