[Snyk] Security upgrade ejs from 3.1.10 to 5.0.1

[randi274]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• packages/lightning-lsp-common/package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Infinite loop SNYK-JS-BRACEEXPANSION-15789759	641

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[randi274]

This is a major version upgrade from v3 to v5, which includes significant architectural changes. While the maintainers have aimed for backward compatibility, the introduction of a dual module system and changes to the package structure warrant careful review.

Breaking Changes in v4.0.0:

• Module System: The package was overhauled to support both CommonJS and ES Modules. The main entry point has changed, and a new exports field was added to package.json. While this is intended to work seamlessly, it can cause issues in complex build systems or with older module resolution strategies.
• Package Structure: The main entry point changed from ./lib/ejs.js to ./lib/cjs/ejs.js.

Breaking Changes in v5.0.0:
No specific release notes for v5.0.0 were found in the search results. The risk is elevated to medium due to the uncertainty of a second major version bump without clear documentation.

Recommendation:
Most standard require('ejs') or import ejs from 'ejs' statements should continue to work as expected. However, it is crucial to test your application's template rendering, especially if you have a custom build process or are deep-importing any EJS sub-modules. The risk is classified as medium because the changes are primarily environmental and structural, rather than direct API modifications, but the lack of information on v5 introduces uncertainty.

Source: EJS v4.0.1 Release Notes

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.