search

mde / ejs

Embedded JavaScript templates -- http://ejs.co
Apache License 2.0
7.7k stars 841 forks source link

1 high severity vulnerability #710

Closed shimonbrandsdorfer closed 1 year ago

shimonbrandsdorfer commented 1 year ago

When installing EJS, I get a warning about a high-severity vulnerability. Following is the dependency tree.

├─┬ browserify@16.5.1 │ └─┬ glob@7.2.0 │ └── minimatch@3.0.4 deduped
├─┬ eslint@6.8.0 │ └── minimatch@3.0.4 ├─┬ jake@10.8.5 │ ├─┬ filelist@1.0.1 │ │ └── minimatch@3.0.4 deduped
│ └── minimatch@3.0.4 deduped
└─┬ mocha@10.2.0 └── minimatch@5.0.1

https://github.com/advisories/GHSA-f8q6-p94x-37v3

shimonbrandsdorfer commented 1 year ago

I see that this was already addressed by https://github.com/mde/ejs/pull/707/commits/76c9c612f4a0b2243d27b5a20a22627a6905df37