Bump nodemailer from 8.0.4 to 8.0.5

[dependabot]

Bumps nodemailer from 8.0.4 to 8.0.5.

Release notes

Sourced from nodemailer's releases.

v8.0.5

8.0.5 (2026-04-07)

Bug Fixes

• decode SMTP server responses as UTF-8 at line boundary (95876b1)
• sanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (0a43876)

Changelog

Sourced from nodemailer's changelog.

8.0.5 (2026-04-07)

Bug Fixes

• decode SMTP server responses as UTF-8 at line boundary (95876b1)
• sanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (0a43876)

Commits

• 202cfb3 chore(master): release 8.0.5 (#1809)
• b634abf docs: add CLAUDE.md with project conventions and release process
• 95876b1 fix: decode SMTP server responses as UTF-8 at line boundary
• 0a43876 fix: sanitize CRLF in transport name option to prevent SMTP command injection...
• 08e59e6 chore: update dev dependencies
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Summary by CodeRabbit

• Chores
  • Updated email service dependencies to the latest patch version for improved stability and performance.

[pipedream-component-development]

Thank you so much for submitting this! We've added it to our backlog to review, and our team has been notified.

[pipedream-component-development]

Thanks for submitting this PR! When we review PRs, we follow the Pipedream component guidelines. If you're not familiar, here's a quick checklist:

• Create components to address specific use cases whenever possible
• Component keys should follow the format app_name_slug-slugified-component-name
• Components should follow the standard directory structure
• Prefer Node.js client libraries to REST APIs
• When making API requests, handle pagination to ensure all data / events are processed
• Use secret props to capture sensitive data
• Props and methods should be defined in app files whenever possible
• Document methods with JS Docs
• Use optional props whenever possible, and set a default value where you can
• Use async options to accept user input wherever possible

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
pipedream-docs-redirect-do-not-edit	Ignored		Apr 8, 2026 8:43pm

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: b661fce5-9990-4f9b-9953-b8e0576f74ba

📥 Commits

Reviewing files that changed from the base of the PR and between 312c7ff and b810b07.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (2)

• components/gmail/package.json
• components/pipedream_utils/package.json

---

Walkthrough

Updated the nodemailer dependency from version ^8.0.4 to ^8.0.5 in two package configuration files within the Pipedream components directory, applying a patch-level version bump.

Changes

Cohort / File(s)	Summary
Nodemailer Dependency Bump components/gmail/package.json, components/pipedream_utils/package.json	Updated nodemailer dependency from ^8.0.4 to ^8.0.5 across both component packages.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• Bump nodemailer from 7.0.11 to 8.0.4 #20397 — Previous nodemailer version bump to 8.0.4 in the same package files.

Suggested reviewers

• GTFalcao

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and concisely describes the main change: bumping the nodemailer dependency from version 8.0.4 to 8.0.5.
Description check	✅ Passed	The description provides comprehensive details about the dependency update, including release notes with bug fixes, changelog information, and commit references, exceeding the minimal template requirements.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/npm_and_yarn/nodemailer-8.0.5

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}