From e662fe325482077bc689c54d04cd90c7ea2c8389 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Tue, 9 Dec 2025 02:02:23 +0000
Subject: [PATCH] fix: package.json & yarn.lock to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NODEMAILER-14157156
---
 package.json | 2 +-
 yarn.lock    | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package.json b/package.json
index 8456a2687..ba99fa136 100644
--- a/package.json
+++ b/package.json
@@ -99,7 +99,7 @@
     "mongoose": "5.7.5",
     "mongoose-type-email": "^1.0.5",
     "node-schedule": "^1.2.5",
-    "nodemailer": "^4.1.3",
+    "nodemailer": "^7.0.11",
     "redis": "^2.8.0",
     "request": "^2.88.0",
     "requestify": "^0.2.5",
diff --git a/yarn.lock b/yarn.lock
index 8ccfaa281..f48afffe6 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -7745,10 +7745,10 @@ node-schedule@^1.2.5:
     long-timeout "0.1.1"
     sorted-array-functions "^1.0.0"
 
-nodemailer@^4.1.3:
-  version "4.7.0"
-  resolved "https://registry.yarnpkg.com/nodemailer/-/nodemailer-4.7.0.tgz#4420e06abfffd77d0618f184ea49047db84f4ad8"
-  integrity sha512-IludxDypFpYw4xpzKdMAozBSkzKHmNBvGanUREjJItgJ2NYcK/s8+PggVhj7c2yGFQykKsnnmv1+Aqo0ZfjHmw==
+nodemailer@^7.0.11:
+  version "7.0.11"
+  resolved "https://registry.yarnpkg.com/nodemailer/-/nodemailer-7.0.11.tgz#5f7b06afaec20073cff36bea92d1c7395cc3e512"
+  integrity sha512-gnXhNRE0FNhD7wPSCGhdNh46Hs6nm+uTyg+Kq0cZukNQiYdnCsoQjodNP9BQVG9XrcK/v6/MgpAPBUFyzh9pvw==
 
 normalize-package-data@^2.3.0, normalize-package-data@^2.3.2, normalize-package-data@^2.3.4, normalize-package-data@^2.3.5, normalize-package-data@^2.5.0:
   version "2.5.0"