npm audit report

lodash  <=4.17.20
Severity: critical
Prototype Pollution - https://npmjs.com/advisories/1523
fix available via `npm audit fix`
node_modules/lodash
  express  4.0.0 - 4.17.3
  Depends on vulnerable versions of lodash
  node_modules/express/node_modules/lodash
  my-app
  Depends on vulnerable versions of lodash
  node_modules/my-app/node_modules/lodash

semver  6.0.0 - 6.3.0 || 7.0.0 - 7.5.5
Severity: high
Regular Expression Denial of Service in semver - https://npmjs.com/advisories/1584
fix available via `npm audit fix`
node_modules/semver
  npm  8.0.0-beta.0 - 9.8.0
  Depends on vulnerable versions of semver
  node_modules/npm/node_modules/semver

minimatch  <3.0.5
Severity: high
ReDoS in minimatch - https://npmjs.com/advisories/1471
fix available via `npm audit fix`
node_modules/minimatch
  mocha  4.1.0 - 9.2.2
  Depends on vulnerable versions of minimatch
  node_modules/mocha

json5  <1.0.2 || >=2.0.0-beta.1 <2.2.2
Severity: moderate
Prototype Pollution in JSON5 via Parse Method - https://npmjs.com/advisories/1802
fix available via `npm audit fix`
node_modules/json5
  babel-jest  >=27.0.0
  Depends on vulnerable versions of json5
  node_modules/babel-jest

debug  2.6.9
Severity: low
Debug Exposure of Sensitive Information to Unauthorized Control Sphere - https://npmjs.com/advisories/1765
node_modules/debug

qs  6.5.2
Severity: moderate
Prototype Pollution in qs - https://npmjs.com/advisories/1800
fix available via `npm audit fix`
node_modules/qs

6 vulnerabilities (1 low, 2 moderate, 2 high, 1 critical)

To address all issues (including breaking changes), run:
  npm audit fix --force
