developmint.de icon indicating copy to clipboard operation
developmint.de copied to clipboard
verified publisher icon Developmint

chore(deps): update dependency nodemailer to v6.6.1 [security]

Open renovate[bot] opened this issue 3 years ago • 0 comments

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
nodemailer (source) 6.3.0 -> 6.6.1 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2020-7769

This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails.

CVE-2021-23400

The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.

Release Notes

nodemailer/nodemailer (nodemailer)

v6.6.1

Compare Source

  • Fixed address formatting issue where newlines in an email address, if provided via address object, were not properly removed. Reported by tmazeika (#​1289)

v6.6.0

Compare Source

  • Added new option newline for MailComposer
  • aws ses connection verification (Ognjen Jevremovic)

v6.5.0

Compare Source

  • Pass through textEncoding to subnodes
  • Added support for AWS SES v3 SDK
  • Fixed tests

v6.4.18

Compare Source

  • Updated README

v6.4.17

Compare Source

  • Allow mixing attachments with caendar alternatives

v6.4.16

Compare Source

  • Applied updated prettier formating rules

v6.4.15

Compare Source

  • Minor changes in header key casing

v6.4.14

Compare Source

  • Disabled postinstall script

v6.4.13

Compare Source

  • Fix normalizeHeaderKey method for single node messages

v6.4.12

Compare Source

  • Better handling of attachment filenames that include quote symbols
  • Includes all information from the oath2 error response in the error message (Normal Gaussian) [1787f22]

v6.4.11

Compare Source

  • Fixed escape sequence handling in address parsing

v6.4.10

Compare Source

  • Fixed RFC822 output for MailComposer when using invalid content-type value. Mostly relevant if message attachments have stragne content-type values set.

v6.4.8

Compare Source

v6.4.7

Compare Source

  • Always set charset=utf-8 for Content-Type headers
  • Catch error when using invalid crypto.sign input

v6.4.6

Compare Source

  • fix: requeueAttempts=n should requeue n times (Patrick Malouin) [a27ed2f]

v6.4.5

Compare Source

v6.4.4

Compare Source

  • Add options.forceAuth for SMTP (Patrick Malouin) [a27ed2f]

v6.4.3

Compare Source

  • Added an option to specify max number of requeues when connection closes unexpectedly (Igor Sechyn) [8a927f5]

v6.4.2

Compare Source

  • Fixed bug where array item was used with a potentially empty array

v6.4.1

Compare Source

  • Updated README

v6.4.0

Compare Source

  • Do not use auth if server does not advertise AUTH support [f419b09]
  • add dns.CONNREFUSED (Hiroyuki Okada) [5c4c8ca]

v6.3.1

Compare Source

  • Ignore "end" events because it might be "error" after it (dex4er) [72bade9]
  • Set username and password on the connection proxy object correctly (UsamaAshraf) [250b1a8]
  • Support more DNS errors (madarche) [2391aa4]

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] avatar Mar 07 '22 10:03 renovate[bot]