Skip to content

chore(deps)(deps): bump nodemailer from 9.0.1 to 9.0.3 in /apps/api in the email group across 1 directory#273

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bun/apps/api/email-b1b8f43825
Closed

chore(deps)(deps): bump nodemailer from 9.0.1 to 9.0.3 in /apps/api in the email group across 1 directory#273
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bun/apps/api/email-b1b8f43825

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor

Bumps the email group with 1 update in the /apps/api directory: nodemailer.

Updates nodemailer from 9.0.1 to 9.0.3

Release notes

Sourced from nodemailer's releases.

v9.0.3

9.0.3 (2026-06-30)

Bug Fixes

  • smtp-connection: harden STARTTLS upgrade and secure socket handling (#1835) (07d8253)

v9.0.2

9.0.2 (2026-06-29)

Bug Fixes

  • addressparser: keep operator chars inside an address-literal as text (#1829) (9ba1064)
  • harden smtp-connection low-severity issues (22ddcea)
  • harden smtp-connection response parsing and socket lifecycle (68860b9)
  • prevent SES transport callback double-invocation and hang on sync errors (#1831) (9517bc5)
  • reject CRLF in HTTP proxy CONNECT destination to prevent request injection (6347b47)
Changelog

Sourced from nodemailer's changelog.

9.0.3 (2026-06-30)

Bug Fixes

  • smtp-connection: harden STARTTLS upgrade and secure socket handling (#1835) (07d8253)

9.0.2 (2026-06-29)

Bug Fixes

  • addressparser: keep operator chars inside an address-literal as text (#1829) (9ba1064)
  • harden smtp-connection low-severity issues (22ddcea)
  • harden smtp-connection response parsing and socket lifecycle (68860b9)
  • prevent SES transport callback double-invocation and hang on sync errors (#1831) (9517bc5)
  • reject CRLF in HTTP proxy CONNECT destination to prevent request injection (6347b47)
Commits
  • 1f61eb4 chore(master): release 9.0.3 (#1836)
  • 07d8253 fix(smtp-connection): harden STARTTLS upgrade and secure socket handling (#1835)
  • 4801f3a chore(master): release 9.0.2 (#1832)
  • 9ba1064 fix(addressparser): keep operator chars inside an address-literal as text (#1...
  • 22ddcea fix: harden smtp-connection low-severity issues
  • af002eb chore: add Node.js 26 to the CI test matrix
  • 6347b47 fix: reject CRLF in HTTP proxy CONNECT destination to prevent request injection
  • 68860b9 fix: harden smtp-connection response parsing and socket lifecycle
  • 9517bc5 fix: prevent SES transport callback double-invocation and hang on sync errors...
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the email group with 1 update in the /apps/api directory: [nodemailer](https://github.com/nodemailer/nodemailer).


Updates `nodemailer` from 9.0.1 to 9.0.3
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](nodemailer/nodemailer@v9.0.1...v9.0.3)

---
updated-dependencies:
- dependency-name: nodemailer
  dependency-version: 9.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: email
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 9, 2026
@dependabot dependabot Bot requested a review from agjs as a code owner July 9, 2026 13:37
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 9, 2026
agjs added a commit that referenced this pull request Jul 9, 2026
Second weekly batch — three Dependabot PRs (#273, #274, #275) opened
right after #272 merged. Lockfiles regenerated; api + ui gates pass
locally (api 1188/0 tests, ui check + test + build + size all green).

api (apps/api):
  nodemailer 9.0.1→9.0.3 (#273)
  lint group (#274): eslint-plugin-unicorn 69.0.0→70.0.0,
  prettier 3.9.1→3.9.4, typescript-eslint 8.62.0→8.62.1

ui (apps/ui):
  tailwind-shadcn group (#275): lucide-react 1.22.0→1.23.0,
  radix-ui 1.6.0→1.6.1, @tailwindcss/vite 4.3.1→4.3.2, tailwindcss 4.3.1→4.3.2
  lint tooling bumped in lockstep with api (unicorn 70.0.0, prettier 3.9.4,
  typescript-eslint 8.62.1) so prettier/lint versions stay identical across
  apps and avoid format-check drift — Dependabot only opened the api lint PR.

unicorn 70 is a major bump; no new rule violations surfaced and prettier
3.9.4 required no reformatting, so there is no source churn this round.
@agjs agjs closed this in #276 Jul 9, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot Bot deleted the dependabot/bun/apps/api/email-b1b8f43825 branch July 9, 2026 13:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants