EJS Out-of-Scope Vulnerabilities have they been taken care

[rsrinivasanhome]

Is the input to the EJS render method sanitized? Reference from EJS documentation
Out-of-Scope Vulnerabilities
Do we have to worry about this potential security issue ?

[Prozect2024]

Dear Maintaine/Project Team,

I am writing to inform you about a security vulnerability in the EJS template engine (version 3.1.10) that affects your project via transitive dependencies. Specifically, the vulnerability is present in surma/rollup-plugin-off-main-thread v2.2.3, which is a dependency of workbox-build v7.1.0 and workbox-webpack-plugin v7.1.0.

Given the potential security risks associated with this vulnerability, I would like to request an update to your project that removes or replaces the vulnerable dependency. A possible solution could be updating to a non-vulnerable version of EJS (3.1.11 or later) or switching to an alternative templating engine if feasible.

Addressing this issue would help ensure that projects depending on your library can maintain security best practices. Please let me know if there are any plans to release an update or if there are workarounds that can be implemented in the meantime.

Thank you for your attention to this matter and for your continued work on this important project.

Best regards,
Kate