create-volt 0.55.0 → 0.55.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -4,6 +4,15 @@ All notable changes to `create-volt` are documented here. The format follows
4
4
  [Keep a Changelog](https://keepachangelog.com/), and this project adheres to
5
5
  [Semantic Versioning](https://semver.org/).
6
6
 
7
+ ## [0.55.1] - 2026-07-05
8
+
9
+ ### Security
10
+ - **Bump the scaffold's nodemailer pin `^6.10.1` → `^9.0.3`.** nodemailer <= 9.0.0
11
+ carries several high-severity advisories (email to an unintended domain, SMTP/CRLF
12
+ command injection, addressparser DoS, improper TLS validation, file-read/SSRF).
13
+ Apps that enable the mailer add-on now install the fixed 9.x — same
14
+ createTransport/sendMail/verify API, no code change.
15
+
7
16
  ## [0.55.0] - 2026-07-05
8
17
 
9
18
  ### Added
@@ -711,6 +720,7 @@ All notable changes to `create-volt` are documented here. The format follows
711
720
  watching and full-page hot reload. Supports `--skip-install` and `--force`,
712
721
  and auto-detects npm / pnpm / yarn / bun for the install step.
713
722
 
723
+ [0.55.1]: https://github.com/MIR-2025/volt/releases/tag/v0.55.1
714
724
  [0.55.0]: https://github.com/MIR-2025/volt/releases/tag/v0.55.0
715
725
  [0.54.0]: https://github.com/MIR-2025/volt/releases/tag/v0.54.0
716
726
  [0.53.0]: https://github.com/MIR-2025/volt/releases/tag/v0.53.0
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "create-volt",
3
- "version": "0.55.0",
3
+ "version": "0.55.1",
4
4
  "description": "Scaffold a new Volt app — no-build, signals-based UI with Socket.io hot reload.",
5
5
  "type": "module",
6
6
  "bin": {
@@ -42,7 +42,7 @@ function configPort() {
42
42
  const env = readEnvFile(); // --edit runs before loadEnv(), so read the file too
43
43
  return cliPort() || Number(process.env.CONFIG_PORT) || Number(env.CONFIG_PORT) || CONFIG_DEFAULT_PORT;
44
44
  }
45
- const PKG_VERSIONS = { mongodb: "^6.21.0", mysql2: "^3.22.5", pg: "^8.22.0", nodemailer: "^6.10.1", marked: "^18.0.5", busboy: "^1.6.0", "@aws-sdk/client-s3": "^3.1075.0" };
45
+ const PKG_VERSIONS = { mongodb: "^6.21.0", mysql2: "^3.22.5", pg: "^8.22.0", nodemailer: "^9.0.3", marked: "^18.0.5", busboy: "^1.6.0", "@aws-sdk/client-s3": "^3.1075.0" };
46
46
  const LIB_FILE = { db: "store.js", mailer: "mailer.js", auth: "auth.js", realtime: "realtime.js", pages: "pages.js", posts: "posts.js", media: "media.js" };
47
47
 
48
48
  // --- tiny .env loader (no dependency); never overrides an existing env var ---
@@ -42,7 +42,7 @@ function configPort() {
42
42
  const env = readEnvFile(); // --edit runs before loadEnv(), so read the file too
43
43
  return cliPort() || Number(process.env.CONFIG_PORT) || Number(env.CONFIG_PORT) || CONFIG_DEFAULT_PORT;
44
44
  }
45
- const PKG_VERSIONS = { mongodb: "^6.21.0", mysql2: "^3.22.5", pg: "^8.22.0", nodemailer: "^6.10.1", marked: "^18.0.5", busboy: "^1.6.0", "@aws-sdk/client-s3": "^3.1075.0" };
45
+ const PKG_VERSIONS = { mongodb: "^6.21.0", mysql2: "^3.22.5", pg: "^8.22.0", nodemailer: "^9.0.3", marked: "^18.0.5", busboy: "^1.6.0", "@aws-sdk/client-s3": "^3.1075.0" };
46
46
  const LIB_FILE = { db: "store.js", mailer: "mailer.js", auth: "auth.js", realtime: "realtime.js", pages: "pages.js", posts: "posts.js", media: "media.js" };
47
47
 
48
48
  // --- tiny .env loader (no dependency); never overrides an existing env var ---
@@ -42,7 +42,7 @@ function configPort() {
42
42
  const env = readEnvFile(); // --edit runs before loadEnv(), so read the file too
43
43
  return cliPort() || Number(process.env.CONFIG_PORT) || Number(env.CONFIG_PORT) || CONFIG_DEFAULT_PORT;
44
44
  }
45
- const PKG_VERSIONS = { mongodb: "^6.21.0", mysql2: "^3.22.5", pg: "^8.22.0", nodemailer: "^6.10.1", marked: "^18.0.5", busboy: "^1.6.0", "@aws-sdk/client-s3": "^3.1075.0" };
45
+ const PKG_VERSIONS = { mongodb: "^6.21.0", mysql2: "^3.22.5", pg: "^8.22.0", nodemailer: "^9.0.3", marked: "^18.0.5", busboy: "^1.6.0", "@aws-sdk/client-s3": "^3.1075.0" };
46
46
  const LIB_FILE = { db: "store.js", mailer: "mailer.js", auth: "auth.js", realtime: "realtime.js", pages: "pages.js", posts: "posts.js", media: "media.js" };
47
47
 
48
48
  // --- tiny .env loader (no dependency); never overrides an existing env var ---
@@ -43,7 +43,7 @@ function configPort() {
43
43
  const env = readEnvFile(); // --edit runs before loadEnv(), so read the file too
44
44
  return cliPort() || Number(process.env.CONFIG_PORT) || Number(env.CONFIG_PORT) || CONFIG_DEFAULT_PORT;
45
45
  }
46
- const PKG_VERSIONS = { mongodb: "^6.21.0", mysql2: "^3.22.5", pg: "^8.22.0", nodemailer: "^6.10.1", marked: "^18.0.5", busboy: "^1.6.0", "@aws-sdk/client-s3": "^3.1075.0" };
46
+ const PKG_VERSIONS = { mongodb: "^6.21.0", mysql2: "^3.22.5", pg: "^8.22.0", nodemailer: "^9.0.3", marked: "^18.0.5", busboy: "^1.6.0", "@aws-sdk/client-s3": "^3.1075.0" };
47
47
  const LIB_FILE = { db: "store.js", mailer: "mailer.js", auth: "auth.js", realtime: "realtime.js", pages: "pages.js", posts: "posts.js", media: "media.js" };
48
48
 
49
49
  // --- tiny .env loader (no dependency); never overrides an existing env var ---