[Snyk] Upgrade nodemailer from 6.9.13 to 7.0.10

[nerdy-tech-com-gitub]

Snyk has created this PR to upgrade nodemailer from 6.9.13 to 7.0.10.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 15 versions ahead of your current version.

• The recommended version was released 2 months ago.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	67	Proof of Concept
	Command Injection SNYK-JS-GLOB-14040952	67	Proof of Concept
	Improper Neutralization of Special Elements in Data Query Logic SNYK-JS-MONGOOSE-8446504	67	Proof of Concept
	Improper Neutralization of Special Elements in Data Query Logic SNYK-JS-MONGOOSE-8623536	67	Proof of Concept
	Uncontrolled Recursion SNYK-JS-NODEFORGE-14125745	67	No Known Exploit
	Remote Code Execution (RCE) SNYK-JS-NUXT-7640974	67	No Known Exploit
	Acceptance of Extraneous Untrusted Data With Trusted Data SNYK-JS-NUXT-9486043	67	No Known Exploit
	Directory Traversal SNYK-JS-NUXTDEVTOOLS-7640977	67	Proof of Concept
	Insecure Randomness SNYK-JS-UNDICI-8641354	67	Proof of Concept
	Incomplete Filtering of One or More Instances of Special Elements SNYK-JS-VALIDATOR-13653476	67	Proof of Concept
	Incorrect Authorization SNYK-JS-VITE-9512410	67	Mature
	Incorrect Authorization SNYK-JS-VITE-9653016	67	Proof of Concept
	Denial of Service (DoS) SNYK-JS-WS-7266574	67	Proof of Concept
	Prototype Pollution SNYK-JS-PARSEGITCONFIG-9403763	67	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	67	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELHELPERS-9397697	67	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELRUNTIME-10044504	67	Proof of Concept
	Prototype Pollution SNYK-JS-JSYAML-13961110	67	No Known Exploit
	Open Redirect SNYK-JS-KOA-10944994	67	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-NUXT-7640972	67	Proof of Concept
	Directory Traversal SNYK-JS-SUPABASEAUTHJS-10255365	67	No Known Exploit
	Improper Validation of Specified Type of Input SNYK-JS-VALIDATOR-13395830	67	Proof of Concept
	Directory Traversal SNYK-JS-VITE-13644406	67	Proof of Concept
	Information Exposure SNYK-JS-VITE-8023174	67	Proof of Concept
	Origin Validation Error SNYK-JS-VITE-8648411	67	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-VUETEMPLATECOMPILER-7554675	67	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073	67	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073	67	Proof of Concept
	Prototype Pollution SNYK-JS-DEVALUE-12205530	67	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-KOA-8720152	67	No Known Exploit
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	67	No Known Exploit
	Improper Input Validation SNYK-JS-NANOID-8492085	67	No Known Exploit
	Improper Input Validation SNYK-JS-NANOID-8492085	67	No Known Exploit
	Integer Overflow or Wraparound SNYK-JS-NODEFORGE-14125097	67	No Known Exploit
	Interpretation Conflict SNYK-JS-NODEMAILER-13378253	67	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-NUXTDEVTOOLS-13849298	67	No Known Exploit
	Origin Validation Error SNYK-JS-NUXTVITEBUILDER-8663232	67	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-ROLLUP-8073097	67	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-KOA-9679272	67	Proof of Concept
	Interpretation Conflict SNYK-JS-NODEFORGE-14114940	67	No Known Exploit
	Access Control Bypass SNYK-JS-VITE-9576207	67	Proof of Concept
	Information Exposure SNYK-JS-VITE-9685035	67	Proof of Concept
	Directory Traversal SNYK-JS-VITE-9919777	67	Proof of Concept
	Directory Traversal SNYK-JS-NUXT-12878602	67	Proof of Concept
	Cross-site Scripting SNYK-JS-SEND-7926862	67	No Known Exploit
	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	67	No Known Exploit
	Directory Traversal SNYK-JS-SIRV-12558119	67	Proof of Concept
	Missing Release of Memory after Effective Lifetime SNYK-JS-UNDICI-10176064	67	Proof of Concept
	Relative Path Traversal SNYK-JS-VITE-12558116	67	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-VITE-8022916	67	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-VUETEMPLATECOMPILER-8219888	67	Proof of Concept

Release notes

Package name: nodemailer

• 7.0.10 - 2025-10-23
  

  7.0.10 (2025-10-23)

  Bug Fixes

  • Increase data URI size limit from 100KB to 50MB and preserve content type (28dbf3f)
• 7.0.9 - 2025-10-07
  

  7.0.9 (2025-10-07)

  Bug Fixes

  • release: Trying to fix release proecess by upgrading Node version in runner (579fce4)
• 7.0.7 - 2025-10-05
  

  7.0.7 (2025-10-05)

  Bug Fixes

  • addressparser: Fixed addressparser handling of quoted nested email addresses (1150d99)
  • dns: add memory leak prevention for DNS cache (0240d67)
  • linter: Updated eslint and created prettier formatting task (df13b74)
  • refresh expired DNS cache on error (#1759) (ea0fc5a)
  • resolve linter errors in DNS cache tests (3b8982c)
• 7.0.6 - 2025-08-30
  

  7.0.6 (2025-08-27)

  Bug Fixes

  • encoder: avoid silent data loss by properly flushing trailing base64 (#1747) (01ae76f)
  • handle multiple XOAUTH2 token requests correctly (#1754) (dbe0028)
  • ReDoS vulnerability in parseDataURI and _processDataUrl (#1755) (90b3e24)
• 7.0.5 - 2025-07-07
  

  7.0.5 (2025-07-07)

  Bug Fixes

  • updated well known delivery service list (fa2724b)
• 7.0.4 - 2025-06-29
  

  7.0.4 (2025-06-29)

  Bug Fixes

  • pools: Emit 'clear' once transporter is idle and all connections are closed (839e286)
  • smtp-connection: jsdoc public annotation for socket (#1741) (c45c84f)
  • well-known-services: Added AliyunQiye (bb9e6da)
• 7.0.3 - 2025-05-08
  

  7.0.3 (2025-05-08)

  Bug Fixes

  • attachments: Set the default transfer encoding for message/rfc822 attachments as '7bit' (007d5f3)
• 7.0.2 - 2025-05-04
  

  7.0.2 (2025-05-04)

  Bug Fixes

  • ses: Fixed structured from header (faa9a5e)
• 7.0.1 - 2025-05-04
  

  7.0.1 (2025-05-04)

  Bug Fixes

  • ses: Use formatted FromEmailAddress for SES emails (821cd09)
• 7.0.0 - 2025-05-03
• 6.10.1 - 2025-04-13
• 6.10.0 - 2025-01-23
• 6.9.16 - 2024-10-28
• 6.9.15 - 2024-09-03
• 6.9.14 - 2024-06-19
• 6.9.13 - 2024-03-20

from nodemailer GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs