Skip to content

build(deps): bump nodemailer from 8.0.11 to 9.0.1 in /webui#1018

Merged
github-actions[bot] merged 1 commit into
developfrom
dependabot/npm_and_yarn/webui/develop/nodemailer-9.0.1
Jun 19, 2026
Merged

build(deps): bump nodemailer from 8.0.11 to 9.0.1 in /webui#1018
github-actions[bot] merged 1 commit into
developfrom
dependabot/npm_and_yarn/webui/develop/nodemailer-9.0.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown
Contributor

Bumps nodemailer from 8.0.11 to 9.0.1.

Release notes

Sourced from nodemailer's releases.

v9.0.1

9.0.1 (2026-06-17)

Bug Fixes

  • enforce disableFileAccess/disableUrlAccess for raw message option (a82e060)

v9.0.0

9.0.0 (2026-06-14)

⚠ BREAKING CHANGES

  • HTTPS requests made while fetching remote content (attachment href/path URLs, OAuth2 token endpoints, HTTP/HTTPS proxy CONNECT) now validate the server's TLS certificate by default. Requests to hosts with self-signed, expired, or hostname-mismatched certificates that previously succeeded will now fail. Opt back out per request with tls.rejectUnauthorized=false (transport options, or a per-attachment tls option).

Bug Fixes

  • replace deprecated url.parse with a WHATWG URL wrapper (0c080fb)
  • validate TLS certificates by default when fetching remote content (6a947ac)
Changelog

Sourced from nodemailer's changelog.

9.0.1 (2026-06-17)

Bug Fixes

  • enforce disableFileAccess/disableUrlAccess for raw message option (a82e060)

9.0.0 (2026-06-14)

⚠ BREAKING CHANGES

  • HTTPS requests made while fetching remote content (attachment href/path URLs, OAuth2 token endpoints, HTTP/HTTPS proxy CONNECT) now validate the server's TLS certificate by default. Requests to hosts with self-signed, expired, or hostname-mismatched certificates that previously succeeded will now fail. Opt back out per request with tls.rejectUnauthorized=false (transport options, or a per-attachment tls option).

Bug Fixes

  • replace deprecated url.parse with a WHATWG URL wrapper (0c080fb)
  • validate TLS certificates by default when fetching remote content (6a947ac)
Commits
  • 69cf625 chore(master): release 9.0.1 (#1828)
  • a82e060 fix: enforce disableFileAccess/disableUrlAccess for raw message option
  • 4e58450 chore: update dev dependencies
  • 541f5fd chore(master): release 9.0.0 (#1827)
  • 0c080fb fix: replace deprecated url.parse with a WHATWG URL wrapper
  • 6a947ac fix!: validate TLS certificates by default when fetching remote content
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 19, 2026
@github-actions
github-actions Bot enabled auto-merge June 19, 2026 07:43
@github-actions

Copy link
Copy Markdown
Contributor

I'm not approving this PR because it includes a major update of a dependency used in production

@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/webui/develop/nodemailer-9.0.1 branch from d17a9fb to c6298f2 Compare June 19, 2026 07:51
@github-actions

Copy link
Copy Markdown
Contributor

I'm not approving this PR because it includes a major update of a dependency used in production

Bumps [nodemailer](https://github.com/nodemailer/nodemailer) from 8.0.11 to 9.0.1.
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](nodemailer/nodemailer@v8.0.11...v9.0.1)

---
updated-dependencies:
- dependency-name: nodemailer
  dependency-version: 9.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/webui/develop/nodemailer-9.0.1 branch from c6298f2 to 9f893ba Compare June 19, 2026 08:00
@github-actions

Copy link
Copy Markdown
Contributor

I'm not approving this PR because it includes a major update of a dependency used in production

@github-actions
github-actions Bot merged commit 199df29 into develop Jun 19, 2026
6 checks passed
@dependabot
dependabot Bot deleted the dependabot/npm_and_yarn/webui/develop/nodemailer-9.0.1 branch June 19, 2026 08:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code requires-manual-qa

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants