npm - nodemailer - Versions diffs - 6.9.8 → 6.9.9 - Mend

nodemailer 6.9.8 → 6.9.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/.ncurc.js +1 -3
package/CHANGELOG.md +8 -0
package/lib/mail-composer/index.js +1 -1
package/lib/mailer/index.js +16 -14
package/package.json +6 -9

package/.ncurc.js CHANGED Viewed

@@ -2,8 +2,6 @@ module.exports = {
     upgrade: true,
     reject: [
         // API changes break existing tests
-        'proxy',
-        // ESM
-        'chai'
+        'proxy'
     ]
 };

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,13 @@
 # CHANGELOG
+## [6.9.9](https://github.com/nodemailer/nodemailer/compare/v6.9.8...v6.9.9) (2024-02-01)
+### Bug Fixes
+* **security:** Fix issues described in GHSA-9h6g-pr28-7cqp. Do not use eternal matching pattern if only a few occurences are expected ([dd8f5e8](https://github.com/nodemailer/nodemailer/commit/dd8f5e8a4ddc99992e31df76bcff9c590035cd4a))
+* **tests:** Use native node test runner, added code coverage support, removed grunt ([#1604](https://github.com/nodemailer/nodemailer/issues/1604)) ([be45c1b](https://github.com/nodemailer/nodemailer/commit/be45c1b299d012358d69247019391a02734d70af))
 ## [6.9.8](https://github.com/nodemailer/nodemailer/compare/v6.9.7...v6.9.8) (2023-12-30)

package/lib/mail-composer/index.js CHANGED Viewed

@@ -537,7 +537,7 @@ class MailComposer {
      * @return {Object} Parsed element
      */
     _processDataUrl(element) {
-        let parts = (element.path || element.href).match(/^data:((?:[^;]*;)*(?:[^,]*)),(.*)$/i);
+        let parts = (element.path || element.href).match(/^data:((?:[^;]*;){0,20}(?:[^,]*)),(.*)$/i);
         if (!parts) {
             return element;
         }

package/lib/mailer/index.js CHANGED Viewed

@@ -395,21 +395,23 @@ class Mail extends EventEmitter {
                 return callback(err);
             }
             let cidCounter = 0;
-            html = (html || '').toString().replace(/(<img\b[^>]* src\s*=[\s"']*)(data:([^;]+);[^"'>\s]+)/gi, (match, prefix, dataUri, mimeType) => {
-                let cid = crypto.randomBytes(10).toString('hex') + '@localhost';
-                if (!mail.data.attachments) {
-                    mail.data.attachments = [];
-                }
-                if (!Array.isArray(mail.data.attachments)) {
-                    mail.data.attachments = [].concat(mail.data.attachments || []);
-                }
-                mail.data.attachments.push({
-                    path: dataUri,
-                    cid,
-                    filename: 'image-' + ++cidCounter + '.' + mimeTypes.detectExtension(mimeType)
+            html = (html || '')
+                .toString()
+                .replace(/(<img\b[^<>]{0,1024} src\s{0,20}=[\s"']{0,20})(data:([^;]+);[^"'>\s]+)/gi, (match, prefix, dataUri, mimeType) => {
+                    let cid = crypto.randomBytes(10).toString('hex') + '@localhost';
+                    if (!mail.data.attachments) {
+                        mail.data.attachments = [];
+                    }
+                    if (!Array.isArray(mail.data.attachments)) {
+                        mail.data.attachments = [].concat(mail.data.attachments || []);
+                    }
+                    mail.data.attachments.push({
+                        path: dataUri,
+                        cid,
+                        filename: 'image-' + ++cidCounter + '.' + mimeTypes.detectExtension(mimeType)
+                    });
+                    return prefix + 'cid:' + cid;
                 });
-                return prefix + 'cid:' + cid;
-            });
             mail.data.html = html;
             callback();
         });

package/package.json CHANGED Viewed

@@ -1,10 +1,12 @@
 {
     "name": "nodemailer",
-    "version": "6.9.8",
+    "version": "6.9.9",
     "description": "Easy as cake e-mail sending from your Node.js applications",
     "main": "lib/nodemailer.js",
     "scripts": {
-        "test": "grunt --trace-warnings",
+        "test": "node --test --test-concurrency=1 test/**/*.test.js test/**/*-test.js",
+        "test:coverage": "c8 node --test --test-concurrency=1 test/**/*.test.js test/**/*-test.js",
+        "lint": "eslint .",
         "update": "rm -rf node_modules/ package-lock.json && ncu -u && npm install"
     },
     "repository": {
@@ -23,21 +25,16 @@
     "devDependencies": {
         "@aws-sdk/client-ses": "3.484.0",
         "bunyan": "1.8.15",
-        "chai": "4.3.10",
+        "c8": "8.0.1",
+        "eslint": "8.56.0",
         "eslint-config-nodemailer": "1.2.0",
         "eslint-config-prettier": "9.1.0",
-        "grunt": "1.6.1",
-        "grunt-cli": "1.4.3",
-        "grunt-eslint": "24.3.0",
-        "grunt-mocha-test": "0.13.3",
         "libbase64": "1.2.1",
         "libmime": "5.2.1",
         "libqp": "2.0.1",
-        "mocha": "10.2.0",
         "nodemailer-ntlm-auth": "1.0.4",
         "proxy": "1.0.2",
         "proxy-test-server": "1.0.0",
-        "sinon": "17.0.1",
         "smtp-server": "3.13.0"
     },
     "engines": {