From b99d05001fde8845b04e11a2bc81ab0a8b785433 Mon Sep 17 00:00:00 2001
From: Anan Zhuang <ananzh@amazon.com>
Date: Mon, 19 Aug 2024 12:42:59 -0700
Subject: [PATCH] [1.3][CVE-2024-33883] Bump ejs from 3.1.7 to 3.1.10 (#7740)

Issue Resolve: CVE-2024-33883

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
---
 package.json                               |  2 +-
 packages/osd-plugin-generator/package.json |  2 +-
 yarn.lock                                  | 13 +++++++++----
 3 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/package.json b/package.json
index 56d7b2dfafa..0d080cdfded 100644
--- a/package.json
+++ b/package.json
@@ -92,7 +92,7 @@
     "!chromedriver/**/axios": "^0.21.4",
     "chromedriver/**/axios": "^0.27.2",
     "chromedriver/**/debug": "^4.3.1",
-    "**/ejs": "^3.1.6",
+    "**/ejs": "^3.1.10",
     "**/express": "^4.19.2",
     "**/flat": "^5.0.2",
     "**/follow-redirects": "^1.15.6",
diff --git a/packages/osd-plugin-generator/package.json b/packages/osd-plugin-generator/package.json
index 79425727643..f43e03954ae 100644
--- a/packages/osd-plugin-generator/package.json
+++ b/packages/osd-plugin-generator/package.json
@@ -11,7 +11,7 @@
   "dependencies": {
     "@osd/cross-platform": "1.0.0",
     "@osd/dev-utils": "1.0.0",
-    "ejs": "^3.1.7",
+    "ejs": "^3.1.10",
     "execa": "^4.0.2",
     "inquirer": "^7.3.3",
     "normalize-path": "^3.0.0",
diff --git a/yarn.lock b/yarn.lock
index 63f280e51f2..6348579d7ae 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -8185,10 +8185,10 @@ ee-first@1.1.1:
   resolved "https://registry.yarnpkg.com/ee-first/-/ee-first-1.1.1.tgz#590c61156b0ae2f4f0255732a158b266bc56b21d"
   integrity sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0=
 
-ejs@^2.6.1, ejs@^3.1.5, ejs@^3.1.6, ejs@^3.1.7:
-  version "3.1.7"
-  resolved "https://registry.yarnpkg.com/ejs/-/ejs-3.1.7.tgz#c544d9c7f715783dd92f0bddcf73a59e6962d006"
-  integrity sha512-BIar7R6abbUxDA3bfXrO4DSgwo8I+fB5/1zgujl3HLLjwd6+9iOnrT+t3grn2qbk9vOgBubXOFwX2m9axoFaGw==
+ejs@^2.6.1, ejs@^3.1.10, ejs@^3.1.5:
+  version "3.1.10"
+  resolved "https://registry.yarnpkg.com/ejs/-/ejs-3.1.10.tgz#69ab8358b14e896f80cc39e62087b88500c3ac3b"
+  integrity sha512-UeJmFfOrAQS8OJWPZ4qtgHyWExa088/MtK5UEyoJGFH67cDEXkZSviOiKRCZ4Xij0zxI3JECgYs3oKx+AizQBA==
   dependencies:
     jake "^10.8.5"
 
@@ -15049,6 +15049,11 @@ minipass@^3.0.0, minipass@^3.1.1:
   dependencies:
     yallist "^4.0.0"
 
+minipass@^5.0.0:
+  version "5.0.0"
+  resolved "https://registry.yarnpkg.com/minipass/-/minipass-5.0.0.tgz#3e9788ffb90b694a5d0ec94479a45b5d8738133d"
+  integrity sha512-3FnjYuehv9k6ovOEbyOswadCDPX1piCfhV8ncmYtHOjuPwylVWsghTLo7rabjC3Rx5xD4HDx8Wm1xnMF7S5qFQ==
+
 minizlib@^2.1.1:
   version "2.1.2"
   resolved "https://registry.yarnpkg.com/minizlib/-/minizlib-2.1.2.tgz#e90d3466ba209b932451508a11ce3d3632145931"