Joomla! Issue Tracker | Joomla! CMS #47622 - [6.1] NPM update indirect development dependencies to fix 3 security vulnerabilities

RTC NPM Resource Changed bug PR-6.1-dev

Ready to Commit
Medium
Build: 6.1-dev
# 47622
Diff
richard67:6.1-dev-npm-audit-fix-2026-04-18

Pending

User tests: Successful: Unsuccessful:

richard67
18 Apr 2026

Pull Request resolves # .

I read the Generative AI policy and my contribution is either not created with the help of AI or is compatible with the policy and GNU/GPL 2 or later.

Summary of Changes

This pull request (PR) fixes 3 moderate severity security vulnerabilities in indirect NPM dependencies reported by npm audit by using npm audit fix.

All dependencies are indirect development dfependencies.

Testing Instructions

It needs a development environment with a git clone, composer and npm.

If not done before, run composer install and npm ci.
Run npm audit.
Check the result.

Actual result BEFORE applying this Pull Request

# npm audit report

nodemailer  <=8.0.4
Severity: moderate
Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO)  - https://github.com/advisories/GHSA-vvjj-xcjg-gr5g
fix available via `npm audit fix`
node_modules/nodemailer
  mailparser  2.3.1 - 3.9.6
  Depends on vulnerable versions of nodemailer
  node_modules/mailparser
  smtp-server  2.0.0 - 3.18.3
  Depends on vulnerable versions of nodemailer
  node_modules/smtp-server

3 moderate severity vulnerabilities

To address all issues, run:
  npm audit fix

Expected result AFTER applying this Pull Request

found 0 vulnerabilities

Link to documentations

Please select:

Documentation link for guide.joomla.org:
No documentation changes for guide.joomla.org needed
Pull Request link for manual.joomla.org:
No documentation changes for manual.joomla.org needed

b8a73f9 18 Apr 2026

NPM audit fix 2026-04-18

richard67 - open - 18 Apr 2026

richard67 - change - 18 Apr 2026

Status

New

⇒

Pending

joomla-cms-bot - change - 18 Apr 2026

Category

⇒

NPM Change

brianteeman - test_item - 18 Apr 2026 - Tested successfully

brianteeman - comment - 18 Apr 2026

I have tested this item ✅ successfully on b8a73f9

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/47622.}

adarshdubey03 - test_item - 18 Apr 2026 - Tested successfully

adarshdubey03 - comment - 18 Apr 2026

I have tested this item ✅ successfully on b8a73f9

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/47622.}

krishnagandhicode - test_item - 18 Apr 2026 - Tested successfully

krishnagandhicode - comment - 18 Apr 2026

I have tested this item ✅ successfully on b8a73f9

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/47622.}

richard67 - change - 18 Apr 2026

Status	Pending	⇒	Ready to Commit
Labels	Added: NPM Resource Changed bug PR-6.1-dev

richard67 - comment - 18 Apr 2026

RTC

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/47622.}

7ae79d6 19 Apr 2026

Merge branch '6.1-dev' into 6.1-dev-npm-audit-fix-2026-04-18

richard67 - change - 19 Apr 2026

Labels

Added: RTC

Add a Comment

Older
Newer

Joomla! Issue Tracker - CMS

[#47622] - [6.1] NPM update indirect development dependencies to fix 3 security vulnerabilities

Summary of Changes

Testing Instructions

Actual result BEFORE applying this Pull Request

Expected result AFTER applying this Pull Request

Link to documentations

Add a Comment