No description provided.
Bumps [pug](https://github.com/pugjs/pug) from 2.0.4 to 3.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pugjs/pug/releases">pug's releases</a>.</em></p> <blockquote> <h2>[email protected]</h2> <h2>Bug Fixes</h2> <ul> <li>Update <code>with</code> to resolve core-js deprecation notice (<a href="https://github-redirect.dependabot.com/pugjs/pug/issues/3259">#3259</a>)</li> </ul> <h2>[email protected]</h2> <h2>Bug Fixes</h2> <ul> <li> <p>Sanitise the <code>pretty</code> option (<a href="https://github-redirect.dependabot.com/pugjs/pug/issues/3314">#3314</a>)</p> <p>If a malicious attacker could control the <code>pretty</code> option, it was possible for them to achieve remote code execution on the server rendering the template. All pug users should upgrade as soon as possible, see <a href="https://github-redirect.dependabot.com/pugjs/pug/issues/3312">#3312</a> for more details.</p> </li> </ul> <h2>[email protected]</h2> <h2>Bug Fixes</h2> <ul> <li>Properly handle non-string values when rethrowing errors (<a href="https://github-redirect.dependabot.com/pugjs/pug/issues/3269">#3269</a>)</li> </ul> <h2>[email protected]</h2> <h2>Breaking Changes</h2> <ul> <li>Drop support for node 6 and 8 (<a href="https://github-redirect.dependabot.com/pugjs/pug/issues/3243">#3243</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>wrap setting err.message with a try/catch (<a href="https://github-redirect.dependabot.com/pugjs/pug/issues/2996">#2996</a>)</li> </ul> <h2>[email protected]</h2> <h2>Breaking Changes</h2> <ul> <li>Drop support for node 6 and 8 (<a href="https://github-redirect.dependabot.com/pugjs/pug/issues/3243">#3243</a>)</li> </ul> <h2>[email protected]</h2> <h2>Breaking Changes</h2> <ul> <li>Drop support for node 6 and 8 (<a href="https://github-redirect.dependabot.com/pugjs/pug/issues/3243">#3243</a>)</li> </ul> <h2>New Features</h2> <ul> <li>Support <code>EachOf</code> nodes (<a href="https://github-redirect.dependabot.com/pugjs/pug/issues/3179">#3179</a>)</li> </ul> <h2>[email protected]</h2> <h2>Breaking Changes</h2> <ul> <li> <p><code>read</code> plugins must now return <code>Buffer</code> if you want to support filters that use <code>renderBuffer</code> (<a href="https://github-redirect.dependabot.com/pugjs/pug/issues/3213">#3213</a>)</p> </li> <li> <p>Drop support for node 6 and 8 (<a href="https://github-redirect.dependabot.com/pugjs/pug/issues/3243">#3243</a>)</p> </li> </ul> <h2>New Features</h2> <ul> <li>File nodes now get a <code>raw</code> property that is a <code>Buffer</code>, in addition to the <code>str</code> (<a href="https://github-redirect.dependabot.com/pugjs/pug/issues/3213">#3213</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pugjs/pug/commit/991e78f7c4220b2f8da042877c6f0ef5a4683be0"><code>991e78f</code></a> fix: sanitise and escape the <code>pretty</code> option (<a href="https://github-redirect.dependabot.com/pugjs/pug/issues/3314">#3314</a>)</li> <li><a href="https://github.com/pugjs/pug/commit/06baa525a23049756de9587461d389a12bc12537"><code>06baa52</code></a> Fix TypeScript and add eachOf token definition (<a href="https://github-redirect.dependabot.com/pugjs/pug/issues/3262">#3262</a>)</li> <li><a href="https://github.com/pugjs/pug/commit/13e46e9fe87220530a066d3aae49131969920275"><code>13e46e9</code></a> chore: update with (<a href="https://github-redirect.dependabot.com/pugjs/pug/issues/3259">#3259</a>)</li> <li><a href="https://github.com/pugjs/pug/commit/c077df4a8d523fe42e52f83b62d3c8ba3822d3b3"><code>c077df4</code></a> docs: fix rolling versions link</li> <li><a href="https://github.com/pugjs/pug/commit/ccba7dae678b1fceaa9b46d9d15a78ee0a2569d4"><code>ccba7da</code></a> ci: publish canary release (<a href="https://github-redirect.dependabot.com/pugjs/pug/issues/3257">#3257</a>)</li> <li><a href="https://github.com/pugjs/pug/commit/24a7b8eaaf86e53d0581c9e7900fb8fa906c5b2a"><code>24a7b8e</code></a> chore: remove get-repo dependency (<a href="https://github-redirect.dependabot.com/pugjs/pug/issues/3256">#3256</a>)</li> <li><a href="https://github.com/pugjs/pug/commit/8288ec5fa9b28781be78ea4508b3f8c9ca7f9ba1"><code>8288ec5</code></a> ci: fix some problems with the workflows and add dry-run (<a href="https://github-redirect.dependabot.com/pugjs/pug/issues/3254">#3254</a>)</li> <li><a href="https://github.com/pugjs/pug/commit/eca9342bf3046e5170301d8839df551c1fe35d99"><code>eca9342</code></a> chore: update is-expression and jest (<a href="https://github-redirect.dependabot.com/pugjs/pug/issues/3253">#3253</a>)</li> <li><a href="https://github.com/pugjs/pug/commit/9e96bb722c706a2fc89bce401e4ba215205bd9b1"><code>9e96bb7</code></a> feat: allow filters to read non-text include files (<a href="https://github-redirect.dependabot.com/pugjs/pug/issues/3213">#3213</a>)</li> <li><a href="https://github.com/pugjs/pug/commit/bb0731f75813aa30d8e077808b5465a67ef284ef"><code>bb0731f</code></a> chore: use minimal settings to format test files (<a href="https://github-redirect.dependabot.com/pugjs/pug/issues/3245">#3245</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pugjs/pug/compare/[email protected]@3.0.1">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~pug-bot">pug-bot</a>, a new releaser for pug since your current version.</p> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/tehuster/EscapeServer/network/alerts). </details>
This issue appears to be discussing a feature request or bug report related to the repository. Based on the content, it seems to be still under discussion. The issue was opened by dependabot[bot] and has received 0 comments.