[Snyk] Security upgrade nodemailer from 7.0.13 to 8.0.5

[postiz-agent]

Snyk has created this PR to fix 1 vulnerabilities in the pnpm dependencies of this project.

Snyk changed the following file(s):

• package.json

⚠️ Warning

Failed to update the pnpm-lock.yaml, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	CRLF Injection SNYK-JS-NODEMAILER-15930946	261

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 CRLF Injection

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
postiz-app-test	Error		Apr 9, 2026 3:54am

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
postiz	Ignored		Apr 9, 2026 3:54am

[postiz-agent]

This major version upgrade from nodemailer v7 to v8 introduces a specific breaking change related to error handling.

Breaking Change:

• The error code 'NoAuth' has been renamed to 'ENOAUTH'.

Impact:
This is a behavioral change that will affect any application logic that specifically checks for the 'NoAuth' error code string to handle authentication failures. Other functionality remains unchanged.

Recommendation:
Review your application's error handling code. If you are checking for error.code === 'NoAuth', you must update it to error.code === 'ENOAUTH' to ensure compatibility with v8.

Source: GitHub Release Notes

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[postiz-agent]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[postiz-contribution]

Contribution-checker quality warning
Heuristic score: 2/100 (low). This is a non-blocking warning surfaced by the project's quality settings.

Heuristics that flagged:

• Wall-of-text PR body: 3813 chars (>2500)
• Excessive emojis in body: 6 emojis (>2)
• PR doesn't use the repo's PR template: 5 required checkbox items missing (max 1, match ≥80%)
• Body adds too many extra headers beyond the template: 4 extra headers (>1)
• Low global merge ratio: 0% (<30%)
• No public email

If this is a genuine contribution, please add detail to your PR description and tighten the diff scope before reviewers look at it.