diff --git a/package-lock.json b/package-lock.json
index fc47349..5e8232f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1092,9 +1092,9 @@
       "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0="
     },
     "ejs": {
-      "version": "2.5.9",
-      "resolved": "https://registry.npmjs.org/ejs/-/ejs-2.5.9.tgz",
-      "integrity": "sha512-GJCAeDBKfREgkBtgrYSf9hQy9kTb3helv0zGdzqhM7iAkW8FA/ZF97VQDbwFiwIT8MQLLOe5VlPZOEvZAqtUAQ=="
+      "version": "2.7.4",
+      "resolved": "https://registry.npmjs.org/ejs/-/ejs-2.7.4.tgz",
+      "integrity": "sha512-7vmuyh5+kuUyJKePhQfRQBhXV5Ce+RnaeeQArKu1EAMpL3WbgMt5WG6uQZpEVvYSSsxMXRKOewtDk9RaTKXRlA=="
     },
     "elliptic": {
       "version": "6.5.2",
diff --git a/package.json b/package.json
index 6eb2610..72c2f4a 100644
--- a/package.json
+++ b/package.json
@@ -21,7 +21,7 @@
     "bunyan": "^1.8.12",
     "cookie-parser": "~1.4.3",
     "debug": "~2.6.9",
-    "ejs": "~2.5.7",
+    "ejs": "~2.7.4",
     "express": "~4.16.0",
     "express-bunyan-logger": "^1.3.3",
     "express-session": "^1.15.6",