Skip to content

chore: bump nodemailer to 7.0.12 (security)#15062

Merged
DanRibbens merged 2 commits into
payloadcms:mainfrom
Patrikbjoh:fix/bump-nodemailer-to-7.0.12
Jan 2, 2026
Merged

chore: bump nodemailer to 7.0.12 (security)#15062
DanRibbens merged 2 commits into
payloadcms:mainfrom
Patrikbjoh:fix/bump-nodemailer-to-7.0.12

Conversation

@Patrikbjoh

@Patrikbjoh Patrikbjoh commented Dec 30, 2025
edited by DanRibbens
Loading

Copy link
Copy Markdown
Contributor

Bumps nodemailer to 7.0.12 in packages/email-nodemailer to include recent security fixes. This should address the advisory flagged by pnpm audit. I ran local tests and builds. Happy to iterate if you prefer a different target.

fixes #15061

Copilot AI review requested due to automatic review settings December 30, 2025 07:05
Copilot AI reviewed Dec 30, 2025
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR bumps the nodemailer dependency from version 7.0.9 to 7.0.12 in the email-nodemailer package to address security vulnerabilities flagged by pnpm audit. This is a patch version update that should be backward compatible.

  • Updates nodemailer dependency to include recent security fixes
  • Maintains the same major and minor version (7.0.x)
  • Addresses security advisory findings

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread packages/email-nodemailer/package.json
},
"dependencies": {
"nodemailer": "7.0.9"
"nodemailer": "7.0.12"

Copilot AI Dec 30, 2025

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This security update to nodemailer 7.0.12 is only applied to this package, but packages/payload-cloud/package.json also has a direct dependency on nodemailer: 7.0.9. Since this is a security update, consider also updating the nodemailer version in the payload-cloud package to maintain consistent security posture across the codebase.

Copilot uses AI. Check for mistakes.

@DanRibbens DanRibbens Dec 30, 2025

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot open a new pull request to apply changes based on this feedback

@DanRibbens DanRibbens Dec 30, 2025

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well that didn't do shit. Thanks GitHub for suggesting 🙃.

DanRibbens
DanRibbens approved these changes Dec 30, 2025
View reviewed changes

@DanRibbens DanRibbens left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@DanRibbens DanRibbens merged commit aa61b31 into payloadcms:main Jan 2, 2026
196 of 198 checks passed
@github-actions

github-actions Bot commented Jan 5, 2026

Copy link
Copy Markdown
Contributor

🚀 This is included in version v3.70.0

zubricks pushed a commit that referenced this pull request Jan 6, 2026
@Patrikbjoh @DanRibbens @zubricks
chore: bump nodemailer to 7.0.12 (security) (#15062)
971f4e5 
Bumps nodemailer to 7.0.12 in packages/email-nodemailer to include
recent security fixes. This should address the advisory flagged by pnpm
audit. I ran local tests and builds. Happy to iterate if you prefer a
different target.

fixes #15061

---------

Co-authored-by: Dan Ribbens <dan.ribbens@gmail.com>
teastudiopl pushed a commit to teastudiopl/payload that referenced this pull request Jan 8, 2026
@Patrikbjoh @DanRibbens @teastudiopl
chore: bump nodemailer to 7.0.12 (security) (payloadcms#15062)
0e13ac4 
Bumps nodemailer to 7.0.12 in packages/email-nodemailer to include
recent security fixes. This should address the advisory flagged by pnpm
audit. I ran local tests and builds. Happy to iterate if you prefer a
different target.

fixes payloadcms#15061

---------

Co-authored-by: Dan Ribbens <dan.ribbens@gmail.com>
@jhb-dev jhb-dev mentioned this pull request May 17, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@DanRibbens DanRibbens DanRibbens approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Security: bump nodemailer in packages/email-nodemailer to >=7.0.12

3 participants

@Patrikbjoh @DanRibbens