Skip to content

Bump nodemailer from 8.0.11 to 9.0.1#2295

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/nodemailer-9.0.1
Open

Bump nodemailer from 8.0.11 to 9.0.1#2295
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/nodemailer-9.0.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 21, 2026

Copy link
Copy Markdown
Contributor

Bumps nodemailer from 8.0.11 to 9.0.1.

Release notes

Sourced from nodemailer's releases.

v9.0.1

9.0.1 (2026-06-17)

Bug Fixes

  • enforce disableFileAccess/disableUrlAccess for raw message option (a82e060)

v9.0.0

9.0.0 (2026-06-14)

⚠ BREAKING CHANGES

  • HTTPS requests made while fetching remote content (attachment href/path URLs, OAuth2 token endpoints, HTTP/HTTPS proxy CONNECT) now validate the server's TLS certificate by default. Requests to hosts with self-signed, expired, or hostname-mismatched certificates that previously succeeded will now fail. Opt back out per request with tls.rejectUnauthorized=false (transport options, or a per-attachment tls option).

Bug Fixes

  • replace deprecated url.parse with a WHATWG URL wrapper (0c080fb)
  • validate TLS certificates by default when fetching remote content (6a947ac)
Changelog

Sourced from nodemailer's changelog.

9.0.1 (2026-06-17)

Bug Fixes

  • enforce disableFileAccess/disableUrlAccess for raw message option (a82e060)

9.0.0 (2026-06-14)

⚠ BREAKING CHANGES

  • HTTPS requests made while fetching remote content (attachment href/path URLs, OAuth2 token endpoints, HTTP/HTTPS proxy CONNECT) now validate the server's TLS certificate by default. Requests to hosts with self-signed, expired, or hostname-mismatched certificates that previously succeeded will now fail. Opt back out per request with tls.rejectUnauthorized=false (transport options, or a per-attachment tls option).

Bug Fixes

  • replace deprecated url.parse with a WHATWG URL wrapper (0c080fb)
  • validate TLS certificates by default when fetching remote content (6a947ac)
Commits
  • 69cf625 chore(master): release 9.0.1 (#1828)
  • a82e060 fix: enforce disableFileAccess/disableUrlAccess for raw message option
  • 4e58450 chore: update dev dependencies
  • 541f5fd chore(master): release 9.0.0 (#1827)
  • 0c080fb fix: replace deprecated url.parse with a WHATWG URL wrapper
  • 6a947ac fix!: validate TLS certificates by default when fetching remote content
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file JavaScript labels Jun 21, 2026
@github-actions

Copy link
Copy Markdown
Contributor

Not Automerged

The PR does not match any automerge rules.

Details: No configuration rule matched this update

Dependabot Information:

  • Package name(s): nodemailer
  • Update type: major
  • Dependency type: production
  • Previous version: 8.0.11
  • New version: 9.0.1

Modified Files:

  • package-lock.json
  • package.json

Bumps [nodemailer](https://github.com/nodemailer/nodemailer) from 8.0.11 to 9.0.1.
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](nodemailer/nodemailer@v8.0.11...v9.0.1)

---
updated-dependencies:
- dependency-name: nodemailer
  dependency-version: 9.0.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/nodemailer-9.0.1 branch from 73ba927 to bd6ffd3 Compare July 1, 2026 09:14
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Not Automerged

The PR does not match any automerge rules.

Details: No configuration rule matched this update

Dependabot Information:

  • Package name(s): nodemailer
  • Update type: major
  • Dependency type: production
  • Previous version: 8.0.11
  • New version: 9.0.1

Modified Files:

  • package-lock.json
  • package.json

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file JavaScript

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants