New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade wildduck from 1.21.0 to 1.37.0 #20

Open

snyk-bot wants to merge 1 commit into master from snyk-fix-d3683f97323abeff2339ac72aa706f72

snyk-bot commented Jul 19, 2022

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	No	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	No	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	No	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	No	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: wildduck

The new version differs by 250 commits.

a1a77d2 Merge pull request #410 from nodemailer/1.37.0
14d2351 v1.37.0
6fd546a Merge pull request #409 from nodemailer/feature-update-range-end
70afcd4 Allow range from UID to end for message updates
32555ca Merge pull request #408 from nodemailer/fix-extra-pull
6a5e6f7 Removed extra $pull
6a7d8f2 Merge pull request #407 from nodemailer/settings-related-fixes
aaa28c1 Updated package.json for CI tests
0c11dff updated workflow file
6907c93 updated workflow file
be7c9a4 updated workflow file
7c98fbd updated workflow file
efdf75f updated workflow file
a7b8d54 updated workflow file
a7514e8 updated workflow file
d63462a updated workflow file
56314cc updated workflow file
019a422 updated workflow file
8a16aea updated workflow file
0157685 updated workflow file
5b6b506 Use Github actions to run tests
04ba496 bunch of fixes
25e79a3 Merge pull request #406 from nodemailer/feature-limit-asps
f8af999 allow to configure ASP limit dynamically

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect
🦉 Prototype Pollution


          fix: package.json to reduce vulnerabilities

baa3222

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2330875
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2331908
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430337
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430339
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430341

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet