All the vulnerabilities related to the version 2.0.1 of the package
Arbitrary File Overwrite in decompress-zip
Vulnerable versions of decompress-zip are affected by the Zip-Slip vulnerability, an arbitrary file write vulnerability. The vulnerability occurs because decompress-zip does not verify that extracted files do not resolve to targets outside of the extraction root directory.
For decompress-zip 0.2.x upgrade to 0.2.2 or later.
For decompress-zip 0.3.x upgrade to 0.3.2 or later.
Prototype Pollution in extend
Versions of extend prior to 3.0.2 (for 3.x) and 2.0.2 (for 2.x) are vulnerable to Prototype Pollution. The extend() function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects.
If you're using extend 3.x upgrade to 3.0.2 or later.
If you're using extend 2.x upgrade to 2.0.2 or later.
