search

yads / nodemailer-express-handlebars

A plugin for nodemailer that uses express-handlebars view engine to generate emails
87 stars 30 forks source link

Breaking changes between 4.0.0 and 5.0.0? #56

Closed Thomas-1985 closed 1 year ago

Thomas-1985 commented 2 years ago

Hi

I need to update this package in my project to address a security vulnerability message with npm audit (i have version 4.0.0 installed)

express-handlebars  <5.3.1
Severity: high
Insecure template handling in Express-handlebars - https://github.com/advisories/GHSA-fr76-2wp8-fp92
fix available via `npm audit fix --force`
Will install nodemailer-express-handlebars@5.0.0, which is a breaking change
node_modules/express-handlebars
  nodemailer-express-handlebars  <=4.0.0
  Depends on vulnerable versions of express-handlebars
  node_modules/nodemailer-express-handlebars

Are there any breaking changes between version 4 and 5?

Best, Thomas

yads commented 1 year ago

The breaking change is the required version of express-handlebars