search

nest-modules / mailer

📨 A mailer module for Nest framework (node.js)
https://nest-modules.github.io/mailer/
MIT License
846 stars 177 forks source link

Critical vulnerability in preview-email package #1143

Open jganczorz-revolve opened 7 months ago

jganczorz-revolve commented 7 months ago

Summary

As mentioned in a closed issue https://github.com/nest-modules/mailer/issues/1011, preview-email is not necessary in most of the production environments, but it is a required dependency of the mailer package.

Details

https://scout.docker.com/vulnerabilities/id/GMS-2020-2?s=gitlab&n=execa&t=npm&vr=%3C2.0.0

├─┬ @nestjs-modules/mailer@1.10.3
│ └─┬ preview-email@3.0.19
│   └─┬ display-notification@2.0.0
│     └─┬ run-applescript@3.2.0
│       └── execa@0.10.0
marisuxma commented 7 months ago

+1 this, please update the dependency or remove it!