Critical security vulnerability #60
Description
I'm seeing a security vulnerability based on the version of this package's ejs dependency. It looks like ejs solved that in version 3.1.7. I tried updating ejs-compiled-loader to use 3.1.8 (the latest ejs), and did not run into problems the way I use it. Is this an update you can do please?
$npm audit
# npm audit report
ejs <3.1.7
Severity: critical
Template injection in ejs - https://github.com/advisories/GHSA-phwq-j96m-2c2q
No fix available
node_modules/ejs
ejs-compiled-loader *
Depends on vulnerable versions of ejs
node_modules/ejs-compiled-loader