AtHeartEngineer/ejs
1
0
Fork 0
mirror of https://github.com/CryptKeeperZK/ejs.git synced 2026-01-09 15:37:57 -05:00
Code Issues Packages Projects Releases Wiki Activity
3,187 Commits 1 Branch 0 Tags
76c9c612f4a0b2243d27b5a20a22627a6905df37
Commit Graph

3187 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
76c9c612f4 Bump minimatch from 3.0.4 to 3.1.2 
Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.2.
- [Release notes](https://github.com/isaacs/minimatch/releases)
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-12-31 20:05:52 +00:00
Matthew Eernisse
f818bce2a5 Merge pull request #706 from mde/dependabot/npm_and_yarn/flat-and-mocha-5.0.2 
Bump flat and mocha
 2022-12-31 12:05:16 -08:00
dependabot[bot]
0fca86359d Bump flat and mocha 
Bumps [flat](https://github.com/hughsk/flat) to 5.0.2 and updates ancestor dependency [mocha](https://github.com/mochajs/mocha). These dependencies need to be updated together.


Updates `flat` from 4.1.0 to 5.0.2
- [Release notes](https://github.com/hughsk/flat/releases)
- [Commits](https://github.com/hughsk/flat/compare/4.1.0...5.0.2)

Updates `mocha` from 7.1.1 to 10.2.0
- [Release notes](https://github.com/mochajs/mocha/releases)
- [Changelog](https://github.com/mochajs/mocha/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mochajs/mocha/compare/v7.1.1...v10.2.0)

---
updated-dependencies:
- dependency-name: flat
  dependency-type: indirect
- dependency-name: mocha
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-12-30 20:15:48 +00:00
Matthew Eernisse
e92b960ab9 Merge pull request #704 from mshima/patch-1 
root can be arrays.
 2022-11-19 10:26:19 -08:00
Marcelo Shima
9cc37d7c35 Update README.md 2022-11-18 10:35:30 -03:00
Marcelo Shima
f1d6c51a6c root can be arrays. 2022-11-18 10:34:54 -03:00
Matthew Eernisse
5919964ec3 Merge pull request #685 from mde/dependabot/npm_and_yarn/shell-quote-1.7.3 
Bump shell-quote from 1.7.2 to 1.7.3
 2022-08-16 09:40:28 -07:00
Matthew Eernisse
fc78c01f22 Merge pull request #687 from i8-pi/cli-relative-path 
Make relative paths in include work for cli
 2022-07-23 12:10:13 -07:00
Thomas Chung
2e9e3cd4ba Make relative paths in include work for cli 2022-07-13 01:42:35 +10:00
dependabot[bot]
d263c9fbe3 Bump shell-quote from 1.7.2 to 1.7.3 
Bumps [shell-quote](https://github.com/substack/node-shell-quote) from 1.7.2 to 1.7.3.
- [Release notes](https://github.com/substack/node-shell-quote/releases)
- [Changelog](https://github.com/substack/node-shell-quote/blob/master/CHANGELOG.md)
- [Commits](https://github.com/substack/node-shell-quote/compare/v1.7.2...1.7.3)

---
updated-dependencies:
- dependency-name: shell-quote
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-23 02:48:47 +00:00
mde
f6ba7f3a60 Version bump in Express example 2022-05-11 12:21:18 -07:00
mde
5126ff57aa Version 3.1.8 2022-05-11 11:55:13 -07:00
mde
7d5a1c6a21 Merge branch 'main' of github.com:mde/ejs into main 2022-05-11 11:54:35 -07:00
mde
551949d861 Minor mitigation 2022-05-11 11:54:01 -07:00
Matthew Eernisse
66f7471d82 Merge pull request #664 from netcode/patch-1 
Create SECURITY.md
 2022-04-23 10:21:07 -07:00
mde
820855ad75 Version 3.1.7 2022-04-20 09:41:15 -07:00
mde
076dcb643c Don't use template literal 2022-04-20 09:36:05 -07:00
mde
faf8b849a4 Skip test -- error message vary depending on JS runtime 2022-04-20 09:17:12 -07:00
mde
c028c343c1 Update packages 2022-04-20 09:16:40 -07:00
Eslam Salem
839ad20fd2 Update SECURITY.md 2022-04-13 04:48:04 +02:00
Eslam Salem
c040180203 Update README.md 
Update the readme to add the security note
 2022-04-13 04:46:40 +02:00
Eslam Salem
59db52035a Create SECURITY.md 
Highly inspired by ExpressJS security policy.
 2022-04-10 23:55:44 +02:00
Matthew Eernisse
e4180b4fa2 Merge pull request #629 from markbrouwer96/main 
Updated jsdoc to 3.6.7
 2021-09-25 09:12:12 -07:00
markbrouwer96
d5404d6e68 Updated jsdoc to 3.6.7 2021-09-23 13:11:18 +02:00
Matthew Eernisse
7b0845d6aa Merge pull request #609 from mde/dependabot/npm_and_yarn/glob-parent-5.1.2 
Bump glob-parent from 5.1.1 to 5.1.2
 2021-06-11 08:43:59 -07:00
dependabot[bot]
32fb8ee387 Bump glob-parent from 5.1.1 to 5.1.2 
Bumps [glob-parent](https://github.com/gulpjs/glob-parent) from 5.1.1 to 5.1.2.
- [Release notes](https://github.com/gulpjs/glob-parent/releases)
- [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md)
- [Commits](https://github.com/gulpjs/glob-parent/compare/v5.1.1...v5.1.2)

---
updated-dependencies:
- dependency-name: glob-parent
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-06-11 11:53:46 +00:00
Matthew Eernisse
f21a9e4643 Merge pull request #603 from mde/mde-null-proto-where-possible 
Move to utils, handle older runtimes, fix tests
 2021-06-06 09:19:57 -07:00
Matthew Eernisse
a50e46f002 Merge pull request #606 from akash-55/main 
Update syntax.md
 2021-06-04 19:28:21 -07:00
akash-55
99b2d8e551 Update syntax.md 2021-06-05 07:03:19 +05:30
mde
576283bb5d Move to utils, handle older runtimes, fix tests 2021-05-31 13:29:51 -07:00
Matthew Eernisse
61b6616fd3 Merge pull request #601 from nicdumz/main 
Mitigate prototype pollution effects
 2021-05-31 12:40:23 -07:00
Nicolas Dumazet
be9a9bb397 Create Objects without prototypes. 
This generally helps mitigate prototype pollution: even if another
library allows prototype pollution, ejs will not allow escalating this
into Remote Code Execution.
 2021-05-31 21:37:02 +02:00
Nicolas Dumazet
15ee698583 Sanitize option names. 
This prevents injection of arbitrary code if the server is already
vulnerable to prototype poisoning. This resolves #451.

I deliberately opted to not support complex Unicode identifiers even
though they're valid JS identifiers. They're complex to validate and
users probably shouldn't even try to be that creative.
 2021-05-30 07:00:58 +02:00
Matthew Eernisse
c120527315 Merge pull request #598 from mde/dependabot/npm_and_yarn/lodash-4.17.21 
Bump lodash from 4.17.20 to 4.17.21
 2021-05-11 08:42:20 -07:00
dependabot[bot]
cfa273264b Bump lodash from 4.17.20 to 4.17.21 
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.20 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.20...4.17.21)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-05-11 11:10:00 +00:00
Matthew Eernisse
c594d0e099 Merge pull request #585 from db-developer/main 
fixed some situations...
 2021-03-01 11:16:05 -08:00
db-developer
9932bd932a add basic unit testing of utils.js 2021-03-01 10:49:25 +01:00
db-developer
5ea89773a2 fixed some situations where null or undefined on 'to', 'from' or 'list' would throw exceptions 2021-03-01 03:43:36 +01:00
Matthew Eernisse
fcae811468 Merge pull request #584 from db-developer/main 
introduced windows compatibility on tests
 2021-02-26 18:01:40 -08:00
db-developer
9f66025358 introduced windows compatible tests 2021-02-26 21:00:54 +01:00
mde
80bf3d7dcc Version 3.1.6 2021-02-06 12:27:44 -08:00
mde
abaee2be93 Sanitize filename for display 2021-02-06 12:21:24 -08:00
mde
289b0dc09f Remove unused arg 2021-02-06 12:20:38 -08:00
mde
9f69c0a176 Better doc-generation, document the doc commands 2020-09-10 08:20:56 -07:00
mde
a1c9c10563 Updated deps for security 2020-09-10 07:59:53 -07:00
mde
1f58d4b927 Version 3.1.5 2020-08-17 09:00:34 -07:00
mde
6f4a0aad0d Version 3.1.4 2020-08-17 08:58:59 -07:00
mde
4c5e56055b Removed arrow 2020-08-17 08:58:50 -07:00
mde
4317967bdc Linting 2020-08-17 08:57:32 -07:00
mde
86f1e7fbd6 Removed post-install script 2020-08-17 08:52:29 -07:00