build(deps): bump nodemailer from 8.0.9 to 9.0.1#21197
Conversation
Bumps [nodemailer](https://github.com/nodemailer/nodemailer) from 8.0.9 to 9.0.1. - [Release notes](https://github.com/nodemailer/nodemailer/releases) - [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md) - [Commits](nodemailer/nodemailer@v8.0.9...v9.0.1) --- updated-dependencies: - dependency-name: nodemailer dependency-version: 9.0.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
|
The latest updates on your projects. Learn more about Vercel for GitHub. 1 Skipped Deployment
|
dannyroosevelt
moved this to Ready for PR Review
in Component (Source and Action) Backlog
|
Thank you so much for submitting this! We've added it to our backlog to review, and our team has been notified. |
|
Thanks for submitting this PR! When we review PRs, we follow the Pipedream component guidelines. If you're not familiar, here's a quick checklist:
|
📝 WalkthroughWalkthroughThe Changesnodemailer version bump
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes Possibly related PRs
Suggested labels
Suggested reviewers
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@components/gmail/package.json`:
- Line 25: The version field in the components/gmail/package.json file has not
been incremented to match the major version upgrade of the nodemailer dependency
from 8.x to 9.x. Update the version field in components/gmail/package.json by
incrementing at least the major version segment to reflect this breaking change
in the nodemailer dependency. For example, if the current version is 1.0.0,
increment it to 2.0.0 or higher to match the semantic versioning guidelines that
require component package versions to bump by the same or greater semantic
version segment when dependencies change.
In `@components/pipedream_utils/package.json`:
- Line 23: The nodemailer dependency in the pipedream_utils package.json has
been upgraded to version 9.x which is a major version bump, but the app version
field in the same package.json has not been incremented. Locate the "version"
field in components/pipedream_utils/package.json and increment it by at least a
major semantic version segment to reflect this major dependency upgrade (for
example, if the current version is 1.0.0, change it to 2.0.0).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Run ID: 5b714948-2fb5-48a6-89d7-d0ab518ed129
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (2)
components/gmail/package.jsoncomponents/pipedream_utils/package.json
| "mammoth": "^1.11.0", | ||
| "mime": "^3.0.0", | ||
| "nodemailer": "^8.0.9", | ||
| "nodemailer": "^9.0.1", |
There was a problem hiding this comment.
Bump this app package version for the major dependency upgrade.
This manifest upgrades nodemailer to 9.x (major), but there’s no corresponding version bump in this package.json. Please increment the app version by at least a major segment in this PR.
As per coding guidelines, components/*/package.json must be bumped by the same or greater semantic version segment whenever a component in that app changes. Based on learnings, only the relevant component package.json version track should be enforced here.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@components/gmail/package.json` at line 25, The version field in the
components/gmail/package.json file has not been incremented to match the major
version upgrade of the nodemailer dependency from 8.x to 9.x. Update the version
field in components/gmail/package.json by incrementing at least the major
version segment to reflect this breaking change in the nodemailer dependency.
For example, if the current version is 1.0.0, increment it to 2.0.0 or higher to
match the semantic versioning guidelines that require component package versions
to bump by the same or greater semantic version segment when dependencies
change.
Sources: Coding guidelines, Learnings
| "moment": "^2.30.1", | ||
| "moment-timezone": "^0.5.47", | ||
| "nodemailer": "^8.0.9", | ||
| "nodemailer": "^9.0.1", |
There was a problem hiding this comment.
Bump this app package version for the major dependency upgrade.
This manifest upgrades nodemailer to 9.x (major), but there’s no corresponding version bump in this package.json. Please increment the app version by at least a major segment in this PR.
As per coding guidelines, components/*/package.json must be bumped by the same or greater semantic version segment whenever a component in that app changes. Based on learnings, only the relevant component package.json version track should be enforced here.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@components/pipedream_utils/package.json` at line 23, The nodemailer
dependency in the pipedream_utils package.json has been upgraded to version 9.x
which is a major version bump, but the app version field in the same
package.json has not been incremented. Locate the "version" field in
components/pipedream_utils/package.json and increment it by at least a major
semantic version segment to reflect this major dependency upgrade (for example,
if the current version is 1.0.0, change it to 2.0.0).
Sources: Coding guidelines, Learnings
github-project-automation
Bot
moved this from Ready for PR Review
to Done
in Component (Source and Action) Backlog
4 participants
Bumps nodemailer from 8.0.9 to 9.0.1.
Release notes
Sourced from nodemailer's releases.
Changelog
Sourced from nodemailer's changelog.
Commits
69cf625chore(master): release 9.0.1 (#1828)a82e060fix: enforce disableFileAccess/disableUrlAccess for raw message option4e58450chore: update dev dependencies541f5fdchore(master): release 9.0.0 (#1827)0c080fbfix: replace deprecated url.parse with a WHATWG URL wrapper6a947acfix!: validate TLS certificates by default when fetching remote contente3b1bdachore(master): release 8.0.11 (#1826)4358cafrefactor: remove dead checks flagged by Code Quality analysiscf5195cchore: harden workflow token permissions and update GitHub Actions067aebefix: parse Ethereal response props without polynomial regex backtrackingDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.
Summary by CodeRabbit