Commit 06905e9
Bump ejs to ^3.1.10 to fix CVE-2024-33883
Summary:
Upgrade ejs dependency in node/package.json from ^2.4.2 to ^3.1.10 to
remediate GHSA-ghr5-ch3p-vcr6 (CVE-2024-33883), a medium-severity
prototype pollution vulnerability in ejs < 3.1.10.
The app only uses ejs as an Express view engine (app.set + res.render),
which is fully compatible with ejs 3.x — no code changes required.
Reviewed By: shreeshyadav
Differential Revision: D99690816
fbshipit-source-id: a0107d92515d3bdc20a38e36e3247f722dfe09621 parent d7f655d commit 06905e9
1 file changed
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
17 | 17 | | |
18 | 18 | | |
19 | 19 | | |
20 | | - | |
| 20 | + | |
21 | 21 | | |
22 | 22 | | |
23 | 23 | | |
| |||
0 commit comments