fix(deps): bump ejs to 3.1.8

[bennetthardwick]

Currently when installing a CLI created with gluegun users will see a message saying "1 critical severity vulnerability" because of a vulnerability in ejs: https://github.com/advisories/GHSA-phwq-j96m-2c2q

While it's not likely this will cause an issue it might worry some people who install gluegun created CLIs.

This vulnerability is patched in [email protected] so bumping the version will get rid of this message.

[yulolimum]

@jamonholmgren we'll want to get this merged soon as it resolves issues on a freshly spun-up project.

[ravenastar-js]

If possible, update ejs to version 3.1.7 or higher as it is causing problems with windows powershell, by default powershell blocks execution of dependencies that have vulnerability and using script to bypass execution of vulnerable dependencies is not good for system security. thanks for the attention and compression 💜

[ThomasDRT]

Looking to see if we can get this merged and closed as well. We've got some workarounds in place but are looking forward to getting the vulnerability properly addressed. Thanks!

[Mashbourne1]

Same here. Awaiting the fix for this vulnerability as well. Thanks much in advance!

[danstepanov]

while ejs is no longer a dependency, the change to ts-node resolves this issue for me, thanks

[jamonholmgren]

Hey everyone, sorry about the long delay on this. Finally getting to cleanup of all PRs and issues.

[infinitered-circleci]

:tada: This PR is included in version 5.1.6 :tada:

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot :package::rocket: