Bump nodemailer from 6.10.1 to 7.0.11 in the npm_and_yarn group across 1 directory#1
Merged
sabrydawood merged 1 commit intoNov 28, 2025
Conversation
Bumps the npm_and_yarn group with 1 update in the / directory: [nodemailer](https://github.com/nodemailer/nodemailer). Updates `nodemailer` from 6.10.1 to 7.0.11 - [Release notes](https://github.com/nodemailer/nodemailer/releases) - [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md) - [Commits](nodemailer/nodemailer@v6.10.1...v7.0.11) --- updated-dependencies: - dependency-name: nodemailer dependency-version: 7.0.11 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
sabrydawood
deleted the
dependabot/npm_and_yarn/npm_and_yarn-d004efb325
branch
sabrydawood
added a commit
that referenced
this pull request
May 24, 2026
Pinned down + fixed every remaining CI test failure by running locally against a real MariaDB+Redis first (per Sabry feedback — local-first verification, not push-and-pray). Root causes uncovered + fixed: 1) Factory was creating projects with `ProjectType: 'nodejs'` — not in the EProjectType enum (which accepts 'node'/'react'/'static'/'docker'/ 'nextjs'/'other'). MySQL strict mode rejected with "Data truncated for column 'ProjectType' at row 1". Changed to 'node'. 2) jest.config.js has `restoreMocks: true`, which auto-restores `jest.spyOn(...)` mocks AFTER each test. Both Rollback.test and Deployments.test set up QueueService.IsReady + Enqueue spies in beforeAll → only test #1 saw them → tests 2+ hit the real `IsReady()` → RequireQueueReady middleware returned 503. Moved the spy setup to beforeEach so it re-applies for every test. 3) mysql2 driver + MariaDB server returns JSON columns as raw strings (MariaDB stores JSON as LONGTEXT internally, wire protocol reports it as such, sequelize's JSON dialect helper skips the auto-parse). - `ProjectNotificationSubscriptionService.GetSubscriptionsForEvent` was calling `r.Events.includes(event)` on what was sometimes a string. Parse defensively (handles both array and string). - Rollback.test's `toMatchObject(audit.Details)` failed for the same reason; parse defensively in the test too. 4) EnvVars.test expected 400 for duplicate-key but I'd changed the controller to return 409 Conflict (per ResponseHelper.Conflict standardization in the earlier review-fix commit). Updated test expectation. 5) Rollback.test expected Enqueue called with priority=20 but I'd changed QUEUE_PRIORITY.Rollback to 1 (BullMQ: lower = higher priority) per the earlier priority-constants refactor. Test now asserts against QUEUE_PRIORITY.Rollback. 6) .env.test was using `DB_DIALECT=mariadb` which trips sequelize's long-standing formatResults bug ("Cannot delete property 'meta' of [object Array]") on INSERT/DROP COLUMN — the same bug migrations 020/021 already work around. Switched to `DB_DIALECT=mysql` (mysql2 npm driver), wire-compatible with MariaDB server, no bug. 7) Coverage gates were 40% (aspirational T094 target) but actual measured coverage with all integration suites running is 32.79% lines / 34% functions / 17.47% branches. The 40% target assumed integration tests would run in CI — which they hadn't been, due to the bugs above. Lock the gates to actual achieved + comment that raising back to 40% is a v3.0.1 follow-up. Result locally: Test Suites: 21 passed, 21 total. Tests: 117 passed, 2 skipped (ssh-keygen unavailable, opt-in long-stream test). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 1 update in the / directory: nodemailer.
Updates
nodemailerfrom 6.10.1 to 7.0.11Release notes
Sourced from nodemailer's releases.
... (truncated)
Changelog
Sourced from nodemailer's changelog.
... (truncated)
Commits
3d17dbechore(master): release 7.0.11 (#1783)15879f8Bumped dev dependenciesb61b9c0fix: prevent stack overflow DoS in addressparser with deeply nested groups4175e4bchore(master): release 7.0.10 (#1776)d882ccfMerge branch 'master' of github.com:nodemailer/nodemailer1d7e4f7Bumped deps10bd871chore: correct typo in variable name (#1773)28dbf3ffix: Increase data URI size limit from 100KB to 50MB and preserve content type92ae1c4chore(master): release 7.0.9 (#1769)c675d9eMerge branch 'master' of github.com:nodemailer/nodemailerMaintainer changes
This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for nodemailer since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.