From 5bc0fba34c5fc39608fda5d1e193247f8fe518e2 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 10 Mar 2026 05:19:13 +0000 Subject: [PATCH] fix: upgrade nodemailer to 7.0.13 to fix DoS and domain validation vulnerabilities Co-authored-by: qinfendebingshuo <207279273+qinfendebingshuo@users.noreply.github.com> --- persona-studio/backend/package-lock.json | 8 ++++---- persona-studio/backend/package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/persona-studio/backend/package-lock.json b/persona-studio/backend/package-lock.json index 079291f6..d79cf1ab 100644 --- a/persona-studio/backend/package-lock.json +++ b/persona-studio/backend/package-lock.json @@ -11,7 +11,7 @@ "cors": "^2.8.5", "dotenv": "^16.4.7", "express": "^4.21.2", - "nodemailer": "^6.9.16" + "nodemailer": "^7.0.13" } }, "node_modules/accepts": { @@ -558,9 +558,9 @@ } }, "node_modules/nodemailer": { - "version": "6.10.1", - "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-6.10.1.tgz", - "integrity": "sha512-Z+iLaBGVaSjbIzQ4pX6XV41HrooLsQ10ZWPUehGmuantvzWoDVBnmsdUcOIDM1t+yPor5pDhVlDESgOMEGxhHA==", + "version": "7.0.13", + "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-7.0.13.tgz", + "integrity": "sha512-PNDFSJdP+KFgdsG3ZzMXCgquO7I6McjY2vlqILjtJd0hy8wEvtugS9xKRF2NWlPNGxvLCXlTNIae4serI7dinw==", "license": "MIT-0", "engines": { "node": ">=6.0.0" diff --git a/persona-studio/backend/package.json b/persona-studio/backend/package.json index 15f9d67c..52d2c6d1 100644 --- a/persona-studio/backend/package.json +++ b/persona-studio/backend/package.json @@ -11,6 +11,6 @@ "cors": "^2.8.5", "dotenv": "^16.4.7", "express": "^4.21.2", - "nodemailer": "^6.9.16" + "nodemailer": "^7.0.13" } }