Bump ejs and @11ty/eleventy

[dependabot]

Bumps ejs to 3.1.9 and updates ancestor dependency @11ty/eleventy. These dependencies need to be updated together.

Updates ejs from 2.7.4 to 3.1.9

Release notes

Sourced from ejs's releases.

v3.1.9

Version 3.1.9

v3.1.8

Version 3.1.8

v3.1.7

Version 3.1.7

v3.1.6

Version 3.1.6

v3.1.5

Version 3.1.5

v3.0.2

No release notes provided.

Commits

• aed0124 Version 3.1.9
• 7083793 Updated dev deps
• 87f1da6 Merge pull request #707 from mde/dependabot/npm_and_yarn/minimatch-3.1.2
• e41a914 Removed old changelog, please rely on git log
• 9ea36ba Merge pull request #719 from jportner/frozen-prototype-fix
• 181a537 Fall back to assignment, update test
• 58bc2eb Change approach to shadowing "toString" property for escapeXML
• 76c9c61 Bump minimatch from 3.0.4 to 3.1.2
• f818bce Merge pull request #706 from mde/dependabot/npm_and_yarn/flat-and-mocha-5.0.2
• 0fca863 Bump flat and mocha
• Additional commits viewable in compare view

Updates @11ty/eleventy from 0.12.0 to 2.0.0

Release notes

Sourced from @​11ty/eleventy's releases.

Eleventy v2.0.0: Now with twice as many Possums

🚨 The full release notes are available on The Eleventy Blog: Eleventy v2.0.0 or you can watch me talk about v2.0 on YouTube.

Eleventy v2.0.0 is now available! You can try it out now:

# Local project
npm install @11ty/eleventy@latest
Global install
npm install @​11ty/eleventy@​latest -g

• Read more about local versus global installation.
• Watch a short video about 2.0 on YouTube.

New to Eleventy?

Eleventy is a flexible and production-ready site generator known for its zero-client JavaScript footprint, speedy sites, speedy builds, and full control over the output. Watch The State of Eleventy in Two Minutes or read more about Eleventy’s project goals.

The Big Features

Smaller, More Secure

• ✅ Dependencies decreased by 32.1%: 211 modules (311 in v1.0.2)
• ✅ node_modules file weight decreased by 77.8%: 34.3 MB (155 MB in v1.0.2)
• ✅ 30.5% faster npm install time

Faster Builds

• Improved build performance (tested on a sample 500 page site against v1.0.2) using:
  • Liquid: ✅ 18.18% faster
  • Nunjucks: ✅ 17.74% faster
  • Markdown (with Liquid): ✅ 17.95% faster
  • JavaScript (11ty.js): ✅ 8.33% faster
• --incremental for incremental builds #108
  • Smarter incremental builds with support for layout dependencies, registered dependencies on custom templates, dependencies in pagination data or eleventyImport #975
• --ignore-initial command line option to skip the first build (best paired with --incremental)
• Use emulated passthrough copy to serve passthrough files directly without triggering a build (will still work with live reload) #2456

Plugins

• Support for WebC, the new single file format for web components
• Eleventy Edge will render Eleventy templates in an Edge Function for dynamic content (bundled with Eleventy)
• Eleventy Dev Server replaces Browsersync, adds support for DOM-diffing live reloads. #1305 (bundled with Eleventy)
• Render Plugin will render any template syntax inside other files (bundled with Eleventy)
• Internationalization (i18n) Plugin makes it easy to create localized sites (bundled with Eleventy)
• HTML <base> Plugin makes it easy to deploy your site to any folder path without changing any content (works great with the path prefix feature) (bundled with Eleventy)
• Support for the Vite plugin

... (truncated)

Changelog

Sourced from @​11ty/eleventy's changelog.

Dependency notes

• @iarna/toml has a 3.0 that we have never been on but it was released the same day as the last 2.x https://github.com/BinaryMuse/toml-node/commits/master (needs more investigation)

List of dependencies that went ESM

• @sindresorhus/slugify ESM at 2.x
• multimatch is ESM at 6
• bcp-47-normalize at 1.x

Release Procedure

1. (Optional) Update minor dependencies in package.json
   • npx npm-check-updates
   • or npm outdated + npm update --save
2. If the minimum Node version changed, make sure you update package.json engines property.
   • Make sure the error message works correctly for Node versions less than 10.
     • 0.12.x+ requires Node 10+
     • 1.x+ requires Node 12+
     • 2.x+ requires Node 14+
3. rm -rf node_modules && rm -f package-lock.json && npm install
4. npm audit
5. Make sure npx ava runs okay
6. Update version in package.json
   • (Alpha) Use -alpha.1 suffix
   • (Beta) Use -beta.1 suffix
7. Run npm run coverage
8. Check it all in and commit
9. Tag new version
10. Wait for GitHub Actions to complete to know that the build did not fail.
11. Release
    • (Alpha) npm publish --access=public --tag=canary
      • NOTE: this was changed to alpha 11ty/eleventy#2758
    • (Beta) npm publish --access=public --tag=beta
    • (Main) npm publish --access=public
12. (Optional) Build and commit a new the eleventy-edge-cdn project to generate a new Eleventy Edge lib.

Unfortunate note about npm and tags (specifically canary here): if you push a 1.0.0-canary.x to canary (even though 2.0.0-canary.x exists), it will use the last pushed tag when you npm install from @canary (not the highest version number)

Docs/Website (Main releases only)

1. Maybe search for -alpha. (-canary.?) or -beta. in the docs copy to update to the stable release, if applicable.
2. Check in a new 11ty-website site with updated package.json version.
3. Add version to 11ty-website versions.json
4. Commit it
5. Create a new branch for branched version
6. (Main) Check out the previous version git branch and add outdated: true to _data/config.json and commit/push.
7. Go to https://app.netlify.com/sites/11ty/settings/domain and set up a subdomain for it.

Release Notes on GitHub (Main releases only)

... (truncated)

Commits

• 05c6263 v2.0.0
• 5c2a5bf Update dev-dependencies
• 7ed1fef Merge pull request #2781 from danburzo/mdlib-set
• 97243b6 v2.0.0-beta.3
• 55e0a62 v2.0.0-canary.35
• 23b80d9 Merge pull request #2783 from mrmartineau/fix/serverless-var
• 9f13b8e Fixes serverlessFilePath is not defined (2.0.0-beta.2) #2782
• b466258 Make markdown library .set() method optional
• bde84b4 v2.0.0-beta.2
• 6f877de v2.0.0-canary.34
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[socket-security]

New dependency changes detected. Learn more about Socket for GitHub ↗︎

👍 No new dependency issues detected in pull request

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

Pull request alert summary

Issue	Status
Install scripts	✅ 0 issues
Native code	✅ 0 issues
Bin script shell injection	✅ 0 issues
Unresolved require	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	✅ 0 issues

📊 Modified Dependency Overview:

⬆️ Updated Package	Version Diff	Capability Access	+/- Transitive Count	Publisher
@11ty/eleventy@2.0.0	0.12.0...2.0.0	filesystem, environment	+101/-222	zachleat