From 96d4306ed5ab0067c41c67023071f509ba47b696 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D5=A1=C9=A8=D5=BC=C9=A2=D3=84=D5=A1=D6=85=D5=BC=C9=A2?= Date: Sat, 27 Jan 2024 13:02:08 +0800 Subject: [PATCH] fix(deps): ejs template injection vulnerability --- packages/nocodb/package.json | 2 +- pnpm-lock.yaml | 14 ++------------ 2 files changed, 3 insertions(+), 13 deletions(-) diff --git a/packages/nocodb/package.json b/packages/nocodb/package.json index 8894d46583..12e6711036 100644 --- a/packages/nocodb/package.json +++ b/packages/nocodb/package.json @@ -95,7 +95,7 @@ "dayjs": "^1.11.10", "debug": "^4.3.4", "dotenv": "^8.2.0", - "ejs": "^3.1.3", + "ejs": "^3.1.9", "emittery": "^0.7.2", "express": "^4.18.2", "extract-zip": "^2.0.1", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index a5466f2ec7..fc54b1c3cf 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -560,8 +560,8 @@ importers: specifier: ^8.2.0 version: 8.2.0 ejs: - specifier: ^3.1.3 - version: 3.1.3 + specifier: ^3.1.9 + version: 3.1.9 emittery: specifier: ^0.7.2 version: 0.7.2 @@ -13798,22 +13798,12 @@ packages: /ee-first@1.1.1: resolution: {integrity: sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==} - /ejs@3.1.3: - resolution: {integrity: sha512-wmtrUGyfSC23GC/B1SMv2ogAUgbQEtDmTIhfqielrG5ExIM9TP4UoYdi90jLF1aTcsWCJNEO0UrgKzP0y3nTSg==} - engines: {node: '>=0.10.0'} - hasBin: true - requiresBuild: true - dependencies: - jake: 10.8.7 - dev: false - /ejs@3.1.9: resolution: {integrity: sha512-rC+QVNMJWv+MtPgkt0y+0rVEIdbtxVADApW9JXrUVlzHetgcyczP/E7DJmWJ4fJCZF2cPcBk0laWO9ZHMG3DmQ==} engines: {node: '>=0.10.0'} hasBin: true dependencies: jake: 10.8.7 - dev: true /electron-to-chromium@1.4.503: resolution: {integrity: sha512-LF2IQit4B0VrUHFeQkWhZm97KuJSGF2WJqq1InpY+ECpFRkXd8yTIaTtJxsO0OKDmiBYwWqcrNaXOurn2T2wiA==}