Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency ejs to 3.1.7 [security] #50

Merged
merged 1 commit into from
Mar 9, 2023
Merged

chore(deps): update dependency ejs to 3.1.7 [security] #50

merged 1 commit into from
Mar 9, 2023

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jul 6, 2022
edited by justinhynes
Loading

Mend Renovate

This PR contains the following updates:

Package Change
ejs 2.7.4 -> 3.1.7

GitHub Vulnerability Alerts

CVE-2022-29078

The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).

Configuration

📅 Schedule: Branch creation - "" in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 7 times, most recently from 8803788 to 847a663 Compare July 18, 2022 10:30
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 5 times, most recently from 1ecfab6 to 4bf4ad0 Compare July 25, 2022 19:54
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 8 times, most recently from 7b4ae2e to 5efdb54 Compare August 5, 2022 12:14
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 4 times, most recently from af53892 to 4856d3a Compare August 12, 2022 01:09
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 5 times, most recently from 045c035 to 0c099ca Compare August 19, 2022 15:19
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch from 0c099ca to 7de2538 Compare August 22, 2022 10:28
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 5 times, most recently from 540e93c to 702f804 Compare October 11, 2022 12:13
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 5 times, most recently from f1289a3 to e598730 Compare October 24, 2022 07:16
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from a05dcfd to bb941b1 Compare October 28, 2022 12:32
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from bba27da to b4414e8 Compare November 7, 2022 11:44
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from e4d6f07 to 6361c69 Compare November 15, 2022 00:10
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 4534fc6 to c5aea06 Compare November 28, 2022 09:22
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch 3 times, most recently from 12ca6db to 211050e Compare December 12, 2022 09:58
@renovate renovate bot force-pushed the renovate/npm-ejs-vulnerability branch from 211050e to 8eaeb1b Compare December 12, 2022 12:26
@justinhynes justinhynes force-pushed the renovate/npm-ejs-vulnerability branch 2 times, most recently from 45464cd to 935a94c Compare March 9, 2023 17:59
@renovate @justinhynes
chore(deps): update dependency ejs to 3.1.7 [security]
a2b2d55 
* ignore lint errors (for now) to prioritize getting an updated version of the Comms MFE out with a compromised dependency
@justinhynes justinhynes force-pushed the renovate/npm-ejs-vulnerability branch from 935a94c to a2b2d55 Compare March 9, 2023 18:33
@codecov
Copy link

codecov bot commented Mar 9, 2023

Codecov Report

Patch and project coverage have no change.

Comparison is base (fca2cce) 82.32% compared to head (a2b2d55) 82.32%.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master      #50   +/-   ##
=======================================
  Coverage   82.32%   82.32%           
=======================================
  Files          46       46           
  Lines         679      679           
  Branches      132      132           
=======================================
  Hits          559      559           
  Misses        120      120
Impacted Files Coverage Δ
.../bulk-email-tool/bulk-email-form/BulkEmailForm.jsx 89.76% <ø> (ø)
...led-emails-table/BulkEmailScheduledEmailsTable.jsx 95.74% <ø> (ø)
src/components/page-container/PageContainer.jsx 90.47% <ø> (ø)
src/utils/useMobileResponsive.js 100.00% <ø> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@justinhynes justinhynes merged commit fd3a49d into master Mar 9, 2023
@justinhynes justinhynes deleted the renovate/npm-ejs-vulnerability branch March 9, 2023 18:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@justinhynes justinhynes justinhynes approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@justinhynes