Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Need to bump ejs version to 3.1.10 due to vulnerability #4201

Closed
0crypto0 opened this issue May 1, 2024 · 2 comments · Fixed by #4204
Closed

Need to bump ejs version to 3.1.10 due to vulnerability #4201

0crypto0 opened this issue May 1, 2024 · 2 comments · Fixed by #4204

Comments

@0crypto0
Copy link

0crypto0 commented May 1, 2024

Description of the bug/issue

Dependabot cannot update ejs to a non-vulnerable version
The latest possible version that can be installed is 3.1.8 because of the following conflicting dependencies:

nightwatch@3.6.0 requires ejs@3.1.8
No patched version available for ejs
The earliest fixed version is 3.1.10.

Steps to reproduce

  1. Go to '...'
  2. Click on '...'
  3. Scroll down to '...'
  4. See error

Sample test

No response

Command to run

No response

Verbose Output

No response

Nightwatch Configuration

No response

Nightwatch.js Version

3.6.1

Node Version

No response

Browser

No response

Operating System

No response

Additional Information

No response
@TannerS
Copy link

TannerS commented May 3, 2024

Same here

@garg3133 garg3133 mentioned this issue May 5, 2024
Merged
@garg3133
Copy link
Member

A new version is published with the fix: 3.6.2.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bump ejs to 3.1.10 garg3133/nightwatch
3 participants
@TannerS @0crypto0 @garg3133