Skip to content

chore(deps): bump nodemailer and @types/nodemailer#8001

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-c68c371878
Open

chore(deps): bump nodemailer and @types/nodemailer#8001
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-c68c371878

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 22, 2026
edited
Loading

Bumps nodemailer and @types/nodemailer. These dependencies needed to be updated together.
Updates nodemailer from 8.0.5 to 8.0.9

Release notes

Sourced from nodemailer's releases.

v8.0.9

8.0.9 (2026-05-26)

Bug Fixes

  • two pending security advisories (jsonTransport access bypass, List-* CRLF injection) (#1820) (5f69497)

v8.0.8

8.0.8 (2026-05-23)

Bug Fixes

  • enforce strict TLS for OAuth2 and Ethereal credential requests (#1818) (833d6e5)
  • four listener/stream leaks in SMTP transport, connection, pool (#1817) (850bb91)

v8.0.7

8.0.7 (2026-04-27)

Bug Fixes

  • keep domain as UTF-8 when local part is non-ASCII (#1814) (66d4ecb)

v8.0.6

8.0.6 (2026-04-24)

Bug Fixes

  • restore base64 wrap() trim behavior to prevent trailing CRLF (#1810) (#1811) (b1ae6c1)
Changelog

Sourced from nodemailer's changelog.

8.0.9 (2026-05-26)

Bug Fixes

  • two pending security advisories (jsonTransport access bypass, List-* CRLF injection) (#1820) (5f69497)

8.0.8 (2026-05-23)

Bug Fixes

  • enforce strict TLS for OAuth2 and Ethereal credential requests (#1818) (833d6e5)
  • four listener/stream leaks in SMTP transport, connection, pool (#1817) (850bb91)

8.0.7 (2026-04-27)

Bug Fixes

  • keep domain as UTF-8 when local part is non-ASCII (#1814) (66d4ecb)

8.0.6 (2026-04-24)

Bug Fixes

  • restore base64 wrap() trim behavior to prevent trailing CRLF (#1810) (#1811) (b1ae6c1)
Commits
  • 07303cb chore(master): release 8.0.9 (#1821)
  • 5f69497 fix: two pending security advisories (jsonTransport access bypass, List-* CRL...
  • 15138a8 chore(master): release 8.0.8 (#1819)
  • 850bb91 fix: four listener/stream leaks in SMTP transport, connection, pool (#1817)
  • 833d6e5 fix: enforce strict TLS for OAuth2 and Ethereal credential requests (#1818)
  • 1997040 chore(master): release 8.0.7 (#1815)
  • 9b9c545 chore: drop nodemailer-ntlm-auth devDependency (#1816)
  • 22bf90c Bumped dev deps
  • 66d4ecb fix: keep domain as UTF-8 when local part is non-ASCII (#1814)
  • 6a4a01e Fix/base64 wrap trailing crlf (#1813)
  • Additional commits viewable in compare view

Updates @types/nodemailer from 6.4.15 to 8.0.0

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 22, 2026
@monkeytypegeorge monkeytypegeorge added the backend Server stuff label May 22, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-c68c371878 branch 2 times, most recently from 01b2eb1 to 24ded62 Compare May 27, 2026 10:37
@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 27, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Added@​types/​uuid@​10.0.01001007081100
Added@​commitlint/​cli@​20.5.21001007396100
Added@​date-fns/​utc@​1.2.01001009181100
Added@​eslint/​json@​1.2.09910010086100
Updatedyaml@​1.10.2 ⏵ 2.8.399100 +210091100
Updateduuid@​10.0.0 ⏵ 14.0.0100 +1100 +210092 +42100
Addedoxlint-tsgolint@​0.22.11001009795100
Added@​commitlint/​config-conventional@​19.2.210010010095100

View full report

@dependabot
chore(deps): bump nodemailer and @types/nodemailer
7320e5f 
Bumps [nodemailer](https://github.com/nodemailer/nodemailer) and [@types/nodemailer](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/nodemailer). These dependencies needed to be updated together.

Updates `nodemailer` from 8.0.5 to 8.0.9
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](nodemailer/nodemailer@v8.0.5...v8.0.9)

Updates `@types/nodemailer` from 6.4.15 to 8.0.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/nodemailer)

---
updated-dependencies:
- dependency-name: "@types/nodemailer"
  dependency-version: 8.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
- dependency-name: nodemailer
  dependency-version: 8.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-c68c371878 branch from 24ded62 to 7320e5f Compare May 27, 2026 13:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

backend Server stuff dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@monkeytypegeorge