Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deps update - snyk risks #1388

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

EctorCunha
Copy link

@EctorCunha EctorCunha commented Nov 9, 2023

Updating dependencies due to security risks.

Updated dependencies:

  • Packages
  • /client
  • /contact-importer
  • /inbound-mail-parser
  • /subscription-widget

Updates:

  • /client:
  • "axios": "^1.6.0"
  • /contact-importer:
  • "axios": "^1.6.0",
  • inbound-mail-parser:
    • "html-to-text": "^6.0.0",
    • "mailparser": "^3.6.5",
    • "nodemailer": "^6.6.1"
  • subscription-widget:
  • "mailparser": "^3.3.0",
  • "nodemon": "^3.0.1",

Note1: It was not possible to update /mail ("@sendgrid/client": "^7.7.0").
Note2: The branch name is specific because the initial intention was to solve just one problem.
Note3: Doesn't exist the Development branch.

====================================================================================

Fixes

A short description of what this PR does.

Checklist

  • I acknowledge that all my contributions will be made under the project's license
  • I have made a material change to the repo (functionality, testing, spelling, grammar)
  • I have read the Contribution Guidelines and my PR follows them
  • I have titled the PR appropriately
  • I have updated my branch with the main branch
  • I have added tests that prove my fix is effective or that my feature works
  • I have added the necessary documentation about the functionality in the appropriate .md file
  • I have added inline documentation to the code I modified

If you have questions, please file a support ticket.

@jared-tewodros
Copy link

Hi Ector! Wondering when this PR will be merged? The sendgrid vulnerability is blocking some changes I am trying to make.

@tiwarishubham635
Copy link
Contributor

Hi! We are working on these changes. The PR will be merged soon. Thanks!

@saghaulor
Copy link

This PR encompasses changes included in and would close #1387

@tiwarishubham635
Copy link
Contributor

Hi @EctorCunha! The changes required here are included as a part of #1390 and it will be merged soon.

@@ -28,7 +28,7 @@
},
"dependencies": {
"@sendgrid/helpers": "^7.7.0",
"axios": "^0.26.0"
"axios": "^1.6.0"

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was updated in #1347 and #1394

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants