Skip to content

build(deps): bump nodemailer, imapflow and mailparser#16

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-09949be7a0
Open

build(deps): bump nodemailer, imapflow and mailparser#16
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-09949be7a0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 21, 2026

Copy link
Copy Markdown

Bumps nodemailer, imapflow and mailparser. These dependencies needed to be updated together.
Updates nodemailer from 8.0.10 to 9.0.1

Release notes

Sourced from nodemailer's releases.

v9.0.1

9.0.1 (2026-06-17)

Bug Fixes

  • enforce disableFileAccess/disableUrlAccess for raw message option (a82e060)

v9.0.0

9.0.0 (2026-06-14)

⚠ BREAKING CHANGES

  • HTTPS requests made while fetching remote content (attachment href/path URLs, OAuth2 token endpoints, HTTP/HTTPS proxy CONNECT) now validate the server's TLS certificate by default. Requests to hosts with self-signed, expired, or hostname-mismatched certificates that previously succeeded will now fail. Opt back out per request with tls.rejectUnauthorized=false (transport options, or a per-attachment tls option).

Bug Fixes

  • replace deprecated url.parse with a WHATWG URL wrapper (0c080fb)
  • validate TLS certificates by default when fetching remote content (6a947ac)

v8.0.11

8.0.11 (2026-06-10)

Bug Fixes

  • apply the transport-level newline option in stream and sendmail transports (cb4f904)
  • include icalEvent path/href content in the application/ics attachment (b801c48)
  • parse Ethereal response props without polynomial regex backtracking (067aebe)
  • resolve oauth2_provision_cb at send time for non-pooled SMTP transports (203c8ec)
  • return the promise from every resolveContent branch (07ffe8c)
  • strip the url scheme from List-ID header values (77e5885)
  • tag AWS SES transport errors with the ESES code (efa647a)
Changelog

Sourced from nodemailer's changelog.

9.0.1 (2026-06-17)

Bug Fixes

  • enforce disableFileAccess/disableUrlAccess for raw message option (a82e060)

9.0.0 (2026-06-14)

⚠ BREAKING CHANGES

  • HTTPS requests made while fetching remote content (attachment href/path URLs, OAuth2 token endpoints, HTTP/HTTPS proxy CONNECT) now validate the server's TLS certificate by default. Requests to hosts with self-signed, expired, or hostname-mismatched certificates that previously succeeded will now fail. Opt back out per request with tls.rejectUnauthorized=false (transport options, or a per-attachment tls option).

Bug Fixes

  • replace deprecated url.parse with a WHATWG URL wrapper (0c080fb)
  • validate TLS certificates by default when fetching remote content (6a947ac)

8.0.11 (2026-06-10)

Bug Fixes

  • apply the transport-level newline option in stream and sendmail transports (cb4f904)
  • include icalEvent path/href content in the application/ics attachment (b801c48)
  • parse Ethereal response props without polynomial regex backtracking (067aebe)
  • resolve oauth2_provision_cb at send time for non-pooled SMTP transports (203c8ec)
  • return the promise from every resolveContent branch (07ffe8c)
  • strip the url scheme from List-ID header values (77e5885)
  • tag AWS SES transport errors with the ESES code (efa647a)
Commits
  • 69cf625 chore(master): release 9.0.1 (#1828)
  • a82e060 fix: enforce disableFileAccess/disableUrlAccess for raw message option
  • 4e58450 chore: update dev dependencies
  • 541f5fd chore(master): release 9.0.0 (#1827)
  • 0c080fb fix: replace deprecated url.parse with a WHATWG URL wrapper
  • 6a947ac fix!: validate TLS certificates by default when fetching remote content
  • e3b1bda chore(master): release 8.0.11 (#1826)
  • 4358caf refactor: remove dead checks flagged by Code Quality analysis
  • cf5195c chore: harden workflow token permissions and update GitHub Actions
  • 067aebe fix: parse Ethereal response props without polynomial regex backtracking
  • Additional commits viewable in compare view

Updates imapflow from 1.3.5 to 1.4.2

Changelog

Sourced from imapflow's changelog.

1.4.2 (2026-06-19)

Bug Fixes

  • bump nodemailer to 9.0.1 (9c46aa9)

1.4.1 (2026-06-15)

Bug Fixes

  • ship refreshed dependencies (nodemailer 9, updated toolchain) (e1d36e6)

1.4.0 (2026-06-09)

Features

  • add Gmail label search term to the search compiler (4b2d173)

1.3.7 (2026-06-08)

Bug Fixes

  • harden FLAGS guard and bring lib to full test coverage (6666bec)

1.3.6 (2026-06-05)

Bug Fixes

  • harden STARTTLS upgrade, literal bounds, and connection error paths (35eca81)
Commits
  • 03f6831 chore(master): release 1.4.2 [skip-ci] (#361)
  • 9c46aa9 fix: bump nodemailer to 9.0.1
  • 2a02044 chore(master): release 1.4.1 [skip-ci] (#359)
  • e1d36e6 fix: ship refreshed dependencies (nodemailer 9, updated toolchain)
  • cb2503a chore: refresh dependencies and align project tooling with EmailEngine
  • 5b13151 chore(master): release 1.4.0 [skip-ci] (#358)
  • 4b2d173 feat: add Gmail label search term to the search compiler
  • c0969c6 chore(master): release 1.3.7 [skip-ci] (#357)
  • 6666bec fix: harden FLAGS guard and bring lib to full test coverage
  • 02ab7ac chore(master): release 1.3.6 [skip-ci] (#356)
  • Additional commits viewable in compare view

Updates mailparser from 3.9.9 to 3.9.11

Changelog

Sourced from mailparser's changelog.

3.9.11 (2026-06-19)

Bug Fixes

  • bump nodemailer to 9.0.1 (020f140)

3.9.10 (2026-06-15)

Bug Fixes

  • bump dependencies (nodemailer 9, eslint 10.5, prettier 3.8.4) (262ecff)
Commits
  • 04116f0 chore(master): release 3.9.11 [skip-ci] (#425)
  • 020f140 fix: bump nodemailer to 9.0.1
  • b890336 docs: add PGP-signed SECURITY.txt (RFC 9116) [skip ci]
  • 705c237 chore(master): release 3.9.10 [skip-ci] (#424)
  • 588e483 chore: add CLAUDE.md, security policy and CodeQL workflow, modernize CI
  • 262ecff fix: bump dependencies (nodemailer 9, eslint 10.5, prettier 3.8.4)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump nodemailer, imapflow and mailparser
973b80c 
Bumps [nodemailer](https://github.com/nodemailer/nodemailer), [imapflow](https://github.com/postalsys/imapflow) and [mailparser](https://github.com/nodemailer/mailparser). These dependencies needed to be updated together.

Updates `nodemailer` from 8.0.10 to 9.0.1
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](nodemailer/nodemailer@v8.0.10...v9.0.1)

Updates `imapflow` from 1.3.5 to 1.4.2
- [Release notes](https://github.com/postalsys/imapflow/releases)
- [Changelog](https://github.com/postalsys/imapflow/blob/master/CHANGELOG.md)
- [Commits](postalsys/imapflow@v1.3.5...v1.4.2)

Updates `mailparser` from 3.9.9 to 3.9.11
- [Release notes](https://github.com/nodemailer/mailparser/releases)
- [Changelog](https://github.com/nodemailer/mailparser/blob/master/CHANGELOG.md)
- [Commits](nodemailer/mailparser@v3.9.9...v3.9.11)

---
updated-dependencies:
- dependency-name: nodemailer
  dependency-version: 9.0.1
  dependency-type: direct:production
- dependency-name: imapflow
  dependency-version: 1.4.2
  dependency-type: direct:production
- dependency-name: mailparser
  dependency-version: 3.9.11
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 21, 2026

Copy link
Copy Markdown
Author

Labels

The following labels could not be found: deps. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants