Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade mailparser from 2.7.7 to 3.6.7 #9

Open
wants to merge 1 commit into
base: blog-import
Choose a base branch
from
Open

[Snyk] Security upgrade mailparser from 2.7.7 to 3.6.7 #9

wants to merge 1 commit into from

Conversation

djdespot
Copy link
Owner

@djdespot djdespot commented Feb 1, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-NODEMAILER-6219989		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: mailparser The new version differs by 51 commits.
  • 6adad57 chore(master): release 3.6.7 [skip-ci] (#358)
  • 8bc4225 fix: ⬆️ update nodemailer dependency to resolve security issue GHSA-9h6g-pr28-7cqp (#357)
  • 3f8a516 chore(master): release 3.6.6 [skip-ci] (#354)
  • 6bae600 fix: Fix produced text address list string according to rfc 2822 (#340)
  • a2ba9c2 fix(test): updated test matrix (18, 20, 21)
  • 7d78cb9 removed node v16 from test matrix
  • d6eb56f fix(deploy): added auto-deployment
  • 92b73a2 v3.6.5
  • 5070a32 Replaces optional chaining
  • 80ba89e Fixes #346
  • ac11f78 v3.6.4
  • 38b7df2 Merge branch 'jonny64-v3.4.0_hang'
  • a645760 Do not repeat processing invalidly encoded address
  • ad0c383 Merge branch 'v3.4.0_hang' of github.com:jonny64/mailparser into jonny64-v3.4.0_hang
  • 694416e add test #337
  • dd33c76 remove redundant content type check
  • b1d6a25 v3.6.3
  • b1f0775 v3.6.2
  • 7bef1fc v3.6.1
  • 22ad3c6 Update package.json
  • beffb6e Updated test workflow
  • 3778c7c v3.6.0
  • dfdbe6f chore: bump libmime from 5.1.0 to 5.2.0
  • b6bba6e v3.5.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@djdespot @snyk-bot