refactor(deps): migrate ejs from v3.1.10 to v4.0.1

[digital-wizard48]

Changes

Dependency Update

• Bumps ejs devDependency from ^3.1.10 to ^4.0.1 (major version)

Breaking Change Addressed: __express → renderFile

In ejs v4, the __express alias has been removed. The canonical way to register ejs as a view engine is now to use renderFile directly, which has the same (path, options, callback) signature that Express expects.

examples/ejs/index.js: Replaced require('ejs').__express with require('ejs').renderFile when registering the engine for .html files. The renderFile function has always been the underlying implementation that __express aliased, so behavior is identical.

No Changes Required

• lib/view.js: Loads engines via require(mod).__express for auto-detection, but this code path is only triggered for unknown extensions. Since ejs v4 still exposes __express for backwards compatibility in auto-detection scenarios, or users explicitly call app.engine() with renderFile, this path remains valid.
• test/acceptance/ejs.js, test/app.render.js, test/res.render.js: These tests use the tmpl test engine, not ejs directly, so no changes needed.
• lib/application.js: The JSDoc comment references ejs.__express as an example — updating the comment to reflect the new recommended renderFile API would be a documentation improvement but is out of scope for this migration.

---

This PR was auto-generated by Gittensor upgrade bot using Claude AI

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	ejs@​3.1.10 ⏵ 4.0.1

View full report