Skip to content

chore: bump nodemailer from 7.0.13 to 8.0.9 in /docs in the npm_and_yarn group across 1 directory#2858

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/docs/npm_and_yarn-1f77ff4840
Open

chore: bump nodemailer from 7.0.13 to 8.0.9 in /docs in the npm_and_yarn group across 1 directory#2858
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/docs/npm_and_yarn-1f77ff4840

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 16, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the npm_and_yarn group with 1 update in the /docs directory: nodemailer.

Updates nodemailer from 7.0.13 to 8.0.9

Release notes

Sourced from nodemailer's releases.

v8.0.9

8.0.9 (2026-05-26)

Bug Fixes

  • two pending security advisories (jsonTransport access bypass, List-* CRLF injection) (#1820) (5f69497)

v8.0.8

8.0.8 (2026-05-23)

Bug Fixes

  • enforce strict TLS for OAuth2 and Ethereal credential requests (#1818) (833d6e5)
  • four listener/stream leaks in SMTP transport, connection, pool (#1817) (850bb91)

v8.0.7

8.0.7 (2026-04-27)

Bug Fixes

  • keep domain as UTF-8 when local part is non-ASCII (#1814) (66d4ecb)

v8.0.6

8.0.6 (2026-04-24)

Bug Fixes

  • restore base64 wrap() trim behavior to prevent trailing CRLF (#1810) (#1811) (b1ae6c1)

v8.0.5

8.0.5 (2026-04-07)

Bug Fixes

  • decode SMTP server responses as UTF-8 at line boundary (95876b1)
  • sanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (0a43876)

v8.0.4

8.0.4 (2026-03-25)

Bug Fixes

  • sanitize envelope size to prevent SMTP command injection (2d7b971)

... (truncated)

Changelog

Sourced from nodemailer's changelog.

8.0.9 (2026-05-26)

Bug Fixes

  • two pending security advisories (jsonTransport access bypass, List-* CRLF injection) (#1820) (5f69497)

8.0.8 (2026-05-23)

Bug Fixes

  • enforce strict TLS for OAuth2 and Ethereal credential requests (#1818) (833d6e5)
  • four listener/stream leaks in SMTP transport, connection, pool (#1817) (850bb91)

8.0.7 (2026-04-27)

Bug Fixes

  • keep domain as UTF-8 when local part is non-ASCII (#1814) (66d4ecb)

8.0.6 (2026-04-24)

Bug Fixes

  • restore base64 wrap() trim behavior to prevent trailing CRLF (#1810) (#1811) (b1ae6c1)

8.0.5 (2026-04-07)

Bug Fixes

  • decode SMTP server responses as UTF-8 at line boundary (95876b1)
  • sanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (0a43876)

8.0.4 (2026-03-25)

Bug Fixes

  • sanitize envelope size to prevent SMTP command injection (2d7b971)

8.0.3 (2026-03-18)

Bug Fixes

  • clean up addressparser and fix group name fallback producing undefined (9d55877)

... (truncated)

Commits
  • 07303cb chore(master): release 8.0.9 (#1821)
  • 5f69497 fix: two pending security advisories (jsonTransport access bypass, List-* CRL...
  • 15138a8 chore(master): release 8.0.8 (#1819)
  • 850bb91 fix: four listener/stream leaks in SMTP transport, connection, pool (#1817)
  • 833d6e5 fix: enforce strict TLS for OAuth2 and Ethereal credential requests (#1818)
  • 1997040 chore(master): release 8.0.7 (#1815)
  • 9b9c545 chore: drop nodemailer-ntlm-auth devDependency (#1816)
  • 22bf90c Bumped dev deps
  • 66d4ecb fix: keep domain as UTF-8 when local part is non-ASCII (#1814)
  • 6a4a01e Fix/base64 wrap trailing crlf (#1813)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 16, 2026
@vercel

vercel Bot commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
blocknote Error Error Jun 16, 2026 11:47am
blocknote-website Error Error Jun 16, 2026 11:47am

Request Review

@dependabot
chore: bump nodemailer
ded1e20 
Bumps the npm_and_yarn group with 1 update in the /docs directory: [nodemailer](https://github.com/nodemailer/nodemailer).


Updates `nodemailer` from 7.0.13 to 8.0.9
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](nodemailer/nodemailer@v7.0.13...v8.0.9)

---
updated-dependencies:
- dependency-name: nodemailer
  dependency-version: 8.0.9
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/docs/npm_and_yarn-1f77ff4840 branch from e1b16eb to ded1e20 Compare June 16, 2026 11:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants