Vulnerabilty with ejs which is dependant on @angular-eslint/builder ( ejs lacks certain pollution protection ) #1804
Description
Description and versions:
"@angular-eslint/builder": "^16.2.0",
"@nx/devkit": "16.5.1",
"ejs": "^3.1.7",
Run "npm run audit" on new project to reproduce below error
╔══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════╗
║ ║
║ ID │ Module │ Title │ Paths │ Sev. │ URL │ Ex. ║
║ 1097210 │ ejs │ ejs lacks certain pollution protection │ ejs │ moderate │ GHSA-ghr5-ch3p-vcr6 │ n ║
╚═════════╧════════╧════════════════════════════════════════╧═════════════════╧══════════╧═══════════════════════════════════════════════════╧═════╝
PS C:\Users\pramocm\Desktop\XMP- Frontend> ng version
_ _ ____ _ ___
/ \ _ __ __ _ _ _| | __ _ _ __ / ___| | |_ _|
/ △ \ | '_ \ / | | | | |/ _ | '__| | | | | | |
/ ___ | | | | (| | || | | (| | | | || | | |
// __| ||_, |_,||_,|| _|||
|___/
Angular CLI: 16.2.14
Node: 20.11.0 (Unsupported)
Package Manager: npm 10.3.0
OS: win32 x64
Angular: 16.2.12
... animations, cdk, common, compiler, compiler-cli, core, forms
... language-service, platform-browser, platform-browser-dynamic
... router
Package Version
@angular-devkit/architect 0.1602.14
@angular-devkit/build-angular 16.2.14
@angular-devkit/core 16.2.14
@angular-devkit/schematics 16.2.14
@angular/cli 16.2.14
@schematics/angular 16.2.14
rxjs 7.8.1
typescript 4.9.5
zone.js 0.13.3
Warning: The current version of Node (20.11.0) is not supported by Angular.