Lots of vulnerabilities reported by npm audit

[antonok-edm]

System information

• Have I written custom code (as opposed to using zenbot vanilla): No
• OS Platform and Distribution (e.g., Linux Ubuntu 16.04): N/A
• Zenbot version (commit ref, or version): a5c44ba7
• Zenbot branch: unstable
• NodeJS version: 14.9.0
• Python version (when using a python script): N/A
• Exact command to reproduce (include everything): npm audit
• Did I make any changes to conf-sample.js?: No

Describe the problem

There are currently 689 vulnerabilities detected by npm audit, including 336 classified as "high". Some of these vulnerabilities have existed for several months. The audit result notes that npm audit fix would automatically fix 682 of those issues.

Oddly, the Snyk bot doesn't appear to be noticing those vulnerabilities. Not sure if it's misconfigured or purposefully ignoring them, but having so many easily-fixable vulnerabilities isn't a great look for an app which deals with real money.

Source code / Error logs

...
found 689 vulnerabilities (351 low, 2 moderate, 336 high) in 2438 scanned packages
  run `npm audit fix` to fix 682 of them.
  7 vulnerabilities require manual review. See the full report for details.