[Snyk] Security upgrade @nestjs-modules/mailer from 1.4.2 to 2.0.0

[tomahawk-pilot]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LODASH-6139239	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-PUGCODEGEN-1082232	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @nestjs-modules/mailer

The new version differs by 250 commits.

• 621621a chore(release): 2.0.0
• 3506885 feat(mailer.service): refactor usage of defaultsDeep
• f80e7b9 Merge pull request #1168 from nest-modules/dependabot/npm_and_yarn/nestjs/core-10.3.8
• 62d2da2 chore(deps-dev): bump @ nestjs/core from 10.3.3 to 10.3.8
• c59ff59 Merge pull request #1166 from nest-modules/dependabot/npm_and_yarn/nestjs/common-10.3.8
• a709bfd chore(deps-dev): bump @ nestjs/common from 10.3.3 to 10.3.8
• 0b12dd7 Merge pull request #1165 from nest-modules/dependabot/npm_and_yarn/commitlint/cli-19.3.0
• 08aa46f Merge pull request #1167 from nest-modules/dependabot/npm_and_yarn/reflect-metadata-0.2.2
• a50b9bb Merge pull request #1169 from nest-modules/dependabot/npm_and_yarn/css-inline/css-inline-0.14.0
• f9df37a Merge pull request #1153 from SimonRosenau/patch-1
• 305ef36 Merge branch 'main' into patch-1
• 191f259 chore(deps): bump @ css-inline/css-inline from 0.13.0 to 0.14.0
• 0426652 chore(deps-dev): bump reflect-metadata from 0.2.1 to 0.2.2
• 6fa0369 chore(deps-dev): bump @ commitlint/cli from 19.0.3 to 19.3.0
• 2005922 Merge pull request #1163 from nest-modules/dependabot/npm_and_yarn/typescript-eslint/eslint-plugin-7.7.1
• 9d03d44 chore(deps-dev): bump @ typescript-eslint/eslint-plugin
• facfc12 Merge pull request #1164 from nest-modules/dependabot/npm_and_yarn/typescript-eslint/parser-7.7.1
• 20c1858 chore(deps-dev): bump @ typescript-eslint/parser from 7.1.0 to 7.7.1
• 8c5867d Merge pull request #1158 from nest-modules/dependabot/npm_and_yarn/typescript-5.4.5
• 2af89c6 Merge pull request #1135 from nest-modules/dependabot/npm_and_yarn/types/lodash-4.17.0
• 5d8885d Merge pull request #1141 from nest-modules/dependabot/npm_and_yarn/nodemailer-6.9.13
• b9960b8 Merge pull request #1147 from otonielguajardo/liquidjs-adapter
• aa49b7f Merge pull request #1162 from sirmonin/optional-mjml
• 33fa7fa Merge pull request #1133 from GFoniX/main

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Command Injection
🦉 Prototype Pollution