create-volt 0.55.0 → 0.55.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,15 @@ All notable changes to `create-volt` are documented here. The format follows
|
|
|
4
4
|
[Keep a Changelog](https://keepachangelog.com/), and this project adheres to
|
|
5
5
|
[Semantic Versioning](https://semver.org/).
|
|
6
6
|
|
|
7
|
+
## [0.55.1] - 2026-07-05
|
|
8
|
+
|
|
9
|
+
### Security
|
|
10
|
+
- **Bump the scaffold's nodemailer pin `^6.10.1` → `^9.0.3`.** nodemailer <= 9.0.0
|
|
11
|
+
carries several high-severity advisories (email to an unintended domain, SMTP/CRLF
|
|
12
|
+
command injection, addressparser DoS, improper TLS validation, file-read/SSRF).
|
|
13
|
+
Apps that enable the mailer add-on now install the fixed 9.x — same
|
|
14
|
+
createTransport/sendMail/verify API, no code change.
|
|
15
|
+
|
|
7
16
|
## [0.55.0] - 2026-07-05
|
|
8
17
|
|
|
9
18
|
### Added
|
|
@@ -711,6 +720,7 @@ All notable changes to `create-volt` are documented here. The format follows
|
|
|
711
720
|
watching and full-page hot reload. Supports `--skip-install` and `--force`,
|
|
712
721
|
and auto-detects npm / pnpm / yarn / bun for the install step.
|
|
713
722
|
|
|
723
|
+
[0.55.1]: https://github.com/MIR-2025/volt/releases/tag/v0.55.1
|
|
714
724
|
[0.55.0]: https://github.com/MIR-2025/volt/releases/tag/v0.55.0
|
|
715
725
|
[0.54.0]: https://github.com/MIR-2025/volt/releases/tag/v0.54.0
|
|
716
726
|
[0.53.0]: https://github.com/MIR-2025/volt/releases/tag/v0.53.0
|
package/package.json
CHANGED
package/templates/blog/server.js
CHANGED
|
@@ -42,7 +42,7 @@ function configPort() {
|
|
|
42
42
|
const env = readEnvFile(); // --edit runs before loadEnv(), so read the file too
|
|
43
43
|
return cliPort() || Number(process.env.CONFIG_PORT) || Number(env.CONFIG_PORT) || CONFIG_DEFAULT_PORT;
|
|
44
44
|
}
|
|
45
|
-
const PKG_VERSIONS = { mongodb: "^6.21.0", mysql2: "^3.22.5", pg: "^8.22.0", nodemailer: "^
|
|
45
|
+
const PKG_VERSIONS = { mongodb: "^6.21.0", mysql2: "^3.22.5", pg: "^8.22.0", nodemailer: "^9.0.3", marked: "^18.0.5", busboy: "^1.6.0", "@aws-sdk/client-s3": "^3.1075.0" };
|
|
46
46
|
const LIB_FILE = { db: "store.js", mailer: "mailer.js", auth: "auth.js", realtime: "realtime.js", pages: "pages.js", posts: "posts.js", media: "media.js" };
|
|
47
47
|
|
|
48
48
|
// --- tiny .env loader (no dependency); never overrides an existing env var ---
|
|
@@ -42,7 +42,7 @@ function configPort() {
|
|
|
42
42
|
const env = readEnvFile(); // --edit runs before loadEnv(), so read the file too
|
|
43
43
|
return cliPort() || Number(process.env.CONFIG_PORT) || Number(env.CONFIG_PORT) || CONFIG_DEFAULT_PORT;
|
|
44
44
|
}
|
|
45
|
-
const PKG_VERSIONS = { mongodb: "^6.21.0", mysql2: "^3.22.5", pg: "^8.22.0", nodemailer: "^
|
|
45
|
+
const PKG_VERSIONS = { mongodb: "^6.21.0", mysql2: "^3.22.5", pg: "^8.22.0", nodemailer: "^9.0.3", marked: "^18.0.5", busboy: "^1.6.0", "@aws-sdk/client-s3": "^3.1075.0" };
|
|
46
46
|
const LIB_FILE = { db: "store.js", mailer: "mailer.js", auth: "auth.js", realtime: "realtime.js", pages: "pages.js", posts: "posts.js", media: "media.js" };
|
|
47
47
|
|
|
48
48
|
// --- tiny .env loader (no dependency); never overrides an existing env var ---
|
package/templates/docs/server.js
CHANGED
|
@@ -42,7 +42,7 @@ function configPort() {
|
|
|
42
42
|
const env = readEnvFile(); // --edit runs before loadEnv(), so read the file too
|
|
43
43
|
return cliPort() || Number(process.env.CONFIG_PORT) || Number(env.CONFIG_PORT) || CONFIG_DEFAULT_PORT;
|
|
44
44
|
}
|
|
45
|
-
const PKG_VERSIONS = { mongodb: "^6.21.0", mysql2: "^3.22.5", pg: "^8.22.0", nodemailer: "^
|
|
45
|
+
const PKG_VERSIONS = { mongodb: "^6.21.0", mysql2: "^3.22.5", pg: "^8.22.0", nodemailer: "^9.0.3", marked: "^18.0.5", busboy: "^1.6.0", "@aws-sdk/client-s3": "^3.1075.0" };
|
|
46
46
|
const LIB_FILE = { db: "store.js", mailer: "mailer.js", auth: "auth.js", realtime: "realtime.js", pages: "pages.js", posts: "posts.js", media: "media.js" };
|
|
47
47
|
|
|
48
48
|
// --- tiny .env loader (no dependency); never overrides an existing env var ---
|
|
@@ -43,7 +43,7 @@ function configPort() {
|
|
|
43
43
|
const env = readEnvFile(); // --edit runs before loadEnv(), so read the file too
|
|
44
44
|
return cliPort() || Number(process.env.CONFIG_PORT) || Number(env.CONFIG_PORT) || CONFIG_DEFAULT_PORT;
|
|
45
45
|
}
|
|
46
|
-
const PKG_VERSIONS = { mongodb: "^6.21.0", mysql2: "^3.22.5", pg: "^8.22.0", nodemailer: "^
|
|
46
|
+
const PKG_VERSIONS = { mongodb: "^6.21.0", mysql2: "^3.22.5", pg: "^8.22.0", nodemailer: "^9.0.3", marked: "^18.0.5", busboy: "^1.6.0", "@aws-sdk/client-s3": "^3.1075.0" };
|
|
47
47
|
const LIB_FILE = { db: "store.js", mailer: "mailer.js", auth: "auth.js", realtime: "realtime.js", pages: "pages.js", posts: "posts.js", media: "media.js" };
|
|
48
48
|
|
|
49
49
|
// --- tiny .env loader (no dependency); never overrides an existing env var ---
|