mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-26 04:13:30 +03:00
93e4b2eafd
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-wfrj-qqc2-83cm refs https://github.com/advisories/GHSA-48ww-j4fc-435p - a vulnerability in `nodemailer` means that the `sendmail` transport is vulnerable to command injection for flags passed to the `sendmail` binary - updating to the latest version of Nodemailer required creating `@tryghost/nodemailer`, which is a wrapper around Nodemailer and several plugins that used to be in the core - this commit switches to using that package, and fixes up some small code + test changes
24 lines
446 B
JSON
24 lines
446 B
JSON
{
|
|
"extends": [
|
|
"@tryghost:quietJS",
|
|
"@tryghost:disableTryGhostAutomerge",
|
|
"@tryghost:groupTestLint",
|
|
"@tryghost:groupCSS",
|
|
"@tryghost:groupBuildTools"
|
|
],
|
|
"ignoreDeps": [
|
|
"got",
|
|
"intl-messageformat",
|
|
"moment",
|
|
"moment-timezone",
|
|
"simple-dom"
|
|
],
|
|
"ignorePaths": ["test"],
|
|
"packageRules": [
|
|
{
|
|
"packagePatterns": [ "metascraper" ],
|
|
"groupName": "metascraper"
|
|
}
|
|
]
|
|
}
|