Skip to content

chore(deps): bump nodemailer from 7.0.11 to 9.0.1#2253

Merged
EvianTan merged 1 commit into
developmentfrom
dependabot/npm_and_yarn/nodemailer-9.0.1
Jul 17, 2026
Merged

chore(deps): bump nodemailer from 7.0.11 to 9.0.1#2253
EvianTan merged 1 commit into
developmentfrom
dependabot/npm_and_yarn/nodemailer-9.0.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown
Contributor

Bumps nodemailer from 7.0.11 to 9.0.1.

Release notes

Sourced from nodemailer's releases.

v9.0.1

9.0.1 (2026-06-17)

Bug Fixes

  • enforce disableFileAccess/disableUrlAccess for raw message option (a82e060)

v9.0.0

9.0.0 (2026-06-14)

⚠ BREAKING CHANGES

  • HTTPS requests made while fetching remote content (attachment href/path URLs, OAuth2 token endpoints, HTTP/HTTPS proxy CONNECT) now validate the server's TLS certificate by default. Requests to hosts with self-signed, expired, or hostname-mismatched certificates that previously succeeded will now fail. Opt back out per request with tls.rejectUnauthorized=false (transport options, or a per-attachment tls option).

Bug Fixes

  • replace deprecated url.parse with a WHATWG URL wrapper (0c080fb)
  • validate TLS certificates by default when fetching remote content (6a947ac)

v8.0.11

8.0.11 (2026-06-10)

Bug Fixes

  • apply the transport-level newline option in stream and sendmail transports (cb4f904)
  • include icalEvent path/href content in the application/ics attachment (b801c48)
  • parse Ethereal response props without polynomial regex backtracking (067aebe)
  • resolve oauth2_provision_cb at send time for non-pooled SMTP transports (203c8ec)
  • return the promise from every resolveContent branch (07ffe8c)
  • strip the url scheme from List-ID header values (77e5885)
  • tag AWS SES transport errors with the ESES code (efa647a)

v8.0.10

8.0.10 (2026-05-29)

Bug Fixes

  • fall back to lower-severity handler when custom logger lacks a level method (6d849df)

v8.0.9

8.0.9 (2026-05-26)

Bug Fixes

  • two pending security advisories (jsonTransport access bypass, List-* CRLF injection) (#1820) (5f69497)

... (truncated)

Changelog

Sourced from nodemailer's changelog.

9.0.1 (2026-06-17)

Bug Fixes

  • enforce disableFileAccess/disableUrlAccess for raw message option (a82e060)

9.0.0 (2026-06-14)

⚠ BREAKING CHANGES

  • HTTPS requests made while fetching remote content (attachment href/path URLs, OAuth2 token endpoints, HTTP/HTTPS proxy CONNECT) now validate the server's TLS certificate by default. Requests to hosts with self-signed, expired, or hostname-mismatched certificates that previously succeeded will now fail. Opt back out per request with tls.rejectUnauthorized=false (transport options, or a per-attachment tls option).

Bug Fixes

  • replace deprecated url.parse with a WHATWG URL wrapper (0c080fb)
  • validate TLS certificates by default when fetching remote content (6a947ac)

8.0.11 (2026-06-10)

Bug Fixes

  • apply the transport-level newline option in stream and sendmail transports (cb4f904)
  • include icalEvent path/href content in the application/ics attachment (b801c48)
  • parse Ethereal response props without polynomial regex backtracking (067aebe)
  • resolve oauth2_provision_cb at send time for non-pooled SMTP transports (203c8ec)
  • return the promise from every resolveContent branch (07ffe8c)
  • strip the url scheme from List-ID header values (77e5885)
  • tag AWS SES transport errors with the ESES code (efa647a)

8.0.10 (2026-05-29)

Bug Fixes

  • fall back to lower-severity handler when custom logger lacks a level method (6d849df)

8.0.9 (2026-05-26)

Bug Fixes

  • two pending security advisories (jsonTransport access bypass, List-* CRLF injection) (#1820) (5f69497)

8.0.8 (2026-05-23)

Bug Fixes

... (truncated)

Commits
  • 69cf625 chore(master): release 9.0.1 (#1828)
  • a82e060 fix: enforce disableFileAccess/disableUrlAccess for raw message option
  • 4e58450 chore: update dev dependencies
  • 541f5fd chore(master): release 9.0.0 (#1827)
  • 0c080fb fix: replace deprecated url.parse with a WHATWG URL wrapper
  • 6a947ac fix!: validate TLS certificates by default when fetching remote content
  • e3b1bda chore(master): release 8.0.11 (#1826)
  • 4358caf refactor: remove dead checks flagged by Code Quality analysis
  • cf5195c chore: harden workflow token permissions and update GitHub Actions
  • 067aebe fix: parse Ethereal response props without polynomial regex backtracking
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 19, 2026
@sonarqubecloud

Copy link
Copy Markdown

Bumps [nodemailer](https://github.com/nodemailer/nodemailer) from 7.0.11 to 9.0.1.
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](nodemailer/nodemailer@v7.0.11...v9.0.1)

---
updated-dependencies:
- dependency-name: nodemailer
  dependency-version: 9.0.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/nodemailer-9.0.1 branch from 291fb5b to 16f7e3f Compare July 17, 2026 20:29

@EvianTan EvianTan left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor changes, approving and merging now.

@EvianTan
EvianTan merged commit 7d77c22 into development Jul 17, 2026
2 checks passed
@dependabot
dependabot Bot deleted the dependabot/npm_and_yarn/nodemailer-9.0.1 branch July 17, 2026 20:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant