[Snyk] Security upgrade nodemailer from 6.9.12 to 7.0.7

[TheRedHatter]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Interpretation Conflict SNYK-JS-NODEMAILER-13378253	620

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[AC-KunalParmar]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[TheRedHatter]

Checkmarx One – Scan Summary & Details – 763b4dfd-96c9-48fd-b347-689bec14e5e4

New Issues (7)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2025-58754	Npm-axios-0.26.1	details Recommended version: 0.30.2 Description: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to version 1.12.0 runs on Node.js and is given a URL with the "d... Attack Vector: NETWORK Attack Complexity: LOW ID: J0LTMp7y4WHHXRy9frPdd5rmDPtzclIWMqjUdT1Rxxk%3D Vulnerable Package
	CVE-2025-58754	Npm-axios-0.21.4	details Recommended version: 0.30.2 Description: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to version 1.12.0 runs on Node.js and is given a URL with the "d... Attack Vector: NETWORK Attack Complexity: LOW ID: TeTxdJgptHI5rDT51KLvwkcWi1kFnYmVpQ7xlYL%2B79g%3D Vulnerable Package
	Client_HTML5_Insecure_Storage	/client/src/pages/main/Contact.tsx: 18	details The application stores data setItem on the client, in an insecure manner, at line 14 of /client/src/api/makeApiRequest.ts. ID: uiK52hD26OkcWZgBOsJ25UlWgLY%3D Attack Vector
	Client_HTML5_Insecure_Storage	/client/src/pages/main/Contact.tsx: 15	details The application stores data setItem on the client, in an insecure manner, at line 14 of /client/src/api/makeApiRequest.ts. ID: JZDg45NluuE%2FqR%2Bp%2BWCS0x1tZLA%3D Attack Vector
	Client_HTML5_Insecure_Storage	/client/src/pages/main/Contact.tsx: 16	details The application stores data setItem on the client, in an insecure manner, at line 14 of /client/src/api/makeApiRequest.ts. ID: %2BtI6gXdp3CQHT6EvDNvc%2FI39dCw%3D Attack Vector
	Client_HTML5_Insecure_Storage	/client/src/pages/main/Contact.tsx: 17	details The application stores data setItem on the client, in an insecure manner, at line 14 of /client/src/api/makeApiRequest.ts. ID: TRaxCrq1rJuovIK6EiRB0NFsaXc%3D Attack Vector
	CVE-2025-6170	Npm-libxmljs-0.19.7	details Description: A flaw was found in the interactive shell of the xmllint tool in libxml2, used for parsing XML files. When a user inputs an overly long command, th... Attack Vector: LOCAL Attack Complexity: HIGH ID: 4lwLndSn8%2FjZcKZocV6nade2fXd%2FKHn1gOPe1wtCXlc%3D Vulnerable Package

Fixed Issues (1)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CVE-2025-45767	Npm-jose-4.13.1

---

Use @Checkmarx to reach out to us for assistance.

Just send a PR comment with @Checkmarx followed by a natural language request.

Examples: @Checkmarx how are you able to help me? @Checkmarx rescan this PR