Skip to content

chore(deps): bump nodemailer from 8.0.4 to 8.0.5#3076

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/nodemailer-8.0.5
Open

chore(deps): bump nodemailer from 8.0.4 to 8.0.5#3076
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/nodemailer-8.0.5

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 8, 2026
edited
Loading

Bumps nodemailer from 8.0.4 to 8.0.5.

Release notes

Sourced from nodemailer's releases.

v8.0.5

8.0.5 (2026-04-07)

Bug Fixes

  • decode SMTP server responses as UTF-8 at line boundary (95876b1)
  • sanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (0a43876)
Changelog

Sourced from nodemailer's changelog.

8.0.5 (2026-04-07)

Bug Fixes

  • decode SMTP server responses as UTF-8 at line boundary (95876b1)
  • sanitize CRLF in transport name option to prevent SMTP command injection (GHSA-vvjj-xcjg-gr5g) (0a43876)
Commits
  • 202cfb3 chore(master): release 8.0.5 (#1809)
  • b634abf docs: add CLAUDE.md with project conventions and release process
  • 95876b1 fix: decode SMTP server responses as UTF-8 at line boundary
  • 0a43876 fix: sanitize CRLF in transport name option to prevent SMTP command injection...
  • 08e59e6 chore: update dev dependencies
  • See full diff in compare view

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 8, 2026
@vercel
Copy link
Copy Markdown

vercel bot commented Apr 8, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
agents-api Ready Ready Preview, Comment Apr 14, 2026 6:19pm
agents-docs Ready Ready Preview, Comment Apr 14, 2026 6:19pm
agents-manage-ui Ready Ready Preview, Comment Apr 14, 2026 6:19pm

Request Review

@changeset-bot
Copy link
Copy Markdown

changeset-bot bot commented Apr 8, 2026
edited
Loading

⚠️ No Changeset found

Latest commit: 2073ec5

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@socket-security
Copy link
Copy Markdown

socket-security bot commented Apr 8, 2026
edited
Loading

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @inkeep/agents-manage-ui is 98.0% likely obfuscated

Confidence: 0.98

Location: Package overview

From: create-agents-template/package.jsonnpm/@inkeep/agents-manage-ui@0.59.4

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@inkeep/agents-manage-ui@0.59.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/nodemailer-8.0.5 branch from b0ced4a to 303e12d Compare April 8, 2026 20:32
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/nodemailer-8.0.5 branch from 303e12d to ee35eea Compare April 9, 2026 02:37
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/nodemailer-8.0.5 branch from ee35eea to 988265c Compare April 9, 2026 19:49
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/nodemailer-8.0.5 branch from 988265c to 0d1812e Compare April 10, 2026 15:01
@socket-security
Copy link
Copy Markdown

socket-security bot commented Apr 10, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Added@​opentelemetry/​sdk-trace-node@​2.1.07210010093100
Added@​opentelemetry/​context-async-hooks@​2.1.0741008893100
Added@​inkeep/​agents-api@​0.59.4791007710090
Added@​inkeep/​agents-cli@​0.59.4781008810090
Added@​langfuse/​tracing@​4.0.1851008097100
Updated@​inkeep/​agents-manage-ui@​0.41.1 ⏵ 0.59.4801009710090
Added@​types/​node@​22.18.41001008196100
Addedtsx@​4.20.51001008185100
Addedlangfuse@​3.38.51001008492100
Added@​inkeep/​agents-sdk@​0.59.48610010010090
Updated@​hono/​vite-dev-server@​0.20.1 ⏵ 0.23.0100 +1100100 +189 -3100
Addedtypescript@​5.9.2100100909990
Updated@​opentelemetry/​core@​2.3.0 ⏵ 2.1.09910094 +193 +1100
Updated@​hono/​zod-openapi@​1.2.0 ⏵ 1.2.310010010094 +4100
Addeddotenv@​16.6.19910010096100

View full report

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/nodemailer-8.0.5 branch from 0d1812e to f1a319e Compare April 10, 2026 21:40
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 14, 2026

A matching internal PR is ready in inkeep/agents-private#96 for canonical review and merge.

  • Original author attribution is preserved as @dependabot[bot]
  • The internal PR is the authoritative merge surface
  • The public repo will pick up the merged change through the normal mirror sync

This comment will be updated as the bridge state changes.

@dependabot
chore(deps): bump nodemailer from 8.0.4 to 8.0.5
2073ec5 
Bumps [nodemailer](https://github.com/nodemailer/nodemailer) from 8.0.4 to 8.0.5.
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](nodemailer/nodemailer@v8.0.4...v8.0.5)

---
updated-dependencies:
- dependency-name: nodemailer
  dependency-version: 8.0.5
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/nodemailer-8.0.5 branch from f1a319e to 2073ec5 Compare April 14, 2026 18:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants