From f8dad8fdcc5bb2221cbd04efd5bc4cd5b5ac4822 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 3 Dec 2025 02:52:23 +0000
Subject: [PATCH] fix: package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-VALIDATOR-13653476
- https://snyk.io/vuln/SNYK-JS-NODEMAILER-14157156
- https://snyk.io/vuln/SNYK-JS-EXPRESS-14157151
---
 package.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/package.json b/package.json
index 92a643a7f6..0b200b1f45 100644
--- a/package.json
+++ b/package.json
@@ -77,7 +77,7 @@
     "daemon": "1.1.0",
     "diff": "8.0.1",
     "esbuild": "0.25.4",
-    "express": "4.21.2",
+    "express": "4.22.0",
     "express-session": "1.18.1",
     "express-useragent": "1.0.15",
     "fetch-cookie": "3.1.0",
@@ -127,7 +127,7 @@
     "nodebb-theme-peace": "2.2.43",
     "nodebb-theme-persona": "14.1.12",
     "nodebb-widget-essentials": "7.0.38",
-    "nodemailer": "7.0.3",
+    "nodemailer": "7.0.11",
     "nprogress": "0.2.0",
     "openai": "^4.104.0",
     "passport": "0.7.0",
@@ -160,7 +160,7 @@
     "tinycon": "0.6.8",
     "toobusy-js": "0.5.1",
     "tough-cookie": "5.1.2",
-    "validator": "13.15.0",
+    "validator": "13.15.22",
     "webpack": "5.99.8",
     "webpack-merge": "6.0.1",
     "winston": "3.17.0",