pnpm audit identified a vulnerable nodemailer version pulled in by packages/email-nodemailer (currently depends on nodemailer 7.0.9). Please upgrade to nodemailer >= 7.0.12 to include recent security fixes and publish a patch release. The package metadata: https://www.npmjs.com/package/@payloadcms/email-nodemailer. Happy to open a PR if helpful.