[Snyk] Fix for 6 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Command Injection SNYK-JS-NODEMAILER-1038834	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	HTTP Header Injection SNYK-JS-NODEMAILER-1296415	No	Proof of Concept
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	No	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	No	No Known Exploit
	816/1000 Why? Mature exploit, Has a fix available, CVSS 8.6	Uninitialized Memory Exposure npm:base64-url:20180512	Yes	Mature
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Regular Expression Denial of Service (ReDoS) npm:plist:20180219	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: humanparser

The new version differs by 7 commits.

• 0ee0ddd update version
• 43008aa Merge pull request [Snyk] Fix for 5 vulnerabilities #25 from compwright/arabic-compound-name
• ff38196 Support `al` in Arabic compound names
• 28d15ee Merge pull request [Snyk] Security upgrade mongodb from 2.2.31 to 3.1.3 #24 from compwright/housekeeping
• 88579b0 Test on modern versions of Node.js
• 7c521d0 Upgrade dependencies
• 6d1014c Remove node_modules

See the full diff

Package name: mobileconfig

The new version differs by 8 commits.

• f028899 v2.2.0
• 2d543eb Merge pull request [Snyk] Upgrade mailsplit from 4.0.2 to 4.6.4 #7 from nishanbajracharya/master
• f8aced2 Fix typo
• bebb545 Update README.md to include caldav unit
• f175a70 Update tests to include caldav unit
• ba0ca58 Add caldav template and example
• 080b9d6 Merge pull request [Snyk] Security upgrade smtp-server from 3.1.0 to 3.8.0 #6 from mathieu-aubin/patch-1
• a012daa Typo fix

See the full diff

Package name: mongo-cursor-pagination

The new version differs by 65 commits.

• efa3b88 7.0.1
• f52ce45 Update CHANGELOG for pending 7.0.1 release
• dbd4bb7 Merge pull request sending message to oneself leads to restart error zone-eu/wildduck#41 from pwiebe/master
• 06d825d updated base64-url to 2.2.0 to address vulnerability https://nodesecurity.io/advisories/660.
• 896ff52 Update v7.0.0 changes
• 6301938 Merge pull request Snoozing zone-eu/wildduck#40 from mixmaxhq/eli/fix-non-supplied-fields
• a15dc7a Handle lack of fields param
• 769b575 7.0.0
• bec4f2a Fix changelog formatting
• 61e4bc1 Merge pull request Create CODE_OF_CONDUCT.md zone-eu/wildduck#38 from mixmaxhq/eli/improve-resolve-fields
• 057bde3 Merge pull request ActiveSync zone-eu/wildduck#39 from mixmaxhq/revert-35-eli/copy-params
• c9f7f98 Revert "Copy params"
• 1cbdff0 Merge pull request [Snyk] Security upgrade smtp-server from 3.1.0 to 3.17.0 #35 from mixmaxhq/eli/copy-params
• 7aa1f26 Field resolution improvements and override
• b5bfd1b Copy params
• c3bf2e2 Merge pull request [Snyk] Security upgrade smtp-server from 3.1.0 to 3.15.0 #32 from mixmaxhq/gaston/update-docs
• 359a476 Update response property name
• e3b2344 Merge pull request [Snyk] Security upgrade nodemailer from 4.1.0 to 7.0.7 #31 from mixmaxhq/deyarnify
• e5d3601 Deyarn fix to package.json
• 898e98e Deyarned mongo-cursor-pagination.
• 03dabe4 6.3.0
• de39ffd Update changelog
• 4c661cb Merge pull request [Snyk] Security upgrade mobileconfig from 2.1.0 to 2.2.0 #30 from pawangspandey/master
• a374f89 update README.MD

See the full diff

Package name: smtp-server

The new version differs by 49 commits.

• f00a7e3 v3.9.0
• a570d01 v3.8.0
• 50743e2 Merge pull request Disable multiple use of same TOTP code zone-eu/wildduck#146 from 0xb4lint/feature/cram-md5-challenge
• 55da398 Merge pull request New logo, better for (fav) icon zone-eu/wildduck#158 from zackschuster/patch-1
• fc4edd5 chore: align nodemailer version with mailparser
• 17fd809 v3.7.0
• 3892f1f auth with CRAM-MD5: access to challenge and challengeResponse
• 427cb7a v3.6.0
• 93e42a1 Merge pull request an user > a user zone-eu/wildduck#140 from CliffS/master
• b87cbf7 Prevent server.close from calling the callback again.
• 0c5f9d1 Fix global issue with eslint.
• 6b42633 Add remote address to any errors.
• 1fcb7cc Merge remote-tracking branch 'upstream/master'
• 14c2435 Create FUNDING.yml
• a8dcf60 Merge pull request Failed to start Redis In-Memory Data Store zone-eu/wildduck#116 from wiktor-k/fix-readme-auth
• 10709e0 v3.5.0
• 9891b05 v3.5.0
• 38f6e5f Fix example by allowing clear text authentication
• f032a58 v3.4.7
• 61ba5a9 prettier update
• c34579a v3.4.6
• bd79c61 v3.4.5
• e015f77 Merge branch 'master' of github.com:nodemailer/smtp-server
• d5d58be v3.4.4

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic