Actualizacion de seguridad

node_modules/ejs/README.md

@@ -1,9 +1,23 @@
 Embedded JavaScript templates<br/>
-[![Build Status](https://img.shields.io/travis/mde/ejs/master.svg?style=flat)](https://travis-ci.org/mde/ejs)
-[![Developing Dependencies](https://img.shields.io/david/dev/mde/ejs.svg?style=flat)](https://david-dm.org/mde/ejs?type=dev)
 [![Known Vulnerabilities](https://snyk.io/test/npm/ejs/badge.svg?style=flat)](https://snyk.io/test/npm/ejs)
 =============================
 
+## Security
+
+Security professionals, before reporting any security issues, please reference the
+<a href="https://github.com/mde/ejs/blob/main/SECURITY.md">SECURITY.md</a>
+in this project, in particular, the following: "EJS is effectively a JavaScript runtime.
+Its entire job is to execute JavaScript. If you run the EJS render method without
+checking the inputs yourself, you are responsible for the results."
+
+In short, DO NOT submit 'vulnerabilities' that include this snippet of code:
+
+```javascript
+app.get('/', (req, res) => {
+  res.render('index', req.query);
+});
+```
+
 ## Installation
 
 ```bash

node_modules/ejs/ejs.js

@@ -507,8 +507,8 @@ exports.clearCache = function () {
   exports.cache.reset();
 };
 
-function Template(text, opts) {
-  opts = opts || utils.createNullProtoObjWherePossible();
+function Template(text, optsParam) {
+  var opts = utils.hasOwnOnlyObject(optsParam);
   var options = utils.createNullProtoObjWherePossible();
   this.templateText = text;
   /** @type {string | null} */
@@ -951,6 +951,7 @@ if (typeof window != 'undefined') {
   window.ejs = exports;
 }
 
+
 },{"../package.json":6,"./utils":2,"fs":3,"path":4}],2:[function(require,module,exports){
 /*
  * EJS Embedded JavaScript templates
@@ -1192,6 +1193,15 @@ exports.createNullProtoObjWherePossible = (function () {
   };
 })();
 
+exports.hasOwnOnlyObject = function (obj) {
+  var o = exports.createNullProtoObjWherePossible();
+  for (var p in obj) {
+    if (hasOwn(obj, p)) {
+      o[p] = obj[p];
+    }
+  }
+  return o;
+};
 
 
 },{}],3:[function(require,module,exports){
@@ -1697,7 +1707,7 @@ module.exports={
     "engine",
     "ejs"
   ],
-  "version": "3.1.8",
+  "version": "3.1.9",
   "author": "Matthew Eernisse <mde@fleegix.org> (http://fleegix.org)",
   "license": "Apache-2.0",
   "bin": {
@@ -1728,7 +1738,7 @@ module.exports={
     "node": ">=0.10.0"
   },
   "scripts": {
-    "test": "mocha -u tdd"
+    "test": "npx jake test"
   }
 }
 

node_modules/ejs/jakefile.js

@@ -64,7 +64,7 @@ task('docPublish', ['doc'], function () {
 
 desc('Runs the EJS test suite');
 task('test', ['lint'], function () {
-  exec(path.join('./node_modules/.bin/mocha'));
+  exec(path.join('./node_modules/.bin/mocha --u tdd'));
 });
 
 publishTask('ejs', ['build'], function () {

node_modules/ejs/lib/ejs.js

@@ -506,8 +506,8 @@ exports.clearCache = function () {
   exports.cache.reset();
 };
 
-function Template(text, opts) {
-  opts = opts || utils.createNullProtoObjWherePossible();
+function Template(text, optsParam) {
+  var opts = utils.hasOwnOnlyObject(optsParam);
   var options = utils.createNullProtoObjWherePossible();
   this.templateText = text;
   /** @type {string | null} */
@@ -949,3 +949,4 @@ exports.name = _NAME;
 if (typeof window != 'undefined') {
   window.ejs = exports;
 }
+

node_modules/ejs/lib/utils.js

@@ -238,4 +238,13 @@ exports.createNullProtoObjWherePossible = (function () {
   };
 })();
 
+exports.hasOwnOnlyObject = function (obj) {
+  var o = exports.createNullProtoObjWherePossible();
+  for (var p in obj) {
+    if (hasOwn(obj, p)) {
+      o[p] = obj[p];
+    }
+  }
+  return o;
+};
 

node_modules/ejs/package.json

@@ -6,7 +6,7 @@
     "engine",
     "ejs"
   ],
-  "version": "3.1.9",
+  "version": "3.1.10",
   "author": "Matthew Eernisse <mde@fleegix.org> (http://fleegix.org)",
   "license": "Apache-2.0",
   "bin": {
@@ -37,6 +37,6 @@
     "node": ">=0.10.0"
   },
   "scripts": {
-    "test": "mocha -u tdd"
+    "test": "npx jake test"
   }
 }