Skip to content

Update npm package @types/nodemailer to v6.4.20 #7729

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update npm package @types/nodemailer to v6.4.20 #7729

wants to merge 1 commit into from

Conversation

hash-worker[bot]
Copy link
Contributor

@hash-worker hash-worker bot commented Aug 16, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
@types/nodemailer (source) 6.4.17 -> 6.4.20 age confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Configuration

📅 Schedule: Branch creation - "before 4am every weekday,every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@hash-worker hash-worker bot enabled auto-merge August 16, 2025 18:49
hashdotai
hashdotai previously approved these changes Aug 16, 2025
View reviewed changes
@github-actions github-actions bot added area/deps Relates to third-party dependencies (area) area/apps > hash* Affects HASH (a `hash-*` app) area/apps > hash-api Affects the HASH API (app) type/eng > backend Owned by the @backend team area/apps labels Aug 16, 2025
@hash-worker hash-worker bot force-pushed the deps/js/nodemailer-6.x branch from 1062acb to 1314418 Compare August 23, 2025 16:16
@hash-worker hash-worker bot changed the title Update npm package @types/nodemailer to v6.4.18 Update npm package @types/nodemailer to v6.4.19 Aug 23, 2025
hashdotai
hashdotai previously approved these changes Aug 23, 2025
View reviewed changes
@hash-worker hash-worker bot force-pushed the deps/js/nodemailer-6.x branch from 1314418 to 4ca269b Compare September 1, 2025 10:12
hashdotai
hashdotai previously approved these changes Sep 1, 2025
View reviewed changes
@hash-worker hash-worker bot force-pushed the deps/js/nodemailer-6.x branch from 4ca269b to fdddf70 Compare September 20, 2025 21:42
hashdotai
hashdotai previously approved these changes Sep 20, 2025
View reviewed changes
@hash-worker hash-worker bot force-pushed the deps/js/nodemailer-6.x branch from fdddf70 to 6ebae91 Compare October 2, 2025 19:13
@hash-worker hash-worker bot changed the title Update npm package @types/nodemailer to v6.4.19 Update npm package @types/nodemailer to v6.4.20 Oct 2, 2025
vercel[bot]
vercel bot reviewed Oct 2, 2025
View reviewed changes
apps/hash-api/package.json
"@types/md5": "2.3.5",
"@types/mime-types": "2.1.4",
"@types/nodemailer": "6.4.17",
"@types/nodemailer": "6.4.20",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pinned version 3.858.0 of @aws-sdk/client-ses conflicts with the newer version (3.901.0) required by the updated @types/[email protected], creating potential type mismatches and duplicate dependencies.

View Details
📝 Patch Details 
diff --git a/apps/hash-api/package.json b/apps/hash-api/package.json
index b48c3c3b0..e3bc7eaa3 100644
--- a/apps/hash-api/package.json
+++ b/apps/hash-api/package.json
@@ -25,7 +25,7 @@
   "dependencies": {
     "@apps/hash-graph": "0.0.0-private",
     "@aws-sdk/client-s3": "3.858.0",
-    "@aws-sdk/client-ses": "3.858.0",
+    "@aws-sdk/client-ses": "^3.858.0",
     "@aws-sdk/credential-provider-node": "3.858.0",
     "@aws-sdk/s3-presigned-post": "3.858.0",
     "@aws-sdk/s3-request-presigner": "3.858.0",

Analysis

Duplicate AWS SDK versions causing type mismatches and increased bundle size

What fails: Two versions of @aws-sdk/client-ses are installed: 3.858.0 (pinned) and 3.901.0 (from @types/[email protected]), causing TypeScript to potentially use different type definitions than runtime code in apps/hash-api/src/email/transporters/aws-ses-email-transporter.ts

How to reproduce:

# Check yarn.lock for duplicate entries:
grep -A2 '"@aws-sdk/client-ses@' yarn.lock
# Shows both 3.858.0 and 3.901.0 installed

# Verify @types/nodemailer dependency:
npm view @types/[email protected] dependencies
# Returns: { '@types/node': '*', '@aws-sdk/client-ses': '^3.731.1' }

Result: Yarn installs both versions in the lockfile, increasing bundle size and creating potential for runtime/type inconsistencies where TypeScript may resolve to 3.901.0 types while runtime uses the 3.858.0 implementation

Expected: Single consistent version of @aws-sdk/client-ses used across all dependencies per npm deduplication best practices

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vercel vercel[bot] vercel[bot] left review comments

@hashdotai hashdotai hashdotai approved these changes

Assignees

@CiaranMn CiaranMn

Labels
area/apps > hash* Affects HASH (a `hash-*` app) area/apps > hash-api Affects the HASH API (app) area/apps area/deps Relates to third-party dependencies (area) type/eng > backend Owned by the @backend team
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hashdotai @CiaranMn