Vulnerabilities in dependencies

[Berkmann18]

After running an NSP scan, I discovered that this package was using vulnerable versions of both qs and mime that needs to be updated to version v7 and v2.0.3 respectively.
Sources:
https://nodesecurity.io/advisories/535

[thinkingserious]

Thanks for the heads up @Berkmann18! This is our backlog for a fix; however, PRs are always welcome :)

[Berkmann18]

I'm currently updated the relevant changes but after running npm test there seem to be quite a few things that needs to be done (which I'm not familiar with) such as:

• Adding a docker file
  And others where I'm not really in the position to write such as:
• ISSUE_TEMPLATE
• TROUBLESHOOTING.md
• USE_CASES.md

So here's the output of the test (after updating the mocha (due to jade being deprecated in the versions this package was using) and sendgrid (as I mentioned above):

 LICENSE
    ✓ should have correct end year

  sendgrid-transport
    ✓ should take an api_user and api_key
    ✓ should take an apikey
    ✓ should have a name and version

  nodemailer-sendgrid-transport repo
Dockerfile doesn't exist.
docker/Dockerfile doesn't exist.
    1) should have ./Dockerfile or docker/Dockerfile
docker-compose.yml doesn't exist.
docker/docker-compose.yml doesn't exist.
    2) should have ./docker-compose.yml or ./docker/docker-compose.yml file
    ✓ should have ./.env_sample file
    ✓ should have ./.gitignore file
    ✓ should have ./.travis.yml file
    ✓ should have ./.codeclimate.yml file
    ✓ should have ./CHANGELOG.md file
    ✓ should have ./CODE_OF_CONDUCT.md file
    ✓ should have ./CONTRIBUTING.md file
.github/ISSUE_TEMPLATE doesn't exist.
    3) should have ./.github/ISSUE_TEMPLATE file
LICENSE.md doesn't exist.
    ✓ should have ./LICENSE.md file
    ✓ should have ./.github/PULL_REQUEST_TEMPLATE file
    ✓ should have ./README.md file
TROUBLESHOOTING.md doesn't exist.
    4) should have ./TROUBLESHOOTING.md file
    ✓ should have ./USAGE.md file
USE_CASES.md doesn't exist.
    5) should have ./USE_CASES.md file


  15 passing (9ms)
  5 failing

  1) nodemailer-sendgrid-transport repo should have ./Dockerfile or docker/Dockerfile:

      AssertionError [ERR_ASSERTION]: false == true
      + expected - actual

      -false
      +true
      
      at Context.<anonymous> (test/test.js:6:5)

  2) nodemailer-sendgrid-transport repo should have ./docker-compose.yml or ./docker/docker-compose.yml file:

      AssertionError [ERR_ASSERTION]: false == true
      + expected - actual

      -false
      +true
      
      at Context.<anonymous> (test/test.js:10:5)

  3) nodemailer-sendgrid-transport repo should have ./.github/ISSUE_TEMPLATE file:

      AssertionError [ERR_ASSERTION]: false == true
      + expected - actual

      -false
      +true
      
      at Context.<anonymous> (test/test.js:42:5)

  4) nodemailer-sendgrid-transport repo should have ./TROUBLESHOOTING.md file:

      AssertionError [ERR_ASSERTION]: false == true
      + expected - actual

      -false
      +true
      
      at Context.<anonymous> (test/test.js:58:5)

  5) nodemailer-sendgrid-transport repo should have ./USE_CASES.md file:

      AssertionError [ERR_ASSERTION]: false == true
      + expected - actual

      -false
      +true
      
      at Context.<anonymous> (test/test.js:66:5)



npm ERR! Test failed.  See above for more details.

[Berkmann18]

Other than that ^, I get this after running nsp check so it seems that the changes resolve those vulnerability issues.

(+) No known vulnerabilities found

[mbernier]

Those files are ok that they are failing, this is a result of us having PRs left over from Hacktoberfest. If the other tests are passing, we are g2g

[Berkmann18]

So can I submit a PR without worrying about those fails?
This should also resolve #25 .

[thinkingserious]

@Berkmann18,

Yes and thank you!

[Berkmann18]

Since these vulnerabilities regarding the aforementioned dependencies were resolved, I'm closing this issue.

[thinkingserious]

Thanks @Berkmann18!