Skip to content

Bump the npm_and_yarn group across 1 directory with 5 updates#88

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-1e8ee3774c
Closed

Bump the npm_and_yarn group across 1 directory with 5 updates#88
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-1e8ee3774c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm_and_yarn group with 5 updates in the / directory:

Package From To
nodemailer 8.0.11 9.0.1
basic-ftp 5.1.0 5.3.1
flatted 3.3.3 3.4.2
form-data 4.0.5 4.0.6
srvx 0.8.9 0.11.16

Updates nodemailer from 8.0.11 to 9.0.1

Release notes

Sourced from nodemailer's releases.

v9.0.1

9.0.1 (2026-06-17)

Bug Fixes

  • enforce disableFileAccess/disableUrlAccess for raw message option (a82e060)

v9.0.0

9.0.0 (2026-06-14)

⚠ BREAKING CHANGES

  • HTTPS requests made while fetching remote content (attachment href/path URLs, OAuth2 token endpoints, HTTP/HTTPS proxy CONNECT) now validate the server's TLS certificate by default. Requests to hosts with self-signed, expired, or hostname-mismatched certificates that previously succeeded will now fail. Opt back out per request with tls.rejectUnauthorized=false (transport options, or a per-attachment tls option).

Bug Fixes

  • replace deprecated url.parse with a WHATWG URL wrapper (0c080fb)
  • validate TLS certificates by default when fetching remote content (6a947ac)
Changelog

Sourced from nodemailer's changelog.

9.0.1 (2026-06-17)

Bug Fixes

  • enforce disableFileAccess/disableUrlAccess for raw message option (a82e060)

9.0.0 (2026-06-14)

⚠ BREAKING CHANGES

  • HTTPS requests made while fetching remote content (attachment href/path URLs, OAuth2 token endpoints, HTTP/HTTPS proxy CONNECT) now validate the server's TLS certificate by default. Requests to hosts with self-signed, expired, or hostname-mismatched certificates that previously succeeded will now fail. Opt back out per request with tls.rejectUnauthorized=false (transport options, or a per-attachment tls option).

Bug Fixes

  • replace deprecated url.parse with a WHATWG URL wrapper (0c080fb)
  • validate TLS certificates by default when fetching remote content (6a947ac)
Commits
  • 69cf625 chore(master): release 9.0.1 (#1828)
  • a82e060 fix: enforce disableFileAccess/disableUrlAccess for raw message option
  • 4e58450 chore: update dev dependencies
  • 541f5fd chore(master): release 9.0.0 (#1827)
  • 0c080fb fix: replace deprecated url.parse with a WHATWG URL wrapper
  • 6a947ac fix!: validate TLS certificates by default when fetching remote content
  • See full diff in compare view

Updates basic-ftp from 5.1.0 to 5.3.1

Release notes

Sourced from basic-ftp's releases.

5.3.1

5.3.0

  • Changed: Introduced an upper bound for total bytes of directory listing, fixes GHSA-rp42-5vxx-qpwr.
  • Added: Option to increase the upper bound for total bytes of directory listing in Client constructor.

5.2.2

5.2.1

5.2.0

  • Changed: Skip files with invalid name in downloadToDir.
Changelog

Sourced from basic-ftp's changelog.

5.3.1

5.3.0

  • Changed: Introduced an upper bound for total bytes of directory listing, fixes GHSA-rp42-5vxx-qpwr.
  • Added: Option to increase the upper bound for total bytes of directory listing in Client constructor.

5.2.2

5.2.1

5.2.0

Commits
Maintainer changes

This version was pushed to npm by patrickjuchli, a new releaser for basic-ftp since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Updates flatted from 3.3.3 to 3.4.2

Commits
  • 3bf0909 3.4.2
  • 885ddcc fix CWE-1321
  • 0bdba70 added flatted-view to the benchmark
  • 2a02dce 3.4.1
  • fba4e8f Merge pull request #89 from WebReflection/python-fix
  • 5fe8648 added "when in Rome" also a test for PHP
  • 53517ad some minor improvement
  • b3e2a0c Fixing recursion issue in Python too
  • c4b46db Add SECURITY.md for security policy and reporting
  • f86d071 Create dependabot.yml for version updates
  • Additional commits viewable in compare view

Updates form-data from 4.0.5 to 4.0.6

Changelog

Sourced from form-data's changelog.

v4.0.6 - 2026-06-12

Commits

  • [Fix] escape CR, LF, and " in field names and filenames 8dff42c
  • [Dev Deps] update @ljharb/eslint-config, auto-changelog, tape f31d21e
  • [Deps] update hasown, mime-types 92ae0eb
  • [Dev Deps] update js-randomness-predictor 67b0f65
Commits
  • 64190db v4.0.6
  • 92ae0eb [Deps] update hasown, mime-types
  • f31d21e [Dev Deps] update @ljharb/eslint-config, auto-changelog, tape
  • 8dff42c [Fix] escape CR, LF, and " in field names and filenames
  • 67b0f65 [Dev Deps] update js-randomness-predictor
  • See full diff in compare view

Updates srvx from 0.8.9 to 0.11.16

Release notes

Sourced from srvx's releases.

v0.11.16

compare changes

🩹 Fixes

  • node: Flatten writeHead headers on Deno (#203)
  • aws-lambda-streaming: Handle empty body (#205)
  • node: Do not crash on asterisk-form request targets (#206)

💅 Refactors

  • node/web: Add new TypeOfService utils to socker impl (945fc17)

❤️ Contributors

v0.11.15

compare changes

🩹 Fixes

  • node/web: Do not swallow getReader errors (#199)

❤️ Contributors

v0.11.14

compare changes

🩹 Fixes

  • node: Handle EADDRINUSE port conflict on serve (#197)

❤️ Contributors

v0.11.13

compare changes

🩹 Fixes

  • url: Deopt absolute URIs in FastURL (de0d699)

v0.11.12

compare changes

... (truncated)

Changelog

Sourced from srvx's changelog.

v0.11.16

compare changes

🩹 Fixes

  • node: Flatten writeHead headers on Deno (#203)
  • aws-lambda-streaming: Handle empty body (#205)
  • node: Do not crash on asterisk-form request targets (#206)

💅 Refactors

  • node/web: Add new TypeOfService utils to socker impl (945fc17)

🏡 Chore

✅ Tests

🤖 CI

  • Downgrade undici for node 20 only (05efca4)
  • Downgrade undici for deno node-compat test (e501480)
  • Force latest deno version (6f17e2e)
  • Directly install latest deno (59ba353)
  • Fix deno install (f6efb77)
  • Pin deno (7249b63)
  • Test node 22, 24, 26 (a745b47)

❤️ Contributors

v0.11.15

compare changes

🩹 Fixes

  • node/web: Do not swallow getReader errors (#199)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the npm_and_yarn group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [nodemailer](https://github.com/nodemailer/nodemailer) | `8.0.11` | `9.0.1` |
| [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.1.0` | `5.3.1` |
| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |
| [form-data](https://github.com/form-data/form-data) | `4.0.5` | `4.0.6` |
| [srvx](https://github.com/h3js/srvx) | `0.8.9` | `0.11.16` |



Updates `nodemailer` from 8.0.11 to 9.0.1
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](nodemailer/nodemailer@v8.0.11...v9.0.1)

Updates `basic-ftp` from 5.1.0 to 5.3.1
- [Release notes](https://github.com/patrickjuchli/basic-ftp/releases)
- [Changelog](https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md)
- [Commits](patrickjuchli/basic-ftp@v5.1.0...v5.3.1)

Updates `flatted` from 3.3.3 to 3.4.2
- [Commits](WebReflection/flatted@v3.3.3...v3.4.2)

Updates `form-data` from 4.0.5 to 4.0.6
- [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md)
- [Commits](form-data/form-data@v4.0.5...v4.0.6)

Updates `srvx` from 0.8.9 to 0.11.16
- [Release notes](https://github.com/h3js/srvx/releases)
- [Changelog](https://github.com/h3js/srvx/blob/main/CHANGELOG.md)
- [Commits](h3js/srvx@v0.8.9...v0.11.16)

---
updated-dependencies:
- dependency-name: nodemailer
  dependency-version: 9.0.1
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: basic-ftp
  dependency-version: 5.3.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: flatted
  dependency-version: 3.4.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: form-data
  dependency-version: 4.0.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: srvx
  dependency-version: 0.11.16
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 30, 2026
@vercel

vercel Bot commented Jun 30, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
pentest-reports Ready Ready Preview, Comment Jun 30, 2026 12:30am

@dependabot @github

dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 6, 2026
@dependabot
dependabot Bot deleted the dependabot/npm_and_yarn/npm_and_yarn-1e8ee3774c branch July 6, 2026 18:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants