elit 3.6.9 → 3.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (50) hide show
  1. package/Cargo.lock +380 -449
  2. package/Cargo.toml +3 -3
  3. package/dist/build.cjs +1 -1
  4. package/dist/build.d.ts +1 -1
  5. package/dist/build.js +14 -10
  6. package/dist/build.mjs +1 -1
  7. package/dist/cli.cjs +1629 -6432
  8. package/dist/cli.d.ts +10 -3
  9. package/dist/cli.mjs +1633 -6436
  10. package/dist/config.cjs +7 -2
  11. package/dist/config.d.ts +4 -4
  12. package/dist/config.js +20 -11
  13. package/dist/config.mjs +7 -2
  14. package/dist/{contracts-D7KIS-TK.d.ts → contracts-Av9yuqDM.d.ts} +11 -4
  15. package/dist/dev-build.d.ts +2 -1
  16. package/dist/dev-build.js +13 -9
  17. package/dist/https.cjs +7 -2
  18. package/dist/https.js +7 -2
  19. package/dist/https.mjs +7 -2
  20. package/dist/index.cjs +340 -52
  21. package/dist/index.d.ts +1 -1
  22. package/dist/index.js +340 -52
  23. package/dist/index.mjs +340 -52
  24. package/dist/native.cjs +340 -52
  25. package/dist/native.js +340 -52
  26. package/dist/native.mjs +340 -52
  27. package/dist/pm.cjs +7 -2
  28. package/dist/pm.d.ts +3 -3
  29. package/dist/pm.js +20 -11
  30. package/dist/pm.mjs +7 -2
  31. package/dist/preview-build.d.ts +2 -2
  32. package/dist/preview-build.js +13 -9
  33. package/dist/server.cjs +877 -5993
  34. package/dist/server.d.ts +3 -2
  35. package/dist/server.js +12199 -4468
  36. package/dist/server.mjs +877 -5993
  37. package/dist/smtp-server.js +514 -44
  38. package/dist/test-runtime.cjs +20 -0
  39. package/dist/test-runtime.js +33 -9
  40. package/dist/test-runtime.mjs +20 -0
  41. package/dist/test.cjs +27 -2
  42. package/dist/test.js +40 -11
  43. package/dist/test.mjs +27 -2
  44. package/dist/{types-fiLday0L.d.ts → types-BjkTamLI.d.ts} +14 -0
  45. package/dist/{types-BayMVo_k.d.ts → types-DdL_S7pL.d.ts} +8 -2
  46. package/dist/types.d.ts +56 -36
  47. package/dist/wss.cjs +7 -2
  48. package/dist/wss.js +7 -2
  49. package/dist/wss.mjs +7 -2
  50. package/package.json +7 -2
@@ -12,11 +12,20 @@
12
12
  if (typeof require !== "undefined") return require.apply(this, arguments);
13
13
  throw Error('Dynamic require of "' + x + '" is not supported');
14
14
  });
15
- var __esm = (fn, res) => function __init() {
16
- return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
15
+ var __esm = (fn, res, err) => function __init() {
16
+ if (err) throw err[0];
17
+ try {
18
+ return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
19
+ } catch (e) {
20
+ throw err = [e], e;
21
+ }
17
22
  };
18
23
  var __commonJS = (cb, mod) => function __require2() {
19
- return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
24
+ try {
25
+ return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
26
+ } catch (e) {
27
+ throw mod = 0, e;
28
+ }
20
29
  };
21
30
  var __export = (target, all) => {
22
31
  for (var name in all)
@@ -77,6 +86,8 @@
77
86
  this._maxBytes = maxBytes && Number(maxBytes) || Infinity;
78
87
  this.dataBytes = 0;
79
88
  this._dataStream = new PassThrough();
89
+ this._dataStream.byteLength = 0;
90
+ this._dataStream.sizeExceeded = false;
80
91
  return this._dataStream;
81
92
  }
82
93
  /**
@@ -91,6 +102,21 @@
91
102
  }
92
103
  }
93
104
  // PRIVATE METHODS
105
+ /**
106
+ * Counts emitted data bytes and keeps the byteLength/sizeExceeded
107
+ * properties of the data stream up to date while the message is still
108
+ * being received, so that applications can detect an oversized message
109
+ * mid-transfer instead of only after the stream has ended
110
+ */
111
+ _countDataBytes(len) {
112
+ this.dataBytes += len;
113
+ if (this._dataStream) {
114
+ this._dataStream.byteLength = this.dataBytes;
115
+ if (this.dataBytes > this._maxBytes) {
116
+ this._dataStream.sizeExceeded = true;
117
+ }
118
+ }
119
+ }
94
120
  /**
95
121
  * Writable._write method.
96
122
  */
@@ -169,7 +195,7 @@
169
195
  if (Buffer.compare(chunk.slice(i - 2, i + 3), endseq) === 0) {
170
196
  if (i > 2) {
171
197
  buf = chunk.slice(0, i);
172
- this.dataBytes += buf.length;
198
+ this._countDataBytes(buf.length);
173
199
  this._endDataMode(buf, chunk.slice(i + 3), done);
174
200
  } else {
175
201
  this._endDataMode(false, chunk.slice(i + 3), done);
@@ -179,7 +205,7 @@
179
205
  if (chunk[i + 1] === 46) {
180
206
  buf = chunk.slice(0, i);
181
207
  this._lastBytes = false;
182
- this.dataBytes += buf.length;
208
+ this._countDataBytes(buf.length);
183
209
  if (this._dataStream.writable) {
184
210
  this._dataStream.write(buf);
185
211
  }
@@ -194,7 +220,7 @@
194
220
  }
195
221
  if (this._lastBytes.length < chunk.length) {
196
222
  buf = chunk.slice(0, chunk.length - this._lastBytes.length);
197
- this.dataBytes += buf.length;
223
+ this._countDataBytes(buf.length);
198
224
  if (this._dataStream.writable) {
199
225
  handled = this._dataStream.write(buf);
200
226
  if (!handled) {
@@ -349,6 +375,7 @@
349
375
  "use strict";
350
376
  var util = __require("util");
351
377
  var crypto = __require("crypto");
378
+ var CONTROL_CHARS = /[\x00-\x1F\x7F-\x9F]/;
352
379
  var SASL = module.exports = {
353
380
  SASL_PLAIN(args, callback) {
354
381
  if (args.length > 1) {
@@ -392,9 +419,9 @@
392
419
  return callback();
393
420
  }
394
421
  let challenge = util.format(
395
- "<%s%s@%s>",
396
- String(Math.random()).replace(/^[0.]+/, "").substr(0, 8),
397
- // random numbers
422
+ "<%s.%s@%s>",
423
+ crypto.randomBytes(16).toString("hex"),
424
+ // random
398
425
  Math.floor(Date.now() / 1e3),
399
426
  // timestamp
400
427
  this.name
@@ -415,12 +442,20 @@
415
442
  this.send(500, "Error: invalid userdata");
416
443
  return callback();
417
444
  }
418
- let username = data[1] || data[0] || "";
445
+ let authzid = data[0] || "";
446
+ let authcid = data[1] || "";
447
+ let username = authcid || authzid;
419
448
  let password = data[2] || "";
449
+ if (CONTROL_CHARS.test(username) || CONTROL_CHARS.test(authzid)) {
450
+ this.send(500, "Error: invalid userdata");
451
+ return callback();
452
+ }
420
453
  this._server.onAuth(
421
454
  {
422
455
  method: "PLAIN",
423
456
  username,
457
+ authcid,
458
+ authzid,
424
459
  password
425
460
  },
426
461
  this.session,
@@ -486,6 +521,10 @@
486
521
  this.send(500, "Error: missing username");
487
522
  return callback();
488
523
  }
524
+ if (CONTROL_CHARS.test(username)) {
525
+ this.send(500, "Error: invalid userdata");
526
+ return callback();
527
+ }
489
528
  this._nextHandler = SASL.LOGIN_password.bind(this, username);
490
529
  this.send(334, "UGFzc3dvcmQ6");
491
530
  return callback();
@@ -576,7 +615,7 @@
576
615
  }
577
616
  }
578
617
  });
579
- if (!username || !accessToken) {
618
+ if (!username || !accessToken || CONTROL_CHARS.test(username)) {
580
619
  this.send(500, "Error: invalid userdata");
581
620
  return callback();
582
621
  }
@@ -652,6 +691,10 @@
652
691
  let tokenParts = Buffer.from(token, "base64").toString().split(" ");
653
692
  let username = tokenParts.shift();
654
693
  let challengeResponse = (tokenParts.shift() || "").toLowerCase();
694
+ if (CONTROL_CHARS.test(username)) {
695
+ this.send(500, "Error: invalid userdata");
696
+ return callback();
697
+ }
655
698
  this._server.onAuth(
656
699
  {
657
700
  method: "CRAM-MD5",
@@ -1642,20 +1685,42 @@
1642
1685
  }
1643
1686
  if (typeof value === "string") {
1644
1687
  value = value.replace(/\+([0-9A-F]{2})/g, (match, hex) => unescape("%" + hex));
1688
+ if (/[\x00-\x1F\x7F]/.test(value)) {
1689
+ invalid = true;
1690
+ return;
1691
+ }
1645
1692
  }
1646
1693
  if (!args) {
1647
1694
  args = {};
1648
1695
  }
1649
1696
  args[key] = value;
1650
1697
  });
1651
- if (address) {
1698
+ if (address && /[\x00-\x1F\x7F-\x9F\u200B\u2060\uFEFF]/.test(address)) {
1699
+ invalid = true;
1700
+ } else if (address) {
1652
1701
  address = address.split("@");
1653
1702
  if (address.length !== 2 || !address[0] || !address[1]) {
1654
1703
  invalid = true;
1655
1704
  } else {
1656
1705
  let localPart = address[0];
1657
1706
  let domain = address[1];
1658
- if (localPart.length + 1 + domain.length > 253) {
1707
+ if (this._server.options.lenientAddressParsing) {
1708
+ try {
1709
+ address = [localPart, "@", punycode2.toUnicode(domain)].join("");
1710
+ } catch (E) {
1711
+ this._server.logger.error(
1712
+ {
1713
+ tnx: "punycode",
1714
+ cid: this.id,
1715
+ user: this.session.user && this.session.user.username || this.session.user
1716
+ },
1717
+ 'Failed to process punycode domain "%s". error=%s',
1718
+ domain,
1719
+ E.message
1720
+ );
1721
+ address = [localPart, "@", domain].join("");
1722
+ }
1723
+ } else if (localPart.length + 1 + domain.length > 253) {
1659
1724
  invalid = true;
1660
1725
  } else {
1661
1726
  if (localPart.startsWith(".") || localPart.endsWith(".") || localPart.includes("..")) {
@@ -2167,6 +2232,10 @@
2167
2232
  * Upgrades connection to TLS if possible
2168
2233
  */
2169
2234
  handler_STARTTLS(command, callback) {
2235
+ if (command.toString().trim().split(/\s+/).length > 1) {
2236
+ this.send(501, "Error: syntax: STARTTLS");
2237
+ return callback();
2238
+ }
2170
2239
  if (this.secure) {
2171
2240
  this.send(503, "Error: TLS already active");
2172
2241
  return callback();
@@ -2592,11 +2661,342 @@
2592
2661
  }
2593
2662
  });
2594
2663
 
2664
+ // node_modules/nodemailer/lib/punycode/index.js
2665
+ var require_punycode = __commonJS({
2666
+ "node_modules/nodemailer/lib/punycode/index.js"(exports, module) {
2667
+ "use strict";
2668
+ var maxInt2 = 2147483647;
2669
+ var base2 = 36;
2670
+ var tMin2 = 1;
2671
+ var tMax2 = 26;
2672
+ var skew2 = 38;
2673
+ var damp2 = 700;
2674
+ var initialBias2 = 72;
2675
+ var initialN2 = 128;
2676
+ var delimiter2 = "-";
2677
+ var regexPunycode2 = /^xn--/;
2678
+ var regexNonASCII2 = /[^\0-\x7F]/;
2679
+ var regexSeparators2 = /[\x2E\u3002\uFF0E\uFF61]/g;
2680
+ var errors2 = {
2681
+ overflow: "Overflow: input needs wider integers to process",
2682
+ "not-basic": "Illegal input >= 0x80 (not a basic code point)",
2683
+ "invalid-input": "Invalid input"
2684
+ };
2685
+ var baseMinusTMin2 = base2 - tMin2;
2686
+ var floor2 = Math.floor;
2687
+ var stringFromCharCode2 = String.fromCharCode;
2688
+ function error2(type) {
2689
+ throw new RangeError(errors2[type]);
2690
+ }
2691
+ function map2(array, callback) {
2692
+ const result = [];
2693
+ let length = array.length;
2694
+ while (length--) {
2695
+ result[length] = callback(array[length]);
2696
+ }
2697
+ return result;
2698
+ }
2699
+ function mapDomain2(domain, callback) {
2700
+ const parts = domain.split("@");
2701
+ let result = "";
2702
+ if (parts.length > 1) {
2703
+ result = parts[0] + "@";
2704
+ domain = parts[1];
2705
+ }
2706
+ domain = domain.replace(regexSeparators2, ".");
2707
+ const labels = domain.split(".");
2708
+ const encoded = map2(labels, callback).join(".");
2709
+ return result + encoded;
2710
+ }
2711
+ function ucs2decode2(string) {
2712
+ const output = [];
2713
+ let counter = 0;
2714
+ const length = string.length;
2715
+ while (counter < length) {
2716
+ const value = string.charCodeAt(counter++);
2717
+ if (value >= 55296 && value <= 56319 && counter < length) {
2718
+ const extra = string.charCodeAt(counter++);
2719
+ if ((extra & 64512) == 56320) {
2720
+ output.push(((value & 1023) << 10) + (extra & 1023) + 65536);
2721
+ } else {
2722
+ output.push(value);
2723
+ counter--;
2724
+ }
2725
+ } else {
2726
+ output.push(value);
2727
+ }
2728
+ }
2729
+ return output;
2730
+ }
2731
+ var ucs2encode2 = (codePoints) => String.fromCodePoint(...codePoints);
2732
+ var basicToDigit2 = function(codePoint) {
2733
+ if (codePoint >= 48 && codePoint < 58) {
2734
+ return 26 + (codePoint - 48);
2735
+ }
2736
+ if (codePoint >= 65 && codePoint < 91) {
2737
+ return codePoint - 65;
2738
+ }
2739
+ if (codePoint >= 97 && codePoint < 123) {
2740
+ return codePoint - 97;
2741
+ }
2742
+ return base2;
2743
+ };
2744
+ var digitToBasic2 = function(digit, flag) {
2745
+ return digit + 22 + 75 * (digit < 26) - ((flag != 0) << 5);
2746
+ };
2747
+ var adapt2 = function(delta, numPoints, firstTime) {
2748
+ let k = 0;
2749
+ delta = firstTime ? floor2(delta / damp2) : delta >> 1;
2750
+ delta += floor2(delta / numPoints);
2751
+ for (
2752
+ ;
2753
+ /* no initialization */
2754
+ delta > baseMinusTMin2 * tMax2 >> 1;
2755
+ k += base2
2756
+ ) {
2757
+ delta = floor2(delta / baseMinusTMin2);
2758
+ }
2759
+ return floor2(k + (baseMinusTMin2 + 1) * delta / (delta + skew2));
2760
+ };
2761
+ var decode2 = function(input) {
2762
+ const output = [];
2763
+ const inputLength = input.length;
2764
+ let i = 0;
2765
+ let n = initialN2;
2766
+ let bias = initialBias2;
2767
+ let basic = input.lastIndexOf(delimiter2);
2768
+ if (basic < 0) {
2769
+ basic = 0;
2770
+ }
2771
+ for (let j = 0; j < basic; ++j) {
2772
+ if (input.charCodeAt(j) >= 128) {
2773
+ error2("not-basic");
2774
+ }
2775
+ output.push(input.charCodeAt(j));
2776
+ }
2777
+ for (let index = basic > 0 ? basic + 1 : 0; index < inputLength; ) {
2778
+ const oldi = i;
2779
+ for (let w = 1, k = base2; ; k += base2) {
2780
+ if (index >= inputLength) {
2781
+ error2("invalid-input");
2782
+ }
2783
+ const digit = basicToDigit2(input.charCodeAt(index++));
2784
+ if (digit >= base2) {
2785
+ error2("invalid-input");
2786
+ }
2787
+ if (digit > floor2((maxInt2 - i) / w)) {
2788
+ error2("overflow");
2789
+ }
2790
+ i += digit * w;
2791
+ const t = k <= bias ? tMin2 : k >= bias + tMax2 ? tMax2 : k - bias;
2792
+ if (digit < t) {
2793
+ break;
2794
+ }
2795
+ const baseMinusT = base2 - t;
2796
+ if (w > floor2(maxInt2 / baseMinusT)) {
2797
+ error2("overflow");
2798
+ }
2799
+ w *= baseMinusT;
2800
+ }
2801
+ const out = output.length + 1;
2802
+ bias = adapt2(i - oldi, out, oldi == 0);
2803
+ if (floor2(i / out) > maxInt2 - n) {
2804
+ error2("overflow");
2805
+ }
2806
+ n += floor2(i / out);
2807
+ i %= out;
2808
+ output.splice(i++, 0, n);
2809
+ }
2810
+ return String.fromCodePoint(...output);
2811
+ };
2812
+ var encode2 = function(input) {
2813
+ const output = [];
2814
+ input = ucs2decode2(input);
2815
+ const inputLength = input.length;
2816
+ let n = initialN2;
2817
+ let delta = 0;
2818
+ let bias = initialBias2;
2819
+ for (const currentValue of input) {
2820
+ if (currentValue < 128) {
2821
+ output.push(stringFromCharCode2(currentValue));
2822
+ }
2823
+ }
2824
+ const basicLength = output.length;
2825
+ let handledCPCount = basicLength;
2826
+ if (basicLength) {
2827
+ output.push(delimiter2);
2828
+ }
2829
+ while (handledCPCount < inputLength) {
2830
+ let m = maxInt2;
2831
+ for (const currentValue of input) {
2832
+ if (currentValue >= n && currentValue < m) {
2833
+ m = currentValue;
2834
+ }
2835
+ }
2836
+ const handledCPCountPlusOne = handledCPCount + 1;
2837
+ if (m - n > floor2((maxInt2 - delta) / handledCPCountPlusOne)) {
2838
+ error2("overflow");
2839
+ }
2840
+ delta += (m - n) * handledCPCountPlusOne;
2841
+ n = m;
2842
+ for (const currentValue of input) {
2843
+ if (currentValue < n && ++delta > maxInt2) {
2844
+ error2("overflow");
2845
+ }
2846
+ if (currentValue === n) {
2847
+ let q = delta;
2848
+ for (let k = base2; ; k += base2) {
2849
+ const t = k <= bias ? tMin2 : k >= bias + tMax2 ? tMax2 : k - bias;
2850
+ if (q < t) {
2851
+ break;
2852
+ }
2853
+ const qMinusT = q - t;
2854
+ const baseMinusT = base2 - t;
2855
+ output.push(stringFromCharCode2(digitToBasic2(t + qMinusT % baseMinusT, 0)));
2856
+ q = floor2(qMinusT / baseMinusT);
2857
+ }
2858
+ output.push(stringFromCharCode2(digitToBasic2(q, 0)));
2859
+ bias = adapt2(delta, handledCPCountPlusOne, handledCPCount === basicLength);
2860
+ delta = 0;
2861
+ ++handledCPCount;
2862
+ }
2863
+ }
2864
+ ++delta;
2865
+ ++n;
2866
+ }
2867
+ return output.join("");
2868
+ };
2869
+ var toUnicode2 = function(input) {
2870
+ return mapDomain2(input, function(string) {
2871
+ return regexPunycode2.test(string) ? decode2(string.slice(4).toLowerCase()) : string;
2872
+ });
2873
+ };
2874
+ var toASCII2 = function(input) {
2875
+ return mapDomain2(input, function(string) {
2876
+ return regexNonASCII2.test(string) ? "xn--" + encode2(string) : string;
2877
+ });
2878
+ };
2879
+ var punycode2 = {
2880
+ /**
2881
+ * A string representing the current Punycode.js version number.
2882
+ * @memberOf punycode
2883
+ * @type String
2884
+ */
2885
+ version: "2.3.1",
2886
+ /**
2887
+ * An object of methods to convert from JavaScript's internal character
2888
+ * representation (UCS-2) to Unicode code points, and back.
2889
+ * @see <https://mathiasbynens.be/notes/javascript-encoding>
2890
+ * @memberOf punycode
2891
+ * @type Object
2892
+ */
2893
+ ucs2: {
2894
+ decode: ucs2decode2,
2895
+ encode: ucs2encode2
2896
+ },
2897
+ decode: decode2,
2898
+ encode: encode2,
2899
+ toASCII: toASCII2,
2900
+ toUnicode: toUnicode2
2901
+ };
2902
+ module.exports = punycode2;
2903
+ }
2904
+ });
2905
+
2906
+ // node_modules/nodemailer/lib/shared/url.js
2907
+ var require_url = __commonJS({
2908
+ "node_modules/nodemailer/lib/shared/url.js"(exports, module) {
2909
+ "use strict";
2910
+ var urllib = __require("url");
2911
+ var punycode2 = require_punycode();
2912
+ var URLImpl = typeof URL !== "undefined" && URL || urllib.URL;
2913
+ var SLASHLESS_AUTHORITY = /^([a-zA-Z][a-zA-Z0-9+.-]*:)(?!\/\/)(.+)$/;
2914
+ function safeDecode(str) {
2915
+ try {
2916
+ return decodeURIComponent(str);
2917
+ } catch (_err) {
2918
+ return str;
2919
+ }
2920
+ }
2921
+ function normalizeHostname(raw) {
2922
+ let hostname = raw || "";
2923
+ if (!hostname) {
2924
+ return "";
2925
+ }
2926
+ if (hostname.charAt(0) === "[" && hostname.charAt(hostname.length - 1) === "]") {
2927
+ return hostname.slice(1, -1);
2928
+ }
2929
+ return punycode2.toASCII(safeDecode(hostname));
2930
+ }
2931
+ module.exports.parse = (input, parseQueryString) => {
2932
+ input = input || "";
2933
+ if (!URLImpl) {
2934
+ return urllib.parse(input, parseQueryString);
2935
+ }
2936
+ const slashless = SLASHLESS_AUTHORITY.exec(input);
2937
+ const normalized = slashless ? slashless[1] + "//" + slashless[2] : input;
2938
+ let u;
2939
+ try {
2940
+ u = new URLImpl(normalized);
2941
+ } catch (_err) {
2942
+ return urllib.parse(input, parseQueryString);
2943
+ }
2944
+ const hostname = normalizeHostname(u.hostname);
2945
+ const port = u.port || null;
2946
+ const pathname = u.pathname || null;
2947
+ const search = u.search || null;
2948
+ let auth = null;
2949
+ if (u.username || u.password) {
2950
+ auth = safeDecode(u.username) + (u.password ? ":" + safeDecode(u.password) : "");
2951
+ }
2952
+ let query;
2953
+ if (parseQueryString) {
2954
+ query = /* @__PURE__ */ Object.create(null);
2955
+ u.searchParams.forEach((value, key) => {
2956
+ if (Object.prototype.hasOwnProperty.call(query, key)) {
2957
+ if (Array.isArray(query[key])) {
2958
+ query[key].push(value);
2959
+ } else {
2960
+ query[key] = [query[key], value];
2961
+ }
2962
+ } else {
2963
+ query[key] = value;
2964
+ }
2965
+ });
2966
+ } else {
2967
+ query = search ? search.slice(1) : null;
2968
+ }
2969
+ return {
2970
+ protocol: u.protocol || null,
2971
+ host: u.host || null,
2972
+ hostname,
2973
+ port,
2974
+ pathname,
2975
+ search,
2976
+ path: (pathname || "") + (search || "") || null,
2977
+ href: u.href,
2978
+ auth,
2979
+ query
2980
+ };
2981
+ };
2982
+ module.exports.resolve = (from, to) => {
2983
+ if (!URLImpl) {
2984
+ return urllib.resolve(from, to);
2985
+ }
2986
+ try {
2987
+ return new URLImpl(to, from).href;
2988
+ } catch (_err) {
2989
+ return urllib.resolve(from, to);
2990
+ }
2991
+ };
2992
+ }
2993
+ });
2994
+
2595
2995
  // node_modules/nodemailer/lib/fetch/cookies.js
2596
2996
  var require_cookies = __commonJS({
2597
2997
  "node_modules/nodemailer/lib/fetch/cookies.js"(exports, module) {
2598
2998
  "use strict";
2599
- var urllib = __require("url");
2999
+ var urllib = require_url();
2600
3000
  var SESSION_TIMEOUT = 1800;
2601
3001
  var Cookies = class {
2602
3002
  constructor(options) {
@@ -2805,7 +3205,7 @@
2805
3205
  "node_modules/nodemailer/package.json"(exports, module) {
2806
3206
  module.exports = {
2807
3207
  name: "nodemailer",
2808
- version: "8.0.10",
3208
+ version: "9.0.1",
2809
3209
  description: "Easy as cake e-mail sending from your Node.js applications",
2810
3210
  main: "lib/nodemailer.js",
2811
3211
  scripts: {
@@ -2832,19 +3232,19 @@
2832
3232
  },
2833
3233
  homepage: "https://nodemailer.com/",
2834
3234
  devDependencies: {
2835
- "@aws-sdk/client-sesv2": "3.1037.0",
3235
+ "@aws-sdk/client-sesv2": "3.1068.0",
2836
3236
  bunyan: "1.8.15",
2837
3237
  c8: "11.0.0",
2838
- eslint: "10.2.1",
3238
+ eslint: "10.5.0",
2839
3239
  "eslint-config-prettier": "10.1.8",
2840
- globals: "17.5.0",
3240
+ globals: "17.6.0",
2841
3241
  libbase64: "1.3.0",
2842
3242
  libmime: "5.3.8",
2843
3243
  libqp: "2.1.1",
2844
- prettier: "3.8.3",
3244
+ prettier: "3.8.4",
2845
3245
  proxy: "1.0.2",
2846
3246
  "proxy-test-server": "1.0.0",
2847
- "smtp-server": "3.18.4"
3247
+ "smtp-server": "3.19.0"
2848
3248
  },
2849
3249
  engines: {
2850
3250
  node: ">=6.0.0"
@@ -2900,7 +3300,7 @@
2900
3300
  "use strict";
2901
3301
  var http = __require("http");
2902
3302
  var https = __require("https");
2903
- var urllib = __require("url");
3303
+ var urllib = require_url();
2904
3304
  var zlib = __require("zlib");
2905
3305
  var { PassThrough } = __require("stream");
2906
3306
  var Cookies = require_cookies();
@@ -2999,7 +3399,10 @@
2999
3399
  path: parsed.path,
3000
3400
  port: parsed.port ? parsed.port : parsed.protocol === "https:" ? 443 : 80,
3001
3401
  headers,
3002
- rejectUnauthorized: false,
3402
+ // Validate TLS certificates by default. Callers that genuinely need to
3403
+ // reach a self-signed/internal host opt out explicitly with
3404
+ // options.tls = { rejectUnauthorized: false }.
3405
+ rejectUnauthorized: true,
3003
3406
  agent: false
3004
3407
  };
3005
3408
  if (options.tls) {
@@ -3070,7 +3473,19 @@
3070
3473
  }
3071
3474
  options.method = "GET";
3072
3475
  options.body = false;
3073
- return nmfetch(urllib.resolve(url, res.headers.location), options);
3476
+ const redirectUrl = urllib.resolve(url, res.headers.location);
3477
+ const redirectParsed = urllib.parse(redirectUrl);
3478
+ const crossHost = redirectParsed.hostname !== parsed.hostname;
3479
+ const downgrade = parsed.protocol === "https:" && redirectParsed.protocol === "http:";
3480
+ if (options.headers && (crossHost || downgrade)) {
3481
+ const sensitive = ["authorization", "cookie", "proxy-authorization"];
3482
+ Object.keys(options.headers).forEach((key) => {
3483
+ if (sensitive.includes(key.toLowerCase())) {
3484
+ delete options.headers[key];
3485
+ }
3486
+ });
3487
+ }
3488
+ return nmfetch(redirectUrl, options);
3074
3489
  }
3075
3490
  fetchRes.statusCode = res.statusCode;
3076
3491
  fetchRes.headers = res.headers;
@@ -3135,7 +3550,7 @@
3135
3550
  var require_shared = __commonJS({
3136
3551
  "node_modules/nodemailer/lib/shared/index.js"(exports, module) {
3137
3552
  "use strict";
3138
- var urllib = __require("url");
3553
+ var urllib = require_url();
3139
3554
  var util = __require("util");
3140
3555
  var fs = __require("fs");
3141
3556
  var nmfetch = require_fetch();
@@ -3523,6 +3938,10 @@
3523
3938
  callback = module.exports.callbackPromise(resolve2, reject);
3524
3939
  });
3525
3940
  }
3941
+ resolveContentValue(data, key, options, callback);
3942
+ return promise;
3943
+ };
3944
+ function resolveContentValue(data, key, options, callback) {
3526
3945
  let content = data && data[key] && data[key].content || data[key];
3527
3946
  const encoding = (typeof data[key] === "object" && data[key].encoding || "utf8").toString().toLowerCase().replace(/[-_\s]/g, "");
3528
3947
  if (!content) {
@@ -3549,13 +3968,10 @@
3549
3968
  callback(err);
3550
3969
  });
3551
3970
  }
3552
- return resolveStream(nmfetch(content.path || content.href), callback);
3971
+ return resolveStream(nmfetch(content.path || content.href, { headers: content.httpHeaders, tls: content.tls }), callback);
3553
3972
  } else if (/^data:/i.test(content.path || content.href)) {
3554
3973
  const parsedDataUri = module.exports.parseDataURI(content.path || content.href);
3555
- if (!parsedDataUri || !parsedDataUri.data) {
3556
- return callback(null, Buffer.from(0));
3557
- }
3558
- return callback(null, parsedDataUri.data);
3974
+ return callback(null, parsedDataUri && parsedDataUri.data ? parsedDataUri.data : Buffer.alloc(0));
3559
3975
  } else if (content.path) {
3560
3976
  if (options.disableFileAccess) {
3561
3977
  return setImmediate(() => {
@@ -3571,8 +3987,7 @@
3571
3987
  content = Buffer.from(data[key].content, encoding);
3572
3988
  }
3573
3989
  setImmediate(() => callback(null, content));
3574
- return promise;
3575
- };
3990
+ }
3576
3991
  module.exports.assign = function() {
3577
3992
  const args = Array.from(arguments);
3578
3993
  const target = args.shift() || {};
@@ -3687,6 +4102,7 @@
3687
4102
  var punycode2 = (init_punycode_es6(), __toCommonJS(punycode_es6_exports));
3688
4103
  var crypto = __require("crypto");
3689
4104
  var CLOSE_TIMEOUT = 30 * 1e3;
4105
+ var MAX_PROXY_HEADER_LENGTH = 1024;
3690
4106
  var SMTPServer3 = class extends EventEmitter {
3691
4107
  constructor(options) {
3692
4108
  super();
@@ -3720,6 +4136,7 @@
3720
4136
  this.server = net.createServer(this.options, (socket) => {
3721
4137
  this._handleProxy(socket, (err, socketOptions) => {
3722
4138
  if (err) {
4139
+ return;
3723
4140
  }
3724
4141
  if (this.options.secured) {
3725
4142
  return this.connect(socket, socketOptions);
@@ -3737,6 +4154,7 @@
3737
4154
  this.options,
3738
4155
  (socket) => this._handleProxy(socket, (err, socketOptions) => {
3739
4156
  if (err) {
4157
+ return;
3740
4158
  }
3741
4159
  this.connect(socket, socketOptions);
3742
4160
  })
@@ -3961,13 +4379,64 @@
3961
4379
  }
3962
4380
  let chunks = [];
3963
4381
  let chunklen = 0;
3964
- let socketReader = () => {
4382
+ let finished = false;
4383
+ let onError;
4384
+ let onClose;
4385
+ let onEnd;
4386
+ let socketReader;
4387
+ let cleanup = () => {
4388
+ socket.removeListener("readable", socketReader);
4389
+ socket.removeListener("error", onError);
4390
+ socket.removeListener("close", onClose);
4391
+ socket.removeListener("end", onEnd);
4392
+ };
4393
+ let done = (err, opts) => {
4394
+ if (finished) {
4395
+ return;
4396
+ }
4397
+ finished = true;
4398
+ if (err) {
4399
+ socket.on("error", () => {
4400
+ });
4401
+ }
4402
+ cleanup();
4403
+ callback(err, opts);
4404
+ };
4405
+ onError = (err) => {
4406
+ this.logger.info(
4407
+ {
4408
+ tnx: "proxy",
4409
+ cid: socketOptions.id,
4410
+ err
4411
+ },
4412
+ "[%s] PROXY socket error before header was received: %s",
4413
+ socketOptions.id,
4414
+ err.message
4415
+ );
4416
+ done(err);
4417
+ };
4418
+ onClose = () => {
4419
+ done(new Error("Socket closed before PROXY header was received"));
4420
+ };
4421
+ onEnd = () => {
4422
+ done(new Error("Socket ended before PROXY header was received"));
4423
+ };
4424
+ let rejectInvalid = (message) => {
4425
+ try {
4426
+ socket.end("* BAD Invalid PROXY header\r\n");
4427
+ } catch {
4428
+ }
4429
+ return done(new Error(message || "Invalid PROXY header"));
4430
+ };
4431
+ socketReader = () => {
3965
4432
  let chunk;
3966
4433
  while ((chunk = socket.read()) !== null) {
3967
4434
  for (let i = 0, len = chunk.length; i < len; i++) {
3968
4435
  let chr = chunk[i];
3969
4436
  if (chr === 10) {
3970
- socket.removeListener("readable", socketReader);
4437
+ if (chunklen + i + 1 > MAX_PROXY_HEADER_LENGTH) {
4438
+ return rejectInvalid("PROXY header line too long");
4439
+ }
3971
4440
  chunks.push(chunk.slice(0, i + 1));
3972
4441
  chunklen += i + 1;
3973
4442
  let remainder = chunk.slice(i + 1);
@@ -3975,14 +4444,10 @@
3975
4444
  socket.unshift(remainder);
3976
4445
  }
3977
4446
  let header = Buffer.concat(chunks, chunklen).toString().trim();
3978
- let params = (header || "").toString().split(" ");
4447
+ let params = header.split(" ");
3979
4448
  let commandName = params.shift().toUpperCase();
3980
4449
  if (commandName !== "PROXY") {
3981
- try {
3982
- socket.end("* BAD Invalid PROXY header\r\n");
3983
- } catch {
3984
- }
3985
- return;
4450
+ return rejectInvalid();
3986
4451
  }
3987
4452
  if (params[1]) {
3988
4453
  socketOptions.remoteAddress = params[1].trim().toLowerCase();
@@ -3993,31 +4458,36 @@
3993
4458
  {
3994
4459
  tnx: "proxy",
3995
4460
  cid: socketOptions.id,
3996
- proxy: params[1].trim().toLowerCase()
4461
+ proxy: socketOptions.remoteAddress
3997
4462
  },
3998
4463
  "[%s] PROXY from %s through %s (%s)",
3999
4464
  socketOptions.id,
4000
- params[1].trim().toLowerCase(),
4465
+ socketOptions.remoteAddress,
4001
4466
  params[2].trim().toLowerCase(),
4002
4467
  JSON.stringify(params)
4003
4468
  );
4004
4469
  }
4005
4470
  } catch {
4006
- socket.end("* BAD Invalid PROXY header\r\n");
4007
- return;
4471
+ return rejectInvalid();
4008
4472
  }
4009
4473
  if (params[3]) {
4010
4474
  socketOptions.remotePort = Number(params[3].trim()) || socketOptions.remotePort;
4011
4475
  }
4012
4476
  }
4013
- return callback(null, socketOptions);
4477
+ return done(null, socketOptions);
4014
4478
  }
4015
4479
  }
4016
4480
  chunks.push(chunk);
4017
4481
  chunklen += chunk.length;
4482
+ if (chunklen > MAX_PROXY_HEADER_LENGTH) {
4483
+ return rejectInvalid("PROXY header line too long");
4484
+ }
4018
4485
  }
4019
4486
  };
4020
4487
  socket.on("readable", socketReader);
4488
+ socket.on("error", onError);
4489
+ socket.on("close", onClose);
4490
+ socket.on("end", onEnd);
4021
4491
  }
4022
4492
  /**
4023
4493
  * Called when a new connection is established. This might not be the same time the socket is opened