[Snyk] Upgrade nodemailer from 6.6.2 to 6.10.1 #2019

Vishwas1 · 2025-09-02T03:32:24Z

Snyk has created this PR to upgrade nodemailer from 6.6.2 to 6.10.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 32 versions ahead of your current version.
The recommended version was released 5 months ago.

Issues fixed by the recommended upgrade:

Issue	Score	Exploit Maturity
Regular Expression Denial of Service (ReDoS) SNYK-JS-NODEMAILER-6219989	586	Proof of Concept
Improper Handling of Unexpected Data Type SNYK-JS-ONHEADERS-10773729	586	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	586	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-8482416	586	Proof of Concept
Generation of Predictable Numbers or Identifiers SNYK-JS-PBKDF2-10495496	586	Proof of Concept
Generation of Predictable Numbers or Identifiers SNYK-JS-PBKDF2-10495498	586	No Known Exploit
Prototype Poisoning SNYK-JS-QS-3153490	586	Proof of Concept
Prototype Poisoning SNYK-JS-QS-3153490	586	Proof of Concept
Improper Validation of Integrity Check Value SNYK-JS-SECP256K1-8237220	586	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	586	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	586	Proof of Concept
Information Exposure SNYK-JS-SIMPLEGET-2361683	586	Proof of Concept
Arbitrary File Overwrite SNYK-JS-TAR-1536528	586	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	586	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	586	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	586	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579155	586	No Known Exploit
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	586	No Known Exploit
Directory Traversal SNYK-JS-MOMENT-2440688	586	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	586	Proof of Concept
Prototype Pollution SNYK-JS-MONGOOSE-2961688	586	Proof of Concept
Prototype Pollution SNYK-JS-MONGOOSE-5777721	586	Proof of Concept
Improper Input Validation SNYK-JS-URLPARSE-2407770	586	Proof of Concept
Prototype Pollution SNYK-JS-ASYNC-2441827	586	Proof of Concept
Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	586	No Known Exploit
Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	586	No Known Exploit
Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	586	Proof of Concept
Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8172694	586	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ES5EXT-6095076	586	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-RAMDA-1582370	586	No Known Exploit
Symlink Attack SNYK-JS-TMP-11501554	586	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	586	No Known Exploit
Open Redirect SNYK-JS-URLPARSE-1533425	586	Proof of Concept
Access Restriction Bypass SNYK-JS-URLPARSE-2401205	586	Proof of Concept
Authorization Bypass SNYK-JS-URLPARSE-2407759	586	Proof of Concept
Open Redirect SNYK-JS-GOT-2932019	586	No Known Exploit
Open Redirect SNYK-JS-GOT-2932019	586	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	586	Proof of Concept
Denial of Service (DoS) SNYK-JS-JSZIP-1251497	586	Proof of Concept
Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-JSZIP-3188562	586	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	586	No Known Exploit
Information Exposure SNYK-JS-MONGODB-5871303	586	No Known Exploit
Prototype Pollution SNYK-JS-MPATH-1577289	586	Proof of Concept
Information Exposure SNYK-JS-NODEFETCH-2342118	586	No Known Exploit
Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	586	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	586	Proof of Concept
Insufficient Visual Distinction of Homoglyphs Presented to User SNYK-JS-BASEX-10118294	586	No Known Exploit
Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060	586	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-COOKIEJAR-3149984	586	Proof of Concept
Open Redirect SNYK-JS-EXPRESS-6474509	586	No Known Exploit
Cross-site Scripting SNYK-JS-EXPRESS-7926867	586	No Known Exploit
Cross-site Scripting SNYK-JS-SEND-7926862	586	No Known Exploit
Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	586	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	586	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-2429795	586	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073	586	Proof of Concept
Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577916	586	Proof of Concept
Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577917	586	Proof of Concept
Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577918	586	Proof of Concept
Information Exposure SNYK-JS-ELLIPTIC-8720086	586	Proof of Concept

Release notes

Package name: nodemailer

6.10.1 - 2025-04-13
6.10.1 (2025-02-06)

Bug Fixes
- close correct socket (a18062c)
6.10.0 - 2025-01-23
6.10.0 (2025-01-23)

Features
- services: add Seznam email service configuration (#1695) (d1ae0a8)
Bug Fixes
- proxy: Set error and timeout errors for proxied sockets (aa0c99c)
6.9.16 - 2024-10-28
6.9.16 (2024-10-28)

Bug Fixes
- addressparser: Correctly detect if user local part is attached to domain part (f2096c5)
6.9.15 - 2024-09-03
6.9.15 (2024-08-08)

Bug Fixes
- Fix memory leak (#1667) (baa28f6)
- mime: Added GeoJSON closes #1637 (#1665) (79b8293)
6.9.14 - 2024-06-19
6.9.14 (2024-06-19)

Bug Fixes
- api: Added support for Ethereal authentication (56b2205)
- services.json: Add Email Services Provider Feishu Mail (CN) (#1648) (e9e9ecc)
- services.json: update Mailtrap host and port in well known (#1652) (fc2c9ea)
- well-known-services: Add Loopia in well known services (#1655) (21a28a1)
6.9.13 - 2024-03-20
6.9.13 (2024-03-20)

Bug Fixes
- tls: Ensure servername for SMTP (d66fdd3)
6.9.12 - 2024-03-08
6.9.12 (2024-03-08)

Bug Fixes
- message-generation: Escape single quote in address names (4ae5fad)
6.9.11 - 2024-02-29
6.9.11 (2024-02-29)

Bug Fixes
- headers: Ensure that Content-type is the bottom header (c7cf97e)
6.9.10 - 2024-02-22
6.9.10 (2024-02-22)

Bug Fixes
- data-uri: Do not use regular expressions for parsing data URI schemes (12e65e9)
- data-uri: Moved all data-uri regexes to use the non-regex parseDataUri method (edd5dfe)
6.9.9 - 2024-02-01
6.9.9 (2024-02-01)

Bug Fixes
- security: Fix issues described in GHSA-9h6g-pr28-7cqp. Do not use eternal matching pattern if only a few occurences are expected (dd8f5e8)
- tests: Use native node test runner, added code coverage support, removed grunt (#1604) (be45c1b)
6.9.8 - 2023-12-30
6.9.7 - 2023-10-22
6.9.6 - 2023-10-09
6.9.5 - 2023-09-06
6.9.4 - 2023-07-19
6.9.3 - 2023-05-29
6.9.2 - 2023-05-11
6.9.1 - 2023-01-27
6.9.0 - 2023-01-12
6.8.0 - 2022-09-28
6.7.8 - 2022-08-11
6.7.7 - 2022-07-06
6.7.6 - 2022-06-30
6.7.5 - 2022-05-04
6.7.4 - 2022-04-28
6.7.3 - 2022-03-21
6.7.2 - 2021-11-26
6.7.1 - 2021-11-15
6.7.0 - 2021-10-11
6.6.5 - 2021-09-23
6.6.4 - 2021-09-23
6.6.3 - 2021-07-14
6.6.2 - 2021-06-18

from nodemailer GitHub release notes

Important

Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.
Max score is 1000. Note that the real score may have changed since the PR was raised.
Snyk has automatically assigned this pull request, set who gets assigned.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

👩‍💻 Set who automatically gets assigned

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade nodemailer from 6.6.2 to 6.10.1. See this package in npm: nodemailer See this project in Snyk: https://app.snyk.io/org/vishwas1/project/2720c8e6-f642-42c7-953d-4401e8d2c85f?utm_source=github&utm_medium=referral&page=upgrade-pr

Vishwas1 self-assigned this Sep 2, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Upgrade nodemailer from 6.6.2 to 6.10.1 #2019

[Snyk] Upgrade nodemailer from 6.6.2 to 6.10.1 #2019

Uh oh!

Vishwas1 commented Sep 2, 2025

6.10.1 (2025-02-06)

Bug Fixes

6.10.0 (2025-01-23)

Features

Bug Fixes

6.9.16 (2024-10-28)

Bug Fixes

6.9.15 (2024-08-08)

Bug Fixes

6.9.14 (2024-06-19)

Bug Fixes

6.9.13 (2024-03-20)

Bug Fixes

6.9.12 (2024-03-08)

Bug Fixes

6.9.11 (2024-02-29)

Bug Fixes

6.9.10 (2024-02-22)

Bug Fixes

6.9.9 (2024-02-01)

Bug Fixes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

[Snyk] Upgrade nodemailer from 6.6.2 to 6.10.1 #2019

Are you sure you want to change the base?

[Snyk] Upgrade nodemailer from 6.6.2 to 6.10.1 #2019

Uh oh!

Conversation

Vishwas1 commented Sep 2, 2025

Snyk has created this PR to upgrade nodemailer from 6.6.2 to 6.10.1.

Issues fixed by the recommended upgrade:

6.10.1 (2025-02-06)

Bug Fixes

6.10.0 (2025-01-23)

Features

Bug Fixes

6.9.16 (2024-10-28)

Bug Fixes

6.9.15 (2024-08-08)

Bug Fixes

6.9.14 (2024-06-19)

Bug Fixes

6.9.13 (2024-03-20)

Bug Fixes

6.9.12 (2024-03-08)

Bug Fixes

6.9.11 (2024-02-29)

Bug Fixes

6.9.10 (2024-02-22)

Bug Fixes

6.9.9 (2024-02-01)

Bug Fixes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants