From f3b76cc9571ee19fecb89d8f5093544428932cdc Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Sat, 11 Oct 2025 08:54:04 +0000
Subject: [PATCH] fix: package.json & package-lock.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NODEMAILER-13378253
---
 package-lock.json | 54 +++++++++++++++++++++++++----------------------
 package.json      |  2 +-
 2 files changed, 30 insertions(+), 26 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 34876e0..6891524 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -20,7 +20,7 @@
         "express": "^4.21.0",
         "fs-directory": "^1.0.0",
         "jsonpath": "^1.1.1",
-        "mailparser": "^3.7.1",
+        "mailparser": "^3.7.5",
         "minimist": "^1.2.8",
         "moment": "^2.29.4",
         "morgan": "^1.10.0",
@@ -3984,9 +3984,9 @@
       "license": "MIT"
     },
     "node_modules/libmime": {
-      "version": "5.3.6",
-      "resolved": "https://registry.npmjs.org/libmime/-/libmime-5.3.6.tgz",
-      "integrity": "sha512-j9mBC7eiqi6fgBPAGvKCXJKJSIASanYF4EeA4iBzSG0HxQxmXnR3KbyWqTn4CwsKSebqCv2f5XZfAO6sKzgvwA==",
+      "version": "5.3.7",
+      "resolved": "https://registry.npmjs.org/libmime/-/libmime-5.3.7.tgz",
+      "integrity": "sha512-FlDb3Wtha8P01kTL3P9M+ZDNDWPKPmKHWaU/cG/lg5pfuAwdflVpZE+wm9m7pKmC5ww6s+zTxBKS1p6yl3KpSw==",
       "license": "MIT",
       "dependencies": {
         "encoding-japanese": "2.2.0",
@@ -4070,43 +4070,47 @@
       }
     },
     "node_modules/mailparser": {
-      "version": "3.7.3",
-      "resolved": "https://registry.npmjs.org/mailparser/-/mailparser-3.7.3.tgz",
-      "integrity": "sha512-0RM14cZF0gO1y2Q/82hhWranispZOUSYHwvQ21h12x90NwD6+D5q59S5nOLqCtCdYitHN58LJXWEHa4RWm7BYA==",
+      "version": "3.7.5",
+      "resolved": "https://registry.npmjs.org/mailparser/-/mailparser-3.7.5.tgz",
+      "integrity": "sha512-o59RgZC+4SyCOn4xRH1mtRiZ1PbEmi6si6Ufnd3tbX/V9zmZN1qcqu8xbXY62H6CwIclOT3ppm5u/wV2nujn4g==",
       "license": "MIT",
       "dependencies": {
         "encoding-japanese": "2.2.0",
         "he": "1.2.0",
         "html-to-text": "9.0.5",
-        "iconv-lite": "0.6.3",
-        "libmime": "5.3.6",
+        "iconv-lite": "0.7.0",
+        "libmime": "5.3.7",
         "linkify-it": "5.0.0",
-        "mailsplit": "5.4.3",
-        "nodemailer": "7.0.3",
+        "mailsplit": "5.4.6",
+        "nodemailer": "7.0.9",
         "punycode.js": "2.3.1",
-        "tlds": "1.259.0"
+        "tlds": "1.260.0"
       }
     },
     "node_modules/mailparser/node_modules/iconv-lite": {
-      "version": "0.6.3",
-      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz",
-      "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==",
+      "version": "0.7.0",
+      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.7.0.tgz",
+      "integrity": "sha512-cf6L2Ds3h57VVmkZe+Pn+5APsT7FpqJtEhhieDCvrE2MK5Qk9MyffgQyuxQTm6BChfeZNtcOLHp9IcWRVcIcBQ==",
       "license": "MIT",
       "dependencies": {
         "safer-buffer": ">= 2.1.2 < 3.0.0"
       },
       "engines": {
         "node": ">=0.10.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
       }
     },
     "node_modules/mailsplit": {
-      "version": "5.4.3",
-      "resolved": "https://registry.npmjs.org/mailsplit/-/mailsplit-5.4.3.tgz",
-      "integrity": "sha512-PFV0BBh4Tv7Omui5FtXXVtN4ExAxIi8Yvmb9JgBz+J6Hnnrv/YYXLlKKudLhXwd3/qWEATOslRsnzVCWDeCnmQ==",
+      "version": "5.4.6",
+      "resolved": "https://registry.npmjs.org/mailsplit/-/mailsplit-5.4.6.tgz",
+      "integrity": "sha512-M+cqmzaPG/mEiCDmqQUz8L177JZLZmXAUpq38owtpq2xlXlTSw+kntnxRt2xsxVFFV6+T8Mj/U0l5s7s6e0rNw==",
       "license": "(MIT OR EUPL-1.1+)",
       "dependencies": {
         "libbase64": "1.3.0",
-        "libmime": "5.3.6",
+        "libmime": "5.3.7",
         "libqp": "2.1.1"
       }
     },
@@ -4369,9 +4373,9 @@
       "license": "MIT"
     },
     "node_modules/nodemailer": {
-      "version": "7.0.3",
-      "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-7.0.3.tgz",
-      "integrity": "sha512-Ajq6Sz1x7cIK3pN6KesGTah+1gnwMnx5gKl3piQlQQE/PwyJ4Mbc8is2psWYxK3RJTVeqsDaCv8ZzXLCDHMTZw==",
+      "version": "7.0.9",
+      "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-7.0.9.tgz",
+      "integrity": "sha512-9/Qm0qXIByEP8lEV2qOqcAW7bRpL8CR9jcTwk3NBnHJNmP9fIJ86g2fgmIXqHY+nj55ZEMwWqYAT2QTDpRUYiQ==",
       "license": "MIT-0",
       "engines": {
         "node": ">=6.0.0"
@@ -5818,9 +5822,9 @@
       "license": "MIT"
     },
     "node_modules/tlds": {
-      "version": "1.259.0",
-      "resolved": "https://registry.npmjs.org/tlds/-/tlds-1.259.0.tgz",
-      "integrity": "sha512-AldGGlDP0PNgwppe2quAvuBl18UcjuNtOnDuUkqhd6ipPqrYYBt3aTxK1QTsBVknk97lS2JcafWMghjGWFtunw==",
+      "version": "1.260.0",
+      "resolved": "https://registry.npmjs.org/tlds/-/tlds-1.260.0.tgz",
+      "integrity": "sha512-78+28EWBhCEE7qlyaHA9OR3IPvbCLiDh3Ckla593TksfFc9vfTsgvH7eS+dr3o9qr31gwGbogcI16yN91PoRjQ==",
       "license": "MIT",
       "bin": {
         "tlds": "bin.js"
diff --git a/package.json b/package.json
index 275f00f..1047d02 100644
--- a/package.json
+++ b/package.json
@@ -46,7 +46,7 @@
     "express": "^4.21.0",
     "fs-directory": "^1.0.0",
     "jsonpath": "^1.1.1",
-    "mailparser": "^3.7.1",
+    "mailparser": "^3.7.5",
     "minimist": "^1.2.8",
     "moment": "^2.29.4",
     "morgan": "^1.10.0",