Skip to content
This repository has been archived by the owner on Oct 24, 2023. It is now read-only.

chore(deps): update dependency nodemailer to v6.6.1 [security] #112

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update dependency nodemailer to v6.6.1 [security] #112

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 7, 2022
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
nodemailer (source) 6.3.0 -> 6.6.1 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2020-7769

This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails.

CVE-2021-23400

The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.

Release Notes

nodemailer/nodemailer (nodemailer)

v6.6.1

Compare Source

  • Fixed address formatting issue where newlines in an email address, if provided via address object, were not properly removed. Reported by tmazeika (#​1289)

v6.6.0

Compare Source

  • Added new option newline for MailComposer
  • aws ses connection verification (Ognjen Jevremovic)

v6.5.0

Compare Source

  • Pass through textEncoding to subnodes
  • Added support for AWS SES v3 SDK
  • Fixed tests

v6.4.18

Compare Source

  • Updated README

v6.4.17

Compare Source

  • Allow mixing attachments with caendar alternatives

v6.4.16

Compare Source

  • Applied updated prettier formating rules

v6.4.15

Compare Source

  • Minor changes in header key casing

v6.4.14

Compare Source

  • Disabled postinstall script

v6.4.13

Compare Source

  • Fix normalizeHeaderKey method for single node messages

v6.4.12

Compare Source

  • Better handling of attachment filenames that include quote symbols
  • Includes all information from the oath2 error response in the error message (Normal Gaussian) [1787f22]

v6.4.11

Compare Source

  • Fixed escape sequence handling in address parsing

v6.4.10

Compare Source

  • Fixed RFC822 output for MailComposer when using invalid content-type value. Mostly relevant if message attachments have stragne content-type values set.

v6.4.8

Compare Source

v6.4.7

Compare Source

  • Always set charset=utf-8 for Content-Type headers
  • Catch error when using invalid crypto.sign input

v6.4.6

Compare Source

  • fix: requeueAttempts=n should requeue n times (Patrick Malouin) [a27ed2f]

v6.4.5

Compare Source

v6.4.4

Compare Source

  • Add options.forceAuth for SMTP (Patrick Malouin) [a27ed2f]

v6.4.3

Compare Source

  • Added an option to specify max number of requeues when connection closes unexpectedly (Igor Sechyn) [8a927f5]

v6.4.2

Compare Source

  • Fixed bug where array item was used with a potentially empty array

v6.4.1

Compare Source

  • Updated README

v6.4.0

Compare Source

  • Do not use auth if server does not advertise AUTH support [f419b09]
  • add dns.CONNREFUSED (Hiroyuki Okada) [5c4c8ca]

v6.3.1

Compare Source

  • Ignore "end" events because it might be "error" after it (dex4er) [72bade9]
  • Set username and password on the connection proxy object correctly (UsamaAshraf) [250b1a8]
  • Support more DNS errors (madarche) [2391aa4]

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot force-pushed the renovate/npm-nodemailer-vulnerability branch from 7e47937 to 2ef1c48 Compare March 26, 2022 15:47
@renovate renovate bot force-pushed the renovate/npm-nodemailer-vulnerability branch from 2ef1c48 to 109bc70 Compare May 16, 2022 01:59
@renovate renovate bot force-pushed the renovate/npm-nodemailer-vulnerability branch from 109bc70 to 933b667 Compare September 25, 2022 23:13
@renovate renovate bot force-pushed the renovate/npm-nodemailer-vulnerability branch from 933b667 to 4d7f4fa Compare November 20, 2022 17:26
@renovate renovate bot force-pushed the renovate/npm-nodemailer-vulnerability branch from 4d7f4fa to e6a0d21 Compare March 16, 2023 08:49
@renovate renovate bot force-pushed the renovate/npm-nodemailer-vulnerability branch from e6a0d21 to 00a3e3a Compare March 24, 2023 22:04
@renovate renovate bot changed the title chore(deps): update dependency nodemailer to v6.4.16 [security] chore(deps): update dependency nodemailer to v6.6.1 [security] May 28, 2023
@renovate renovate bot force-pushed the renovate/npm-nodemailer-vulnerability branch from 00a3e3a to 0634840 Compare May 28, 2023 11:52
@renovate renovate bot force-pushed the renovate/npm-nodemailer-vulnerability branch from 0634840 to 3155fb9 Compare June 4, 2023 12:19
@renovate renovate bot force-pushed the renovate/npm-nodemailer-vulnerability branch from 3155fb9 to ce3fd43 Compare July 19, 2023 11:27
@renovate renovate bot force-pushed the renovate/npm-nodemailer-vulnerability branch from ce3fd43 to 91cb586 Compare September 19, 2023 10:54
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants