Version
29.4.0
Steps to reproduce
Hi Maintainers,
We’ve identified that ts-jest@29.4.0 depends on ejs@^3.1.10, which is vulnerable to CVE-2023-29827.
ejs@3.1.10 is pulled as a transitive dependency and flagged as 💀 Critical.
Please consider updating the ejs dependency to >=3.1.11, which fixes the CVE.
Affected version: ts-jest@29.4.0
Suggested fix: bump ejs version, or refactor to remove dependency if no longer needed.
Thank you!
Expected behavior
Actual behavior
Debug log
Additional context
No response
Environment
Version
29.4.0
Steps to reproduce
Hi Maintainers,
We’ve identified that ts-jest@29.4.0 depends on ejs@^3.1.10, which is vulnerable to CVE-2023-29827.
ejs@3.1.10 is pulled as a transitive dependency and flagged as 💀 Critical.
Please consider updating the ejs dependency to >=3.1.11, which fixes the CVE.
Affected version: ts-jest@29.4.0
Suggested fix: bump ejs version, or refactor to remove dependency if no longer needed.
Thank you!
Expected behavior
Actual behavior
Debug log
Additional context
No response
Environment