Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stop using request #26

Open
LiFaytheGoblin opened this issue May 7, 2024 · 4 comments
Open

Stop using request #26

LiFaytheGoblin opened this issue May 7, 2024 · 4 comments

Comments

@LiFaytheGoblin
Copy link

Request has a known vulnerability (GHSA-p8p7-x288-28g6) and is deprecated besides (https://www.npmjs.com/package/request). However, it appears that this is still a dependency used by brevo. Maybe consider migrating away from request.
@milo-
Copy link

milo- commented May 7, 2024

Some more info here @LiFaytheGoblin #16

Hopefully @shubhamUpadhyayInBlue will be able get this resolved soon 🤞

@bolds07
Copy link

bolds07 commented May 10, 2024

@LiFaytheGoblin there is no need to use this api AT ALL

this api is just the most messed up wrapper i've seen in my life... you can go to brevo's website and look at all curls requests they have
then build up your own api with whatever http client you prefer... all you need is to follow their data model and endpoints

really i did it and in 5 minutes i acomplished what i wanted... much easier than use this dumbass api

@shanehoban
Copy link

For the lazy, this is specific to transactional emails:

'use server'

import 'server-only'

/*
  type StandardResponse = {
    success: boolean
    message: string
  }
*/
import { StandardResponse } from '@/types/request-response'

export default async function SendBrevoEmail({
  toEmail,
  bccEmail,
  emailSubject,
  emailHtmlBody,
}: {
  toEmail: string
  bccEmail?: string
  emailSubject: string
  emailHtmlBody: string
}): Promise<StandardResponse> {
  const brevoApiEndpoint = 'https://api.brevo.com/v3/smtp/email'

  const brevoApiKey = process.env.BREVO_API_KEY

  const emailData = {
    sender: {
      name: 'Sender Name', // Replace with your sender name or keep as placeholder
      email: 'sender@example.com', // Replace with your sender email or keep as placeholder
    },
    to: [
      {
        email: toEmail,
      },
    ],
    bcc: bccEmail ? [{ email: bccEmail }] : undefined,
    subject: emailSubject,
    htmlContent: emailHtmlBody,
  }

  if (brevoApiKey) {
    try {
      const response = await fetch(brevoApiEndpoint, {
        method: 'POST',
        headers: {
          accept: 'application/json',
          'api-key': brevoApiKey,
          'content-type': 'application/json',
        },
        body: JSON.stringify(emailData),
      })

      if (!response.ok) {
        throw new Error(`HTTP error! status: ${response.status}`)
      }

      return {
        success: true,
        message: 'Email sent',
      }
    } catch (error) {
      return {
        success: false,
        message:
          'Error sending email: ' +
          (error instanceof Error ? error.message : String(error)),
      }
    }
  } else {
    return {
      success: false,
      message: 'No Brevo API key found',
    }
  }
}

@evolross
Copy link

evolross commented Jul 1, 2024
edited
Loading

Definitely considering rolling my own too. I love that I just updated the "deprecated" sib-api-v3-sdk to @getbrevo/brevo (which was last published 13 days ago) and it has more npm vulnerabilities than sib-api-v3-sdk! It's a mad world over at Brevo.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@milo- @shanehoban @LiFaytheGoblin @evolross @bolds07