node-serverless-reports icon indicating copy to clipboard operation
node-serverless-reports copied to clipboard

Published 20 hours ago verified publisher icon wimagguc

[Snyk] Security upgrade nodemailer from 2.7.2 to 4.0.1

Open wimagguc opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 823/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6		 Server-side Request Forgery (SSRF)
SNYK-JS-IP-6240864		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: nodemailer The new version differs by 45 commits.
  • 8b5990c v4.0.1
  • f09556f Fixed LMTP greeting for STARTTLS
  • 935d26f Merge branch 'master' of github.com:nodemailer/nodemailer
  • fe919ab v4.0.0
  • aa61bc2 Update ISSUE_TEMPLATE.md
  • 9b4f90a v3.1.8. Fixed List-* headers
  • c2d6d41 v3.1.7
  • 86f2b86 v3.1.6
  • f2389b9 v3.1.5
  • e25807e added mailosaur wo well-known services
  • 3065a64 v3.1.4
  • f5edfc9 Fixed DKIM calculation for empty body
  • ef202df v3.1.3
  • 4397e7f Added .verify() method for SES. Tries to send mail to invalid address
  • 0097988 v3.1.2
  • cca3b8c Add error handling for SES and sendmail tranports for failing messages
  • 315eb22 v3.1.1
  • aba7bd6 Added missing transport.on('idle') and transport.isIdle() for SES transports
  • 689f834 v3.1.0
  • 3c3d920 Supress Message-ID and Date in DKIM headers when using SES
  • 8819548 updated message-id handling for SES
  • 645dd95 Merge branch 'master' of github.com:nodemailer/nodemailer
  • 5cadb3f Initial support for SES
  • 1ceab54 Added some missing tests for icalEvent

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)

wimagguc avatar Feb 12 '24 03:02 wimagguc