-
Notifications
You must be signed in to change notification settings - Fork 177
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace inline-css package #1021
Conversation
@juandav It would be great if this got merged. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Please, review the PR. It is critical for the project, that I am working on. |
@juandav Could this please get merged? This package has been causing a critical security issue for almost 2 months. Many of us will have a blocked pipeline because of this dependency. Is there anything that needs to happen before this can get merged? |
@juandav @eduardoleal @cdiaz @p-mcgowan please approve and merge this pr |
Thanks @juandav |
That's how poppin 💪🏻 |
Hey, |
@juandav |
@juandav release please ! :) |
Thanks for fixing this security issue! @juandav, is there an ETA on when this will be released? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Worked fine on local.
Please, don't forget this. |
Please create a release! @juandav |
Thank you for fixing the issue; could you please create a release for it? 🙏🏼 |
I've moved away from this package and started using Nodemailer directly. (Which was pretty easy to implement.) Unfortunately, this package is not production-ready and is not actively maintained. Security incidents are ignored for months... |
@BramRoets good idea |
Here is something that should get you started. You might have to tweak the https://gist.github.com/BramRoets/fa8d4dfe7b284654a2da528953669f74 |
Is there a release date for the new version, @juandav? |
@MallarDev If interested, I forked the repo to create a v1.9.2 release - https://www.npmjs.com/package/@kurbar/mailer |
@pharindoko You could also check this: https://medium.com/@boladebode/exploring-the-new-release-of-nest-js-version-10-and-the-migration-from-nest-modules-mailer-b80c574f89e6 Gratefully had spare time to do it just to see this beautiful status on Snyk 🗡️ Also -1 star to this repo. for not even having an expected release date... The release issue can be resolved but the fact that there was another issue I wanted help resolve but was afraid it will be this much delayed got me out :") Thanks to the contributors anyways as I have used it for a while. |
nice hint! :) thanks @elsheraey |
Can we please get a release on this? Its a pity to have the code merged for a almost two months now, but be missing a release on it... Our devs are being blocked by our pipelines due to it.... |
@juandav Are you still maintaining? |
Adding this code may help workaround the issue while we wait for the solution: package.json |
@juandav Are you still maintaining? |
Guys, just use the nodemailer without the @nestjs-modules/mailer which is not maintained anymore. This is simple and you have one dependancy less ! Sending a mail is a question of 10 lines of code. After having implemented it, I don't even see the added value of @nestjs-modules/mailer. |
This PR would finally solve (discontinued) vm2 vulnerability by replacing the outdated
inline-css
withcss-inline
.fixes #723, #923, #668, #691
please check #608, #732, #360