I've been using @adonisjs/mail in production for a CRM and recently hit an issue while trying to clear a security audit. I'd love to contribute the fix back to the repo.
Basically, I worked on:
mjml v5 upgrade: Bumped the devDep and widened the peer range to clear the html-minifier REDoS CVE chain (currently pulled transitively via mjml v4).
Edge plugin fix: mjml v5 made the API async (returns a Promise), but src/plugins/edge.ts still does mjml.default(markup, options).html without await. With v5, .html on a
Promise returns undefined and emails render silently empty. One-line fix, backward-compatible with v4 since awaiting a non-Promise is a no-op.
I've already run the tests locally and everything is green, no regressions.
I have the branch ready to go. Should I open a PR from my fork so you guys can take a look?
I've been using @adonisjs/mail in production for a CRM and recently hit an issue while trying to clear a security audit. I'd love to contribute the fix back to the repo.
Basically, I worked on:
mjml v5 upgrade: Bumped the devDep and widened the peer range to clear the
html-minifierREDoS CVE chain (currently pulled transitively via mjml v4).Edge plugin fix: mjml v5 made the API async (returns a Promise), but
src/plugins/edge.tsstill doesmjml.default(markup, options).htmlwithoutawait. With v5,.htmlon aPromise returns
undefinedand emails render silently empty. One-line fix, backward-compatible with v4 since awaiting a non-Promise is a no-op.I've already run the tests locally and everything is green, no regressions.
I have the branch ready to go. Should I open a PR from my fork so you guys can take a look?