pug-code-gen is vulnerable to remote code execution (RCE). The vulnerability exists as the allowed values of the pretty
option of the pug compiler are overly permissive.
github.com/pugjs/pug/commit/991e78f7c4220b2f8da042877c6f0ef5a4683be0
github.com/pugjs/pug/issues/3312
github.com/pugjs/pug/pull/3314
github.com/pugjs/pug/releases/tag/pug%403.0.1
github.com/pugjs/pug/security/advisories/GHSA-p493-635q-r6gr
www.npmjs.com/advisories/1644
www.npmjs.com/package/pug
www.npmjs.com/package/pug-code-gen