Please update "ejs": Security vulnerability, template injection.

[Mashbourne1]

After running the npm audit, the report shows 2 high-security vulnerabilities for version 3.1.6 of ejs that gluegun depends on. It requires version ^3.1.7

npm audit report

ejs <3.1.7
Severity: high
Template injection in ejs -GHSA-phwq-j96m-2c2q
fix available via npm audit fix --force
Will install gluegun@0.0.1, which is a breaking change
node_modules/ejs
gluegun >=0.3.0
Depends on vulnerable versions of ejs
node_modules/gluegun

2 high severity vulnerabilities

[Cogneter]

I second that. Please update gluegun's ejs dependency version to 3.1.7.

Added a pull request for that: #759

[sidwebworks]

Hey folks, Any plans to merge the PR? its been a while

[ThomasDRT]

Also looking for this PR to get merged, if we can please.

[Mashbourne1]

Hi folks, this high-security vulnerability still exists. Is it possible we can have the ejs dependency updated to 3.1.7 soon?

Please note that the pull request #759 made for it was closed without a release.

[bennetthardwick]

Not sure why the original was closed but I've opened #764 to bump ejs to 3.1.8.