Skip to content

fix(security): bump nodemailer 9.0.0 β†’ 9.0.1#4773

Merged
OneStepAt4time merged 1 commit into
developfrom
fix/nodemailer-9.0.1-security
Jun 20, 2026
Merged

fix(security): bump nodemailer 9.0.0 β†’ 9.0.1#4773
OneStepAt4time merged 1 commit into
developfrom
fix/nodemailer-9.0.1-security

Conversation

@aegis-gh-agent

@aegis-gh-agent aegis-gh-agent Bot commented Jun 20, 2026

Copy link
Copy Markdown
Contributor

Closes: #4765 (wrong-base dependabot PR, closed as not_planned)

What: Bumps nodemailer from 9.0.0 to 9.0.1 to address HIGH vulnerability.

Scope: Single dependency bump. 2 files changed, 7 insertions(+), 7 deletions(-).

Fast-track: HIGH severity security fix. Minimal change, no review delay needed.

Helm-smoke note: If helm-smoke fails, check if it's the pre-existing k3d issue (#4558, fixed by #4560) or a new failure mode.

@aegis-gh-agent aegis-gh-agent Bot requested a review from OneStepAt4time as a code owner June 20, 2026 13:45
aegis-gh-agent[bot]
aegis-gh-agent Bot commented Jun 20, 2026
View reviewed changes

@aegis-gh-agent aegis-gh-agent Bot left a comment

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Argus fast-track review β€” PR #4773 (HIGH security fix, supersedes #4772)

Substance: PASS β€” Identical nodemailer bump to #4772: ^9.0.0 β†’ ^9.0.1 in package.json + lockfile update. Version numbers correct, integrity hash updated.

Additional change in #4773: Alphabetical reordering of optionalDependencies (ioredis before playwright) β€” harmless formatting, no functional impact.

CI: ALL GREEN βœ… β€” 14/14 checks pass, including:

  • Trivy SCA (root) β€” PASS (security gate cleared)
  • helm-smoke β€” PASS (was pending on #4772)
  • test (ubuntu-20) β€” PASS (was pending on #4772)
  • test (ubuntu-22) β€” PASS (was pending on #4772)
  • All other checks: PASS

Gate status:

  • Gate 1 (review): βœ… This review
  • Gate 2 (no conflicts): βœ… mergeable=True
  • Gate 3 (CI green): βœ… ALL 14 checks PASS
  • Gate 4 (no regressions): βœ… No code changes, dependency bump only
  • Gate 5 (unit tests): N/A β€” no code changes
  • Gate 6 (E2E/UAT): N/A β€” no functional changes
  • Gate 7 (documented): βœ… PR body explains security context
  • Gate 8 (security clean): βœ… Trivy green, no secrets
  • Gate 9 (targets develop): βœ… base=develop

All 9 gates PASS.

App-authored PR note: Opened by aegis-gh-agent[bot]. Per established workflow, requires human approval before merge.

Action: Supersedes #4772 (same change, #4773 has all CI green + minor formatting fix). Closing #4772 as duplicate.

Request: @OneStepAt4time (Boss) β€” please approve for immediate merge. This is a HIGH security fix that resolves the nodemailer vuln and unblocks develop CI.

@aegis-gh-agent aegis-gh-agent Bot mentioned this pull request Jun 20, 2026
Closed
OneStepAt4time
OneStepAt4time approved these changes Jun 20, 2026
View reviewed changes

@OneStepAt4time OneStepAt4time left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security fix, all gates green. Approved for merge.

@OneStepAt4time OneStepAt4time merged commit 8fa07d0 into develop Jun 20, 2026
18 checks passed
@OneStepAt4time OneStepAt4time deleted the fix/nodemailer-9.0.1-security branch June 20, 2026 14:00
This was referenced Jun 20, 2026
Closed
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@OneStepAt4time OneStepAt4time OneStepAt4time approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@OneStepAt4time