dhritzkiv
commented
6 years ago I think this is super low priority as most/all of the "vulnerable" packages are devDependencies. If you find some production dependencies that are vulnerable, then go ahead with the fix!
We should look at resolving all the vulnerability and exposures from NPM Audit in all our repositories.
Most of them are not related to deployed client-side code, but we should exercise due diligence and resolve all of them.