From 6d89c271ced624f93592ffe607788ba047d352f8 Mon Sep 17 00:00:00 2001 From: David Hirtle Date: Sun, 28 Oct 2018 22:28:41 -0700 Subject: [PATCH] Upgrade insecure ejs. v2 doesn't support filters, but no big loss --- package-lock.json | 8 ++++---- package.json | 2 +- views/admin.html | 6 +++--- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index c640827..02dbca6 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "omega", - "version": "1.1.0", + "version": "1.1.1", "lockfileVersion": 1, "requires": true, "dependencies": { @@ -300,9 +300,9 @@ "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0=" }, "ejs": { - "version": "0.6.1", - "resolved": "https://registry.npmjs.org/ejs/-/ejs-0.6.1.tgz", - "integrity": "sha1-FszJju6sFmmCkn+mfrP8qIZfaHE=" + "version": "2.6.1", + "resolved": "https://registry.npmjs.org/ejs/-/ejs-2.6.1.tgz", + "integrity": "sha512-0xy4A/twfrRCnkhfk8ErDi5DqdAsAqeGxht4xkCUrsvhhbQNs7E+4jV0CN7+NKIY0aHE72+XvqtBIXzD31ZbXQ==" }, "encodeurl": { "version": "1.0.2", diff --git a/package.json b/package.json index ff8afad..ff1a3b9 100644 --- a/package.json +++ b/package.json @@ -36,7 +36,7 @@ "connect-flash": "^0.1.1", "cookie-parser": "^1.4.3", "cookie-session": "^2.0.0-beta.3", - "ejs": "0.6.x", + "ejs": ">=2.5.5", "express": "^4.16.4", "express-partials": "^0.3.0", "less-middleware": "0.1.x", diff --git a/views/admin.html b/views/admin.html index caf63fb..593f16c 100644 --- a/views/admin.html +++ b/views/admin.html @@ -1,15 +1,15 @@ Admin - Omega Issue Tracker - +
<% if (flash.error && flash.error.length) { %> -
<%-: flash.error | join %>
+
<%- flash.error.join(', ') %>
<% } %> <% if (flash.info && flash.info.length) { %> -
<%-: flash.info | join %>
+
<%- flash.info.join(', ') %>
<% } %>

Ω