Investigate npm vulnerabilities

[ronshapiro]

When setting up my dev environment, npm install printed this message:

found 414 vulnerabilities (407 low, 5 moderate, 2 high)
  run `npm audit fix` to fix them, or `npm audit` for details

The diff of running npm audit fix is visible in #552. Obviously accepting that diff blindly isn't a good idea, but I wanted at the very least to flag the issue to the team to see if someone wanted to investigate if the (a) the vunerabilities are actually serious and (b) if upgrades are safe.