diff --git a/package-lock.json b/package-lock.json
index d39b8b3b0e..6c3d78b90b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -14181,9 +14181,9 @@
       }
     },
     "nodemailer": {
-      "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-4.0.1.tgz",
-      "integrity": "sha1-uVhksH+s7oKH6CMu/9bx1W7HWrI="
+      "version": "6.6.1",
+      "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-6.6.1.tgz",
+      "integrity": "sha512-1xzFN3gqv+/qJ6YRyxBxfTYstLNt0FCtZaFRvf4Sg9wxNGWbwFmGXVpfSi6ThGK6aRxAo+KjHtYSW8NvCsNSAg=="
     },
     "nopt": {
       "version": "3.0.6",
@@ -17008,6 +17008,16 @@
                 "pac-resolver": "^3.0.0",
                 "raw-body": "^2.2.0",
                 "socks-proxy-agent": "^4.0.1"
+              },
+              "dependencies": {
+                "https-proxy-agent-snyk-fork": {
+                  "version": "git://github.com/snyk/node-https-proxy-agent.git#5e86ccb682d0c833c8daa25ee6f91c670161cd66",
+                  "from": "git://github.com/snyk/node-https-proxy-agent.git#fix/https-agent-vuln",
+                  "requires": {
+                    "agent-base": "^4.3.0",
+                    "debug": "^3.1.0"
+                  }
+                }
               }
             },
             "pac-resolver": {
diff --git a/package.json b/package.json
index 17b43b1ce9..c3b8c334c8 100644
--- a/package.json
+++ b/package.json
@@ -84,7 +84,7 @@
     "morgan": "^1.9.1",
     "multer": "^1.3.1",
     "multer-s3": "^2.9.0",
-    "nodemailer": "~4.0.1",
+    "nodemailer": "~6.6.1",
     "owasp-password-strength-test": "~1.3.0",
     "passport": "~0.3.2",
     "passport-facebook": "~2.1.1",