Vulnerability fix : bump mailgun-js

orliesaurus / nodemailer-mailgun-transport

nodemailer is an amazing node module to send emails within any of your nodejs apps. This is the transport plugin that goes with nodemailer to send email using Mailgun 🔫

MIT License

880 stars 97 forks source link

Vulnerability fix : bump mailgun-js #66

Closed Ilshidur closed 6 years ago

Ilshidur commented 6 years ago

This fixes 3 known vulnerabilities which are :

2 Regular Expression Denial of Service vulnerability
1 Uninitialized Memory Exposure

By bumping the mailgun-js package (from 0.7.10 to 0.13.1), all these vulnerabilities get fixed because they were all caused by this underlying package.

orliesaurus commented 6 years ago

Cheers!

Ilshidur commented 6 years ago

Is it possible to have a release cut for this fix ? Thanks !

orliesaurus commented 6 years ago

what's a release "cut"?

Ilshidur commented 6 years ago

Oops sorry for my english. I meant "cut a release" for the changes of this PR, so everyone can access the fix on npm :-)

orliesaurus commented 6 years ago

Oh yeah that makes sense - I've published them on npm now 👍 do you know if there's a simple way to directly publish from github to npm? that would be neat!

Ilshidur commented 6 years ago

Great ! Thanks. As far as I know, I don't think there is an existing tool for this. If I find something, I'll let you know.