Skip to content

[Snyk] Security upgrade nodemailer from 6.10.1 to 7.0.11#474

Merged
titanism merged 1 commit into
masterfrom
snyk-fix-9d0cade9573935ae1ebd4983995603c5
Dec 31, 2025
Merged

[Snyk] Security upgrade nodemailer from 6.10.1 to 7.0.11#474
titanism merged 1 commit into
masterfrom
snyk-fix-9d0cade9573935ae1ebd4983995603c5

Conversation

@titanism
Copy link
Copy Markdown
Contributor

@titanism titanism commented Dec 3, 2025

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

  • package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning 
Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Uncontrolled Recursion
SNYK-JS-NODEMAILER-14157156		   803  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@socket-security
Copy link
Copy Markdown

socket-security Bot commented Dec 3, 2025

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addednodemailer@​7.0.11991009793100

View full report

@AustinMaddox
Copy link
Copy Markdown

AustinMaddox commented Dec 31, 2025

Please consider merging this. This would make the security scanners of a lot of downstream projects happy 😺

@titanism titanism merged commit 3e8d412 into master Dec 31, 2025
5 of 9 checks passed
@titanism titanism deleted the snyk-fix-9d0cade9573935ae1ebd4983995603c5 branch December 31, 2025 16:13
@AustinMaddox
Copy link
Copy Markdown

AustinMaddox commented Dec 31, 2025

Thank you!

@titanism
Copy link
Copy Markdown
Contributor Author

titanism commented Dec 31, 2025

v13.0.0 released
https://github.com/forwardemail/email-templates/releases/tag/v13.0.0

package maintenance provided by @forwardemail at https://forwardemail.net

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@etiennepoirier2005 etiennepoirier2005 etiennepoirier2005 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@titanism @AustinMaddox @etiennepoirier2005 @snyk-bot