search

sahat / hackathon-starter

A boilerplate for Node.js web applications
MIT License
34.8k stars 8.16k forks source link

Migrate off nodemailer-sendgrid #1231

Closed YasharF closed 1 year ago

YasharF commented 1 year ago

The package is unmaintained and using a vulnerable dependency:

request  *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
Depends on vulnerable versions of tough-cookie
No fix available
node_modules/node-quickbooks/node_modules/request
node_modules/request
  @sendgrid/client  <=6.5.5
  Depends on vulnerable versions of request
  node_modules/@sendgrid/client
    @sendgrid/mail  <=6.5.5
    Depends on vulnerable versions of @sendgrid/client
    node_modules/@sendgrid/mail
      nodemailer-sendgrid  *
      Depends on vulnerable versions of @sendgrid/mail
      node_modules/nodemailer-sendgrid
YasharF commented 1 year ago

The official library from SendGrid https://github.com/sendgrid/nodemailer-sendgrid-transport has also been deprecated and no longer supported by SendGrid.

YasharF commented 1 year ago

Fixed by https://github.com/sahat/hackathon-starter/commit/0c8048a02c363b971a73be9a616fc08e5e696f04