Update dependencies in website/: ejs, tough-cookie #36559

SarahFrench · 2025-02-21T13:23:53Z

This PR updates:

ejs, 3.1.9 => 3.1.10, which contains the fix "Basic pollution protection" and some docs changes
tough-cookie, 4.1.2 => 4.1.4, which contains the fix "Prevent prototype pollution in cookie memstore" and some other fixes that look ok

npm audit before:

49 vulnerabilities (36 moderate, 12 high, 1 critical)

npm audit after:

47 vulnerabilities (34 moderate, 12 high, 1 critical)

Given that these updates are just patches I don't believe that review from Web Presence is necessary (but welcome!)

Target Release

N/A

3.1.9 => 3.1.10

4.1.2 => 4.1.4

SarahFrench added the no-changelog-needed Add this to your PR if the change does not require a changelog entry label Feb 21, 2025

vercel bot deployed to Preview February 21, 2025 13:28 View deployment

SarahFrench changed the title ~~Do more simple(r) dependency updates in website/~~ Update dependencies in website/: ejs, tough-cookie Feb 21, 2025

SarahFrench added 2 commits February 21, 2025 13:46

npm update ejs

c7c9115

3.1.9 => 3.1.10

npm update tough-cookie

34ed5d3

4.1.2 => 4.1.4

SarahFrench force-pushed the sarah/update-web-dependencies-2 branch from f1dbaf8 to 34ed5d3 Compare February 21, 2025 13:46

SarahFrench marked this pull request as ready for review February 21, 2025 13:51

SarahFrench requested review from a team as code owners February 21, 2025 13:51

SarahFrench requested a review from RubenSandwich February 21, 2025 13:51

vercel bot deployed to Preview February 21, 2025 13:52 View deployment

Merge branch 'main' into sarah/update-web-dependencies-2

dde6157

vercel bot deployed to Preview February 21, 2025 16:58 View deployment