pump.io icon indicating copy to clipboard operation
pump.io copied to clipboard

Published 20 hours ago verified publisher icon pump-io

[Snyk] Security upgrade emailjs from 2.2.0 to 3.0.0

Open strugee opened this issue 2 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 490/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-RAMDA-1582370		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: emailjs The new version differs by 122 commits.
  • 4995578 Merge pull request #251 from eleith/emailjs-3.0
  • d83de8a remove bundle
  • 72f45ac bump to 3.0 and build bundles
  • 37ace28 chore: re-add old bundle
  • 53c7087 smtp: rename SMTPResponse -> SMTPResponseMonitor
  • 3355154 smtp: rename Client -> SMTPClient
  • 5b4f95a test: nits
  • 95d94c2 test/auth: add XOAUTH2 units
  • 8f1f9ef test/auth: use AUTH_METHODS enum
  • 72feca9 test: use destructured imports
  • d4ebf37 chore: update readme
  • 8a62345 email: add response module to public api
  • 6d8ad46 smtp: rename smtp.ts -> connection.ts
  • a2da2dd smtp: drop namespaces from re-exports
  • d42f95e smtp/error: convert makeSMTPError to static method of exported SMTPError class
  • 7b758cc test/client: correctness nit
  • efd3267 test/auth: verify methods work both encrypted & not
  • 6a1a707 test/auth: add no authentication unit
  • 6461e05 chore: nits
  • 66d4d7f test: sort auth & client units by file
  • b76a198 test: use finally instead of then+catch
  • c43189f smtp/client: update createMessageStack documentation
  • 5720441 chore: move bundled deps to devDependencies
  • 6a5833b smtp/client: use destructuring instead of indexing into array

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

strugee avatar Nov 27 '23 14:11 strugee