nodemailer-sendgrid-transport icon indicating copy to clipboard operation
nodemailer-sendgrid-transport copied to clipboard

Published 20 hours ago verified publisher icon sendgrid

Lodash in deps have security issue - need to upgrade lodash version

Open deksden opened this issue 7 years ago • 9 comments

More info: https://snyk.io/vuln/npm:lodash:20180130

How to fix: Upgrade lodash to version 4.17.5 or higher.

deksden avatar Mar 13 '18 07:03 deksden

Thanks for the heads up @deksden!

thinkingserious avatar Mar 13 '18 15:03 thinkingserious

I can confirm the issue and the upgrade to do. Source: https://nodesecurity.io/advisories/577 (after running a nsp check command on one of my projects). If no one wants to be assigned to resolving that then I won't mind doing that.

Berkmann18 avatar Jul 03 '18 15:07 Berkmann18

Thanks @Berkmann18!

thinkingserious avatar Jul 03 '18 22:07 thinkingserious

What is missing to complete this? I just completed a Lodash upgrade from 3.x to 4.x, so I can help with that part. I blogged my experience: https://programatealgo.blogspot.com/2019/01/upgrading-lodash-from-3x-to-4x.html

dario-ramos avatar Jan 07 '19 16:01 dario-ramos

@dario-ramos This issue should normally be resolved.

Berkmann18 avatar Jan 08 '19 10:01 Berkmann18

As there is no update added, can anyone please tell me how can I resolve this error.

sudhanshugaur4 avatar Jul 18 '19 21:07 sudhanshugaur4

@sudhanshugaur4 It is as far as I can tell. Plus this repo was moved to https://github.com/sendgrid/sendgrid-nodejs.

Berkmann18 avatar Jul 19 '19 13:07 Berkmann18

It seems to me this repo is not maintained anymore. Abandoned city yal' boys... A lonely cowboy only passes by this place... AFAIK the official repo is now https://github.com/sendgrid/sendgrid-nodejs and you can still work with SMTP directly (link).

proton1k avatar Oct 14 '20 14:10 proton1k

works also: https://github.com/nodemailer/nodemailer-sendgrid

1Luc1 avatar Jan 06 '21 02:01 1Luc1