nodemailer 6.9.6 → 6.9.8

package/.ncurc.js

@@ -2,6 +2,8 @@ module.exports = {
     upgrade: true,
     reject: [
         // API changes break existing tests
-        'proxy'
+        'proxy',
+        // ESM
+        'chai'
     ]
 };

package/CHANGELOG.md

@@ -1,5 +1,19 @@
 # CHANGELOG
 
+## [6.9.8](https://github.com/nodemailer/nodemailer/compare/v6.9.7...v6.9.8) (2023-12-30)
+
+
+### Bug Fixes
+
+* **punycode:** do not use native punycode module ([b4d0e0c](https://github.com/nodemailer/nodemailer/commit/b4d0e0c7cc4b15bc4d9e287f91d1bcaca87508b0))
+
+## [6.9.7](https://github.com/nodemailer/nodemailer/compare/v6.9.6...v6.9.7) (2023-10-22)
+
+
+### Bug Fixes
+
+* **customAuth:** Do not require user and pass to be set for custom authentication schemes (fixes [#1584](https://github.com/nodemailer/nodemailer/issues/1584)) ([41d482c](https://github.com/nodemailer/nodemailer/commit/41d482c3f01e26111b06f3e46351b193db3fb5cb))
+
 ## [6.9.6](https://github.com/nodemailer/nodemailer/compare/v6.9.5...v6.9.6) (2023-10-09)
 
 

package/README.md

@@ -8,22 +8,11 @@ Send emails from Node.js – easy as cake! 🍰✉️
 
 See [nodemailer.com](https://nodemailer.com/) for documentation and terms.
 
----
-
+> [!TIP]
 > Check out **[EmailEngine](https://emailengine.app/?utm_source=github-nodemailer&utm_campaign=nodemailer&utm_medium=readme-link)** – a self-hosted email gateway that allows making **REST requests against IMAP and SMTP servers**. EmailEngine also sends webhooks whenever something changes on the registered accounts.\
 > \
 > Using the email accounts registered with EmailEngine, you can receive and [send emails](https://emailengine.app/sending-emails?utm_source=github-nodemailer&utm_campaign=nodemailer&utm_medium=readme-link). EmailEngine supports OAuth2, delayed sends, opens and clicks tracking, bounce detection, etc. All on top of regular email accounts without an external MTA service.
 
----
-
-This project is supported by [Forward Email](https://forwardemail.net) – the 100% open-source and privacy-focused email service.
-
----
-
-This project is supported by [Opensense](https://www.opensense.com) - The beautiful email signature management company for Office 365 and Google Workspace.
-
----
-
 ## Having an issue?
 
 #### First review the docs

package/lib/dkim/sign.js

@@ -1,6 +1,6 @@
 'use strict';
 
-const punycode = require('punycode');
+const punycode = require('../punycode');
 const mimeFuncs = require('../mime-funcs');
 const crypto = require('crypto');
 

package/lib/mime-node/index.js

@@ -4,7 +4,7 @@
 
 const crypto = require('crypto');
 const fs = require('fs');
-const punycode = require('punycode');
+const punycode = require('../punycode');
 const PassThrough = require('stream').PassThrough;
 const shared = require('../shared');
 

package/lib/punycode/index.js

@@ -0,0 +1,460 @@
+/*
+
+Copied from https://github.com/mathiasbynens/punycode.js/blob/ef3505c8abb5143a00d53ce59077c9f7f4b2ac47/punycode.js
+
+Copyright Mathias Bynens <https://mathiasbynens.be/>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+*/
+/* eslint callback-return: 0, no-bitwise: 0, eqeqeq: 0, prefer-arrow-callback: 0, object-shorthand: 0 */
+
+'use strict';
+
+/** Highest positive signed 32-bit float value */
+const maxInt = 2147483647; // aka. 0x7FFFFFFF or 2^31-1
+
+/** Bootstring parameters */
+const base = 36;
+const tMin = 1;
+const tMax = 26;
+const skew = 38;
+const damp = 700;
+const initialBias = 72;
+const initialN = 128; // 0x80
+const delimiter = '-'; // '\x2D'
+
+/** Regular expressions */
+const regexPunycode = /^xn--/;
+const regexNonASCII = /[^\0-\x7F]/; // Note: U+007F DEL is excluded too.
+const regexSeparators = /[\x2E\u3002\uFF0E\uFF61]/g; // RFC 3490 separators
+
+/** Error messages */
+const errors = {
+    overflow: 'Overflow: input needs wider integers to process',
+    'not-basic': 'Illegal input >= 0x80 (not a basic code point)',
+    'invalid-input': 'Invalid input'
+};
+
+/** Convenience shortcuts */
+const baseMinusTMin = base - tMin;
+const floor = Math.floor;
+const stringFromCharCode = String.fromCharCode;
+
+/*--------------------------------------------------------------------------*/
+
+/**
+ * A generic error utility function.
+ * @private
+ * @param {String} type The error type.
+ * @returns {Error} Throws a `RangeError` with the applicable error message.
+ */
+function error(type) {
+    throw new RangeError(errors[type]);
+}
+
+/**
+ * A generic `Array#map` utility function.
+ * @private
+ * @param {Array} array The array to iterate over.
+ * @param {Function} callback The function that gets called for every array
+ * item.
+ * @returns {Array} A new array of values returned by the callback function.
+ */
+function map(array, callback) {
+    const result = [];
+    let length = array.length;
+    while (length--) {
+        result[length] = callback(array[length]);
+    }
+    return result;
+}
+
+/**
+ * A simple `Array#map`-like wrapper to work with domain name strings or email
+ * addresses.
+ * @private
+ * @param {String} domain The domain name or email address.
+ * @param {Function} callback The function that gets called for every
+ * character.
+ * @returns {String} A new string of characters returned by the callback
+ * function.
+ */
+function mapDomain(domain, callback) {
+    const parts = domain.split('@');
+    let result = '';
+    if (parts.length > 1) {
+        // In email addresses, only the domain name should be punycoded. Leave
+        // the local part (i.e. everything up to `@`) intact.
+        result = parts[0] + '@';
+        domain = parts[1];
+    }
+    // Avoid `split(regex)` for IE8 compatibility. See #17.
+    domain = domain.replace(regexSeparators, '\x2E');
+    const labels = domain.split('.');
+    const encoded = map(labels, callback).join('.');
+    return result + encoded;
+}
+
+/**
+ * Creates an array containing the numeric code points of each Unicode
+ * character in the string. While JavaScript uses UCS-2 internally,
+ * this function will convert a pair of surrogate halves (each of which
+ * UCS-2 exposes as separate characters) into a single code point,
+ * matching UTF-16.
+ * @see `punycode.ucs2.encode`
+ * @see <https://mathiasbynens.be/notes/javascript-encoding>
+ * @memberOf punycode.ucs2
+ * @name decode
+ * @param {String} string The Unicode input string (UCS-2).
+ * @returns {Array} The new array of code points.
+ */
+function ucs2decode(string) {
+    const output = [];
+    let counter = 0;
+    const length = string.length;
+    while (counter < length) {
+        const value = string.charCodeAt(counter++);
+        if (value >= 0xd800 && value <= 0xdbff && counter < length) {
+            // It's a high surrogate, and there is a next character.
+            const extra = string.charCodeAt(counter++);
+            if ((extra & 0xfc00) == 0xdc00) {
+                // Low surrogate.
+                output.push(((value & 0x3ff) << 10) + (extra & 0x3ff) + 0x10000);
+            } else {
+                // It's an unmatched surrogate; only append this code unit, in case the
+                // next code unit is the high surrogate of a surrogate pair.
+                output.push(value);
+                counter--;
+            }
+        } else {
+            output.push(value);
+        }
+    }
+    return output;
+}
+
+/**
+ * Creates a string based on an array of numeric code points.
+ * @see `punycode.ucs2.decode`
+ * @memberOf punycode.ucs2
+ * @name encode
+ * @param {Array} codePoints The array of numeric code points.
+ * @returns {String} The new Unicode string (UCS-2).
+ */
+const ucs2encode = codePoints => String.fromCodePoint(...codePoints);
+
+/**
+ * Converts a basic code point into a digit/integer.
+ * @see `digitToBasic()`
+ * @private
+ * @param {Number} codePoint The basic numeric code point value.
+ * @returns {Number} The numeric value of a basic code point (for use in
+ * representing integers) in the range `0` to `base - 1`, or `base` if
+ * the code point does not represent a value.
+ */
+const basicToDigit = function (codePoint) {
+    if (codePoint >= 0x30 && codePoint < 0x3a) {
+        return 26 + (codePoint - 0x30);
+    }
+    if (codePoint >= 0x41 && codePoint < 0x5b) {
+        return codePoint - 0x41;
+    }
+    if (codePoint >= 0x61 && codePoint < 0x7b) {
+        return codePoint - 0x61;
+    }
+    return base;
+};
+
+/**
+ * Converts a digit/integer into a basic code point.
+ * @see `basicToDigit()`
+ * @private
+ * @param {Number} digit The numeric value of a basic code point.
+ * @returns {Number} The basic code point whose value (when used for
+ * representing integers) is `digit`, which needs to be in the range
+ * `0` to `base - 1`. If `flag` is non-zero, the uppercase form is
+ * used; else, the lowercase form is used. The behavior is undefined
+ * if `flag` is non-zero and `digit` has no uppercase form.
+ */
+const digitToBasic = function (digit, flag) {
+    //  0..25 map to ASCII a..z or A..Z
+    // 26..35 map to ASCII 0..9
+    return digit + 22 + 75 * (digit < 26) - ((flag != 0) << 5);
+};
+
+/**
+ * Bias adaptation function as per section 3.4 of RFC 3492.
+ * https://tools.ietf.org/html/rfc3492#section-3.4
+ * @private
+ */
+const adapt = function (delta, numPoints, firstTime) {
+    let k = 0;
+    delta = firstTime ? floor(delta / damp) : delta >> 1;
+    delta += floor(delta / numPoints);
+    for (; /* no initialization */ delta > (baseMinusTMin * tMax) >> 1; k += base) {
+        delta = floor(delta / baseMinusTMin);
+    }
+    return floor(k + ((baseMinusTMin + 1) * delta) / (delta + skew));
+};
+
+/**
+ * Converts a Punycode string of ASCII-only symbols to a string of Unicode
+ * symbols.
+ * @memberOf punycode
+ * @param {String} input The Punycode string of ASCII-only symbols.
+ * @returns {String} The resulting string of Unicode symbols.
+ */
+const decode = function (input) {
+    // Don't use UCS-2.
+    const output = [];
+    const inputLength = input.length;
+    let i = 0;
+    let n = initialN;
+    let bias = initialBias;
+
+    // Handle the basic code points: let `basic` be the number of input code
+    // points before the last delimiter, or `0` if there is none, then copy
+    // the first basic code points to the output.
+
+    let basic = input.lastIndexOf(delimiter);
+    if (basic < 0) {
+        basic = 0;
+    }
+
+    for (let j = 0; j < basic; ++j) {
+        // if it's not a basic code point
+        if (input.charCodeAt(j) >= 0x80) {
+            error('not-basic');
+        }
+        output.push(input.charCodeAt(j));
+    }
+
+    // Main decoding loop: start just after the last delimiter if any basic code
+    // points were copied; start at the beginning otherwise.
+
+    for (let index = basic > 0 ? basic + 1 : 0; index < inputLength /* no final expression */; ) {
+        // `index` is the index of the next character to be consumed.
+        // Decode a generalized variable-length integer into `delta`,
+        // which gets added to `i`. The overflow checking is easier
+        // if we increase `i` as we go, then subtract off its starting
+        // value at the end to obtain `delta`.
+        const oldi = i;
+        for (let w = 1, k = base /* no condition */; ; k += base) {
+            if (index >= inputLength) {
+                error('invalid-input');
+            }
+
+            const digit = basicToDigit(input.charCodeAt(index++));
+
+            if (digit >= base) {
+                error('invalid-input');
+            }
+            if (digit > floor((maxInt - i) / w)) {
+                error('overflow');
+            }
+
+            i += digit * w;
+            const t = k <= bias ? tMin : k >= bias + tMax ? tMax : k - bias;
+
+            if (digit < t) {
+                break;
+            }
+
+            const baseMinusT = base - t;
+            if (w > floor(maxInt / baseMinusT)) {
+                error('overflow');
+            }
+
+            w *= baseMinusT;
+        }
+
+        const out = output.length + 1;
+        bias = adapt(i - oldi, out, oldi == 0);
+
+        // `i` was supposed to wrap around from `out` to `0`,
+        // incrementing `n` each time, so we'll fix that now:
+        if (floor(i / out) > maxInt - n) {
+            error('overflow');
+        }
+
+        n += floor(i / out);
+        i %= out;
+
+        // Insert `n` at position `i` of the output.
+        output.splice(i++, 0, n);
+    }
+
+    return String.fromCodePoint(...output);
+};
+
+/**
+ * Converts a string of Unicode symbols (e.g. a domain name label) to a
+ * Punycode string of ASCII-only symbols.
+ * @memberOf punycode
+ * @param {String} input The string of Unicode symbols.
+ * @returns {String} The resulting Punycode string of ASCII-only symbols.
+ */
+const encode = function (input) {
+    const output = [];
+
+    // Convert the input in UCS-2 to an array of Unicode code points.
+    input = ucs2decode(input);
+
+    // Cache the length.
+    const inputLength = input.length;
+
+    // Initialize the state.
+    let n = initialN;
+    let delta = 0;
+    let bias = initialBias;
+
+    // Handle the basic code points.
+    for (const currentValue of input) {
+        if (currentValue < 0x80) {
+            output.push(stringFromCharCode(currentValue));
+        }
+    }
+
+    const basicLength = output.length;
+    let handledCPCount = basicLength;
+
+    // `handledCPCount` is the number of code points that have been handled;
+    // `basicLength` is the number of basic code points.
+
+    // Finish the basic string with a delimiter unless it's empty.
+    if (basicLength) {
+        output.push(delimiter);
+    }
+
+    // Main encoding loop:
+    while (handledCPCount < inputLength) {
+        // All non-basic code points < n have been handled already. Find the next
+        // larger one:
+        let m = maxInt;
+        for (const currentValue of input) {
+            if (currentValue >= n && currentValue < m) {
+                m = currentValue;
+            }
+        }
+
+        // Increase `delta` enough to advance the decoder's <n,i> state to <m,0>,
+        // but guard against overflow.
+        const handledCPCountPlusOne = handledCPCount + 1;
+        if (m - n > floor((maxInt - delta) / handledCPCountPlusOne)) {
+            error('overflow');
+        }
+
+        delta += (m - n) * handledCPCountPlusOne;
+        n = m;
+
+        for (const currentValue of input) {
+            if (currentValue < n && ++delta > maxInt) {
+                error('overflow');
+            }
+            if (currentValue === n) {
+                // Represent delta as a generalized variable-length integer.
+                let q = delta;
+                for (let k = base /* no condition */; ; k += base) {
+                    const t = k <= bias ? tMin : k >= bias + tMax ? tMax : k - bias;
+                    if (q < t) {
+                        break;
+                    }
+                    const qMinusT = q - t;
+                    const baseMinusT = base - t;
+                    output.push(stringFromCharCode(digitToBasic(t + (qMinusT % baseMinusT), 0)));
+                    q = floor(qMinusT / baseMinusT);
+                }
+
+                output.push(stringFromCharCode(digitToBasic(q, 0)));
+                bias = adapt(delta, handledCPCountPlusOne, handledCPCount === basicLength);
+                delta = 0;
+                ++handledCPCount;
+            }
+        }
+
+        ++delta;
+        ++n;
+    }
+    return output.join('');
+};
+
+/**
+ * Converts a Punycode string representing a domain name or an email address
+ * to Unicode. Only the Punycoded parts of the input will be converted, i.e.
+ * it doesn't matter if you call it on a string that has already been
+ * converted to Unicode.
+ * @memberOf punycode
+ * @param {String} input The Punycoded domain name or email address to
+ * convert to Unicode.
+ * @returns {String} The Unicode representation of the given Punycode
+ * string.
+ */
+const toUnicode = function (input) {
+    return mapDomain(input, function (string) {
+        return regexPunycode.test(string) ? decode(string.slice(4).toLowerCase()) : string;
+    });
+};
+
+/**
+ * Converts a Unicode string representing a domain name or an email address to
+ * Punycode. Only the non-ASCII parts of the domain name will be converted,
+ * i.e. it doesn't matter if you call it with a domain that's already in
+ * ASCII.
+ * @memberOf punycode
+ * @param {String} input The domain name or email address to convert, as a
+ * Unicode string.
+ * @returns {String} The Punycode representation of the given domain name or
+ * email address.
+ */
+const toASCII = function (input) {
+    return mapDomain(input, function (string) {
+        return regexNonASCII.test(string) ? 'xn--' + encode(string) : string;
+    });
+};
+
+/*--------------------------------------------------------------------------*/
+
+/** Define the public API */
+const punycode = {
+    /**
+     * A string representing the current Punycode.js version number.
+     * @memberOf punycode
+     * @type String
+     */
+    version: '2.3.1',
+    /**
+     * An object of methods to convert from JavaScript's internal character
+     * representation (UCS-2) to Unicode code points, and back.
+     * @see <https://mathiasbynens.be/notes/javascript-encoding>
+     * @memberOf punycode
+     * @type Object
+     */
+    ucs2: {
+        decode: ucs2decode,
+        encode: ucs2encode
+    },
+    decode: decode,
+    encode: encode,
+    toASCII: toASCII,
+    toUnicode: toUnicode
+};
+
+module.exports = punycode;

package/lib/smtp-connection/index.js

@@ -434,7 +434,7 @@ class SMTPConnection extends EventEmitter {
         }
 
         if (this._authMethod !== 'XOAUTH2' && (!this._auth.credentials || !this._auth.credentials.user || !this._auth.credentials.pass)) {
-            if (this._auth.user && this._auth.pass) {
+            if ((this._auth.user && this._auth.pass) || this.customAuth.has(this._authMethod)) {
                 this._auth.credentials = {
                     user: this._auth.user,
                     pass: this._auth.pass,

package/lib/well-known/services.json

@@ -120,6 +120,11 @@
         "secure": true
     },
 
+    "Mailcatch.app": {
+        "host": "sandbox-smtp.mailcatch.app",
+        "port": 2525
+    },
+
     "Maildev": {
         "port": 1025,
         "ignoreTLS": true
@@ -254,6 +259,42 @@
         "secure": true
     },
 
+    "SES-AP-SOUTH-1": {
+        "host": "email-smtp.ap-south-1.amazonaws.com",
+        "port": 465,
+        "secure": true
+    },
+
+    "SES-AP-NORTHEAST-1": {
+        "host": "email-smtp.ap-northeast-1.amazonaws.com",
+        "port": 465,
+        "secure": true
+    },
+
+    "SES-AP-NORTHEAST-2": {
+        "host": "email-smtp.ap-northeast-2.amazonaws.com",
+        "port": 465,
+        "secure": true
+    },
+
+    "SES-AP-NORTHEAST-3": {
+        "host": "email-smtp.ap-northeast-3.amazonaws.com",
+        "port": 465,
+        "secure": true
+    },
+
+    "SES-AP-SOUTHEAST-1": {
+        "host": "email-smtp.ap-southeast-1.amazonaws.com",
+        "port": 465,
+        "secure": true
+    },
+
+    "SES-AP-SOUTHEAST-2": {
+        "host": "email-smtp.ap-southeast-2.amazonaws.com",
+        "port": 465,
+        "secure": true
+    },
+
     "Sparkpost": {
         "aliases": ["SparkPost", "SparkPost Mail"],
         "domains": ["sparkpost.com"],

package/package.json

@@ -1,10 +1,11 @@
 {
     "name": "nodemailer",
-    "version": "6.9.6",
+    "version": "6.9.8",
     "description": "Easy as cake e-mail sending from your Node.js applications",
     "main": "lib/nodemailer.js",
     "scripts": {
-        "test": "grunt --trace-warnings"
+        "test": "grunt --trace-warnings",
+        "update": "rm -rf node_modules/ package-lock.json && ncu -u && npm install"
     },
     "repository": {
         "type": "git",
@@ -20,12 +21,11 @@
     },
     "homepage": "https://nodemailer.com/",
     "devDependencies": {
-        "@aws-sdk/client-ses": "3.427.0",
-        "aws-sdk": "2.1472.0",
+        "@aws-sdk/client-ses": "3.484.0",
         "bunyan": "1.8.15",
         "chai": "4.3.10",
         "eslint-config-nodemailer": "1.2.0",
-        "eslint-config-prettier": "9.0.0",
+        "eslint-config-prettier": "9.1.0",
         "grunt": "1.6.1",
         "grunt-cli": "1.4.3",
         "grunt-eslint": "24.3.0",
@@ -37,7 +37,7 @@
         "nodemailer-ntlm-auth": "1.0.4",
         "proxy": "1.0.2",
         "proxy-test-server": "1.0.0",
-        "sinon": "16.1.0",
+        "sinon": "17.0.1",
         "smtp-server": "3.13.0"
     },
     "engines": {