EJS (Embedded JavaScript templates) offers a way to generate HTML markup with plain JavaScript. Version 3.1.7 is a minor release from 3.1.6, with the most notable change happening in its dependencies. While both versions retain core dev dependencies like jsdoc, mocha, eslint, lru-cache, uglify-js, browserify and git-directory-deploy for development, testing and deployment, the dependency on "jake" has changed from "^10.6.1" to "^10.8.5". This seemingly small change could be important, as updates to dependencies often include bug fixes, performance improvements, or security patches within the "jake" task runner itself, ensuring a more robust build process.
Another subtle difference is the slightly larger unpacked size (138642 bytes in 3.1.7 vs 134358 bytes in 3.1.6). This increase, though minimal, might hint at code optimizations or minor additions. Furthermore, the author field in version 3.1.7 is a simple string while in 3.1.6 it is a JSON object containing the author's name, email and URL. While functionally equivalent, this represents a change in the metadata formatting. Most importantly, 3.1.7 was released significantly later (April 2022) than 3.1.6 (February 2021), implying that it integrates more recent updates and configurations. Developers should consider these factors when choosing between the versions.
All the vulnerabilities related to the version 3.1.7 of the package
ejs lacks certain pollution protection
The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.
