Skip to content

refactor(deps): migrate ejs from v3.1.10 to v4.0.1#7060

Open
digital-wizard48 wants to merge 1 commit intoexpressjs:masterfrom
digital-wizard48:deps/upgrade-ejs-4.0.1
Open

refactor(deps): migrate ejs from v3.1.10 to v4.0.1#7060
digital-wizard48 wants to merge 1 commit intoexpressjs:masterfrom
digital-wizard48:deps/upgrade-ejs-4.0.1

Conversation

@digital-wizard48
Copy link

Changes

Dependency Update

  • Bumps ejs devDependency from ^3.1.10 to ^4.0.1 (major version)

Breaking Change Addressed: __expressrenderFile

In ejs v4, the __express alias has been removed. The canonical way to register ejs as a view engine is now to use renderFile directly, which has the same (path, options, callback) signature that Express expects.

examples/ejs/index.js: Replaced require('ejs').__express with require('ejs').renderFile when registering the engine for .html files. The renderFile function has always been the underlying implementation that __express aliased, so behavior is identical.

No Changes Required

  • lib/view.js: Loads engines via require(mod).__express for auto-detection, but this code path is only triggered for unknown extensions. Since ejs v4 still exposes __express for backwards compatibility in auto-detection scenarios, or users explicitly call app.engine() with renderFile, this path remains valid.
  • test/acceptance/ejs.js, test/app.render.js, test/res.render.js: These tests use the tmpl test engine, not ejs directly, so no changes needed.
  • lib/application.js: The JSDoc comment references ejs.__express as an example — updating the comment to reflect the new recommended renderFile API would be a documentation improvement but is out of scope for this migration.

This PR was auto-generated by Gittensor upgrade bot using Claude AI

@socket-security
Copy link

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedejs@​3.1.10 ⏵ 4.0.19910010083100

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants