Upgrade nodemailer to latest major for audit compliance.

This removes the remaining SMTP command injection advisories by moving to nodemailer 8.0.5 and refreshing the lockfile accordingly.

Made-with: Cursor

package-lock.json

@@ -17,7 +17,7 @@
         "dompurify": "^3.3.1",
         "jsonwebtoken": "^9.0.2",
         "multer": "^2.0.2",
-        "nodemailer": "^7.0.9",
+        "nodemailer": "^8.0.5",
         "nuxt": "^4.1.3",
         "pdf-lib": "^1.17.1",
         "pdf-parse": "^2.4.5",
@@ -10493,9 +10493,9 @@
       "license": "MIT"
     },
     "node_modules/nodemailer": {
-      "version": "7.0.13",
-      "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-7.0.13.tgz",
-      "integrity": "sha512-PNDFSJdP+KFgdsG3ZzMXCgquO7I6McjY2vlqILjtJd0hy8wEvtugS9xKRF2NWlPNGxvLCXlTNIae4serI7dinw==",
+      "version": "8.0.5",
+      "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-8.0.5.tgz",
+      "integrity": "sha512-0PF8Yb1yZuQfQbq+5/pZJrtF6WQcjTd5/S4JOHs9PGFxuTqoB/icwuB44pOdURHJbRKX1PPoJZtY7R4VUoCC8w==",
       "license": "MIT-0",
       "engines": {
         "node": ">=6.0.0"