Please update "ejs": Security vulnerability, template injection.

[Mashbourne1]

After running the npm audit, the report shows 2 high-security vulnerabilities for version 3.1.6 of ejs that gluegun depends on. It requires version ^3.1.7

npm audit report

ejs <3.1.7 Severity: high Template injection in ejs -https://github.com/advisories/GHSA-phwq-j96m-2c2q fix available via npm audit fix --force Will install gluegun@0.0.1, which is a breaking change node_modules/ejs gluegun >=0.3.0 Depends on vulnerable versions of ejs node_modules/gluegun

2 high severity vulnerabilities

[Cogneter]

I second that. Please update gluegun's ejs dependency version to 3.1.7.

Added a pull request for that: https://github.com/infinitered/gluegun/pull/759

[sidwebworks]

Hey folks, Any plans to merge the PR? its been a while

[ThomasDRT]

Also looking for this PR to get merged, if we can please.

[Mashbourne1]

Hi folks, this high-security vulnerability still exists. Is it possible we can have the ejs dependency updated to 3.1.7 soon?

Please note that the pull request #759 made for it was closed without a release.

[bennetthardwick]

Not sure why the original was closed but I've opened #764 to bump ejs to 3.1.8.