Add nodemailer library

.nsprc

@@ -3,24 +3,8 @@
     "active": true,
     "notes": "This vulnerability is in form-data used transitively via deprecated 'request' library. We do not use form-data directly. Waiting on upstream libraries to upgrade."
   },
-  "GHSA-869p-cjfg-cm3x": {
-    "active": true,
-    "notes": "jws vulnerability in jsonwebtoken (via @elastic.io/maester-client -> elasticio-sailor-nodejs). This is a transitive dependency from sailor. Waiting on upstream libraries to upgrade."
-  },
   "GHSA-6rw7-vpxm-498p": {
     "active": true,
     "notes": "qs vulnerability in request (via co-request). This is a transitive dependency. The deprecated 'request' library is used by co-request. Waiting on upstream libraries to upgrade."
-  },
-  "GHSA-23c5-xmqv-rm74": {
-    "active": true,
-    "notes": "minimatch ReDoS via nested extglobs. minimatch is only used with static patterns in this project (no user-controlled glob patterns), so the risk of exploitation is negligible. Waiting on upstream libraries to upgrade."
-  },
-  "GHSA-3ppc-4f35-3m26": {
-    "active": true,
-    "notes": "minimatch ReDoS via repeated wildcards with non-matching literal in pattern. minimatch is only used with static patterns in this project (no user-controlled glob patterns), so the risk of exploitation is negligible. Waiting on upstream libraries to upgrade."
-  },
-  "GHSA-7r86-cg39-jmmj": {
-    "active": true,
-    "notes": "minimatch ReDoS via combinatorial backtracking in matchOne() with multiple non-adjacent GLOBSTAR segments. minimatch is only used with static patterns in this project (no user-controlled glob patterns), so the risk of exploitation is negligible. Waiting on upstream libraries to upgrade."
   }
 }

CHANGELOG.md

@@ -1,3 +1,9 @@
+## 1.0.3 (May 11, 2026)
+* Added `nodemailer` `8.0.7` lib support
+* Updated the following dependencies:
+ * axios `1.13.5` -> `1.16.0`
+ * strong-soap `5.0.2` -> `5.0.9`
+
 ## 1.0.2 (February 27, 2026)
 * Updated the following dependencies:
  * Node.js version 22 -> 24

README.md

@@ -55,6 +55,7 @@ Built-in Node.js global objects are also supported.
 - [`request`](https://github.com/request/request) - Http Client (wrapped in `co` - [this library](https://www.npmjs.com/package/co-request) so that it is pre-promisified). We recommend using `axios`. Support for `request` is maintained for backward compatibility only.
 - `_` - [Lodash](https://lodash.com/)
 - [`strong-soap`](https://github.com/loopbackio/strong-soap) - SOAP client for invoking web services
+- [`nodemailer`](https://nodemailer.com/) - Library for sending emails from Node.js
 
 ## Credentials
 

actions/code.js

@@ -1,10 +1,10 @@
-/* eslint-disable import/no-extraneous-dependencies */
 const _ = require('lodash');
 const axios = require('axios');
-const vm = require('vm');
 const co = require('co');
+const nodemailer = require('nodemailer');
 const request = require('co-request');
 const { soap } = require('strong-soap');
+const vm = require('vm');
 
 function wait(timeout) {
   return new Promise((ok) => {
@@ -48,8 +48,9 @@ exports.process = async function (msg, conf, snapshot) {
     // Other Libraries
     _,
     axios,
-    soap,
+    nodemailer,
     request,
+    soap,
     wait: wait.bind(this),
   });
   this.logger.debug('Running the code...');

component.json

@@ -1,6 +1,6 @@
 {
   "title": "Node.js Code with Credentials",
-  "version": "1.0.2",
+  "version": "1.0.3-dev.1",
   "description": "You can write your own code and deploy it as part of integration process. With the use of credentials.",
   "docsUrl": "https://docs.elastic.io/components/code-with-credentials/index.html",
   "authClientTypes": [
@@ -44,4 +44,4 @@
       }
     }
   }
-}
+}