fix(deps): update dependency ejs to v5

[redpkt-adm]

This PR contains the following updates:

Package	Change	Age	Confidence
ejs	^3.1.10 → ^5.0.0

---

Release Notes

mde/ejs (ejs)

v5.0.1

Compare Source

Version 5.0.1

v4.0.1

Compare Source

Version 4.0.1

---

Configuration

📅 Schedule: Branch creation - Monday through Friday ( * * * * 1-5 ) in timezone Europe/Athens, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[redpkt-adm]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: yarn.lock

Unknown Syntax Error: Unsupported option name ("--ignore-platform").

$ yarn install [--json] [--immutable] [--immutable-cache] [--refresh-lockfile] [--check-cache] [--check-resolutions] [--inline-builds] [--mode #0]

[coderabbitai]

📝 Walkthrough

Walkthrough

Updated the EJS template engine dependency from version ^3.1.10 to ^5.0.0 in package.json. This is a major version bump for the templating library with no corresponding code modifications.

Changes

Cohort / File(s)	Summary
Dependency Update package.json	Updated EJS dependency from ^3.1.10 to ^5.0.0, representing a major version upgrade for the template engine.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Poem

🐰 EJS hops from three to five,
A major leap, the version thrives!
Templates rendered fresh and new,
One tiny change, yet grand in view. ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: updating the ejs dependency to version 5, which aligns with the changeset that updates ejs from ^3.1.10 to ^5.0.0.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch renovate/ejs-5.x

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

CodeRabbit can use your project's `biome` configuration to improve the quality of JS/TS/CSS/JSON code reviews.

Add a configuration file to your project to customize how CodeRabbit runs biome.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@package.json`:
- Line 23: The package.json entry for the ejs dependency was bumped to a
non-published version ("ejs": "^5.0.0"); revert this to a real released version
(e.g., set "ejs" to "^4.0.1" or to whatever actual npm release you intend) or
match the lockfile's existing range ("^3.1.10"), and regenerate the lockfile
(run yarn install or npm install) so yarn.lock is consistent; update the
package.json dependency string for ejs to a valid published semver and ensure
yarn.lock is updated accordingly (or if the branch intended to use v5, replace
with the exact published tag if/when available).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f3aa87b6-8337-4c39-9505-f960d80ee2d3

📥 Commits

Reviewing files that changed from the base of the PR and between 86f07bd and 2f3f8f1.

📒 Files selected for processing (1)

• package.json

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

python - <<'PY'
import json
import urllib.request

with urllib.request.urlopen("https://registry.npmjs.org/ejs") as resp:
    pkg = json.load(resp)

print("dist-tags:", pkg.get("dist-tags", {}))
versions = pkg.get("versions", {})
for v in ("3.1.10", "5.0.0", "5.0.1"):
    print(f"{v}: {'present' if v in versions else 'missing'}")
PY

if [ -f yarn.lock ]; then
  rg -n -C2 '^"?ejs@' yarn.lock || true
else
  printf 'yarn.lock not found\n'
fi

Repository: chipsgg/chips-telegram-bot

Length of output: 2651

---

🌐 Web query:

ejs npm package version 5.0.0 release history

💡 Result:

ejs (npm package name: ejs) — status of “v5.0.0”

• There is no ejs@5.0.0 published on npm (at least as of March 2026). Version trackers that enumerate npm publishes show ejs@4.0.1 published Jan 14, 2026 as the latest. [1][2]
• The upstream GitHub repo does show a v5.0.1 tag dated Mar 5, 2026, but no v5.0.0 tag appears in the tag list (i.e., it jumps from v4.0.1 to v5.0.1 in tags). [3]
• So, strictly speaking, there’s no npm “release history” for ejs@5.0.0 because that version doesn’t exist on npm. [1][2]

Likely confusion: ejs-html@5.0.0

There is a different npm package named ejs-html with a 5.0.0 version (published “8 years ago” per npm). [4]

Sources:
[1] Snyk npm package versions for ejs (shows 4.0.1 published Jan 14, 2026) [1]
[2] Socket version list for ejs (shows latest 4.0.1) [2]
[3] GitHub tags for mde/ejs (shows v5.0.1 on Mar 5, 2026; no v5.0.0 tag shown) [3]
[4] npm page for ejs-html@5.0.0 [4]

---

🏁 Script executed:

#!/bin/bash
# Check if yarn.lock exists and what it contains for ejs
if [ -f yarn.lock ]; then
  echo "=== yarn.lock exists, searching for ejs entries ==="
  rg -n "^ejs@" yarn.lock || echo "No direct ejs@ match found"
else
  echo "yarn.lock not found"
fi

# Also check package.json to see current version
if [ -f package.json ]; then
  echo "=== Current package.json ejs entry ==="
  rg -A1 -B1 '"ejs"' package.json || echo "No ejs entry found"
fi

Repository: chipsgg/chips-telegram-bot

Length of output: 249

---

Revert this version bump—ejs@5.0.0 does not exist and will break installation.

This change updates ejs to ^5.0.0 in package.json (line 23), but that version has never been published to npm. The latest release on npm is 4.0.1 (published Jan 14, 2026). While the upstream mde/ejs GitHub repository does have a v5.0.1 tag (dated Mar 5, 2026), no v5.0.0 was ever published, and attempting to install this will fail dependency resolution.

Additionally, yarn.lock remains unchanged and still points to ejs@^3.1.10, creating an unresolvable mismatch between the manifest and lockfile.

Either update to an actual released version (e.g., ^4.0.1 or wait for ^5.0.1 if it is published to npm), or investigate whether this branch intended a different package name.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` at line 23, The package.json entry for the ejs dependency was
bumped to a non-published version ("ejs": "^5.0.0"); revert this to a real
released version (e.g., set "ejs" to "^4.0.1" or to whatever actual npm release
you intend) or match the lockfile's existing range ("^3.1.10"), and regenerate
the lockfile (run yarn install or npm install) so yarn.lock is consistent;
update the package.json dependency string for ejs to a valid published semver
and ensure yarn.lock is updated accordingly (or if the branch intended to use
v5, replace with the exact published tag if/when available).