chore(deps): bump nodemailer minimum version to 8.0.5#16501
Closed
abarani wants to merge 1 commit into
Closed
Conversation
abarani
requested review from
AlessioGr,
DanRibbens,
JarrodMFlesch,
denolfe and
jacobsfletch
as code owners
abarani
force-pushed
the
bump-nodemailer-805
branch
from
1b4c6c4 to
b7ef353
Compare
This comment was marked as resolved.
This comment was marked as resolved.
abarani
force-pushed
the
bump-nodemailer-805
branch
from
b7ef353 to
3e237c8
Compare
abarani
force-pushed
the
bump-nodemailer-805
branch
from
3e237c8 to
5b0afdf
Compare
Author
|
Someone willing to review this? |
jacobsfletch
changed the title
Member
|
@abarani in Couldn't push to your fork (maintainer edits not enabled), so I carried your commits over to a new branch: #16664. I've added a normalization shim there to keep it non-breaking. We narrow the type back down to its v7 shape, then add a runtime transform. |
jacobsfletch
added a commit
that referenced
this pull request
May 18, 2026
Supersedes #16501. Related: #16651. Bumps `nodemailer` to `^8.0.5` and `@types/nodemailer` to `^8.0.0` throughout the monorepo. The `nodemailer@7.0.12` package has known advisories that are fixed in >= 8.0.5. - GHSA-vvjj-xcjg-gr5g - GHSA-c7w3-x93f-qmm8 Note: `nodemailer` v8 widened the `Mail.Options['from']` type to also accept an array. This is considered a breaking change in Payload's `SendEmailOptions` type, if a project code relies on the previous shape. For backwards compatibility, we pin `SendEmailOptions['from']` back to v7's `string | Address` shape, then normalize this at runtime, so email adapters and consumer code stay source-compatible. --- - To see the specific tasks where the Asana app for GitHub is being used, see below: - https://app.asana.com/0/0/1214892618463672 --------- Co-authored-by: Andrea Barani <andrea.barani@vubai.com>
Author
|
@jacobsfletch Great, thank you for taking your time on this! I completely missed the type changes. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What?
Bump nodemailer minimum version to v8.0.5. Also bump the related @types/nodemailer to v8.0.0.
Version range has been set to
^8.0.5and^8.0.0respectively to allow more recent versions.Versions in repository lock file has been updated to v8.0.7 and v8.0.0 respectively, the @aws-sdk/client-sesv2 transitive dependency has been removed as @types/nodemailer doesn't depend on it anymore.
No code changes required.
Why?
This fixes two known vulnerabilities: