Skip to content

fix: resolve npm audit vulnerabilities#1250

Closed
CodePoetPro wants to merge 1 commit intonest-modules:mainfrom
CodePoetPro:fix/security-vulnerabilities
Closed

fix: resolve npm audit vulnerabilities#1250
CodePoetPro wants to merge 1 commit intonest-modules:mainfrom
CodePoetPro:fix/security-vulnerabilities

Conversation

@CodePoetPro
Copy link
Copy Markdown

@CodePoetPro CodePoetPro commented Dec 6, 2025

Summary

This PR resolves all npm audit vulnerabilities with minimal code changes.

Changes

  • Update glob from 10.3.12 to 10.5.0 (fixes high severity command injection)
  • Update @nestjs/common and @nestjs/core from 10.3.8 to 10.4.20 (fixes moderate/high severity vulnerabilities)
  • Update lint-staged from 15.2.2 to 15.5.2 (fixes moderate severity ReDoS)
  • Update nodemailer from 6.9.13 to 7.0.11 (fixes moderate severity vulnerabilities)
  • Add overrides to force all nodemailer dependencies to use 7.0.11

Results

  • Before: 10 vulnerabilities (3 low, 4 moderate, 3 high)
  • After: 0 vulnerabilities

All changes are version updates only - no code changes required.

fix: resolve npm audit vulnerabilities
e9d75c7 
- Update glob from 10.3.12 to 10.5.0 (fixes high severity command injection)
- Update @nestjs/common and @nestjs/core from 10.3.8 to 10.4.20 (fixes moderate/high severity vulnerabilities)
- Update lint-staged from 15.2.2 to 15.5.2 (fixes moderate severity ReDoS)
- Update nodemailer from 6.9.13 to 7.0.11 (fixes moderate severity vulnerabilities)
- Add overrides to force all nodemailer dependencies to use 7.0.11

Resolves all 10 vulnerabilities (3 low, 4 moderate, 3 high) to 0 vulnerabilities.
@Nirator78
Copy link
Copy Markdown

Nirator78 commented Jan 8, 2026

Thank you, any admin to accept it ?

juandav added a commit that referenced this pull request Mar 21, 2026
@juandav @claude
fix: resolve multiple open issues, update deps and docs
404bde5 
- fix(service): use logger.log instead of debug for transporter ready message (#1239, #1248, #1249)
- fix(service): reuse createTransporter in addTransporter for consistent verification and hooks (#1234)
- fix(liquid): initialize config with default empty object to prevent TypeError (#1232)
- fix(mjml): add optional chaining for others param to prevent crash when undefined
- fix(deps): add peerDependenciesMeta to mark template engines as optional (#1238, #1244)
- fix(deps): move tslib from devDependencies to dependencies for PnP runtime support (#1230)
- chore(deps): update devDependencies to latest compatible versions (#1242, #1250)
- docs: add Liquid adapter examples, MJML clarifications, multi-transporter docs (#1246)
- docs: add pnpm installation instructions and liquidjs to README

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@juandav juandav mentioned this pull request Mar 21, 2026
Merged
juandav added a commit that referenced this pull request Mar 21, 2026
@juandav @claude
fix: resolve multiple open issues, update deps and docs (#1253)
8713a3d 
- fix(service): use logger.log instead of debug for transporter ready message (#1239, #1248, #1249)
- fix(service): reuse createTransporter in addTransporter for consistent verification and hooks (#1234)
- fix(liquid): initialize config with default empty object to prevent TypeError (#1232)
- fix(mjml): add optional chaining for others param to prevent crash when undefined
- fix(deps): add peerDependenciesMeta to mark template engines as optional (#1238, #1244)
- fix(deps): move tslib from devDependencies to dependencies for PnP runtime support (#1230)
- chore(deps): update devDependencies to latest compatible versions (#1242, #1250)
- docs: add Liquid adapter examples, MJML clarifications, multi-transporter docs (#1246)
- docs: add pnpm installation instructions and liquidjs to README

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
@juandav
Copy link
Copy Markdown
Member

juandav commented Mar 21, 2026

Superseded by branch fix/multiple-issues-and-dependency-updates which includes comprehensive dependency updates along with bug fixes and documentation improvements.

@juandav
Copy link
Copy Markdown
Member

juandav commented Mar 21, 2026

Closing as superseded — all vulnerability fixes are included in the comprehensive fix branch.

@juandav juandav closed this Mar 21, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@CodePoetPro @Nirator78 @juandav