From 09075d747a38dc617c4965ca9348df3573a84ffb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 27 Feb 2026 21:50:36 +0000
Subject: [PATCH 1/2] chore(deps): bump nodemailer from 6.10.0 to 7.0.11

Bumps [nodemailer](https://github.com/nodemailer/nodemailer) from 6.10.0 to 7.0.11.
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodemailer/nodemailer/compare/v6.10.0...v7.0.11)

---
updated-dependencies:
- dependency-name: nodemailer
  dependency-version: 7.0.11
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 packages/web/package.json |  2 +-
 yarn.lock                 | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/packages/web/package.json b/packages/web/package.json
index c06af493d..812f34e92 100644
--- a/packages/web/package.json
+++ b/packages/web/package.json
@@ -155,7 +155,7 @@
     "next-auth": "^5.0.0-beta.30",
     "next-navigation-guard": "^0.2.0",
     "next-themes": "^0.3.0",
-    "nodemailer": "^6.10.0",
+    "nodemailer": "^7.0.11",
     "octokit": "^4.1.3",
     "openai": "^4.98.0",
     "parse-diff": "^0.11.1",
diff --git a/yarn.lock b/yarn.lock
index 7710972c6..52444be5e 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -8666,7 +8666,7 @@ __metadata:
     next-auth: "npm:^5.0.0-beta.30"
     next-navigation-guard: "npm:^0.2.0"
     next-themes: "npm:^0.3.0"
-    nodemailer: "npm:^6.10.0"
+    nodemailer: "npm:^7.0.11"
     npm-run-all: "npm:^4.1.5"
     octokit: "npm:^4.1.3"
     openai: "npm:^4.98.0"
@@ -16899,10 +16899,10 @@ __metadata:
   languageName: node
   linkType: hard
 
-"nodemailer@npm:^6.10.0":
-  version: 6.10.0
-  resolution: "nodemailer@npm:6.10.0"
-  checksum: 10c0/39fd35d65b021b94c968eeac82a66dd843021b6ba53c659d01b1dd4cda73b6a2f96e20facfe500efa4b8d3f1cb23df10245c6c86b2bde5f806691ed17ce87826
+"nodemailer@npm:^7.0.11":
+  version: 7.0.13
+  resolution: "nodemailer@npm:7.0.13"
+  checksum: 10c0/b26aa5b9fa4a033bbc1e1c16ef75ee2a9c8641fd290c00a8361d6a251b3c1b8bad545a23efa627f59cb266340a448891ea8aa49d8a9307c767b8505219d95079
   languageName: node
   linkType: hard
 

From 0e7f9a55e61b9795b84ff7c46f51c54ddf9b7c4d Mon Sep 17 00:00:00 2001
From: "claude[bot]" <41898282+claude[bot]@users.noreply.github.com>
Date: Fri, 27 Feb 2026 21:54:36 +0000
Subject: [PATCH 2/2] chore: add changelog entry for nodemailer bump to 7.0.11

Co-authored-by: Brendan Kellam <brendan-kellam@users.noreply.github.com>
---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 43ee97124..a8c1f5728 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Bumped `@aws-sdk/credential-providers` to `^3.1000.0`. [#955](https://github.com/sourcebot-dev/sourcebot/pull/955)
 - Bumped `rollup` transitive dependency to `^4.59.0` via yarn resolutions. [#956](https://github.com/sourcebot-dev/sourcebot/pull/956)
 - Bumped `minimatch` transitive dependency to `^3.1.3` via yarn resolutions. [#957](https://github.com/sourcebot-dev/sourcebot/pull/957)
+- Bumped `nodemailer` to `7.0.11`. [#959](https://github.com/sourcebot-dev/sourcebot/pull/959)
 
 ## [4.13.0] - 2026-02-27