Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency nodemailer to v6.6.1 [SECURITY] #166

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Update dependency nodemailer to v6.6.1 [SECURITY] #166

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented May 30, 2023
edited

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
nodemailer (source) 6.4.2 -> 6.6.1 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2021-23400

The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.

Release Notes

nodemailer/nodemailer (nodemailer)

v6.6.1

Compare Source

  • Fixed address formatting issue where newlines in an email address, if provided via address object, were not properly removed. Reported by tmazeika (#​1289)

v6.6.0

Compare Source

  • Added new option newline for MailComposer
  • aws ses connection verification (Ognjen Jevremovic)

v6.5.0

Compare Source

  • Pass through textEncoding to subnodes
  • Added support for AWS SES v3 SDK
  • Fixed tests

v6.4.18

Compare Source

  • Updated README

v6.4.17

Compare Source

  • Allow mixing attachments with caendar alternatives

v6.4.16

Compare Source

  • Applied updated prettier formating rules

v6.4.15

Compare Source

  • Minor changes in header key casing

v6.4.14

Compare Source

  • Disabled postinstall script

v6.4.13

Compare Source

  • Fix normalizeHeaderKey method for single node messages

v6.4.12

Compare Source

  • Better handling of attachment filenames that include quote symbols
  • Includes all information from the oath2 error response in the error message (Normal Gaussian) [1787f22]

v6.4.11

Compare Source

  • Fixed escape sequence handling in address parsing

v6.4.10

Compare Source

  • Fixed RFC822 output for MailComposer when using invalid content-type value. Mostly relevant if message attachments have stragne content-type values set.

v6.4.8

Compare Source

v6.4.7

Compare Source

  • Always set charset=utf-8 for Content-Type headers
  • Catch error when using invalid crypto.sign input

v6.4.6

Compare Source

  • fix: requeueAttempts=n should requeue n times (Patrick Malouin) [a27ed2f]

v6.4.5

Compare Source

v6.4.4

Compare Source

  • Add options.forceAuth for SMTP (Patrick Malouin) [a27ed2f]

v6.4.3

Compare Source

  • Added an option to specify max number of requeues when connection closes unexpectedly (Igor Sechyn) [8a927f5]

Configuration

πŸ“… Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot force-pushed the renovate/npm-nodemailer-vulnerability branch from 75926b5 to 9a90b0f Compare July 20, 2023 20:36
@renovate renovate bot force-pushed the renovate/npm-nodemailer-vulnerability branch from 9a90b0f to 6d11bfd Compare September 19, 2023 20:28
@renovate renovate bot force-pushed the renovate/npm-nodemailer-vulnerability branch from 6d11bfd to e528b26 Compare October 10, 2023 05:55
@renovate renovate bot force-pushed the renovate/npm-nodemailer-vulnerability branch from e528b26 to ba00fa8 Compare October 24, 2023 11:51
@renovate renovate bot force-pushed the renovate/npm-nodemailer-vulnerability branch 2 times, most recently from 98f202c to 12ba0e7 Compare February 5, 2024 04:48
@renovate renovate bot force-pushed the renovate/npm-nodemailer-vulnerability branch from 12ba0e7 to a17009c Compare February 26, 2024 02:19
@renovate renovate bot force-pushed the renovate/npm-nodemailer-vulnerability branch from a17009c to 5294931 Compare March 13, 2024 08:39
@renovate renovate bot force-pushed the renovate/npm-nodemailer-vulnerability branch from 5294931 to 6228c1a Compare March 21, 2024 05:58
@codeclimate CodeClimate
Copy link

codeclimate bot commented Mar 21, 2024

Code Climate has analyzed commit 6228c1a and detected 0 issues on this pull request.

View more on Code Climate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants