Update dependency ejs to v3 [SECURITY]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
ejs	`^2.3.3` -> `^3.1.10`

GitHub Vulnerability Alerts

CVE-2022-29078

The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).

CVE-2024-33883

The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.

Release Notes

mde/ejs (ejs)

### [`v3.1.10`](https://redirect.github.com/mde/ejs/releases/tag/v3.1.10) [Compare Source](https://redirect.github.com/mde/ejs/compare/v3.1.9...v3.1.10) Version 3.1.10 ### [`v3.1.9`](https://redirect.github.com/mde/ejs/releases/tag/v3.1.9) [Compare Source](https://redirect.github.com/mde/ejs/compare/v3.1.8...v3.1.9) Version 3.1.9 ### [`v3.1.8`](https://redirect.github.com/mde/ejs/releases/tag/v3.1.8) [Compare Source](https://redirect.github.com/mde/ejs/compare/v3.1.7...v3.1.8) Version 3.1.8 ### [`v3.1.7`](https://redirect.github.com/mde/ejs/releases/tag/v3.1.7) [Compare Source](https://redirect.github.com/mde/ejs/compare/v3.1.6...v3.1.7) Version 3.1.7 ### [`v3.1.6`](https://redirect.github.com/mde/ejs/releases/tag/v3.1.6) [Compare Source](https://redirect.github.com/mde/ejs/compare/v3.1.5...v3.1.6) Version 3.1.6 ### [`v3.1.5`](https://redirect.github.com/mde/ejs/releases/tag/v3.1.5) Version 3.1.5 ### [`v3.1.3`](https://redirect.github.com/mde/ejs/compare/v3.1.2...v3.1.3) [Compare Source](https://redirect.github.com/mde/ejs/compare/v3.1.2...v3.1.3) ### [`v3.1.2`](https://redirect.github.com/mde/ejs/compare/v3.0.2...v3.1.2) [Compare Source](https://redirect.github.com/mde/ejs/compare/v3.0.2...v3.1.2) ### [`v3.0.2`](https://redirect.github.com/mde/ejs/compare/v3.0.1...v3.0.2) [Compare Source](https://redirect.github.com/mde/ejs/compare/v3.0.1...v3.0.2) ### [`v3.0.1`](https://redirect.github.com/mde/ejs/compare/v2.7.4...v3.0.1) [Compare Source](https://redirect.github.com/mde/ejs/compare/v2.7.4...v3.0.1) ### [`v2.7.4`](https://redirect.github.com/mde/ejs/releases/tag/v2.7.4) [Compare Source](https://redirect.github.com/mde/ejs/compare/v2.7.3...v2.7.4) ##### Bug fixes - Fixed Node 4 support, which broke in v2.7.3 (https://github.com/mde/ejs/commit/5e42d6cef15ae6f2c7d29ef55a455e8e49b5e76e, [@mde](https://redirect.github.com/mde)) ### [`v2.7.3`](https://redirect.github.com/mde/ejs/releases/tag/v2.7.3) [Compare Source](https://redirect.github.com/mde/ejs/compare/v2.7.2...v2.7.3) ##### Bug fixes - Made the post-install message more discreet by following the example of [opencollective-postinstall](https://redirect.github.com/opencollective/opencollective-postinstall) (https://github.com/mde/ejs/commit/228d8e45b7ced2afd3e596c13d44aed464e57e43, [@mde](https://redirect.github.com/mde)) ### [`v2.7.2`](https://redirect.github.com/mde/ejs/releases/tag/v2.7.2) [Compare Source](https://redirect.github.com/mde/ejs/compare/v2.7.1...v2.7.2) ##### Features - Added support for destructuring locals ([#452](https://redirect.github.com/mde/ejs/issues/452), [@ExE-Boss](https://redirect.github.com/ExE-Boss)) - Added support for disabling legacy `include` directives ([#458](https://redirect.github.com/mde/ejs/issues/458), [#459](https://redirect.github.com/mde/ejs/issues/459), [@ExE-Boss](https://redirect.github.com/ExE-Boss)) - Compiled functions are now shown in the debugger ([#456](https://redirect.github.com/mde/ejs/issues/456), [@S2-](https://redirect.github.com/S2-)) - `function.name` is now set to the file base name in environments that support this ([#466](https://redirect.github.com/mde/ejs/issues/466), [@ExE-Boss](https://redirect.github.com/ExE-Boss)) ##### Bug Fixes - The error message when `async != true` now correctly mention the existence of the `async` option ([#460](https://redirect.github.com/mde/ejs/issues/460), [@ExE-Boss](https://redirect.github.com/ExE-Boss)) - Improved performance of HTML output generation ([#470](https://redirect.github.com/mde/ejs/issues/470), [@nwoltman](https://redirect.github.com/nwoltman)) ### [`v2.7.1`](https://redirect.github.com/mde/ejs/releases/tag/v2.7.1) [Compare Source](https://redirect.github.com/mde/ejs/compare/v2.6.2...v2.7.1) ##### Deprecated: - Added deprecation notice for use of `require.extensions` ([@mde](https://redirect.github.com/mde)) ### [`v2.6.2`](https://redirect.github.com/mde/ejs/releases/tag/v2.6.2) [Compare Source](https://redirect.github.com/mde/ejs/compare/v2.6.1...v2.6.2) - Correctly pass custom escape function to includes ([@alecgibson](https://redirect.github.com/alecgibson)) - Fixes for rmWhitespace ([@nwoltman](https://redirect.github.com/nwoltman)) - Examples for client-side EJS compiled with Express middleware ([@mjgs](https://redirect.github.com/mjgs)) - Make Template constructor public ([@ThisNameWasTaken](https://redirect.github.com/ThisNameWasTaken)) - Added `remove` function to cache ([@S2-](https://redirect.github.com/S2-)) - Recognize both 'Nix and Windows absolute paths ([@mde](https://redirect.github.com/mde)) ### [`v2.6.1`](https://redirect.github.com/mde/ejs/compare/v2.5.9...v2.6.1) [Compare Source](https://redirect.github.com/mde/ejs/compare/v2.5.9...v2.6.1) ### [`v2.5.9`](https://redirect.github.com/mde/ejs/compare/v2.5.8...v2.5.9) [Compare Source](https://redirect.github.com/mde/ejs/compare/v2.5.8...v2.5.9) ### [`v2.5.8`](https://redirect.github.com/mde/ejs/releases/tag/v2.5.8) [Compare Source](https://redirect.github.com/mde/ejs/compare/v2.5.7...v2.5.8) - Add filename to error when include file cannot be found ([@Leon](https://redirect.github.com/Leon)) - Node v9 in CI ([@Thomas](https://redirect.github.com/Thomas)) - Fixed special case for Express caching ([@mde](https://redirect.github.com/mde)) - Added Promise/async-await support to `renderFile` ([@mde](https://redirect.github.com/mde)) - Added notes on IDE support to README ([@Betanu701](https://redirect.github.com/Betanu701)) ### [`v2.5.7`](https://redirect.github.com/mde/ejs/releases/tag/v2.5.7) [Compare Source](https://redirect.github.com/mde/ejs/compare/v2.5.6...v2.5.7) - Pass configured escape function to `rethrow` ([@straker](https://redirect.github.com/straker)) - Added vulnerabilities info into README ([@mde](https://redirect.github.com/mde)) - Avoid creating function object in hot execution path ([@User4martin](https://redirect.github.com/User4martin)) - Added benchmark ([@User4martin](https://redirect.github.com/User4martin)) - Tests for looped includes ([@User4martin](https://redirect.github.com/User4martin)) ### [`v2.5.6`](https://redirect.github.com/mde/ejs/releases/tag/v2.5.6) [Compare Source](https://redirect.github.com/mde/ejs/compare/v2.5.5...v2.5.6) - Use configured escape function for filenames in errors ([@mde](https://redirect.github.com/mde)) - Make file-loader configurable to allow template pre-processing ([@hacke2](https://redirect.github.com/hacke2)) - Improved `renderFile` performance ([@nwoltman](https://redirect.github.com/nwoltman))

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

[!IMPORTANT]

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

🪧 Tips

### Chat There are 3 ways to chat with [CodeRabbit](https://coderabbit.ai): - Review comments: Directly reply to a review comment made by CodeRabbit. Example: - `I pushed a fix in commit , please review it.` - `Generate unit testing code for this file.` - `Open a follow-up GitHub issue for this discussion.` - Files and specific lines of code (under the "Files changed" tab): Tag `@coderabbitai` in a new review comment at the desired location with your query. Examples: - `@coderabbitai generate unit testing code for this file.` - `@coderabbitai modularize this function.` - PR comments: Tag `@coderabbitai` in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples: - `@coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.` - `@coderabbitai read src/utils.ts and generate unit testing code.` - `@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.` - `@coderabbitai help me debug CodeRabbit configuration file.` Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. ### CodeRabbit Commands (Invoked using PR comments) - `@coderabbitai pause` to pause the reviews on a PR. - `@coderabbitai resume` to resume the paused reviews. - `@coderabbitai review` to trigger an incremental review. This is useful when automatic reviews are disabled for the repository. - `@coderabbitai full review` to do a full review from scratch and review all the files again. - `@coderabbitai summary` to regenerate the summary of the PR. - `@coderabbitai resolve` resolve all the CodeRabbit review comments. - `@coderabbitai configuration` to show the current CodeRabbit configuration for the repository. - `@coderabbitai help` to get help. ### Other keywords and placeholders - Add `@coderabbitai ignore` anywhere in the PR description to prevent this PR from being reviewed. - Add `@coderabbitai summary` to generate the high-level summary at a specific location in the PR description. - Add `@coderabbitai` anywhere in the PR title to generate the title automatically. ### CodeRabbit Configuration File (`.coderabbit.yaml`) - You can programmatically configure CodeRabbit by adding a `.coderabbit.yaml` file to the root of your repository. - Please see the [configuration documentation](https://docs.coderabbit.ai/guides/configure-coderabbit) for more information. - If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: `# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json` ### Documentation and Community - Visit our [Documentation](https://coderabbit.ai/docs) for detailed information on how to use CodeRabbit. - Join our [Discord Community](http://discord.gg/coderabbit) to get help, request features, and share feedback. - Follow us on [X/Twitter](https://twitter.com/coderabbitai) for updates and announcements.

yurikrupnik / angular-playground-full