Update dependency pug to v3.0.3 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
pug (source)	3.0.2 -> 3.0.3

GitHub Vulnerability Alerts

CVE-2024-36361

Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would typically be no reason to allow untrusted callers.

---

Release Notes

pugjs/pug (pug)

v3.0.3

Compare Source

Bug Fixes

• Update pug-code-gen with the following fix: (#​3438)

  Validate templateName and globals are valid JavaScript identifiers to prevent possible remote code execution if un-trusted user input is passed to the compilation options

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: [email protected]
npm ERR! Found: [email protected]
npm ERR! node_modules/mongoose
npm ERR!   mongoose@"5.13.13" from the root project
npm ERR!   peer mongoose@"*" from [email protected]
npm ERR!   node_modules/mongoose-legacy-pluralize
npm ERR!     mongoose-legacy-pluralize@"1.0.2" from [email protected]
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer mongoose@"^4.1.12" from [email protected]
npm ERR! node_modules/mongoose-auto-increment
npm ERR!   mongoose-auto-increment@"5.0.1" from the root project
npm ERR! 
npm ERR! Conflicting peer dependency: [email protected]
npm ERR! node_modules/mongoose
npm ERR!   peer mongoose@"^4.1.12" from [email protected]
npm ERR!   node_modules/mongoose-auto-increment
npm ERR!     mongoose-auto-increment@"5.0.1" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /tmp/renovate/cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate/cache/others/npm/_logs/2024-05-28T19_37_27_667Z-debug-0.log