sendgrid-nodejs
sendgrid-nodejs copied to clipboard
chore: Security upgrade mailparser from 2.8.1 to 3.6.7
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- packages/inbound-mail-parser/package.json
Vulnerabilities that will be fixed
With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
---|---|---|---|---|
658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-NODEMAILER-6219989 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: mailparser
The new version differs by 47 commits.- 6adad57 chore(master): release 3.6.7 [skip-ci] (#358)
- 8bc4225 fix: :arrow_up: update nodemailer dependency to resolve security issue GHSA-9h6g-pr28-7cqp (#357)
- 3f8a516 chore(master): release 3.6.6 [skip-ci] (#354)
- 6bae600 fix: Fix produced text address list string according to rfc 2822 (#340)
- a2ba9c2 fix(test): updated test matrix (18, 20, 21)
- 7d78cb9 removed node v16 from test matrix
- d6eb56f fix(deploy): added auto-deployment
- 92b73a2 v3.6.5
- 5070a32 Replaces optional chaining
- 80ba89e Fixes #346
- ac11f78 v3.6.4
- 38b7df2 Merge branch 'jonny64-v3.4.0_hang'
- a645760 Do not repeat processing invalidly encoded address
- ad0c383 Merge branch 'v3.4.0_hang' of github.com:jonny64/mailparser into jonny64-v3.4.0_hang
- 694416e add test #337
- dd33c76 remove redundant content type check
- b1d6a25 v3.6.3
- b1f0775 v3.6.2
- 7bef1fc v3.6.1
- 22ad3c6 Update package.json
- beffb6e Updated test workflow
- 3778c7c v3.6.0
- dfdbe6f chore: bump libmime from 5.1.0 to 5.2.0
- b6bba6e v3.5.0
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons: