RTC NPM Resource Changed bug PR-6.1-dev Pending

User tests: Successful: Unsuccessful:

avatar richard67
richard67
18 Apr 2026

Pull Request resolves # .

  • I read the Generative AI policy and my contribution is either not created with the help of AI or is compatible with the policy and GNU/GPL 2 or later.

Summary of Changes

This pull request (PR) fixes 3 moderate severity security vulnerabilities in indirect NPM dependencies reported by npm audit by using npm audit fix.

All dependencies are indirect development dfependencies.

Testing Instructions

It needs a development environment with a git clone, composer and npm.

  1. If not done before, run composer install and npm ci.
  2. Run npm audit.
  3. Check the result.

Actual result BEFORE applying this Pull Request

# npm audit report

nodemailer  <=8.0.4
Severity: moderate
Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO)  - https://github.com/advisories/GHSA-vvjj-xcjg-gr5g
fix available via `npm audit fix`
node_modules/nodemailer
  mailparser  2.3.1 - 3.9.6
  Depends on vulnerable versions of nodemailer
  node_modules/mailparser
  smtp-server  2.0.0 - 3.18.3
  Depends on vulnerable versions of nodemailer
  node_modules/smtp-server

3 moderate severity vulnerabilities

To address all issues, run:
  npm audit fix

Expected result AFTER applying this Pull Request

found 0 vulnerabilities

Link to documentations

Please select:

  • Documentation link for guide.joomla.org:

  • No documentation changes for guide.joomla.org needed

  • Pull Request link for manual.joomla.org:

  • No documentation changes for manual.joomla.org needed

avatar richard67 richard67 - open - 18 Apr 2026
avatar richard67 richard67 - change - 18 Apr 2026
Status New Pending
avatar joomla-cms-bot joomla-cms-bot - change - 18 Apr 2026
Category NPM Change
avatar brianteeman brianteeman - test_item - 18 Apr 2026 - Tested successfully
avatar brianteeman
brianteeman - comment - 18 Apr 2026

I have tested this item ✅ successfully on b8a73f9


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/47622.

avatar adarshdubey03 adarshdubey03 - test_item - 18 Apr 2026 - Tested successfully
avatar adarshdubey03
adarshdubey03 - comment - 18 Apr 2026

I have tested this item ✅ successfully on b8a73f9


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/47622.

avatar krishnagandhicode krishnagandhicode - test_item - 18 Apr 2026 - Tested successfully
avatar krishnagandhicode
krishnagandhicode - comment - 18 Apr 2026

I have tested this item ✅ successfully on b8a73f9


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/47622.

avatar richard67 richard67 - change - 18 Apr 2026
Status Pending Ready to Commit
Labels Added: NPM Resource Changed bug PR-6.1-dev
avatar richard67
richard67 - comment - 18 Apr 2026

RTC


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/47622.

avatar richard67 richard67 - change - 19 Apr 2026
Labels Added: RTC

Add a Comment

Login with GitHub to post a comment