[Snyk] Upgrade nodemailer from 6.4.14 to 6.9.14 #202

MRdevX · 2024-07-12T11:17:55Z

This PR was automatically created by Snyk using the credentials of a real user.

![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade nodemailer from 6.4.14 to 6.9.14.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 36 versions ahead of your current version.
The recommended version was released on 23 days ago.

Issues fixed by the recommended upgrade:

Issue	Score	Exploit Maturity
Prototype Pollution SNYK-JS-ASYNC-2441827	506	Proof of Concept
Prototype Pollution SNYK-JS-ASYNC-2441827	506	Proof of Concept
Prototype Poisoning SNYK-JS-QS-3153490	506	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	506	Proof of Concept
Code Injection SNYK-JS-LODASH-1040724	506	Proof of Concept
Directory Traversal SNYK-JS-MOMENT-2440688	506	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	506	Proof of Concept
Uncontrolled resource consumption SNYK-JS-BRACES-6838727	506	Proof of Concept
Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	506	Proof of Concept
Prototype Pollution SNYK-JS-MONGOOSE-2961688	506	Proof of Concept
Prototype Pollution SNYK-JS-MONGOOSE-5777721	506	Proof of Concept
Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	506	Proof of Concept
Prototype Pollution SNYK-JS-MQUERY-1050858	506	Proof of Concept
Prototype Pollution SNYK-JS-MQUERY-1089718	506	Proof of Concept
Command Injection SNYK-JS-SYSTEMINFORMATION-1050436	506	Proof of Concept
Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-1089716	506	Proof of Concept
Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-6056519	506	Proof of Concept
Command Injection SNYK-JS-NODEMAILER-1038834	506	Proof of Concept
Command Injection SNYK-JS-SYSTEMINFORMATION-1074913	506	Mature
Command Injection SNYK-JS-VIZION-565230	506	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	506	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	506	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	506	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ASYNC-7414156	506	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	506	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ASYNC-7414156	506	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ASYNC-7414156	506	No Known Exploit
Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	506	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	506	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	506	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-SIDEWAYFORMULA-3317169	506	No Known Exploit
Server-side Request Forgery (SSRF) SNYK-JS-SWAGGERUIDIST-2314884	506	Mature
Information Exposure SNYK-JS-MONGODB-5871303	506	No Known Exploit
Open Redirect SNYK-JS-EXPRESS-6474509	506	No Known Exploit
Prototype Pollution SNYK-JS-MONGOOSE-1086688	506	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	506	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	506	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	506	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	506	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	506	Proof of Concept
Prototype Pollution SNYK-JS-MPATH-1577289	506	Proof of Concept
Server-side Request Forgery (SSRF) SNYK-JS-SWAGGERUIDIST-6056393	506	Proof of Concept
Server-side Request Forgery (SSRF) SNYK-JS-SWAGGERUIEXPRESS-6815423	506	Proof of Concept
Server-side Request Forgery (SSRF) SNYK-JS-SWAGGERUIEXPRESS-6815424	506	Mature
Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	506	Proof of Concept
HTTP Header Injection SNYK-JS-NODEMAILER-1296415	506	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-NODEMAILER-6219989	506	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	506	Proof of Concept
Denial of Service (DoS) SNYK-JS-SYSTEMINFORMATION-1073627	506	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	506	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	506	Proof of Concept
Server-side Request Forgery (SSRF) SNYK-JS-SYSTEMINFORMATION-1078290	506	Proof of Concept
Arbitrary Command Injection SNYK-JS-SYSTEMINFORMATION-1243748	506	No Known Exploit
Improper Input Validation SNYK-JS-SYSTEMINFORMATION-1244526	506	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	506	Proof of Concept
Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	506	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:debug:20170905	506	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:debug:20170905	506	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:debug:20170905	506	Proof of Concept
Prototype Pollution SNYK-JS-SYSTEMINFORMATION-1043753	506	No Known Exploit
Prototype Pollution SNYK-JS-SYSTEMINFORMATION-1047312	506	No Known Exploit

Release notes

Package name: nodemailer

6.9.14 - 2024-06-19
6.9.14 (2024-06-19)

Bug Fixes
- api: Added support for Ethereal authentication (56b2205)
- services.json: Add Email Services Provider Feishu Mail (CN) (#1648) (e9e9ecc)
- services.json: update Mailtrap host and port in well known (#1652) (fc2c9ea)
- well-known-services: Add Loopia in well known services (#1655) (21a28a1)
6.9.13 - 2024-03-20
6.9.13 (2024-03-20)

Bug Fixes
- tls: Ensure servername for SMTP (d66fdd3)
6.9.12 - 2024-03-08
6.9.12 (2024-03-08)

Bug Fixes
- message-generation: Escape single quote in address names (4ae5fad)
6.9.11 - 2024-02-29
6.9.11 (2024-02-29)

Bug Fixes
- headers: Ensure that Content-type is the bottom header (c7cf97e)
6.9.10 - 2024-02-22
6.9.10 (2024-02-22)

Bug Fixes
- data-uri: Do not use regular expressions for parsing data URI schemes (12e65e9)
- data-uri: Moved all data-uri regexes to use the non-regex parseDataUri method (edd5dfe)
6.9.9 - 2024-02-01
6.9.9 (2024-02-01)

Bug Fixes
- security: Fix issues described in GHSA-9h6g-pr28-7cqp. Do not use eternal matching pattern if only a few occurences are expected (dd8f5e8)
- tests: Use native node test runner, added code coverage support, removed grunt (#1604) (be45c1b)
6.9.8 - 2023-12-30
6.9.8 (2023-12-30)

Bug Fixes
- punycode: do not use native punycode module (b4d0e0c)
6.9.7 - 2023-10-22
6.9.7 (2023-10-22)

Bug Fixes
- customAuth: Do not require user and pass to be set for custom authentication schemes (fixes #1584) (41d482c)
6.9.6 - 2023-10-09
6.9.6 (2023-10-09)

Bug Fixes
- inline: Use 'inline' as the default Content Dispostion value for embedded images (db32c93)
- tests: Removed Node v12 from test matrix as it is not compatible with the test framework anymore (7fe0a60)
6.9.5 - 2023-09-06
6.9.5 (2023-09-06)

Bug Fixes
- license: Updated license year (da4744e)
6.9.4 - 2023-07-19
6.9.3 - 2023-05-29
6.9.2 - 2023-05-11
6.9.1 - 2023-01-27
6.9.0 - 2023-01-12
6.8.0 - 2022-09-28
6.7.8 - 2022-08-11
6.7.7 - 2022-07-06
6.7.6 - 2022-06-30
6.7.5 - 2022-05-04
6.7.4 - 2022-04-28
6.7.3 - 2022-03-21
6.7.2 - 2021-11-26
6.7.1 - 2021-11-15
6.7.0 - 2021-10-11
6.6.5 - 2021-09-23
6.6.4 - 2021-09-23
6.6.3 - 2021-07-14
6.6.2 - 2021-06-18
6.6.1 - 2021-05-23
6.6.0 - 2021-04-28
6.5.0 - 2021-02-26
6.4.18 - 2021-02-11
6.4.17 - 2020-12-11
6.4.16 - 2020-11-12
6.4.15 - 2020-11-06
6.4.14 - 2020-10-14

from nodemailer GitHub release notes

Important

Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.
Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade nodemailer from 6.4.14 to 6.9.14. See this package in npm: nodemailer See this project in Snyk: https://app.snyk.io/org/m8rashidi/project/d6ac0ae4-fc5a-47fb-b858-5f4a05d81990?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade nodemailer from 6.4.14 to 6.9.14 #202

[Snyk] Upgrade nodemailer from 6.4.14 to 6.9.14 #202

MRdevX commented Jul 12, 2024

6.9.14 (2024-06-19)

Bug Fixes

6.9.13 (2024-03-20)

Bug Fixes

6.9.12 (2024-03-08)

Bug Fixes

6.9.11 (2024-02-29)

Bug Fixes

6.9.10 (2024-02-22)

Bug Fixes

6.9.9 (2024-02-01)

Bug Fixes

6.9.8 (2023-12-30)

Bug Fixes

6.9.7 (2023-10-22)

Bug Fixes

6.9.6 (2023-10-09)

Bug Fixes

6.9.5 (2023-09-06)

Bug Fixes

[Snyk] Upgrade nodemailer from 6.4.14 to 6.9.14 #202

Are you sure you want to change the base?

[Snyk] Upgrade nodemailer from 6.4.14 to 6.9.14 #202

Conversation

MRdevX commented Jul 12, 2024

Snyk has created this PR to upgrade nodemailer from 6.4.14 to 6.9.14.

Issues fixed by the recommended upgrade:

6.9.14 (2024-06-19)

Bug Fixes

6.9.13 (2024-03-20)

Bug Fixes

6.9.12 (2024-03-08)

Bug Fixes

6.9.11 (2024-02-29)

Bug Fixes

6.9.10 (2024-02-22)

Bug Fixes

6.9.9 (2024-02-01)

Bug Fixes

6.9.8 (2023-12-30)

Bug Fixes

6.9.7 (2023-10-22)

Bug Fixes

6.9.6 (2023-10-09)

Bug Fixes

6.9.5 (2023-09-06)

Bug Fixes