build(deps): bump nodemailer from 8.0.11 to 9.0.3#27
Conversation
Bumps [nodemailer](https://github.com/nodemailer/nodemailer) from 8.0.11 to 9.0.3. - [Release notes](https://github.com/nodemailer/nodemailer/releases) - [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md) - [Commits](nodemailer/nodemailer@v8.0.11...v9.0.3) --- updated-dependencies: - dependency-name: nodemailer dependency-version: 9.0.3 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
Code Review SummaryStatus: No Issues Found | Recommendation: Merge Files Reviewed (1 file)
Verified Reviewed by minimax-m3 · Input: 32K · Output: 2.7K · Cached: 199K |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c4113d3592
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| "mdast-util-find-and-replace": "^3.0.2", | ||
| "next-themes": "^0.4.6", | ||
| "nodemailer": "^8.0.10", | ||
| "nodemailer": "^9.0.3", |
There was a problem hiding this comment.
Update bun.lock with the nodemailer bump
I checked the root install path in .github/workflows/ci.yml and the release/desktop workflows; they run bun install --frozen-lockfile, and Bun's help defines that flag as disallowing lockfile changes. This line changes the manifest to require nodemailer@^9.0.3, but the committed bun.lock still records the workspace dependency as ^8.0.10 and locks nodemailer@8.0.10, so a clean frozen install has to either rewrite the lockfile or continue resolving the old package. Regenerate and commit bun.lock with the same nodemailer version as the manifest.
Useful? React with 👍 / 👎.
Bumps nodemailer from 8.0.11 to 9.0.3.
Release notes
Sourced from nodemailer's releases.
Changelog
Sourced from nodemailer's changelog.
Commits
1f61eb4chore(master): release 9.0.3 (#1836)07d8253fix(smtp-connection): harden STARTTLS upgrade and secure socket handling (#1835)4801f3achore(master): release 9.0.2 (#1832)9ba1064fix(addressparser): keep operator chars inside an address-literal as text (#1...22ddceafix: harden smtp-connection low-severity issuesaf002ebchore: add Node.js 26 to the CI test matrix6347b47fix: reject CRLF in HTTP proxy CONNECT destination to prevent request injection68860b9fix: harden smtp-connection response parsing and socket lifecycle9517bc5fix: prevent SES transport callback double-invocation and hang on sync errors...69cf625chore(master): release 9.0.1 (#1828)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)