Closed bennetthardwick closed 9 months ago
@jamonholmgren we'll want to get this merged soon as it resolves issues on a freshly spun-up project.
If possible, update ejs to version 3.1.7 or higher as it is causing problems with windows powershell, by default powershell blocks execution of dependencies that have vulnerability and using script to bypass execution of vulnerable dependencies is not good for system security. thanks for the attention and compression 💜
Looking to see if we can get this merged and closed as well. We've got some workarounds in place but are looking forward to getting the vulnerability properly addressed. Thanks!
Same here. Awaiting the fix for this vulnerability as well. Thanks much in advance!
while ejs
is no longer a dependency, the change to ts-node
resolves this issue for me, thanks
Hey everyone, sorry about the long delay on this. Finally getting to cleanup of all PRs and issues.
:tada: This PR is included in version 5.1.6 :tada:
The release is available on:
Your semantic-release bot :package::rocket:
Currently when installing a CLI created with gluegun users will see a message saying "1 critical severity vulnerability" because of a vulnerability in ejs: https://github.com/advisories/GHSA-phwq-j96m-2c2q
While it's not likely this will cause an issue it might worry some people who install gluegun created CLIs.
This vulnerability is patched in ejs@3.1.7 so bumping the version will get rid of this message.