chore: bump nodemailer to 7.0.12 (security) #15062
Conversation
There was a problem hiding this comment.
Pull request overview
This PR bumps the nodemailer dependency from version 7.0.9 to 7.0.12 in the email-nodemailer package to address security vulnerabilities flagged by pnpm audit. This is a patch version update that should be backward compatible.
- Updates nodemailer dependency to include recent security fixes
- Maintains the same major and minor version (7.0.x)
- Addresses security advisory findings
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| }, | ||
| "dependencies": { | ||
| "nodemailer": "7.0.9" | ||
| "nodemailer": "7.0.12" |
There was a problem hiding this comment.
This security update to nodemailer 7.0.12 is only applied to this package, but packages/payload-cloud/package.json also has a direct dependency on nodemailer: 7.0.9. Since this is a security update, consider also updating the nodemailer version in the payload-cloud package to maintain consistent security posture across the codebase.
There was a problem hiding this comment.
@copilot open a new pull request to apply changes based on this feedback
There was a problem hiding this comment.
Well that didn't do shit. Thanks GitHub for suggesting 🙃.
|
🚀 This is included in version v3.70.0 |
Bumps nodemailer to 7.0.12 in packages/email-nodemailer to include recent security fixes. This should address the advisory flagged by pnpm audit. I ran local tests and builds. Happy to iterate if you prefer a different target. fixes #15061 --------- Co-authored-by: Dan Ribbens <dan.ribbens@gmail.com>
2 participants
Bumps nodemailer to 7.0.12 in packages/email-nodemailer to include recent security fixes. This should address the advisory flagged by pnpm audit. I ran local tests and builds. Happy to iterate if you prefer a different target.
fixes #15061