Suggestion to update the MJML version in the nest-modules/mailer project #1231
Lucas-M-florentino
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I would like to suggest an important update to the mjml dependency used in the nest-modules/mailer project. Currently, the project uses version "4.15.3" of mjml, which depends on html-minifier. However, html-minifier in this specific version has been identified to contain a critical vulnerability known as ReDOS (Regular Expression Denial of Service).
The fix for this vulnerability was implemented in version "5.0.0-alpha.4" of mjml, where html-minifier was replaced by htmlnano. htmlnano not only resolves the aforementioned vulnerability but also improves overall performance in HTML minification.
I downloaded the project locally, replaced the mjml version to "5.0.0-alpha.4", and made the necessary changes to ensure compatibility. After the change, I ran all the project tests, which passed without any problems.
I strongly recommend updating the mjml version in the project to ensure the security and performance of the email module.
Beta Was this translation helpful? Give feedback.
All reactions