Bump the npm_and_yarn group across 16 directories with 15 updates

[dependabot]

Bumps the npm_and_yarn group with 9 updates in the / directory:

Package	From	To
esbuild	0.14.44	0.25.0
axios	0.27.2	0.30.2
typeorm	0.3.6	0.3.26
express	4.18.1	4.20.0
nodemailer	6.7.5	7.0.7
body-parser	1.20.0	1.20.3
multer	1.4.4	2.0.2
nanoid	3.3.4	3.3.8
brace-expansion	1.1.11	1.1.12

Bumps the npm_and_yarn group with 1 update in the /app/api-server directory: nodemailer.
Bumps the npm_and_yarn group with 1 update in the /app/frontend/react-app directory: axios.
Bumps the npm_and_yarn group with 1 update in the /app/methane/client directory: axios.
Bumps the npm_and_yarn group with 2 updates in the /app/supply-chain/api directory: axios and multer.
Bumps the npm_and_yarn group with 4 updates in the /fabric/chaincode/emissionscontract/typescript directory: nanoid, brace-expansion, cross-spawn and path-to-regexp.
Bumps the npm_and_yarn group with 1 update in the /fabric/typescript_app directory: multer.
Bumps the npm_and_yarn group with 1 update in the /hardhat directory: axios.
Bumps the npm_and_yarn group with 4 updates in the /hardhat/hedera directory: axios, brace-expansion, elliptic and tmp.
Bumps the npm_and_yarn group with 1 update in the /lib/data-common directory: esbuild.
Bumps the npm_and_yarn group with 1 update in the /lib/supply-chain directory: axios.
Bumps the npm_and_yarn group with 1 update in the /open-offsets-directory/node-server directory: body-parser.
Bumps the npm_and_yarn group with 1 update in the /open-offsets-directory/react directory: axios.
Bumps the npm_and_yarn group with 1 update in the /secure-identities/identity-ui directory: axios.
Bumps the npm_and_yarn group with 1 update in the /secure-identities/vault-identity directory: express.
Bumps the npm_and_yarn group with 1 update in the /secure-identities/ws-wallet directory: axios.

Updates esbuild from 0.14.44 to 0.25.0

Release notes

Sourced from esbuild's releases.

v0.25.0

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.24.0 or ~0.24.0. See npm's documentation about semver for more information.

• Restrict access to esbuild's development server (GHSA-67mh-4wv8-2f99)

  This change addresses esbuild's first security vulnerability report. Previously esbuild set the Access-Control-Allow-Origin header to * to allow esbuild's development server to be flexible in how it's used for development. However, this allows the websites you visit to make HTTP requests to esbuild's local development server, which gives read-only access to your source code if the website were to fetch your source code's specific URL. You can read more information in the report.

  Starting with this release, CORS will now be disabled, and requests will now be denied if the host does not match the one provided to --serve=. The default host is 0.0.0.0, which refers to all of the IP addresses that represent the local machine (e.g. both 127.0.0.1 and 192.168.0.1). If you want to customize anything about esbuild's development server, you can put a proxy in front of esbuild and modify the incoming and/or outgoing requests.

  In addition, the serve() API call has been changed to return an array of hosts instead of a single host string. This makes it possible to determine all of the hosts that esbuild's development server will accept.

  Thanks to @​sapphi-red for reporting this issue.

• Delete output files when a build fails in watch mode (#3643)

  It has been requested for esbuild to delete files when a build fails in watch mode. Previously esbuild left the old files in place, which could cause people to not immediately realize that the most recent build failed. With this release, esbuild will now delete all output files if a rebuild fails. Fixing the build error and triggering another rebuild will restore all output files again.

• Fix correctness issues with the CSS nesting transform (#3620, #3877, #3933, #3997, #4005, #4037, #4038)

  This release fixes the following problems:

  • Naive expansion of CSS nesting can result in an exponential blow-up of generated CSS if each nesting level has multiple selectors. Previously esbuild sometimes collapsed individual nesting levels using :is() to limit expansion. However, this collapsing wasn't correct in some cases, so it has been removed to fix correctness issues.

    /* Original code */
    .parent {
      > .a,
      > .b1 > .b2 {
        color: red;
      }
    }
    /* Old output (with --supported:nesting=false) */
    .parent > :is(.a, .b1 > .b2) {
    color: red;
    }
    /* New output (with --supported:nesting=false) */
    .parent > .a,
    .parent > .b1 > .b2 {
    color: red;
    }

    Thanks to @​tim-we for working on a fix.

  • The & CSS nesting selector can be repeated multiple times to increase CSS specificity. Previously esbuild ignored this possibility and incorrectly considered && to have the same specificity as &. With this release, this should now work correctly:

    /* Original code (color should be red) */

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2022

This changelog documents all esbuild versions published in the year 2022 (versions 0.14.11 through 0.16.12).

0.16.12

• Loader defaults to js for extensionless files (#2776)

  Certain packages contain files without an extension. For example, the yargs package contains the file yargs/yargs which has no extension. Node, Webpack, and Parcel can all understand code that imports yargs/yargs because they assume that the file is JavaScript. However, esbuild was previously unable to understand this code because it relies on the file extension to tell it how to interpret the file. With this release, esbuild will now assume files without an extension are JavaScript files. This can be customized by setting the loader for "" (the empty string, representing files without an extension) to another loader. For example, if you want files without an extension to be treated as CSS instead, you can do that like this:

  • CLI:

    esbuild --bundle --loader:=css
    

  • JS:

    esbuild.build({
      bundle: true,
      loader: { '': 'css' },
    })

  • Go:

    api.Build(api.BuildOptions{
      Bundle: true,
      Loader: map[string]api.Loader{"": api.LoaderCSS},
    })

  In addition, the "type" field in package.json files now only applies to files with an explicit .js, .jsx, .ts, or .tsx extension. Previously it was incorrectly applied by esbuild to all files that had an extension other than .mjs, .mts, .cjs, or .cts including extensionless files. So for example an extensionless file in a "type": "module" package is now treated as CommonJS instead of ESM.

0.16.11

• Avoid a syntax error in the presence of direct eval (#2761)

  The behavior of nested function declarations in JavaScript depends on whether the code is run in strict mode or not. It would be problematic if esbuild preserved nested function declarations in its output because then the behavior would depend on whether the output was run in strict mode or not instead of respecting the strict mode behavior of the original source code. To avoid this, esbuild transforms nested function declarations to preserve the intended behavior of the original source code regardless of whether the output is run in strict mode or not:

  // Original code
  if (true) {
    function foo() {}
    console.log(!!foo)
    foo = null
    console.log(!!foo)
  }

... (truncated)

Commits

• e9174d6 publish 0.25.0 to npm
• c27dbeb fix hosts in plugin-tests.js
• 6794f60 fix hosts in node-unref-tests.js
• de85afd Merge commit from fork
• da1de1b fix #4065: bitwise operators can return bigints
• f4e9d19 switch case liveness: default is always last
• 7aa47c3 fix #4028: minify live/dead switch cases better
• 22ecd30 minify: more constant folding for strict equality
• 4cdf03c fix #4053: reordering of .tsx in node_modules
• dc71977 fix #3692: 0 now picks a random ephemeral port
• Additional commits viewable in compare view

Updates axios from 0.27.2 to 0.30.2

Release notes

Sourced from axios's releases.

v0.30.2

What's Changed

• Backport maxContentLength vulnerability fix to v0.x by @​FeBe95 in axios/axios#7034

New Contributors

• @​FeBe95 made their first contribution in axios/axios#7034

Full Changelog: axios/axios@v0.30.1...v0.30.2

Release v0.30.1

Release notes:

Bug Fixes

• chore(deps): bump form-data from 4.0.0 to 4.0.4 for v0.x by @​wolandec in axios/axios#6978

Contributors to this release

• @​wolandec made their first contribution in axios/axios#6978

Full Changelog: axios/axios@v0.30.0...v0.30.1

Release v0.30.0

Release notes:

Bug Fixes

• fix: modify log while request is aborted by @​mori5321 in axios/axios#4917
• fix: update CHANGELOG.md for v0.x by @​TehZarathustra in axios/axios#6271
• fix: modify upgrade guide for 0.28.1's breaking change by @​nafeger in axios/axios#6787
• fix: backport allowAbsoluteUrls vulnerability fix to v0.x by @​thatguyinabeanie in axios/axios#6829
• fix: add allowAbsoluteUrls type by @​thatguyinabeanie in axios/axios#6849

Contributors to this release

• @​mori5321 made their first contribution in axios/axios#4917
• @​TehZarathustra made their first contribution in axios/axios#6271
• @​nafeger made their first contribution in axios/axios#6787
• @​thatguyinabeanie made their first contribution in axios/axios#6829

Full Changelog: axios/axios@v0.29.0...v0.30.0

v0.29.0

Release notes:

Bug Fixes

• fix(backport): backport security fixes in commits #6167 and #6163 to v0.x by @​Sean-Powell in axios/axios#6402
• fix: omit nulls in params by @​Willshaw in axios/axios#6394
• fix(backport): fix paramsSerializer function validation by @​solonzhu in axios/axios#6361
• fix: Regular Expression Denial of Service (ReDoS) by @​qiongshusheng in axios/axios#6708

Contributors to this release

• @​Sean-Powell made their first contribution in axios/axios#6402
• @​Willshaw made their first contribution in axios/axios#6394
• @​solonzhu made their first contribution in axios/axios#6361

... (truncated)

Commits

• 2fcb4ec chore: v0.30.2
• 153f483 chore: preversion
• ee548ff fix: tests failing
• a1b1d3f fix: backport maxContentLength vulnerability fix to v0.x (#7034)
• b17c4de chore: build latest version
• ad6b82a chore: build latest version
• da447d5 chore(deps): bump form-data from 4.0.0 to 4.0.4 (#6978)
• 6e922e4 chore: added build artifacts
• a06ed1e chore: added pre-release artifacts
• c010622 feat: add type for allowAbsoluteUrls (#6849)
• Additional commits viewable in compare view

Updates typeorm from 0.3.6 to 0.3.26

Release notes

Sourced from typeorm's releases.

0.3.26

Notes:

• When using MySQL, TypeORM now connects using stringifyObjects: true, in order to avoid a potential security vulnerability in the mysql/mysql2 client libraries. You can revert to the old behavior by setting connectionOptions.extra.stringifyObjects = false.
• When using SAP HANA, TypeORM now uses the built-in pool from the @sap/hana-client library. The deprecated hdb-pool is no longer necessary and can be removed. See https://typeorm.io/docs/drivers/sap/#data-source-options for the new pool options.

What's Changed

• chore: Remove manual trigger on publish workflow by @​michaelbromley in typeorm/typeorm#11536
• test(ci): force mocha to exit on stuck process by @​OSA413 in typeorm/typeorm#11538
• fix(oracle): pass duplicated parameters correctly to the client when executing a query by @​alumni in typeorm/typeorm#11537
• feat(sap): add support for REAL_VECTOR and HALF_VECTOR data types in SAP HANA Cloud by @​alumni in typeorm/typeorm#11526
• fix: add stricter type-checking and improve event loop handling by @​alumni in typeorm/typeorm#11540
• perf: avoid unnecessary count on getManyAndCount by @​EQuincerot in typeorm/typeorm#11524
• feat(sap): use the native driver for connection pooling by @​alumni in typeorm/typeorm#11520
• fix: support for better-sqlite3 v12 by @​mohd-akram in typeorm/typeorm#11557
• fix: preserve useIndex when cloning a QueryExpressionMap (or a QueryBuilder) by @​kettui in typeorm/typeorm#10679
• chore: change test badge from test.yml to commit-validation.yml by @​albasyir in typeorm/typeorm#11560
• fix: do not create junction table metadata when it already exists by @​ragrag in typeorm/typeorm#11114
• fix(mysql): support AnalyticDB returning version() column name in getVersion() by @​rhydian0x in typeorm/typeorm#11555
• fix: resolve array modification bug in QueryRunner drop methods #11563 by @​taina0407 in typeorm/typeorm#11564
• fix(mysql): set stringifyObjects implicitly by @​alumni in typeorm/typeorm#11574
• docs: separate driver-specific documentation by @​alumni in typeorm/typeorm#11581
• docs: fix redirect to mongodb page by @​alumni in typeorm/typeorm#11584
• feat(11528): add Redis 5.x support with backward compatibility wite peer dependency to allow by @​par333k in typeorm/typeorm#11585
• fix: regtype is not supported in aurora serverless v2 by @​ArsenyYankovsky in typeorm/typeorm#11568
• fix(platform[web worker]): improve globalThis variable retrieval for … by @​dasoncheng in typeorm/typeorm#11495
• docs: added @piying/orm extension to readme by @​wszgrcy in typeorm/typeorm#11596
• docs: Fix reload option typo by @​radovanovic-stevan in typeorm/typeorm#11601
• feat: add entity mode virtual-property by @​wszgrcy in typeorm/typeorm#11597
• chore: Release v0.3.26 by @​michaelbromley in typeorm/typeorm#11602

New Contributors

• @​EQuincerot made their first contribution in typeorm/typeorm#11524
• @​kettui made their first contribution in typeorm/typeorm#10679
• @​ragrag made their first contribution in typeorm/typeorm#11114
• @​rhydian0x made their first contribution in typeorm/typeorm#11555
• @​taina0407 made their first contribution in typeorm/typeorm#11564
• @​par333k made their first contribution in typeorm/typeorm#11585
• @​dasoncheng made their first contribution in typeorm/typeorm#11495
• @​wszgrcy made their first contribution in typeorm/typeorm#11596
• @​radovanovic-stevan made their first contribution in typeorm/typeorm#11601

Full Changelog: typeorm/typeorm@0.3.25...0.3.26

0.3.25

... (truncated)

Changelog

Sourced from typeorm's changelog.

0.3.26 (2025-08-16)

Notes:

• When using MySQL, TypeORM now connects using stringifyObjects: true, in order to avoid a potential security vulnerability in the mysql/mysql2 client libraries. You can revert to the old behavior by setting connectionOptions.extra.stringifyObjects = false.
• When using SAP HANA, TypeORM now uses the built-in pool from the @sap/hana-client library. The deprecated hdb-pool is no longer necessary and can be removed. See https://typeorm.io/docs/drivers/sap/#data-source-options for the new pool options.

Bug Fixes

• add stricter type-checking and improve event loop handling (#11540) (01dddfe)
• do not create junction table metadata when it already exists (#11114) (3c26cf1)
• mysql: set stringifyObjects implicitly (#11574) (d57fe3b)
• mysql: support Alibaba AnalyticDB returning version() column name in getVersion() (#11555) (1737e97)
• oracle: pass duplicated parameters correctly to the client when executing a query (#11537) (f2d2236)
• platform[web worker]: improve globalThis variable retrieval for browser environment (#11495) (ec26eae)
• preserve useIndex when cloning a QueryExpressionMap (or a QueryBuilder) (#10679) (66ee307), closes #10678 #10678
• regtype is not supported in aurora serverless v2 (#11568) (6e9f20d)
• resolve array modification bug in QueryRunner drop methods (#11564) (f351757), closes #11563
• support for better-sqlite3 v12 (#11557) (1ea3a5e)

Features

• add Redis 5.x support with backward compatibility with peer dependency to allow (#11585) (17cf837), closes #11528
• sap: add support for REAL_VECTOR and HALF_VECTOR data types in SAP HANA Cloud (#11526) (abf8863)
• sap: use the native driver for connection pooling (#11520) (aebc7eb)
• support virtual columns in entity schema (#11597) (d1e3950)

Performance Improvements

• avoid unnecessary count on getManyAndCount (#11524) (5904ac3)

0.3.25 (2025-06-19)

Bug Fixes

• add collation update detection in PostgresDriver (#11441) (24c3e38), closes #8647 #8647
• fix null pointer exception on date array column comparison (#11532) (42e7cbe)
• handle limit(0) and offset(0) correctly in SelectQueryBuilder (#11507) (413f0a6)
• improve async calls on disconnect (#11523) (ead4f98)
• multiple relations with same column name(s) generate invalid SELECT statement (#11400) (63a3b9a), closes #1668 #9788 #9814 #10121 #10148 #11109 #11132 #11180
• postgres: resolve alias or table name in upsert/insert or update conditionally (#11452) (2bfa300), closes #11082 #11440
• tree-entity: closure junction table primary key definition should match parent table (#11422) (ce23d46)

... (truncated)

Commits

• 4d204ad chore: Release v0.3.26 (#11602)
• d1e3950 feat: support virtual columns in entity schema (#11597)
• 1698313 docs: fix reload option typo (#11601)
• 0b767e8 docs: added @piying/orm extension to readme (#11596)
• ec26eae fix(platform[web worker]): improve globalThis variable retrieval for browser ...
• 6e9f20d fix: regtype is not supported in aurora serverless v2 (#11568)
• 17cf837 feat(11528): add Redis 5.x support with backward compatibility wite peer depe...
• 8097d1a docs: fix redirect to mongodb page (#11584)
• 23fcde2 docs: separate driver-specific documentation (#11581)
• d57fe3b fix(mysql): set stringifyObjects implicitly (#11574)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by michaelbromley, a new releaser for typeorm since your current version.

Updates express from 4.18.1 to 4.20.0

Release notes

Sourced from express's releases.

4.20.0

What's Changed

Important

• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect

Other Changes

• 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
• remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
• feat: document beta releases expectations by @​marco-ippolito in expressjs/express#5565
• Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
• Add a Threat Model by @​UlisesGascon in expressjs/express#5526
• Assign captain of encodeurl by @​blakeembrey in expressjs/express#5579
• Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @​jonchurch in expressjs/express#5587
• docs: update Security.md by @​inigomarquinez in expressjs/express#5590
• docs: update triage nomination policy by @​UlisesGascon in expressjs/express#5600
• Add CodeQL (SAST) by @​UlisesGascon in expressjs/express#5433
• docs: add UlisesGascon as triage initiative captain by @​UlisesGascon in expressjs/express#5605
• deps: encodeurl@~2.0.0 by @​blakeembrey in expressjs/express#5569
• skip QUERY method test by @​jonchurch in expressjs/express#5628
• ignore ETAG query test on 21 and 22, reuse skip util by @​jonchurch in expressjs/express#5639
• add support Node.js@22 in the CI by @​mertcanaltin in expressjs/express#5627
• doc: add table of contents, tc/triager lists to readme by @​mertcanaltin in expressjs/express#5619
• List and sort all projects, add captains by @​blakeembrey in expressjs/express#5653
• docs: add @​UlisesGascon as captain for cookie-parser by @​UlisesGascon in expressjs/express#5666
• ✨ bring back query tests for node 21 by @​ctcpip in expressjs/express#5690
• [v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @​jonchurch in expressjs/express#5672
• skip QUERY tests for Node 21 only, still not supported by @​jonchurch in expressjs/express#5695
• 📝 update people, add ctcpip to TC by @​ctcpip in expressjs/express#5683
• remove minor version pinning from ci by @​jonchurch in expressjs/express#5722
• Fix link variable use in attribution section of CODE OF CONDUCT by @​IamLizu in expressjs/express#5762
• Replace Appveyor windows testing with GHA by @​jonchurch in expressjs/express#5599
• Add OSSF Scorecard badge by @​UlisesGascon in expressjs/express#5436
• update scorecard link by @​bjohansebas in expressjs/express#5814
• Nominate @​IamLizu to the triage team by @​UlisesGascon in expressjs/express#5836
• deps: [email protected] by @​blakeembrey in expressjs/express#5603
• docs: specify new instructions for question and discuss by @​IamLizu in expressjs/express#5835
• 4.x: Upgrade merge-descriptors dependency by @​RobinTail in expressjs/express#5781
• [email protected] by @​blakeembrey in expressjs/express#5902

New Contributors

• @​marco-ippolito made their first contribution in expressjs/express#5565
• @​inigomarquinez made their first contribution in expressjs/express#5590
• @​mertcanaltin made their first contribution in expressjs/express#5627
• @​ctcpip made their first contribution in expressjs/express#5690
• @​bjohansebas made their first contribution in expressjs/express#5814

Full Changelog: expressjs/express@4.19.1...4.20.0

... (truncated)

Changelog

Sourced from express's changelog.

4.20.0 / 2024-09-10

• deps: [email protected]
  • Remove link renderization in html while redirecting
• deps: [email protected]
  • Remove link renderization in html while redirecting
• deps: [email protected]
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: [email protected]
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: [email protected]

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]
• deps: [email protected]
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: [email protected]

... (truncated)

Commits

• 21df421 4.20.0
• 4c9ddc1 feat: upgrade to [email protected]
• 9ebe5d5 feat: upgrade to [email protected] (#5928)
• ec4a01b feat: upgrade to [email protected] (#5926)
• 54271f6 fix: don't render redirect values in anchor href
• 125bb74 [email protected] (#5902)
• 2a980ad [email protected] (#5781)
• a3e7e05 docs: specify new instructions for question and discuss
• c5addb9 deps: [email protected] (#5603)
• e35380a docs: add @​IamLizu to the triage team (#5836)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for express since your current version.

Updates nodemailer from 6.7.5 to 7.0.7

Release notes

Sourced from nodemailer's releases.

v7.0.7

7.0.7 (2025-10-05)

Bug Fixes

• addressparser: Fixed addressparser handling of quoted nested email addresses (1150d99)
• dns: add memory leak prevention for DNS cache (0240d67)
• linter: Updated eslint and created prettier formatting task (df13b74)
• refresh expired DNS cache on error (#1759) (ea0fc5a)
• resolve linter errors in DNS cache tests (3b8982c)

v7.0.6

7.0.6 (2025-08-27)

Bug Fixes

• encoder: avoid silent data loss by properly flushing trailing base64 (#1747) (01ae76f)
• handle multiple XOAUTH2 token requests correctly (#1754) (dbe0028)
• ReDoS vulnerability in parseDataURI and _processDataUrl (#1755) (90b3e24)

v7.0.5

7.0.5 (2025-07-07)

Bug Fixes

• updated well known delivery service list (fa2724b)

v7.0.4

7.0.4 (2025-06-29)

Bug Fixes

• pools: Emit 'clear' once transporter is idle and all connections are closed (839e286)
• smtp-connection: jsdoc public annotation for socket (#1741) (c45c84f)
• well-known-services: Added AliyunQiye (bb9e6da)

v7.0.3

7.0.3 (2025-05-08)

Bug Fixes

• attachments: Set the default transfer encoding for message/rfc822 attachments as '7bit' (007d5f3)

v7.0.2

7.0.2 (2025-05-04)

... (truncated)

Changelog

Sourced from nodemailer's changelog.

7.0.7 (2025-10-05)

Bug Fixes

• addressparser: Fixed addressparser handling of quoted nested email addresses (1150d99)
• dns: add memory leak prevention for DNS cache (0240d67)
• linter: Updated eslint and created prettier formatting task (df13b74)
• refresh expired DNS cache on error (#1759) (ea0fc5a)
• resolve linter errors in DNS cache tests (3b8982c)

7.0.6 (2025-08-27)

Bug Fixes

• encoder: avoid silent data loss by properly flushing trailing base64 (#1747) (01ae76f)
• handle multiple XOAUTH2 token requests correctly (#1754) (dbe0028)
• ReDoS vulnerability in parseDataURI and _processDataUrl (#1755) (90b3e24)

7.0.5 (2025-07-07)

Bug Fixes

• updated well known delivery service list (fa2724b)

7.0.4 (2025-06-29)

Bug Fixes

• pools: Emit 'clear' once transporter is idle and all connections are closed (839e286)
• smtp-connection: jsdoc public annotation for socket (#1741) (c45c84f)
• well-known-services: Added AliyunQiye (bb9e6da)

7.0.3 (2025-05-08)

Bug Fixes

• attachments: Set the default transfer encoding for message/rfc822 attachments as '7bit' (007d5f3)

7.0.2 (2025-05-04)

Bug Fixes

• ses: Fixed structured from header (faa9a5e)

7.0.1 (2025-05-04)

Bug Fixes

• ses: Use formatted FromEmailAddress for SES emails (821cd09)

... (truncated)

Commits

• 9357a71 chore(master): release 7.0.7 [skip-ci] (#1761)
• df13b74 fix(linter): Updated eslint and created prettier formatting task
• 62629a0 Updated tests for addressparser
• 1150d99 fix(addressparser): Fixed addressparser handling of quoted nested email addre...
• 3b8982c fix: resolve linter errors in DNS cache tests
• 0240d67 fix(dns): add memory leak prevention for DNS cache
• ea0fc5a fix: refresh expired DNS cache on error (#1759)
• 430ca75 chore(master): release 7.0.6 [skip-ci] (#1753)
• e3e700c Bumped deps
• f322c38 replaced escaped single quotes with unescaped ones
• Additional commits viewable in compare view

Description has been truncated