chore(deps): Bump nodemailer from 6.10.1 to 8.0.2

[dependabot]

Bumps nodemailer from 6.10.1 to 8.0.2.

Release notes

Sourced from nodemailer's releases.

v8.0.2

8.0.2 (2026-03-09)

Bug Fixes

• merge fragmented display names with unquoted commas in addressparser (fe27f7f)

v8.0.1

8.0.1 (2026-02-07)

Bug Fixes

• absorb TLS errors during socket teardown (7f8dde4)
• absorb TLS errors during socket teardown (381f628)
• Add Gmail Workspace service configuration (#1787) (dc97ede)

v8.0.0

8.0.0 (2026-02-04)

⚠ BREAKING CHANGES

• Error code 'NoAuth' renamed to 'ENOAUTH'

Bug Fixes

• add connection fallback to alternative DNS addresses (e726d6f)
• centralize and standardize error codes (45062ce)
• harden DNS fallback against race conditions and cleanup issues (4fa3c63)
• improve socket cleanup to prevent potential memory leaks (6069fdc)

v7.0.13

7.0.13 (2026-01-27)

Bug Fixes

• downgrade transient connection error logs to warn level (4c041db)

v7.0.12

7.0.12 (2025-12-22)

Bug Fixes

• added support for REQUIRETLS (#1793) (053ce6a)
• use 8bit encoding for message/rfc822 attachments (adf8611)

... (truncated)

Changelog

Sourced from nodemailer's changelog.

8.0.2 (2026-03-09)

Bug Fixes

• merge fragmented display names with unquoted commas in addressparser (fe27f7f)

8.0.1 (2026-02-07)

Bug Fixes

• absorb TLS errors during socket teardown (7f8dde4)
• absorb TLS errors during socket teardown (381f628)
• Add Gmail Workspace service configuration (#1787) (dc97ede)

8.0.0 (2026-02-04)

⚠ BREAKING CHANGES

• Error code 'NoAuth' renamed to 'ENOAUTH'

Bug Fixes

• add connection fallback to alternative DNS addresses (e726d6f)
• centralize and standardize error codes (45062ce)
• harden DNS fallback against race conditions and cleanup issues (4fa3c63)
• improve socket cleanup to prevent potential memory leaks (6069fdc)

7.0.13 (2026-01-27)

Bug Fixes

• downgrade transient connection error logs to warn level (4c041db)

7.0.12 (2025-12-22)

Bug Fixes

• added support for REQUIRETLS (#1793) (053ce6a)
• use 8bit encoding for message/rfc822 attachments (adf8611)

7.0.11 (2025-11-26)

Bug Fixes

... (truncated)

Commits

• 0f28799 chore(master): release 8.0.2 (#1803)
• 17fcb52 Bumped dev deps
• fe27f7f fix: merge fragmented display names with unquoted commas in addressparser
• 1dd8eeb chore(master): release 8.0.1 (#1802)
• b7872f9 Bumped dev deps
• dc97ede fix: Add Gmail Workspace service configuration (#1787)
• 7f8dde4 fix: absorb TLS errors during socket teardown
• 381f628 fix: absorb TLS errors during socket teardown
• edac562 chore(master): release 8.0.0 (#1799)
• 4fa3c63 fix: harden DNS fallback against race conditions and cleanup issues
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for nodemailer since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

services/heady-onboarding/package.json

Package	Version	License	Issue Type
nodemailer	^8.0.2	Null	Unknown License

Denied Licenses:

GPL-2.0, GPL-3.0, AGPL-3.0

OpenSSF Scorecard

Package	Version	Score	Details
npm/nodemailer	^8.0.2	Unknown	Unknown

Scanned Files

• services/heady-onboarding/package.json

[github-actions]

✅ Security Gate — PASSED

Evaluated at 2026-03-11 22:56:23 UTC | Commit: d017292

Scan Summary

Check	Result	Count
SAST Critical Findings	✅	0
SAST High Findings	✅	0
Exposed Secrets	✅	0
CVEs (CVSS ≥ 7.0)	✅	0