chore(deps): pin transitive deps and upgrade nodemailer to 9#4243
chore(deps): pin transitive deps and upgrade nodemailer to 9#4243nicktrn wants to merge 2 commits into
Conversation
|
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository UI Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (1)
💤 Files with no reviewable changes (1)
📜 Recent review details⏰ Context from checks skipped due to timeout. (41)
WalkthroughUpdated the emails package dependency 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
| "@react-email/components": "1.0.12", | ||
| "@react-email/render": "^2.0.8", | ||
| "nodemailer": "^8.0.6", | ||
| "nodemailer": "^9.0.1", |
There was a problem hiding this comment.
🔍 Major nodemailer version bump with potentially stale type definitions
nodemailer is bumped from ^8.0.6 to ^9.0.1 (resolves to 9.0.3 in lockfile), but @types/nodemailer remains at ^8.0.0 in devDependencies (internal-packages/emails/package.json:24). If nodemailer v9 now ships its own bundled TypeScript types, the external @types/nodemailer@8 package could conflict or provide inaccurate type information. If it doesn't ship types, then @types/nodemailer@8 may not cover any new v9 API surface. Either way, this mismatch deserves verification that typecheck still passes for this package.
Was this helpful? React with 👍 or 👎 to provide feedback.
| "@react-email/components": "1.0.12", | ||
| "@react-email/render": "^2.0.8", | ||
| "nodemailer": "^8.0.6", | ||
| "nodemailer": "^9.0.1", |
There was a problem hiding this comment.
🔍 SES transport initialization pattern may need verification against nodemailer v9
The AWS SES transport is initialized with nodemailer.createTransport({ SES: { sesClient, SendEmailCommand } }) at internal-packages/emails/src/transports/aws-ses.ts:17-19. This is a non-standard transport configuration that relies on nodemailer's SES plugin support. Major version bumps can change transport plugin APIs. Worth confirming this initialization pattern still works in nodemailer v9 (e.g., via a quick integration test or checking nodemailer v9's SES transport documentation).
Was this helpful? React with 👍 or 👎 to provide feedback.
@trigger.dev/build
trigger.dev
@trigger.dev/core
@trigger.dev/python
@trigger.dev/react-hooks
@trigger.dev/redis-worker
@trigger.dev/rsc
@trigger.dev/schema-to-json
@trigger.dev/sdk
commit: |
There was a problem hiding this comment.
🔍 Removed systeminformation security override without verifying transitive dependency is gone
The override "systeminformation@>=5.0.0 <5.31.0": "^5.31.0" was removed. The lockfile still contains 3 references to systeminformation. If any transitive dependency still pulls in a version matching >=5.0.0 <5.31.0, removing this override means the vulnerable version could be resolved again. This is likely intentional if the transitive consumers now depend on a version ≥5.31.0 natively, but worth confirming the lockfile no longer resolves any systeminformation version below 5.31.0.
Was this helpful? React with 👍 or 👎 to provide feedback.
Routine dependency maintenance.
pnpm.overrides:form-data,ws,undici,hono. Lockfile-only (no published-package dependency changes); net shrinks via dedup.nodemailer8 → 9 ininternal-packages/emails(private package). The SES transport already uses SESv2 and thecreateTransport/sendMailAPI is unchanged, so no code changes were needed.@types/nodemailerstays at 8 (no 9.x published yet; types are compatible).Verified locally:
pnpm iclean;pnpm run typecheck --filter emailsand--filter webappboth pass.