chore: Security upgrade mailparser from 2.8.1 to 3.6.7 by svcprodsec-sendgrid · Pull Request #1393 · sendgrid/sendgrid-nodejs
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- packages/inbound-mail-parser/package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-NODEMAILER-6219989 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: mailparser
The new version differs by 47 commits.- 6adad57 chore(master): release 3.6.7 [skip-ci] (Substitution not working or sending custom data #358)
- 8bc4225 fix: ⬆️ update nodemailer dependency to resolve security issue GHSA-9h6g-pr28-7cqp (Improving test readability #357)
- 3f8a516 chore(master): release 3.6.6 [skip-ci] (fix: Make various TypeScript request components optional #354)
- 6bae600 fix: Fix produced text address list string according to rfc 2822 (typescript: error TS2305: '.../node_modules/sendgrid/index' has no exported member 'SendGrid' #340)
- a2ba9c2 fix(test): updated test matrix (18, 20, 21)
- 7d78cb9 removed node v16 from test matrix
- d6eb56f fix(deploy): added auto-deployment
- 92b73a2 v3.6.5
- 5070a32 Replaces optional chaining
- 80ba89e Fixes sendgrid.send gives {"code":"EPROTO","errno":"EPROTO","syscall":"write"} #346
- ac11f78 v3.6.4
- 38b7df2 Merge branch 'jonny64-v3.4.0_hang'
- a645760 Do not repeat processing invalidly encoded address
- ad0c383 Merge branch 'v3.4.0_hang' of github.com:jonny64/mailparser into jonny64-v3.4.0_hang
- 694416e add test Error message when trying to send transactional email #337
- dd33c76 remove redundant content type check
- b1d6a25 v3.6.3
- b1f0775 v3.6.2
- 7bef1fc v3.6.1
- 22ad3c6 Update package.json
- beffb6e Updated test workflow
- 3778c7c v3.6.0
- dfdbe6f chore: bump libmime from 5.1.0 to 5.2.0
- b6bba6e v3.5.0
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons: