-
Notifications
You must be signed in to change notification settings - Fork 177
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerability in the 2.0.2 #1196
Comments
I also have the same error, I'm waiting for that vulnerability to be patched |
Same. Looks like it was already mentions there #1092 but nothings scince v.1.11.0. |
Waiting for a fix too. |
Just realised that this is not a nestjs/mailer issue but instead comes from html-minifier via mjml. I am looking into how I can help since not many have been willing to work on it. |
I haven't properly tested this yet, but there is an alpha version of mjml that doesn't use html-minifer. As a workaround, you can replace the version mailer uses in package.json overrides:
By doing this I got rid of all vulnerabilities. |
@stepanroznik Thanks for your reply, if it works now it doesn't have any vulnerability. |
Another module remove html-minifier as depency and use https://www.npmjs.com/package/html-minifier-terser instead. |
…iler#1196 refactor: logger not saving access into log table, just logging to with logger from nestjs
…iler#1196 refactor: logger not saving access into log table, just logging to with logger from nestjs
hii, ow can I solve this? what changes should I make in my project? I don't understand :( |
Any update on this topic ? |
@NicolasMelin @desarrollador1IR The answer is above you just need to configure package.json , it's a quick solution |
Hi @Veloz-X, thank's for your response. I understand your solution, but I think that it's not a good thing for 2 reasons :
|
What is currently blocking the update of mjml ? As far as I understand, the MJML package provides a fix in the v5 that is only an alpha. |
Looking forward for a fix, as @NicolasMelin said its dangerous use an alpha package in production |
Hello, There is no planned updates on this topics ?! |
Until the release of mjml v5, I think we just have to wait |
Hello,
I have installed the last versino of the module
2.0.2
and I have a vulnerability error :Thanks by advance for your support.
The text was updated successfully, but these errors were encountered: