From 7907a9a9c81a9b952672cbeeb46d098b6163dbb8 Mon Sep 17 00:00:00 2001 From: "linear-code[bot]" <222613912+linear-code[bot]@users.noreply.github.com> Date: Sun, 21 Jun 2026 13:42:12 +0000 Subject: [PATCH 1/2] chore: upgrade nodemailer to ^9.0.1 to address GHSA-p6gq-j5cr-w38f Generated with [Linear](https://linear.app/sourcebot/issue/SOU-1410/sourcebot-devsourcebot-ghsa-p6gq-j5cr-w38f-nodemailer-message-level#agent-session-b6ef3987) Co-authored-by: linear-code[bot] <222613912+linear-code[bot]@users.noreply.github.com> --- packages/web/package.json | 2 +- yarn.lock | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/packages/web/package.json b/packages/web/package.json index 82543adbd..a75a3eb6a 100644 --- a/packages/web/package.json +++ b/packages/web/package.json @@ -163,7 +163,7 @@ "next-auth": "^5.0.0-beta.30", "next-navigation-guard": "^0.2.0", "next-themes": "^0.3.0", - "nodemailer": "^8.0.9", + "nodemailer": "^9.0.1", "octokit": "^4.1.3", "openai": "^4.98.0", "parse-diff": "^0.11.1", diff --git a/yarn.lock b/yarn.lock index be48b2e71..c13620060 100644 --- a/yarn.lock +++ b/yarn.lock @@ -9451,7 +9451,7 @@ __metadata: next-auth: "npm:^5.0.0-beta.30" next-navigation-guard: "npm:^0.2.0" next-themes: "npm:^0.3.0" - nodemailer: "npm:^8.0.9" + nodemailer: "npm:^9.0.1" npm-run-all: "npm:^4.1.5" octokit: "npm:^4.1.3" openai: "npm:^4.98.0" @@ -18137,10 +18137,10 @@ __metadata: languageName: node linkType: hard -"nodemailer@npm:^8.0.9": - version: 8.0.11 - resolution: "nodemailer@npm:8.0.11" - checksum: 10c0/19229216c63a32eae59d7b39f3dffeba20be317f2335d08d86fb70bd01845a1bf108fecd019c0e90ef186e3d9177cf478192b333cf38620ad0f8c7a6e1e5ae05 +"nodemailer@npm:^9.0.1": + version: 9.0.1 + resolution: "nodemailer@npm:9.0.1" + checksum: 10c0/4213f01aa211127c1ce33243c5e45e7f831601a933d03fa864cd827b1bd5ea2782cb4b43722bee7028cbc193733d9802dad1120fe67181448eb0b7de52218a37 languageName: node linkType: hard From a4d4ee61550879bc2459170c695662720e263025 Mon Sep 17 00:00:00 2001 From: "linear-code[bot]" <222613912+linear-code[bot]@users.noreply.github.com> Date: Sun, 21 Jun 2026 13:42:32 +0000 Subject: [PATCH 2/2] docs: add CHANGELOG entry for nodemailer upgrade Generated with [Linear](https://linear.app/sourcebot/issue/SOU-1410/sourcebot-devsourcebot-ghsa-p6gq-j5cr-w38f-nodemailer-message-level#agent-session-b6ef3987) Co-authored-by: linear-code[bot] <222613912+linear-code[bot]@users.noreply.github.com> --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 593e735db..453e742a9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added - Added per-step token cost tracking and estimated tool call token usage to Ask Sourcebot chat history. [#1353](https://github.com/sourcebot-dev/sourcebot/pull/1353) +### Fixed +- Upgraded `nodemailer` to `^9.0.1`. [#1356](https://github.com/sourcebot-dev/sourcebot/pull/1356) + ## [5.0.4] - 2026-06-18 ### Changed