[Snyk] Fix for 37 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json
  • package-lock.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Information Exposure SNYK-JS-APOLLOCLIENT-1085706	No	No Known Exploit
	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	Yes	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	Yes	Proof of Concept
	Denial of Service (DoS) SNYK-JS-AXIOS-174505	No	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	Yes	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	Yes	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	Yes	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	Prototype Pollution SNYK-JS-IMMER-1019369	Yes	Proof of Concept
	Prototype Pollution SNYK-JS-IMMER-1540542	Yes	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-1089716	Yes	Proof of Concept
	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	Denial of Service SNYK-JS-NODEFETCH-674311	No	No Known Exploit
	Remote Code Execution (RCE) SNYK-JS-PACRESOLVER-1564857	Yes	Proof of Concept
	Command Injection SNYK-JS-PM2-474304	Yes	Proof of Concept
	Command Injection SNYK-JS-PM2-474345	Yes	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	Undesired Behavior SNYK-JS-STYLEDCOMPONENTS-3149924	No	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1023599	No	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1072471	No	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-610226	No	Proof of Concept
	Command Injection SNYK-JS-VIZION-565230	Yes	Proof of Concept
	Sandbox Bypass SNYK-JS-WEBPACK-3358798	No	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	Denial of Service (DoS) SNYK-JS-XLSX-1311137	No	Proof of Concept
	Denial of Service (DoS) SNYK-JS-XLSX-1311139	No	Proof of Concept
	Denial of Service (DoS) SNYK-JS-XLSX-1311141	No	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-XLSX-585898	No	Proof of Concept
	Prototype Pollution npm:extend:20180424	No	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:truncate:20180225	No	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:xlsx:20180222	No	Proof of Concept

Commit messages

Package name: axios

The new version differs by 250 commits.

• e367be5 [Releasing] 0.21.3
• 83ae383 Correctly add response interceptors to interceptor chain (#4013)
• c0c8761 [Updating] changelog to include links to issues and contributors
• 619bb46 [Releasing] v0.21.2
• 82c9455 Create SECURITY.md (#3981)
• 5b45711 Security fix for ReDoS (#3980)
• 5bc9ea2 Update ECOSYSTEM.md (#3817)
• e72813a Fixing README.md (#3818)
• e10a027 Fix README typo under Request Config (#3825)
• e091491 Update README.md (#3936)
• b42fbad Removed un-needed bracket
• 520c8dc Updating CI status badge (#3953)
• 4fbeecb Adding CI on Github Actions. (#3938)
• e9965bf Fixing the sauce labs tests (#3813)
• dbc634c Remove charset in tests (#3807)
• 3958e9f Add explanation of cancel token (#3803)
• 69949a6 Adding custom return type support to interceptor (#3783)
• 49509f6 Create FUNDING.yml (#3796)
• 199c8aa Adding parseInt to config.timeout (#3781)
• 94fc4ea Adding isAxiosError typeguard documentation (#3767)
• 0ece97c Fixing quadratic runtime when setting a maxContentLength (#3738)
• a18a0ec Updating `lib/core/README.md` about Dispatching requests (#3772)
• 59fa614 [Updated] follow-redirects to the latest version (#3771)
• 7821ed2 Feat/json improvements (#3763)

See the full diff

Package name: color

The new version differs by 27 commits.

• 0d867e7 1.0.0
• b175a9f slightly updated v1 readme
• 332b10e Merge pull request fix some typos in tutorials OWASP/NodeGoat#96 from Qix-/makeover
• f1f880d v1.x makeover 💄
• 98e434f 0.11.4
• 04badbe Merge pull request feature: open browser on npm start OWASP/NodeGoat#94 from fuzhenn/feat-glrgba
• 0ce8a14 rename name in test
• a163cea rename glRgbaArray to rgbaArrayNormalized
• 147d9fc fix lint
• 86ecfb0 add support for opengl/webgl rgba
• 62f1fa9 0.11.3
• d91ef11 Merge pull request Example / Implementation for noSQL Injection OWASP/NodeGoat#90 from fapian/fix-cloning
• 8417be9 fix cloning
• d39dfc3 0.11.2
• 23f7de6 removed changelog
• 81e41fd Merge pull request Fix - userId variable isnt set when viewing the memos page OWASP/NodeGoat#89 from edi9999/patch-1
• 1ff1143 Update to color-convert @ 1.3.0
• 514b1d6 fixed cloning
• 337df53 Revert " made color instances immutable"
• c3d7961 Merge pull request Adding a NoSQL Injection vulnerability OWASP/NodeGoat#81 from chtefi/patch-1
• ad2bb4c Fix Travis badge
• 8e2aa2c Merge pull request Docker as non root user. docker-compose build now succeeds. OWASP/NodeGoat#78 from dliv/issue_67
• 7106c8c issue_67 - test clone() returns new instance
• 2e5580d add test for cloning empty color

See the full diff

Package name: express

The new version differs by 173 commits.

• 3d7fce5 4.17.3
• f906371 build: update example dependencies
• 6381bc6 deps: [email protected]
• a007863 deps: [email protected]
• e98f584 Revert "build: use [email protected] for Node.js < 4"
• a659137 tests: use strict mode
• a39e409 tests: prevent leaking changes to NODE_ENV
• 82de4de examples: fix path traversal in downloads example
• 12310c5 build: use nyc for test coverage
• 884657d examples: remove bitwise syntax for includes check
• 7511d08 build: use [email protected] for Node.js < 4
• 2585f20 tests: fix test missing assertion
• 9d09762 build: [email protected]
• 43cc56e build: clean up gitignore
• 1c7bbcc build: [email protected]
• 9cbbc8a deps: [email protected]
• 6fbc269 pref: remove unnecessary regexp for trust proxy
• 2bc734a deps: accepts@~1.3.8
• 89bb531 docs: fix typo in res.download jsdoc
• 744564f tests: add test for multiple ips in "trust proxy"
• da6cb0e tests: add range tests to res.download
• 00ad5be tests: add more tests for app.request & app.response
• 141914e tests: fix tests that did not bubble errors
• bd4fdfe tests: remove global dependency on should

See the full diff

Package name: immer

The new version differs by 218 commits.

• fa671e5 fix(security): Follow up on CVE-2020-28477 where `path: [["__proto__"], "x"]` could still pollute the prototype
• 2e0aa95 Create SECURITY.md
• 050522d chore: fix CI. maybe.
• 1195510 docs: Update example-setstate.mdx (#833)
• 648d39b docs: fixing link to RFC-6902 & fixing typo (#830)
• bc890f7 docs: Update example-setstate.mdx (#829)
• 16a3d0f chore(deps): bump prismjs from 1.23.0 to 1.24.0 in /website (#822)
• 847492c docs: Extended / updated documenation (#824)
• 7f41483 chore: [workflows] don't release from forks
• 3f9a94e chore: let's test before publish
• bfb8dec fix: release missing dist/ folder
• b314b19 chore: fix cpx usage
• a607d6c chore: Remove old shizzle
• 6fd5329 chore: fixes for deploy preview
• 144f886 chore: fix docs deployment attempt 3
• 38964fa chore: semantic-release + GH actions
• 06c6741 chore: fix docs deploy
• ad23da9 chore: fix test job
• b6d92f4 chore: publish docs automatically
• c59576a chore: setup GH action for test
• dc3f66c fix: #807 new undefined properties should end up in result object
• 5412c9f fix: #791 return 'nothing' should produce undefined patch
• 58b74a6 chore(deps): bump ssri from 6.0.1 to 6.0.2 in /website (#818)
• c9deb48 chore(deps): bump color-string from 1.5.4 to 1.5.5 in /website (#817)

See the full diff

Package name: node-fetch

The new version differs by 19 commits.

• 1ef4b56 backport of #1449 (#1453)
• 8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (#1310)
• f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (#1352)
• b5417ae fix: import whatwg-url in a way compatible with ESM Node (#1303)
• 18193c5 fix v2.6.3 that did not sending query params (#1301)
• ace7536 fix: properly encode url with unicode characters (#1291)
• 152214c Fix(package.json): Corrected main file path in package.json (#1274)
• b5e2e41 update version number
• 2358a6c Honor the `size` option after following a redirect and revert data uri support
• 8c197f8 docs: Fix typos and grammatical errors in README.md (#686)
• 1e99050 fix: Change error message thrown with redirect mode set to error (#653)
• 244e6f6 docs: Show backers in README
• 6a5d192 fix: Properly parse meta tag when parameters are reversed (#682)
• 47a24a0 chore: Add opencollective badge
• 7b13662 chore: Add funding link
• 5535c2e fix: Check for global.fetch before binding it (#674)
• 1d5778a docs: Add Discord badge
• eb3a572 feat: Data URI support (#659)
• 086be6f Remove --save option as it isn't required anymore (#581)

See the full diff

Package name: pm2

The new version differs by 250 commits.

• 76d3e38 [email protected]
• 1def3d8 prep [email protected]
• 65df2e4 travis: remove node 10 and 8 testing
• c6f3373 add v16 to travis testing
• b75ac26 add some ESM example
• 4a2b3d0 switch to @ pm2/agent with json-diff-patch
• 4c0ebc7 bump devDependencies package to latest
• f4eb9f7 update
• 1d81757 [email protected]
• ce78df5 pm2-axon-rpc to 0.7.0
• bdf8b82 merge
• a6a52dc [email protected]
• c13802e test: check if travis or mocha
• 69cdb02 Merge branch 'development' of github.com:Unitech/pm2 into development
• 65bdc97 make websocket json diff patch by default
• 15261fd feature: auto start pm2-sysmonit - allow to disable via pm2 set pm2:sysmonit false
• a116e4f Merge pull request #4987 from KennyTheBard/fix-monit-logs
• 8c83f30 Merge pull request #4980 from gajus/master
• 7779c82 Merge branch 'development' into master
• 3e41cef App logs from monitor will not be deleted on selecting a different app
• 5a5f9e7 reflect metrics speed bar with pm2-sysmonit 1.2.0
• ce7ea20 switch to agent in #development
• dd5c83f merge
• afacd98 refactor: replace sprintf-js with fast-printf

See the full diff

Package name: prop-types

The new version differs by 23 commits.

• fa6fbb7 15.6.2
• 5115f5c Merge pull request Implement REST API endpoints OWASP/NodeGoat#180 from jaller94/master
• 2ac742c Merge pull request Revert "issue#152 data folder es6 migration" OWASP/NodeGoat#171 from barrymichaeldoyle/master
• a7a5a64 Merge pull request #183 Map OWASP API Top 10 to NodeGoat functionalities. OWASP/NodeGoat#194 from facebook/no-fbjs
• d6c9c5c Preserve "Invariant Violation" name
• 07d1b47 Remove fbjs dependency
• 3c99d57 Remove trailing spaces
• a36cda8 Move explanation of `isRequired` and show it in `PropTypes.shape`
• ba3da12 Show that shapes can have required properties
• 2bde8eb Add example for `PropTypes.exact`
• d65f80e Updated vars to consts and lets in PropTypesProductionStandalone-test.js
• c10c93f Updated vars to consts and lets in PropTypesDevelopmentStandalone-test.js
• 8e2b34e Updated vars to consts and lets in PropTypesDevelopmentReact15.js
• c5527c8 Updated vars with consts and lets in PropTypesProductionReact15-test.js
• 7cc8c81 Add 15.6.1 to CHANGELOG
• 5df7296 15.6.1
• b7d03ce Point readme to correct docs for production builds (Upgrade dependencies OWASP/NodeGoat#153)
• a94243f Update the repository location (Roadmap for 2019-2020 OWASP/NodeGoat#148)
• 77c62a7 Fix failing tests (Injection fix branch OWASP/NodeGoat#129)
• 644844c Merge pull request Fixed security issues, Brenton Pratt OWASP/NodeGoat#140 from flarnie/master
• 0b5db12 Add `CODE_OF_CONDUCT`
• a6900f0 Add CONTRIBUTING.md
• 492e230 Update README.md with improved importing for CDNs (Update tutorial and comments for A6 to match Node.js best practices OWASP/NodeGoat#104)

See the full diff

Package name: rollbar

The new version differs by 27 commits.

• cdd679c Release v2.4.1
• 2f3bd0e Merge pull request #621 from rollbar/readme-refactor
• aeef5ad Update README.md
• b46975e Merge pull request #619 from rollbar/moar-types
• ebbbe8f Merge pull request #618 from rollbar/codeversion
• 3fbf74e Merge pull request #617 from rollbar/merging
• 8549a7b add typings for the express error handler helper
• e613c39 Support code_version and codeVersion at the top level of configuration
• 67912ea Create a custom version of object merging which does exactly what we want rather than working around extend
• 669fd12 Update CHANGELOG.md
• 3e63a46 Release v2.4.0
• 8a6559c Fix #610, if you throw undefined you're going to have a bad time
• e193378 Merge pull request #612 from ktalebian/patch-1
• 02d1df3 Merge pull request #611 from rollbar/gdpr
• 006b4fe document captureIp/Email/Username, and clean up IPV6 stuff
• e27e942 Add scrubHeaders as optional configuration
• f7c7c55 add new configuration options to typescript declarations
• b040b81 only capture id by default, provide configuration to also capture email/username
• 3c95689 add ip filter option to browser js
• f860b92 add the ip filtering logic to the server side
• d69eed0 function for filtering ip addresses
• ebe145c Merge pull request #591 from rollbar/scrub-fields-config
• 4032b22 Options should override not merge
• 66b80aa Merge pull request #589 from rollbar/readme-updates

See the full diff

Package name: truncate

The new version differs by 13 commits.

• 713a19c Release v2.0.1.
• 51674a8 feat(npm-release)
• 4f276a2 doc(README)
• a3cea05 Merge pull request [Snyk] Security upgrade forever from 2.0.0 to 4.0.3 #6 from davisjam/FixREDOS
• a940e5b security: address redos
• e6f3e85 security: add test demonstrating REDOS
• 99a75f4 Update README.md
• f8fc28b Merge pull request [Snyk] Upgrade express from 4.16.4 to 4.17.3 #5 from FGRibreau/greenkeeper-update-all
• 4edc0c8 chore(package): update dependencies
• 9164e73 Update README.md
• 0bc6cfe Update README.md
• 201b041 Update README.md
• c407cc1 docs(changelog)

See the full diff

Package name: ua-parser-js

The new version differs by 88 commits.

• 9999815 Update version number to 0.7.24
• 809439e Fix potential ReDoS vulnerability as reported by Doyensec
• 5b83893 Merge pull request #479 from joeyparrish/develop
• 9d154cc chore: Update build
• 7679003 fix: Xbox OS detection
• 45bf76a Merge pull request #474 from dust-off/master
• f543c5a facebook movile app with no browser info
• 89a72c2 Merge pull request #471 from jishidaaaaa/fix-firetv-detection
• 314131d Merge pull request #472 from GeraldHost/master
• 386ebc2 feat: update readme playstation
• b0f14de Fix Detection Rule For Amazon Fire TV
• fd8a583 Merge pull request #469 from bynice/patch-1
• cc2da93 Merge pull request #368 from Deliaz/master
• 34e2e80 Update ua-parser.js
• 26c74ef Merge branch 'develop' into master
• e4b3029 Merge pull request #466 from yoyo837/patch-1
• b7d4865 Update homepage
• d5ab75a Merge branch 'master' of github.com:faisalman/ua-parser-js
• c7475db 0.7.23
• 83d37b4 Merge pull request #451 from dineshks1/master
• 2d53ceb Merge branch 'develop' of github.com:faisalman/ua-parser-js into develop
• d107155 Merge pull request #463 from vinyldarkscratch/bump-deps
• 43fb4d1 Merge pull request #459 from WizKid/master
• 6d1f26d Fix ReDoS vulnerabilities reported by Snyk

See the full diff

Package name: webpack

The new version differs by 149 commits.

• 5d64468 Merge pull request #16792 from webpack/update-version
• 67af5ec chore(release): 5.76.0
• 97b1718 Merge pull request #16781 from askoufis/loader-context-target-type
• b84efe6 Merge pull request #16759 from ryanwilsonperkin/real-content-hash-regex-perf
• c98e9e0 Merge pull request #16493 from piwysocki/patch-1
• 5f34acf feat: Add `target` to `LoaderContext` type
• b7fc4d8 Merge pull request #16703 from ryanwilsonperkin/ryanwilsonperkin/fix-16160
• 63ea82d Merge branch 'webpack:main' into patch-1
• 4ba2252 Merge pull request #16446 from akhilgkrishnan/patch-1
• 1acd635 Merge pull request #16613 from jakebailey/ts-logo
• 302eb37 Merge pull request #16614 from jakebailey/html5-logo
• cfdb1df Improve performance of hashRegExp lookup
• 4d561a6 Add test for behaviour of filesystem-cached assets with loaders
• dfaa3b4 lint: remove trailing comma
• dcc3e71 Serialize code generator data to support generated assets
• b67626c Merge pull request #16491 from lvivski/main
• d957cdf Fix formatting
• 6011163 Fix formatting
• ea5e864 Fix HTML5 logo in README
• 2112f9b Replace TypeScript logo in README
• 5513dd6 Merge branch 'webpack:main' into patch-1
• 4b4ca3b Merge pull request #16500 from Jack-Works/avoid-cross-realm-object
• 4f39c9f fix: type error
• c922ee1 chore: revert breaking change

See the full diff

Package name: ws

The new version differs by 113 commits.

• f5297f7 [dist] 7.4.6
• 00c425e [security] Fix ReDoS vulnerability
• 990306d [lint] Fix prettier error
• 32e3a84 [security] Remove reference to Node Security Project
• 8c914d1 [minor] Fix nits
• fc7e27d [ci] Test on node 16
• 587c201 [ci] Do not test on node 15
• f672710 [dist] 7.4.5
• 67e25ff [fix] Fix case where `abortHandshake()` does not close the connection
• 23ba6b2 [fix] Make UTF-8 validation work even if utf-8-validate is not installed
• 114de9e [ci] Use a unique ID instead of commit SHA
• d75a62e [ci] Include commit SHA in `flag-name`
• a74dd2e [dist] 7.4.4
• 9277437 [fix] Recreate the inflate stream if it ends
• cbff929 [doc] Improve `websocket.terminate()` documentation
• 489a295 [ci] Use GitHub Actions (#1853)
• 77370e0 [pkg] Update eslint-config-prettier to version 8.1.0
• 99338f7 [doc] Fix `data` argument type (#1843)
• 223194e [dist] 7.4.3
• 4e9607b [perf] Reset compressor/decompressor instead of re-initialize (#1840)
• 2789887 [minor] Use `request.socket` instead of `request.connection`
• 2079ca5 [test] Increase code coverage
• d1a8af4 [dist] 7.4.2
• 48a2349 [pkg] Update eslint-config-prettier to version 7.1.0

See the full diff

With a Snyk patch:

Severity	Issue	Exploit Maturity
	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[//]: # (snyk:metadata:{"prId":"de4d77c6-1ee7-4de3-acb2-b30d555db281","prPublicId":"de4d77c6-1ee7-4de3-acb2-b30d555db281","dependencies":[{"name":"@apollo/client","from":"3.2.0","to":"3.4.0"},{"name":"axios","from":"0.15.3","to":"0.21.3"},{"name":"color","from":"0.11.1","to":"1.0.0"},{"name":"express","from":"4.16.4","to":"4.17.3"},{"name":"immer","from":"6.0.1","to":"9.0.6"},{"name":"lodash","from":"4.17.11","to":"4.17.21"},{"name":"node-fetch","from":"2.6.0","to":"2.6.7"},{"name":"pm2","from":"3.2.2","to":"5.0.0"},{"name":"prop-types","from":"15.6.0","to":"15.6.2"},{"name":"rollbar","from":"2.3.9","to":"2.4.1"},{"name":"styled-components","from":"5.3.5","to":"5.3.7"},{"name":"truncate","from":"2.0.0","to":"2.0.1"},{"name":"ua-parser-js","from":"0.7.20","to":"0.7.24"},{"name":"webpack","from":"5.72.1","to":"5.76.0"},{"name":"ws","from":"7.1.2","to":"7.4.6"},{"name":"xlsx","from":"0.10.5","to":"0.17.0"}],"packageManager":"npm","projectPublicId":"8a38a654-3fd7-4a62-9257-4844abdf9cb6","projectUrl":"https://app.snyk.io/org/demo-org-c0z/project/8a38a654-3fd7-4a62-9257-4844abdf9cb6?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":["SNYK-JS-LODASH-567746"],"vulns":["SNYK-JS-APOLLOCLIENT-1085706","SNYK-JS-ASYNC-2441827","SNYK-JS-AXIOS-1038255","SNYK-JS-AXIOS-1579269","SNYK-JS-AXIOS-174505","SNYK-JS-COLORSTRING-1082939","SNYK-JS-FOLLOWREDIRECTS-2332181","SNYK-JS-FOLLOWREDIRECTS-2396346","SNYK-JS-GLOBPARENT-1016905","SNYK-JS-IMMER-1019369","SNYK-JS-IMMER-1540542","SNYK-JS-LODASH-1018905","SNYK-JS-LODASH-1040724","SNYK-JS-LODASH-450202","SNYK-JS-LODASH-567746","SNYK-JS-LODASH-608086","SNYK-JS-NETMASK-1089716","SNYK-JS-NODEFETCH-2342118","SNYK-JS-NODEFETCH-674311","SNYK-JS-PACRESOLVER-1564857","SNYK-JS-PM2-474304","SNYK-JS-PM2-474345","SNYK-JS-QS-3153490","SNYK-JS-STYLEDCOMPONENTS-3149924","SNYK-JS-UAPARSERJS-1023599","SNYK-JS-UAPARSERJS-1072471","SNYK-JS-UAPARSERJS-610226","SNYK-JS-VIZION-565230","SNYK-JS-WEBPACK-3358798","SNYK-JS-WS-1296835","SNYK-JS-XLSX-1311137","SNYK-JS-XLSX-1311139","SNYK-JS-XLSX-1311141","SNYK-JS-XLSX-585898","npm:xlsx:20180222","npm:extend:20180424","npm:truncate:20180225"],"upgrade":["SNYK-JS-APOLLOCLIENT-1085706","SNYK-JS-ASYNC-2441827","SNYK-JS-AXIOS-1038255","SNYK-JS-AXIOS-1579269","SNYK-JS-AXIOS-174505","SNYK-JS-COLORSTRING-1082939","SNYK-JS-FOLLOWREDIRECTS-2332181","SNYK-JS-FOLLOWREDIRECTS-2396346","SNYK-JS-GLOBPARENT-1016905","SNYK-JS-IMMER-1019369","SNYK-JS-IMMER-1540542","SNYK-JS-LODASH-1018905","SNYK-JS-LODASH-1040724","SNYK-JS-LODASH-450202","SNYK-JS-LODASH-567746","SNYK-JS-LODASH-608086","SNYK-JS-NETMASK-1089716","SNYK-JS-NODEFETCH-2342118","SNYK-JS-NODEFETCH-674311","SNYK-JS-PACRESOLVER-1564857","SNYK-JS-PM2-474304","SNYK-JS-PM2-474345","SNYK-JS-QS-3153490","SNYK-JS-STYLEDCOMPONENTS-3149924","SNYK-JS-UAPARSERJS-...