[Snyk] Upgrade nodemailer from 6.4.16 to 6.7.2

Open snyk-bot opened this issue 3 years ago • 0 comments

Snyk has created this PR to upgrade nodemailer from 6.4.16 to 6.7.2.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 12 versions ahead of your current version.
The recommended version was released 2 months ago, on 2021-11-26.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	HTTP Header Injection SNYK-JS-NODEMAILER-1296415	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: nodemailer

from nodemailer GitHub release notes

Commit messages

Package name: nodemailer

368f545 v6.7.2
ccead5d v6.7.1
7f87a0f fix verify on ses-transport
efc3947 v6.7.0
b749899 v6.6.5
420244f v6.6.4
114d289 Fix ses verify for sdk v3
04e6c2c Added SECURITY.txt
6ead859 Update report-an-issue.md
3aca7be resolver: skip answers of unsupported IP versions
fed2ebd v6.6.3
b71e63e v6.6.3
cc4601c Updated SES example
b75e539 v6.6.2
b4b91d5 Bug Fix smtp connection crashing the process
7e02648 v6.6.1
1750c0f v6.6.0
0636d58 Merge branch 'master' of github.com:nodemailer/nodemailer
058d414 v6.6.0
fcb0d1f test: 💍 aws ses SDK v3 support
2ef39e3 test: 💍 aws ses connection verification
6107585 fix: 🐛 ses verify, add support for v3 API
bf57cf5 Fixes resolveContent with streams overriding data
91108d7 v6.5.0

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Feb 09 '22 04:02 snyk-bot