[Snyk] Fix for 38 vulnerabilities

[ptxd]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json - Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches. [Find out more](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities). #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-ANSIREGEX-1583908](https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908) | Yes | Proof of Concept  | **616/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.9 | Server-Side Request Forgery (SSRF)
[SNYK-JS-AXIOS-1038255](https://snyk.io/vuln/SNYK-JS-AXIOS-1038255) | No | Proof of Concept  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-AXIOS-1579269](https://snyk.io/vuln/SNYK-JS-AXIOS-1579269) | No | Proof of Concept  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Denial of Service (DoS)
[SNYK-JS-AXIOS-174505](https://snyk.io/vuln/SNYK-JS-AXIOS-174505) | No | Proof of Concept  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-BROWSERSLIST-1090194](https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194) | Yes | Proof of Concept  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Prototype Pollution
[SNYK-JS-CHARTJS-1018716](https://snyk.io/vuln/SNYK-JS-CHARTJS-1018716) | No | Proof of Concept  | **658/1000**
**Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-CSSWHAT-3035488](https://snyk.io/vuln/SNYK-JS-CSSWHAT-3035488) | Yes | Proof of Concept  | **646/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.5 | Information Exposure
[SNYK-JS-EVENTSOURCE-2823375](https://snyk.io/vuln/SNYK-JS-EVENTSOURCE-2823375) | No | Proof of Concept  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-GLOBPARENT-1016905](https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905) | Yes | Proof of Concept  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Prototype Pollution
[SNYK-JS-IMMER-1019369](https://snyk.io/vuln/SNYK-JS-IMMER-1019369) | Yes | Proof of Concept  | **601/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.6 | Prototype Pollution
[SNYK-JS-IMMER-1540542](https://snyk.io/vuln/SNYK-JS-IMMER-1540542) | Yes | Proof of Concept  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-LODASH-1018905](https://snyk.io/vuln/SNYK-JS-LODASH-1018905) | Yes | Proof of Concept  | **681/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.2 | Command Injection
[SNYK-JS-LODASH-1040724](https://snyk.io/vuln/SNYK-JS-LODASH-1040724) | Yes | Proof of Concept  | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | Prototype Pollution
[SNYK-JS-LODASH-450202](https://snyk.io/vuln/SNYK-JS-LODASH-450202) | Yes | Proof of Concept  | **731/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.2 | Prototype Pollution
[SNYK-JS-LODASH-567746](https://snyk.io/vuln/SNYK-JS-LODASH-567746) | Yes | Proof of Concept  | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | Prototype Pollution
[SNYK-JS-LODASH-608086](https://snyk.io/vuln/SNYK-JS-LODASH-608086) | Yes | Proof of Concept  | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | Prototype Pollution
[SNYK-JS-LODASH-73638](https://snyk.io/vuln/SNYK-JS-LODASH-73638) | Yes | Proof of Concept  | **541/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 4.4 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-LODASH-73639](https://snyk.io/vuln/SNYK-JS-LODASH-73639) | Yes | Proof of Concept  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Directory Traversal
[SNYK-JS-MOMENT-2440688](https://snyk.io/vuln/SNYK-JS-MOMENT-2440688) | No | No Known Exploit  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-MOMENT-2944238](https://snyk.io/vuln/SNYK-JS-MOMENT-2944238) | No | Proof of Concept  | **539/1000**
**Why?** Has a fix available, CVSS 6.5 | Information Exposure
[SNYK-JS-NODEFETCH-2342118](https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118) | No | No Known Exploit  | **520/1000**
**Why?** Has a fix available, CVSS 5.9 | Denial of Service
[SNYK-JS-NODEFETCH-674311](https://snyk.io/vuln/SNYK-JS-NODEFETCH-674311) | No | No Known Exploit  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-NTHCHECK-1586032](https://snyk.io/vuln/SNYK-JS-NTHCHECK-1586032) | Yes | Proof of Concept  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-POSTCSS-1255640](https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640) | Yes | Proof of Concept  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-PROMPTS-1729737](https://snyk.io/vuln/SNYK-JS-PROMPTS-1729737) | Yes | Proof of Concept  | **601/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.6 | Command Injection
[SNYK-JS-REACTDEVUTILS-1083268](https://snyk.io/vuln/SNYK-JS-REACTDEVUTILS-1083268) | Yes | Proof of Concept  | **619/1000**
**Why?** Has a fix available, CVSS 8.1 | Cross-site Scripting (XSS)
[SNYK-JS-SERIALIZEJAVASCRIPT-536840](https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-536840) | Yes | No Known Exploit  | **706/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.7 | Arbitrary Code Injection
[SNYK-JS-SERIALIZEJAVASCRIPT-570062](https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-570062) | Yes | Proof of Concept  | **619/1000**
**Why?** Has a fix available, CVSS 8.1 | Remote Code Execution (RCE)
[SNYK-JS-SHELLQUOTE-1766506](https://snyk.io/vuln/SNYK-JS-SHELLQUOTE-1766506) | Yes | No Known Exploit  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Denial of Service (DoS)
[SNYK-JS-SOCKJS-575261](https://snyk.io/vuln/SNYK-JS-SOCKJS-575261) | Yes | Proof of Concept  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-TERSER-2806366](https://snyk.io/vuln/SNYK-JS-TERSER-2806366) | Yes | No Known Exploit  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-UAPARSERJS-1023599](https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1023599) | No | Proof of Concept  | **616/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.9 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-UAPARSERJS-1072471](https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1072471) | No | Proof of Concept  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-UAPARSERJS-610226](https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226) | No | Proof of Concept  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Information Exposure
[SNYK-JS-WEBPACKDEVSERVER-72405](https://snyk.io/vuln/SNYK-JS-WEBPACKDEVSERVER-72405) | No | Proof of Concept  | **601/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.6 | Prototype Pollution
[SNYK-JS-YARGSPARSER-560381](https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381) | Yes | Proof of Concept  | **506/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 3.7 | Regular Expression Denial of Service (ReDoS)
[npm:braces:20180219](https://snyk.io/vuln/npm:braces:20180219) | Yes | Proof of Concept  | **646/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.5 | Cross-site Scripting (XSS)
[npm:react-dom:20180802](https://snyk.io/vuln/npm:react-dom:20180802) | No | Proof of Concept (*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: axios

The new version differs by 250 commits.

• e367be5 [Releasing] 0.21.3
• 83ae383 Correctly add response interceptors to interceptor chain (#4013)
• c0c8761 [Updating] changelog to include links to issues and contributors
• 619bb46 [Releasing] v0.21.2
• 82c9455 Create SECURITY.md (#3981)
• 5b45711 Security fix for ReDoS (#3980)
• 5bc9ea2 Update ECOSYSTEM.md (#3817)
• e72813a Fixing README.md (#3818)
• e10a027 Fix README typo under Request Config (#3825)
• e091491 Update README.md (#3936)
• b42fbad Removed un-needed bracket
• 520c8dc Updating CI status badge (#3953)
• 4fbeecb Adding CI on Github Actions. (#3938)
• e9965bf Fixing the sauce labs tests (#3813)
• dbc634c Remove charset in tests (#3807)
• 3958e9f Add explanation of cancel token (#3803)
• 69949a6 Adding custom return type support to interceptor (#3783)
• 49509f6 Create FUNDING.yml (#3796)
• 199c8aa Adding parseInt to config.timeout (#3781)
• 94fc4ea Adding isAxiosError typeguard documentation (#3767)
• 0ece97c Fixing quadratic runtime when setting a maxContentLength (#3738)
• a18a0ec Updating `lib/core/README.md` about Dispatching requests (#3772)
• 59fa614 [Updated] follow-redirects to the latest version (#3771)
• 7821ed2 Feat/json improvements (#3763)

See the full diff

Package name: chart.js

The new version differs by 250 commits.

• 1d92605 Use Object.create(null) as `merge` target (#7920)
• dff7140 When objects are merged together, the target prototype can be polluted. (#7918)
• d919188 Bump verison number to v2.9.4
• 42ed589 Fix Maximum call stack size exception in computeLabelSizes (#7883)
• 063b7dc [2.9] FitBoxes recursion when dimensions are NaN (#7853)
• 2493cb5 Use node v12.18.2 on Travis CI (#7864)
• 679ec4a docs: fix rollup external moment (#7587)
• 484f0d1 Preserve object prototypes when cloning (#7404)
• 2df6986 Look for any branch starting with release (#7087) (#7089)
• 26ea9f0 Update version number to 2.9.3 (#6725)
• a307a2a Don't make legend empty when fill is false (#6719)
• c44229f Fix undefined variable (#6698)
• a985fec Stop unnecessary line calculations (#6671)
• 1cce8a5 Backward compatible default `fill` for radar charts (#6655)
• a920bfe Hide correct dataset from legend (#6661)
• 201fe46 Versatile clipping for lines (#6660)
• ad26311 Refresh package-lock to pick up new version of chartjs-colors (#6663)
• 8abfbcb Update version number to v2.9.2 (#6657)
• 45550ed Combine performance docs (#6643)
• 65421bb Use `document` when `getRootNode` is unsupported (#6641)
• a92dd7b Release v2.9.1 (#6618)
• 26b9d1f Merge pull request #6601 from chartjs/master
• ea100d4 Bump version number to 2.9.0 (#6600)
• 333118b Hover styling for dataset in 'dataset' mode (#6527)

See the full diff

##### With a [Snyk patch](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities#patches): Severity | Priority Score (*) | Issue | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------  | **731/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.2 | Prototype Pollution
[SNYK-JS-LODASH-567746](https://snyk.io/vuln/SNYK-JS-LODASH-567746) | Proof of Concept (*) Note that the real score may have changed since the PR was raised. Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/ptxd/project/e06bd23a-fe2a-44c1-847c-17473d01a05c?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/ptxd/project/e06bd23a-fe2a-44c1-847c-17473d01a05c?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"8fba617b-7c3b-43ee-81e3-7208fa650076","prPublicId":"8fba617b-7c3b-43ee-81e3-7208fa650076","dependencies":[{"name":"axios","from":"0.18.0","to":"0.21.3"},{"name":"chart.js","from":"2.7.2","to":"2.9.4"},{"name":"material-ui-pickers","from":"1.0.0-rc.14","to":"1.0.0"},{"name":"moment","from":"2.22.2","to":"2.29.4"},{"name":"react","from":"16.4.1","to":"16.5.0"},{"name":"react-dom","from":"16.4.1","to":"16.5.0"},{"name":"react-scripts","from":"2.1.1","to":"5.0.0"}],"packageManager":"npm","projectPublicId":"e06bd23a-fe2a-44c1-847c-17473d01a05c","projectUrl":"https://app.snyk.io/org/ptxd/project/e06bd23a-fe2a-44c1-847c-17473d01a05c?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":["SNYK-JS-LODASH-567746"],"vulns":["npm:react-dom:20180802","npm:braces:20180219","SNYK-JS-YARGSPARSER-560381","SNYK-JS-WEBPACKDEVSERVER-72405","SNYK-JS-UAPARSERJS-610226","SNYK-JS-UAPARSERJS-1072471","SNYK-JS-UAPARSERJS-1023599","SNYK-JS-TERSER-2806366","SNYK-JS-SOCKJS-575261","SNYK-JS-SHELLQUOTE-1766506","SNYK-JS-SERIALIZEJAVASCRIPT-570062","SNYK-JS-SERIALIZEJAVASCRIPT-536840","SNYK-JS-REACTDEVUTILS-1083268","SNYK-JS-PROMPTS-1729737","SNYK-JS-POSTCSS-1255640","SNYK-JS-NTHCHECK-1586032","SNYK-JS-NODEFETCH-674311","SNYK-JS-NODEFETCH-2342118","SNYK-JS-MOMENT-2944238","SNYK-JS-MOMENT-2440688","SNYK-JS-LODASH-567746","SNYK-JS-LODASH-450202","SNYK-JS-LODASH-73639","SNYK-JS-LODASH-73638","SNYK-JS-LODASH-608086","SNYK-JS-LODASH-1040724","SNYK-JS-LODASH-1018905","SNYK-JS-IMMER-1540542","SNYK-JS-IMMER-1019369","SNYK-JS-GLOBPARENT-1016905","SNYK-JS-EVENTSOURCE-2823375","SNYK-JS-CSSWHAT-3035488","SNYK-JS-CHARTJS-1018716","SNYK-JS-BROWSERSLIST-1090194","SNYK-JS-AXIOS-174505","SNYK-JS-AXIOS-1579269","SNYK-JS-AXIOS-1038255","SNYK-JS-ANSIREGEX-1583908"],"upgrade":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-AXIOS-1038255","SNYK-JS-AXIOS-1579269","SNYK-JS-AXIOS-174505","SNYK-JS-BROWSERSLIST-1090194","SNYK-JS-CHARTJS-1018716","SNYK-JS-CSSWHAT-3035488","SNYK-JS-EVENTSOURCE-2823375","SNYK-JS-GLOBPARENT-1016905","SNYK-JS-IMMER-1019369","SNYK-JS-IMMER-1540542","SNYK-JS-LODASH-1018905","SNYK-JS-LODASH-1040724","SNYK-JS-LODASH-450202","SNYK-JS-LODASH-567746","SNYK-JS-LODASH-608086","SNYK-JS-LODASH-73638","SNYK-JS-LODASH-73639","SNYK-JS-MOMENT-2440688","SNYK-JS-MOMENT-2944238","SNYK-JS-NODEFETCH-2342118","SNYK-JS-NODEFETCH-674311","SNYK-JS-NTHCHECK-1586032","SNYK-JS-POSTCSS-1255640","SNYK-JS-PROMPTS-1729737","SNYK-JS-REACTDEVUTILS-1083268","SNYK-JS-SERIALIZEJAVASCRIPT-536840","SNYK-JS-SERIALIZEJAVASCRIPT-570062","SNYK-JS-SHELLQUOTE-1766506","SNYK-JS-SOCKJS-575261","SNYK-JS-TERSER-2806366","SNYK-JS-UAPARSERJS-1023599","SNYK-JS-UAPARSERJS-1072471","SNYK-JS-UAPARSERJS-610226","SNYK-JS-WEBPACKDEVSERVER-72405","SNYK-JS-YARGSPARSER-560381","npm:braces:20180219","npm:react-dom:20180802"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[646,506,601,696,696,616,696,479,586,619,706,619,601,586,586,696,520,539,696,589,731,686,541,686,686,681,586,601,696,586,646,658,696,586,586,696,616,696]}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Cross-site Scripting (XSS)](https://learn.snyk.io/lessons/xss/javascript/?loc=fix-pr) 🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr) 🦉 [Prototype Pollution](https://learn.snyk.io/lessons/prototype-pollution/javascript/?loc=fix-pr) 🦉 [More lessons are available in Snyk Learn](https://learn.snyk.io?loc=fix-pr)