[Snyk] Fix for 5 vulnerabilities

[brendtumi]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-1089716	Yes	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-6056519	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-PACRESOLVER-1564857	Yes	Proof of Concept
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: dropbox

The new version differs by 16 commits.

• 0912b17 3.0.0
• a0c7485 Upgrade dependency(marked)
• 160c92a pull in stone/spec and update
• ebc5104 Changes/new headers
• a747317 Convert to rollup and Fetch API, distribute ES6 modules and determine Web Workers
• 0a4b3ab 2.5.13
• 63d1ebf get new stone/spec and generate
• 3455137 Revert "Merge pull request #165 from dropbox/fetch"
• 5d21f39 Revert "Add missing dep, remove superagent"
• 4c32be3 Add missing dep, remove superagent
• 1a33b52 Merge pull request #165 from dropbox/fetch
• f714e17 Convert to rollup and Fetch API, distribute ES6 modules and determine Web Workers
• aa1830b 2.5.12
• fbd6351 Prepare bugfix release
• 4f685f1 2.5.11
• 6b61cae Generate from new stone/spec

See the full diff

Package name: nodemailer

The new version differs by 4 commits.

• eaef3b5 Merge pull request #719 from nodemailer/v3.0.0
• de5b6f6 updated license
• 652ad8e Do not use PRO in name
• 6218b8d Setup files for EUPL licensed v3.0.0

See the full diff

Package name: update-notifier

The new version differs by 68 commits.

• 311557e 6.0.0
• 9183541 Require Node.js 14 and move to ESM
• 3fdb218 5.1.0
• 73c391b Upgrade dependencies
• 0a6027e Move to GitHub Actions
• d8fa601 Rename `master` branch to `main`
• f63b2eb 5.0.1
• 9e2b772 Update dependencies
• da7c464 5.0.0
• 5b440c2 Require Node.js 10
• 3dfe42d Don't suggest to upgrade to lower version (#192)
• 132b7ce Remove a project from "Users" section (#191)
• c9d2166 4.1.1
• f42fc8f Improve vertical alignment of the notifier output (#183)
• 71a3f19 Use HTTPS links
• 64c5236 Fix Travis
• 9d9f4ff 4.1.0
• 4062f12 Update dependencies
• adbeb6e Add template support for the `message` option (#175)
• adf7803 4.0.0
• fb5161c Remove the `callback` option (#158)
• 39682de Rename `boxenOpts` option to `boxenOptions`
• bc1721a Avoid showing notification if current version is the latest (#174)
• ccaf686 Update dependencies

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect
🦉 Server-side Request Forgery (SSRF)
🦉 Remote Code Execution (RCE)