Update dependency nodemailer to v7

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
nodemailer (source)	dependencies	major	^6.8.0 → ^7.0.0

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	Vulnerability
High	7.5	CVE-2025-13033
High	7.5	CVE-2025-14874

---

Release Notes

nodemailer/nodemailer (nodemailer)

v7.0.11

Compare Source

Bug Fixes

• prevent stack overflow DoS in addressparser with deeply nested groups (b61b9c0)

v7.0.10

Compare Source

Bug Fixes

• Increase data URI size limit from 100KB to 50MB and preserve content type (28dbf3f)

v7.0.9

Compare Source

Bug Fixes

• release: Trying to fix release proecess by upgrading Node version in runner (579fce4)

v7.0.7

Compare Source

Bug Fixes

• addressparser: Fixed addressparser handling of quoted nested email addresses (1150d99)
• dns: add memory leak prevention for DNS cache (0240d67)
• linter: Updated eslint and created prettier formatting task (df13b74)
• refresh expired DNS cache on error (#​1759) (ea0fc5a)
• resolve linter errors in DNS cache tests (3b8982c)

v7.0.6

Compare Source

Bug Fixes

• encoder: avoid silent data loss by properly flushing trailing base64 (#​1747) (01ae76f)
• handle multiple XOAUTH2 token requests correctly (#​1754) (dbe0028)
• ReDoS vulnerability in parseDataURI and _processDataUrl (#​1755) (90b3e24)

v7.0.5

Compare Source

Bug Fixes

• updated well known delivery service list (fa2724b)

v7.0.4

Compare Source

Bug Fixes

• pools: Emit 'clear' once transporter is idle and all connections are closed (839e286)
• smtp-connection: jsdoc public annotation for socket (#​1741) (c45c84f)
• well-known-services: Added AliyunQiye (bb9e6da)

v7.0.3

Compare Source

Bug Fixes

• attachments: Set the default transfer encoding for message/rfc822 attachments as '7bit' (007d5f3)

v7.0.2

Compare Source

Bug Fixes

• ses: Fixed structured from header (faa9a5e)

v7.0.1

Compare Source

Bug Fixes

• downgrade transient connection error logs to warn level (4c041db)

v7.0.0

Compare Source

⚠ BREAKING CHANGES

• SESv2 SDK support, removed older SES SDK v2 and v3 , removed SES rate limiting and idling features

Features

• SESv2 SDK support, removed older SES SDK v2 and v3 , removed SES rate limiting and idling features (15db667)

v6.10.1

Compare Source

Bug Fixes

• close correct socket (a18062c)

v6.10.0

Compare Source

Features

• services: add Seznam email service configuration (#​1695) (d1ae0a8)

Bug Fixes

• proxy: Set error and timeout errors for proxied sockets (aa0c99c)

v6.9.16

Compare Source

Bug Fixes

• addressparser: Correctly detect if user local part is attached to domain part (f2096c5)

v6.9.15

Compare Source

Bug Fixes

• Fix memory leak (#​1667) (baa28f6)
• mime: Added GeoJSON closes #​1637 (#​1665) (79b8293)

v6.9.14

Compare Source

Bug Fixes

• api: Added support for Ethereal authentication (56b2205)
• services.json: Add Email Services Provider Feishu Mail (CN) (#​1648) (e9e9ecc)
• services.json: update Mailtrap host and port in well known (#​1652) (fc2c9ea)
• well-known-services: Add Loopia in well known services (#​1655) (21a28a1)

v6.9.13

Compare Source

Bug Fixes

• tls: Ensure servername for SMTP (d66fdd3)

v6.9.12

Compare Source

Bug Fixes

• message-generation: Escape single quote in address names (4ae5fad)

v6.9.11

Compare Source

Bug Fixes

• headers: Ensure that Content-type is the bottom header (c7cf97e)

v6.9.10

Compare Source

Bug Fixes

• data-uri: Do not use regular expressions for parsing data URI schemes (12e65e9)
• data-uri: Moved all data-uri regexes to use the non-regex parseDataUri method (edd5dfe)

---

• If you want to rebase/retry this PR, check this box