fix(deps): ejs template injection vulnerability

8 months ago · 96d4306ed5
2 changed files with 3 additions and 13 deletions
--- a/packages/nocodb/package.json
+++ b/packages/nocodb/package.json
@ -95,7 +95,7 @@
    "dayjs": "^1.11.10",
    "debug": "^4.3.4",
    "dotenv": "^8.2.0",
-    "ejs": "^3.1.3",
+    "ejs": "^3.1.9",
    "emittery": "^0.7.2",
    "express": "^4.18.2",
    "extract-zip": "^2.0.1",
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@ -560,8 +560,8 @@ importers:
        specifier: ^8.2.0
        version: 8.2.0
      ejs:
-        specifier: ^3.1.3
-        version: 3.1.3
+        specifier: ^3.1.9
+        version: 3.1.9
      emittery:
        specifier: ^0.7.2
        version: 0.7.2
@ -13798,22 +13798,12 @@ packages:
  /ee-first@1.1.1:
    resolution: {integrity: sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==}

-  /ejs@3.1.3:
-    resolution: {integrity: sha512-wmtrUGyfSC23GC/B1SMv2ogAUgbQEtDmTIhfqielrG5ExIM9TP4UoYdi90jLF1aTcsWCJNEO0UrgKzP0y3nTSg==}
-    engines: {node: '>=0.10.0'}
-    hasBin: true
-    requiresBuild: true
-    dependencies:
-      jake: 10.8.7
-    dev: false
-
  /ejs@3.1.9:
    resolution: {integrity: sha512-rC+QVNMJWv+MtPgkt0y+0rVEIdbtxVADApW9JXrUVlzHetgcyczP/E7DJmWJ4fJCZF2cPcBk0laWO9ZHMG3DmQ==}
    engines: {node: '>=0.10.0'}
    hasBin: true
    dependencies:
      jake: 10.8.7
-    dev: true

  /electron-to-chromium@1.4.503:
    resolution: {integrity: sha512-LF2IQit4B0VrUHFeQkWhZm97KuJSGF2WJqq1InpY+ECpFRkXd8yTIaTtJxsO0OKDmiBYwWqcrNaXOurn2T2wiA==}