WaftEngine icon indicating copy to clipboard operation
WaftEngine copied to clipboard

Published 20 hours ago verified publisher icon WaftTech

[Snyk] Security upgrade @sendgrid/mail from 6.5.5 to 7.0.0

Open mkmpvtltd1 opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • server/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Server-side Request Forgery (SSRF)
SNYK-JS-REQUEST-3361831		 Yes Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @sendgrid/mail The new version differs by 18 commits.
  • ae1148c Release 7.0.0
  • bbc8fa2 [Librarian] Version Bump
  • bce1694 docs: update examples to use dynamic templates instead of legacy templates
  • 0e8c276 docs: expand failure example to log response body
  • f35ddc5 docs: support verbiage for login issues (#1078)
  • 3f8742f feat: console warning added when using an invalid API key (#1077)
  • e55c123 Merge branch 'digitalica-master'
  • dba7f7b Merge branch 'master' of https://github.com/digitalica/sendgrid-nodejs into digitalica-master
  • 5dc1429 Fix: options.uri must be string (#985)
  • 208b23e fix: add 'setTimeout' to the MailService TS definition (#1076)
  • 356e121 Update timeout.md
  • 750f699 reorg docs and add migration guide (#1073)
  • b2b40de feat!: migrate from deprecated request module to axios (#1058)
  • 8075616 chore!: upgrade dev dependencies and fix eslint warnings/errors (#1063)
  • 9867c9d fix: remove the lock file since this is a library
  • 61d53f8 also run tests in node 10
  • fb59653 fix tests
  • 8b71ae1 move from babal-preset-es2015 to babel-preset-env

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF) 🦉 Prototype Pollution

mkmpvtltd1 avatar Nov 27 '23 14:11 mkmpvtltd1