Skip to content

chore(deps): bump nodemailer and @types/nodemailer#8001

Merged
Miodec merged 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-c68c371878
Jun 2, 2026
Merged

chore(deps): bump nodemailer and @types/nodemailer#8001
Miodec merged 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-c68c371878

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 22, 2026
edited
Loading

Bumps nodemailer and @types/nodemailer. These dependencies needed to be updated together.
Updates nodemailer from 8.0.5 to 8.0.10

Release notes

Sourced from nodemailer's releases.

v8.0.10

8.0.10 (2026-05-29)

Bug Fixes

  • fall back to lower-severity handler when custom logger lacks a level method (6d849df)

v8.0.9

8.0.9 (2026-05-26)

Bug Fixes

  • two pending security advisories (jsonTransport access bypass, List-* CRLF injection) (#1820) (5f69497)

v8.0.8

8.0.8 (2026-05-23)

Bug Fixes

  • enforce strict TLS for OAuth2 and Ethereal credential requests (#1818) (833d6e5)
  • four listener/stream leaks in SMTP transport, connection, pool (#1817) (850bb91)

v8.0.7

8.0.7 (2026-04-27)

Bug Fixes

  • keep domain as UTF-8 when local part is non-ASCII (#1814) (66d4ecb)

v8.0.6

8.0.6 (2026-04-24)

Bug Fixes

  • restore base64 wrap() trim behavior to prevent trailing CRLF (#1810) (#1811) (b1ae6c1)
Changelog

Sourced from nodemailer's changelog.

8.0.10 (2026-05-29)

Bug Fixes

  • fall back to lower-severity handler when custom logger lacks a level method (6d849df)

8.0.9 (2026-05-26)

Bug Fixes

  • two pending security advisories (jsonTransport access bypass, List-* CRLF injection) (#1820) (5f69497)

8.0.8 (2026-05-23)

Bug Fixes

  • enforce strict TLS for OAuth2 and Ethereal credential requests (#1818) (833d6e5)
  • four listener/stream leaks in SMTP transport, connection, pool (#1817) (850bb91)

8.0.7 (2026-04-27)

Bug Fixes

  • keep domain as UTF-8 when local part is non-ASCII (#1814) (66d4ecb)

8.0.6 (2026-04-24)

Bug Fixes

  • restore base64 wrap() trim behavior to prevent trailing CRLF (#1810) (#1811) (b1ae6c1)
Commits
  • 948ae3f chore(master): release 8.0.10 (#1823)
  • 9eedad9 docs: add SECURITY.md policy (#1824)
  • 6d849df fix: fall back to lower-severity handler when custom logger lacks a level method
  • 07303cb chore(master): release 8.0.9 (#1821)
  • 5f69497 fix: two pending security advisories (jsonTransport access bypass, List-* CRL...
  • 15138a8 chore(master): release 8.0.8 (#1819)
  • 850bb91 fix: four listener/stream leaks in SMTP transport, connection, pool (#1817)
  • 833d6e5 fix: enforce strict TLS for OAuth2 and Ethereal credential requests (#1818)
  • 1997040 chore(master): release 8.0.7 (#1815)
  • 9b9c545 chore: drop nodemailer-ntlm-auth devDependency (#1816)
  • Additional commits viewable in compare view

Updates @types/nodemailer from 6.4.15 to 8.0.0

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 22, 2026
@monkeytypegeorge monkeytypegeorge added the backend Server stuff label May 22, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-c68c371878 branch 2 times, most recently from 01b2eb1 to 24ded62 Compare May 27, 2026 10:37
@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 27, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Added@​types/​nodemailer@​8.0.01001007689100
Addedchalk@​4.1.210010010082100

View full report

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-c68c371878 branch 2 times, most recently from 7320e5f to 6c931f4 Compare June 1, 2026 21:06
@socket-security
Copy link
Copy Markdown

socket-security Bot commented Jun 1, 2026
edited
Loading

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm entities is 91.0% likely obfuscated

Confidence: 0.91

Location: Package overview

From: pnpm-lock.yamlnpm/entities@4.5.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@4.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-c68c371878 branch 4 times, most recently from 6f3686c to 4f1edf4 Compare June 2, 2026 17:52
@dependabot
chore(deps): bump nodemailer and @types/nodemailer
8e1ffb4 
Bumps [nodemailer](https://github.com/nodemailer/nodemailer) and [@types/nodemailer](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/nodemailer). These dependencies needed to be updated together.

Updates `nodemailer` from 8.0.5 to 8.0.10
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](nodemailer/nodemailer@v8.0.5...v8.0.10)

Updates `@types/nodemailer` from 6.4.15 to 8.0.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/nodemailer)

---
updated-dependencies:
- dependency-name: "@types/nodemailer"
  dependency-version: 8.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
- dependency-name: nodemailer
  dependency-version: 8.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-c68c371878 branch from 4f1edf4 to 8e1ffb4 Compare June 2, 2026 18:10
@Miodec Miodec merged commit 8deaad3 into master Jun 2, 2026
17 checks passed
@Miodec Miodec deleted the dependabot/npm_and_yarn/multi-c68c371878 branch June 2, 2026 19:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

backend Server stuff dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Miodec @monkeytypegeorge